Describe Azure Arc
Azure Arc is a service that provides a set of technologies for organizations such as Contoso that want to simplify their complex and distributed environments.
Azure Arc is a set of technologies that brings Azure security and cloud-native services to hybrid and multicloud environments. It provides a centralized, unified, and self-service approach to managing, securing, and monitoring:
- Windows Server
- Linux servers
- Kubernetes clusters
- SQL servers
- Azure Data Services
Azure Arc also extends adoption of cloud native services and DevOps across hybrid, multicloud, and edge environments. In addition to extending the control plane for managing infrastructure, Azure Arc enables companies to run Azure data services, and Azure Machine Learning on containerized infrastructure anywhere.
Continuous improvements have been made to the Azure control plane. This control plane is responsible for managing the lifecycle of resources such as VMs, database instances, Apache Hadoop clusters, and Kubernetes clusters.
For example, every time Contoso provisions, scales, stops, or terminates a resource—such as an Azure VM—the Azure fabric controller processes this operation. In between the fabric controller and the resources is another layer called the Azure Resource Manager that automates the resource lifecycle. Azure has resource providers for each of these resource types hosted in Azure.
Note
Azure Resource Manager provides a management layer that enables you to create, update, and delete your Azure resources.
Azure Arc capabilities
Azure Arc enables you to deploy and configure the following cloud based technologies to secure, manage, and monitor Arc-enabled servers:
Feature
Description
Azure Policy guest configuration
Audit Azure Arc resources to validate such settings as configurations of the operating system (OS), applications, and environment settings
Support for resource-context–access Log Analytics data
Restrict the scope of access to Log Analytics data based on the permissions to the corresponding Azure resource.
Microsoft Defender for Cloud
Microsoft Defender for Endpoint provides threat detection and vulnerability management.
Microsoft Sentinel
Collect security-related events and correlate them with other data sources.
Azure Monitor
Monitor and store data related system performance and events. Discover application components and processes to determine dependencies.
Additional reading
You can learn more by reviewing the following documents.