This post is the second of a four-part series this week exploring Microsoft Arc, and how it can be used as a control plane to manage services. Check back each day through Thursday for subsequent installments: (Part 1), (Part 3).
This article is the second part of the Azure Arc series, where we explore the concept of Azure Arc enabled servers. Besides connecting an existing Ubuntu machine, we will also configure a policy to check all the servers’ compliance in a specific resource group.
Azure Arc enabled servers can be managed by the Azure Resource Manager (ARM) control plane even if they are not running within Azure.
In the below screenshot, we see virtual machines running in Amazon EC2, Google Compute Engine, vSphere, and Azure VMs are registered with Azure Arc.
We can also apply a policy to check the compliance of these VMs. In this tutorial, we will perform an audit of all the VMs that use a password instead of an SSH key.
Two VMs deployed in vSphere and another VM running in Azure don’t use SSH keys, which the Azure Policy manager identified.
- An Ubuntu 18.04 server with outbound Internet access
- An active Microsoft Azure subscription
Registering an Existing Ubuntu Server
From the Azure Portal, search for Servers – Azure Arc to launch the wizard.
You can register servers interactively or onboard multiple servers at scale. For this tutorial, select the first option of adding servers with an interactive script.
Make sure you meet the prerequisites before proceeding further.
In the next step, select your subscription, resource group, and a region in which Azure Arc is available. Choose Linux as the OS and move to the next step.
Populate the values of any of the suggested tags or create your own tags.
Finally, you will see the command to run in the Ubuntu server. Copy it and close the wizard.
SSH into your Ubuntu machine and paste the commands copied from the previous step.
Within a few minutes, you will notice the registered machine in the resource group.
Applying a Policy to Registered Servers
We will now apply a policy to find if any of the registered machines use a password instead of an SSH key.
Open the policy setting for the resource manager and click on assign policy.
From the available policy definitions, select Audit Linux machines that are not using SSH key for authentication.
Make sure you set the option Include Arc connected servers.
Accept the defaults in the next step to create the policy.
After a few minutes, the compliance dashboard will get updated to report the results from the audit.
Congratulations! You have successfully registered an external server with Azure Arc and ran a compliance test.
In the next part of this series, we will explore how to register Kubernetes clusters with Azure Arc and perform GitOps-based deployments. Stay tuned!
Janakiram MSV’s Webinar series, “Machine Intelligence and Modern Infrastructure (MI2)” offers informative and insightful sessions covering cutting-edge technologies. Sign up for the upcoming MI2 webinar at http://mi2.live.
Feature image via Pixabay.