Azure ARC and Kubernetes

Arc Enabled Servers

Register Resource Providers in Azure - Azure Arc-enabled servers depends on the following Azure resource providers in your subscription in order to use this service:

• Microsoft.HybridCompute
• Microsoft.GuestConfiguration

Onboarding an On Prem VM

Generate the Script from the azure console - and download it for the onboarding of the on premises VM

1. Log in to the server. Open an elevated 64-bit PowerShell command prompt.
2. Change to the folder or share that you copied the script to, and execute it on the server by running the ./OnboardingScript.ps1 script.

Onboard arc VMs to Azure Sentinel 

1. Use VM Extensions
2. Use Azure Policy
   

   Onboard Azure Arc-enabled servers to Microsoft Sentinel

   Microsoft Sentinel comes with a number of connectors for Microsoft solutions, available out of the box and providing real-time integration. For physical and virtual machines, you can install the Log Analytics agent that collects the logs and forwards them to Microsoft Sentinel. Azure Arc-enabled servers supports deploying the Log Analytics agent using the following methods:

   • Using the VM extensions framework.This feature in Azure Arc-enabled servers allows you to deploy the Log Analytics agent VM extension to a non-Azure Windows and/or Linux server. VM extensions can be managed using the following methods on your hybrid machines or servers managed by Azure Arc-enabled servers:

After you've connected your data sources to Microsoft Sentinel, you'll want to be notified when something suspicious occurs. That's why Microsoft Sentinel provides out-of-the-box, built-in templates to help you create threat detection rules.

Rule templates were designed by Microsoft's team of security experts and analysts based on known threats, common attack vectors, and suspicious activity escalation chains. Rules created from these templates will automatically search across your environment for any activity that looks suspicious. Many of the templates can be customized to search for activities, or filter them out, according to your needs. The alerts generated by these rules will create incidents that you can assign and investigate in your environment.

Azure Arc-enabled Kubernetes, you can attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers (GCP, AWS) or clusters running on your on-premise data center (on VMware vSphere, Azure Stack HCI) to Azure Arc. When you connect a Kubernetes cluster to Azure Arc, it will:

• Get an Azure Resource Manager representation with a unique ID.
• Be placed in an Azure subscription and resource group.
• Receive tags just like any other Azure resource.

Azure Arc-enabled Kubernetes supports industry-standard SSL to secure data in transit. For the connected clusters, data at rest is stored encrypted in an Azure Cosmos DB database to ensure data confidentiality.

Azure Arc-enabled Kubernetes supports the following scenarios for the connected clusters:

• Connect Kubernetes running outside of Azure for inventory, grouping, and tagging.
• Deploy applications and apply configuration using GitOps-based configuration management.
• View and monitor your clusters using Azure Monitor for containers.
• Enforce threat protection using Microsoft Defender for Kubernetes.
• Apply policy definitions using Azure Policy for Kubernetes.
• Use Azure Active Directory for authentication and authorization checks on your cluster.
• Securely access your Kubernetes cluster from anywhere without opening inbound port on firewall using Cluster Connect.
• Deploy Open Service Mesh on top of your cluster for observability and policy enforcement on service-to-service interactions
• Deploy machine learning workloads using Azure Machine Learning for Kubernetes clusters.
• Create custom locations as target locations for deploying Azure Arc-enabled Data Services (SQL Managed Instances, PostgreSQL Hyperscale.), App Services on Azure Arc (including web, function, and logic apps) and Event Grid on Kubernetes.