Edit

Management and monitoring for Azure Arc-enabled servers

Azure Arc-enabled servers let you manage Windows and Linux servers and VMs hosted outside Azure. These can be on your corporate network or a third-party cloud provider.

This article helps you run Azure Arc-enabled servers on your Azure estate. It covers central management and monitoring at the platform level and gives key tips for your ops team.

Architecture

This diagram shows how the Azure connected machine agent connects to management and monitoring features in Azure.

Diagram that shows Azure connected machine agent architecture.

Design considerations

Here are some design factors for monitoring and managing Azure Arc-enabled servers:

  • Azure Monitor requirements: Azure Monitor can enable VM insights for your Azure Arc-enabled servers in a Log Analytics workspace. This helps with deep analysis and data linking. You need to install agents like the Azure Monitor agent and the dependency agent.
  • Azure Monitor agents deployment: Check the install options for the Azure Monitor agents.
  • Azure Monitor configuration: Plan your data collection needs for Azure Arc-enabled servers, such as metrics and logs.
  • Azure connected machine agent management: The Azure connected machine agent is key to your hybrid tasks. It lets you manage your Windows and Linux machines hosted outside Azure and enforce policies. Set up tools to track idle agents, check for new versions, and automate upgrades.
  • Patch management for your hybrid resources: Automate updates so your Azure Arc-enabled servers have the latest OS and security patches.

Design recommendations

Azure Monitor requirements

Azure Monitor agents deployment

  • Auto-deploy the Azure Monitor agents to Azure Arc-enabled Windows and Linux servers through Azure Policy. Do this as part of the enterprise-scale landing zone.
  • Store logs in a central Log Analytics workspace. Control log access with Azure role-based access control (RBAC). A separate workspace for management, data sovereignty, or compliance can limit shared views. It can also reduce event linking across Azure Arc-enabled servers.

Azure Monitor configuration

  • Use VM insights to track the performance of your Azure Arc-enabled Windows and Linux servers. Track their processes and links to other resources and outside processes.
  • Create dashboards or Azure Monitor workbooks to track key metrics and events across your Azure Arc-enabled servers. Find sample Log Analytics queries and VM insights in this article.
  • Set up the needed performance counters for Azure Arc-enabled Windows and Linux servers in your Log Analytics workspace.
  • Set up the needed logs for Azure Arc-enabled Windows and Linux servers in your Log Analytics workspace.

Azure connected machine agent management

  • Create a resource health alert to monitor the Azure connected machine agent. This helps track Azure Arc-enabled servers that stop sending heartbeats.
  • Create an Azure Advisor alert to find Azure Arc-enabled servers that don't run the latest Azure connected machine agent.
  • Check the Azure connected machine agent upgrade methods. Automate agent upgrades to get the latest fixes and features.
  • Learn how to update VM extensions to keep other Azure Arc-managed agents up to date.
  • Check this article for the latest releases, known issues, and bug fixes for the Azure connected machine agent.

Patch management for your hybrid resources

  • Use Azure Update Manager to patch both Azure Arc-enabled Windows and Linux servers long term. You can view and schedule OS updates and patches for your Azure Arc-enabled servers at scale.
  • On Azure Arc-enabled Windows servers, Azure Update Manager can also automate agent upgrades through Windows updates.
  • Some Azure Arc-enabled Windows servers could have reached End of Support. These servers can't move to Azure or upgrade. Enable Extended Security Updates (ESUs) on those servers to keep getting critical security patches.

Next steps

For more help with hybrid cloud setup, see these resources:

  • Last updated on