Nowadays, AI and cloud technologies share the spotlight of popularity. It may seem that on-premises solutions have faded into the background. However, we shouldn’t forget about them, as they still make up a significant part of many environments.
In this blog post, I’ll demonstrate how on-premises environments can be connected to the cloud to simplify the management of servers, whether they are hosted locally or within vCenter. Our focus today is Azure Arc, a powerful tool that enables the integration of a single server, multiple servers at once, or even an entire vCenter. We’ll explore two main approaches to onboarding machines into Azure.
With Azure Arc, we can either integrate individual servers, including existing SQL Server instances — a more cost-effective option — or onboard an entire vCenter environment, which offers broader management capabilities but comes at a higher cost.
Azure provides flexibility in onboarding: you can connect existing machines or create new ones in a connected host environment. When onboarding one or several servers, Azure Arc generates a customized script for you. To obtain this script, you need to specify project details such as the subscription, resource group, region, operating system, and preferred connectivity method.
For authentication, you have two options. You can authenticate to Azure interactively with your own credentials when running the script on each server, or, if you’re managing a large number of machines, you can create (or use an existing) service principal with the Azure Connected Machine Onboarding role. The service principal allows you to deploy the onboarding script across multiple servers automatically, without needing to authenticate to Azure from each machine individually.
This approach is especially useful when working with orchestration tools, allowing you to deploy the onboarding script across multiple virtual machines automatically, without needing to connect to Azure from each one individually.
If you’re curious about what the script looks like, here’s a quick snippet:
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;
Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1";
& "$env:TEMP\install_windows_azcmagent.ps1";
if ($LASTEXITCODE -ne 0) { exit 1; }
Start-Sleep -Seconds 5;
& "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent.exe" connect --service-principal-id "$ServicePrincipalId" --service-principal-secret "$ServicePrincipalClientSecret" --resource-group "$env:RESOURCE_GROUP" --tenant-id "$env:TENANT_ID" --location "$env:LOCATION" --subscription-id "$env:SUBSCRIPTION_ID" --cloud "$env:CLOUD" --tags 'Datacenter=AVS,Environment=Production,ArcSQLServerExtensionDeployment=Disabled' --correlation-id "$env:CORRELATION_ID";Once you run the script on your server, it will automatically install the Azure Connected Machine Agent, which connects the VM to Azure Arc.
If you’re onboarding a Windows VM, it’s a good idea to activate Azure benefits to avoid unnecessary charges.
Keep in mind that this method won’t give you full management capabilities like those available when onboarding an entire vCenter environment. However, you’ll still gain access to powerful Azure features — such as patch management, policy enforcement for configuration standards, Log Analytics for unified monitoring and alerting, and Run Commands (currently in preview) for executing scripts remotely.
If connecting individual servers isn’t sufficient, you can onboard your entire vCenter to Azure Arc by deploying a Resource Bridge, which acts as a connector between your vCenter environment and Azure.
Setting up the Resource Bridge is straightforward: provide your subscription, resource group, region, and assign relevant tags. Before downloading the onboarding script, make sure the Resource Provider for your subscription is registered. Once that’s done, Azure generates a script in either PowerShell or Bash, depending on your workstation.
When executing the script, you’ll be prompted for:
- Azure login (via device code)
- vCenter FQDN, username, and password
- Datacenter, resource pool, datastore, and VM/network settings
- Static IP and network configuration for the Resource Bridge VM
Once the Resource Bridge is in place, navigate to Arc > VMware vCenters in the Azure Portal. Your vCenter resources — including VMs, networks, and resource pools — become visible.
When integrating your VMware environment with Azure using Azure Arc for vCenter, you’ll come across two options: Enable in Azure and Enable guest management. They sound similar, but they serve very different purposes.
Enabling in Azure connects your vCenter to Azure and syncs its VM inventory. This means all your VMware virtual machines appear in the Azure portal as Arc–enabled VMware machines. You can organize them with tags, apply basic governance using Azure Policy, and get a unified view of your hybrid environment. However, this connection is agentless — Azure doesn’t interact directly with the guest operating system. It only knows about the VMs, their configuration, and their metadata.
Enabling guest management goes a step further. This option installs the Azure Connected Machine Agent inside the VM, fully onboarding it to Azure Arc for Servers. With the agent in place, Azure gains in-guest visibility and can manage the machine much like a native Azure VM. You can use tools such as Azure Update Management, Defender for Servers, and Azure Monitor, or deploy extensions and automation scripts directly to the OS. This does require the VM to have network connectivity to Azure, since management now happens inside the machine rather than through vCenter.
With Azure Arc, you gain centralized visibility, governance, and management across your hybrid environment. Whether onboarding a single server, a fleet of VMs, or an entire vCenter, Azure Arc simplifies hybrid cloud management and brings powerful Azure services directly to your existing infrastructure. In my next posts, I’ll dive deeper into the secrets of Azure Arc. Stay tuned!
Leave a Reply