Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Arc-enabled VMware vSphere is an Azure Arc service that helps you simplify management of hybrid IT estate distributed across VMware vSphere and Azure. It does so by extending the Azure control plane to VMware vSphere infrastructure and enabling the use of Azure experiences for VM management and Azure services for consistent security, governance, monitoring and patching across VMware vSphere on-premises private clouds, Azure VMware Solution (AVS) private clouds and Azure.
Azure Arc-enabled VMware vSphere allows you to:
Discover your VMware vSphere estate (VMs, templates, networks, datastores, clusters/hosts/resource pools) and register resources with Azure at scale.
Perform various virtual machine (VM) operations directly from Azure, such as create, resize, delete, and power cycle operations such as start/stop/restart on VMware VMs consistently with Azure.
Empower developers and application teams to self-serve VM operations on-demand using Azure role-based access control (RBAC).
Install the Azure connected machine agent at scale on VMware VMs to govern, protect, configure, and monitor them.
Browse your VMware vSphere resources (VMs, templates, networks, and storage) in Azure, providing you with a single pane view for your infrastructure across both environments.
Build automation and self-service pipelines using Python, Java, JavaScript, Go, and .NET SDKs; Terraform, ARM, and Bicep templates; Azure REST APIs, CLI, and PowerShell.
Leverage Azure Arc benefits such as Windows Server management for VMs with Software Assurance licenses, Extended Security Updates benefits for Windows Server and SQL Server with pay-as-you-go billing for on-premises VMs and free ESUs for AVS VMs.
How does it work?
Azure Arc-enabled VMware vSphere provides these capabilities by integrating with your VMware vCenter Server. To connect your VMware vCenter Server to Azure Arc, you need to deploy the Azure Arc resource bridge in your vSphere environment. Azure Arc resource bridge is a virtual appliance that hosts the components that communicate with your vCenter Server and Azure.
When a VMware vCenter Server is connected to Azure, an automatic discovery of the inventory of vSphere resources is performed. This inventory data is continuously kept in sync with the vCenter Server.
All guest OS-based capabilities are provided by enabling guest management (installing the Arc agent) on the VMs. Once guest management is enabled, VM extensions can be installed to use the Azure management capabilities. You can perform virtual hardware operations such as resizing, deleting, adding disks, and power cycling without guest management enabled.
Architecture
The following image shows the architecture for the Azure Arc-enabled VMware vSphere:
How is Arc-enabled VMware vSphere different from Arc-enabled Servers
The easiest way to think of this is as follows:
Azure Arc-enabled servers interact on the guest operating system level, with no awareness of the underlying infrastructure fabric and the virtualization platform that they're running on. Since Arc-enabled servers also support bare-metal machines, there can, in fact, not even be a host hypervisor in some cases.
Azure Arc-enabled VMware vSphere is a superset of Arc-enabled servers that extends management capabilities beyond the guest operating system to the VM itself. This provides lifecycle management and CRUD (Create, Read, Update, and Delete) operations on a VMware vSphere VM. These lifecycle management capabilities are exposed in the Azure portal and look and feel just like a regular Azure VM. Azure Arc-enabled VMware vSphere also provides guest operating system management—in fact, it uses the same components as Azure Arc-enabled servers.
You have the flexibility to start with either option, and incorporate the other one later without any disruption. With both the options, you enjoy the same consistent experience.
Note
For guidance on choosing the right Azure Arc service for your virtual machines, see Choose the right Azure Arc service for machines.
Supported scenarios
Azure Arc-enabled VMware vSphere currently works with vCenter Server versions 7 and 8 with a maximum of 9500 VMs.
Multiple vCenters can be onboarded using a single Azure Arc resource bridge if the total number of VMs managed by these vCenters do not exceed 9500 VMs.
Azure Arc-enabled VMware vSphere works with Azure VMware Solution (AVS) private clouds.
Virtualized Infrastructure Administrators/Cloud Administrators can connect a vCenter instance to Azure.
Administrators can then use the Azure portal to browse VMware vSphere inventory and register virtual machines resource pools, networks, and templates into Azure.
Administrators can provide app teams/developers fine-grained permissions on those VMware resources through Azure RBAC.
App teams can use Azure interfaces (portal, CLI, PowerShell, SDKs, Terraform, Bicep, ARM templates, or REST API) to manage the lifecycle of on-premises VMs they use for deploying their applications (CRUD, Start/Stop/Restart).
Administrators can install Azure Connected Machine agent on vCenter-managed VMs at-scale and can perform the following actions:
- Govern:
- Assign Azure machine configurations to audit settings inside the machine.
- Protect:
- Protect non-Azure servers with Microsoft Defender for Endpoint, included through Microsoft Defender for Cloud, for threat detection, for vulnerability management, and to proactively monitor for potential security threats. Microsoft Defender for Cloud presents the alerts and remediation suggestions from the threats detected.
- Use Microsoft Sentinel to collect security-related events and correlate them with other data sources.
- Configure:
- Use Azure Automation for frequent and time-consuming management tasks using PowerShell and Python runbooks. Assess configuration changes for installed software, Microsoft services, Windows registry and files, and Linux daemons using the Azure Monitor agent for change tracking and inventory.
- Use Azure Update Manager to manage operating system updates for Windows and Linux servers. Automate onboarding and configuration of a set of Azure services when you use Azure Automanage.
- Perform post-deployment configuration and automation tasks using supported Arc-enabled servers VM extensions for non-Azure Windows or Linux machine.
- Monitor:
- Monitor operating system performance and discover application components to monitor processes and dependencies with other resources using VM insights.
- Collect other log data, such as performance data and events, from the operating system or workloads running on the machine with the Azure Monitor Agent. This data is stored in a Log Analytics workspace.
Log data collected and stored in a Log Analytics workspace from the hybrid machine contains properties specific to the machine, such as a Resource ID, to support resource-context log access.
Watch this video to learn more about Azure monitoring, security, and update services across hybrid and multicloud environments.
- Govern:
Administrators can install the Azure Connected Machine agent at scale and leverage Azure Arc benefits such as Windows Server management for VMs with Software Assurance licenses, and pay-as-you-go billing for Extended Security Updates for Windows Server and SQL Server VMs.
Supported regions
For the most up-to-date information about region availability of Azure Arc-enabled VMware vSphere, see Azure Products by Region page.
Data Residency
Azure Arc-enabled VMware vSphere doesn't store/process customer data outside the region the customer deploys the service instance in. By default, customer data stays within the region the customer deploys the service instance in. For region with data residency requirements, customer data is always kept within the same region.
Azure Kubernetes Service (AKS) Arc on VMware (preview)
Starting March 2024, Azure Kubernetes Service (AKS) enabled by Azure Arc on VMware is available for preview. AKS Arc on VMware enables you to use Azure Arc to create new Kubernetes clusters on VMware vSphere. For more information, see What is AKS enabled by Arc on VMware?.
The following capabilities are available in the AKS Arc on VMware preview:
- Simplified infrastructure deployment on Arc-enabled VMware vSphere: Onboard VMware vSphere to Azure using a single-step process with the AKS Arc extension installed.
- Azure CLI: A consistent command-line experience, with AKS Arc on Azure Local 23H2, for creating and managing Kubernetes clusters. The preview only supports a limited set of commands.
- Cloud-based management: Use familiar tools such as Azure CLI to create and manage Kubernetes clusters on VMware.
- Support for managing and scaling node pools and clusters.
Next steps
- Plan your resource bridge deployment by reviewing the support matrix for Arc-enabled VMware vSphere.
- Once ready, connect VMware vCenter to Azure Arc using the helper script.
- To enable Arc for Azure VMware Solution (AVS) private cloud, see Deploy Arc-enabled VMware vSphere for Azure VMware Solution private cloud.
- Try out Azure Arc-enabled VMware vSphere by using the Azure Arc Jumpstart.
- Consider unified operations and plan for hybrid and multicloud environments with the Cloud Adoption Framework.
- Choose the Azure Hybrid solution that meets your business requirements with guidance from the Azure Architecture Center.