Azure Arc will offer the capabilities to manage your On-prem SQL Server instances, other Servers, and applications that are running outside of Azure. It is like a central location where you can see your resources and manage them from Azure. This is very useful when you want to know the inventory details of both your on-prem Servers and Azure resources if you are in using hybrid ways, i.e. having resources from different cloud providers or having resources outside Azure including On-prem SQL Servers.
Inventory includes the basic details of your Servers like the hostname of the machine where your Server is hosted, the name of the instance, version, edition, and amount of resources like CPU and memory allocated to the Servers. As you will be in Azure, take advantage of the Azure Resource Graph Explorer to get these details. You can create customized dashboards and create charts.
You can also get the best practices assessment after enabling the Azure Arc-enabled SQL Servers. This assessment will analyze the SQL Server configurations comparing the best practices based on Azure standards and provide recommendations.
Cost Savings
You can save money by using Microsoft Defender for Cloud after enabling Azure Arc-enabled SQL Server. Microsoft Defender for Cloud feature will do the Vulnerability assessment and threat protection. More on this topic, I have written a blog post here.
If you would like to use the Azure Purview feature, it becomes easier to use as the Azure Arc-enabled SQL server will come with access policies that will be helpful to connect to SQL Servers with ease.
The architecture of Azure Arc-Enabled SQL Server
Some important points to remember:
There are three important agents that are needed to enable the Azure Arc-enabled SQL Server.
- Azure Connected Machine Agent – This agent will help manage the Windows and Linux machines hosting outside of Azure.
- Azure Extension for SQL Server
- Azure Monitoring Agent – The Microsoft Defender for cloud and best practices assessment needs this agent. This extension is needed to put the collected data in the log analytics workspace.
If you are installing the SQL Server 2022, use the Azure extension for SQL Server to connect to Azure. You will find this feature in the feature selection pane during the installation.
But even if you have this easy button to select and connect to Azure from SQL Server 2022, you can still install the Azure Arc-enabled SQL Server. You can install Azure extension for SQL Server from SQL Server 2012 and up.
Prerequisite Steps:
To enable the Azure Arc-enabled SQL Server, you need to have an account in Azure with a subscription that is active. You need to verify Arc-connected machine agent network requirements. The Arc agent needs to be running in Full mode. You will also need to connect to Azure Arc data processing service by opening up the outbound rules on each of the servers (virtual or physical) (Source) to URL: san-af-<region>-prod.azurewebsites.net and to port 443.
Also, you need to register for the resource providers –
Microsoft.AzureArcData and Microsoft.HybridCompute – you can do the installation very easily by connecting to the specific subscription and under the settings >select resource providers and register these two providers.
Service Principal Permissions needed to install the Azure Arc-enabled SQL Server
- Read permission to Subscription
- Permissions to Azure resource group –
- Azure Connected Machine Onboarding role
- Microsoft.AzureArcData/register/action
- Microsoft.HybridCompute/machines/extensions/read
- Microsoft.HybridCompute/machines/extensions/write
- If you are manually installing the agent or using the command line interface to install the agent, you need to have administrator permissions on the machine you would like to install. This can be a Windows or Linux machine.
- In case of deploying at scale on multiple Servers – The service principal needs to have a User Access Administrator role to install the system-managed identity and Resource policy Contributor role assignment at the resource group level or at the subscription level.
To check for the limitations at the subscription or resource group limitations, please read this post here.
In the next blog post, we will learn how to install the Azure Arc-enabled SQL Server using the Azure portal so you can start to see all the Servers outside of Azure in the Azure portal which makes the management and identification of your inventory easy.
Resources:
Thank you for reading!
Deepthi Goguri's SQL Server Blog 