This is a continuation of a series of articles on hosting solutions and services on Azure public cloud with the most recent discussion on Multitenancy here This article continues to discuss Azure Arc enabled servers and their sizing guidance but brings up some operational considerations when increasing the numbers. 

We noticed several different types of pods that are deployed to the Kubernetes cluster. These include bootstrapper, control, controldb, logsdb, logsui, metricsdb, metricsdc, and metricsui each with their own default values for cpu requests and memory and their limits. Some of these can be customized and controlled.  The SQL managed instances also have similar sizing considerations except that their limits and values are not necessarily double of one another. 

The cumulative sizing and baseline size are also proportional to the number of cores, memory and nodes. With such heterogeneity in the resources, access control and security become more complex than the homogeneous pods.  The high availability, planned maintenance and disaster continuity also affect the sizing. 

One of the ways to secure this diversity is to operate with least privilege. This grants users and service accounts specific permissions required to perform the required tasks. Both Azure and Kubernetes provide a role-based access control which can be used to grant specific permissions. This article describes common scenarios in which the security of least privilege must be applied. The Azure Arc data controller requires some permissions that fall under high privilege such as creating Kubernetes namespace or cluster role. The deployment of data controller can be separated into multiple steps and each of these can be performed by user or service account. The separation of duties ensures that each user or service account has just the right permissions and nothing more. 

Only a certain number of machines can be connected per resource group but there are no limits at the service level.  The networking configuration, transport level security and resource providers required for connected machine agents continue to hold for registering these instances.