This is a continuation of series of articles on hosting solutions and services on Azure public cloud with the most recent discussion on Multitenancy here This article discusses SQL Server on Azure Arc enabled servers.

Azure Arc-enabled servers expose hybrid inventory to Azure management plane.  The Windows and Linux physical servers and virtual machines hosted outside of Azure, on the corporate network or other clouds can become primary citizens as Azure resources when they are Azure-Arc enabled.

When an Azure Arc enabled Server is connected, it gets a resource ID to be included into a resource group. Standard Azure constructs such as Azure Policy and applying tags are enabled. With SQL Server on Azure Arc enabled servers, the SQL server instance is promoted to the same visibility and rules as other cloud native SQL server instances.  The Azure Arc enabled server already registers the compute with the Azure management plane, so only a registration script is required to register the SQL server instance to Azure. This registration installs a SQL Arc installation to the Connected Machine Agent which in turn shows a SQL Server – Azure Arc resource installed on that machine via the portal. The properties display some of the configuration settings of the SQL Server instance.

SQL instances are a type of resource in the Azure management plan that plays critical role in governance and security management. Consequently, SQL Server on Azure Arc enabled servers support a set of solutions that require the Microsoft Monitoring agent server extension to be installed and connected to an Azure Log Analytics workspace.

The supported cloud operations include govern, protect, configure and monitor. Governance is enabled with Azure Policy guest configurations to audit settings inside the machine. Non-Azure servers can be protected with Microsoft Defender for Endpoint and included through Microsoft Defender for cloud for threat detection, vulnerability management, and monitoring potential security threats. Microsoft Sentinel can be used for SIEM purposes. Configuration is enabled with Azure Automation for frequent and time-consuming management tasks.  Configuration changes can be assessed for installed software, Microsoft Services, Windows registry and files, and Linux daemons using change tracking and inventory. Update management can be used to update Windows and Linux servers. Post-deployment configuration and automation tasks can be performed using Arc enabled servers VM extension. Operating Systems performance can be monitored using VM insights. Other log data such as performance data and events can be stored in a Log Analytics workspace.

Only a certain number of machines can be connected per resource group but there are no limits at the service level.  The networking configuration, transport level security and resource providers required for connected machine agents continue to hold for registering these SQL Server instances.

Instance Metadata information about the connected machines is collected and stored in the region where the Azure Arc machine resource is configured and includes details such as Operating system name and version, Computer name, Computer fully qualified domain name and Connected Machine agent version.

The status for a connected machine can be viewed in the Azure Portal under Azure Arc -> Servers.

The connected machine agent sends a regular heartbeat message from a machine and if it stops, it is assumed to be disconnected within 15 to 30 minutes. The machine identity’s credential is valid up to 90 days and renewed every 45 days. Azure Arc-enabled servers has a limit for the number of instances that can be created in each resource group, but it does not have any limits at the subscription or service level.