Public preview – Azure Arc-enabled VMware vSphere – Part 2
Overview
In the previous post (part 1), we covered the capabilities of Azure Arc-enabled VMware vSphere: a solution to extend Azure governance and management policies to VMware based workload.
We also deployed a Resource Bridge to establish the connection between a VMware environment and Azure. We can now explore vCenter inventory through Azure and manage Virtual Machines.
Explore vCenter inventory from Azure UI
When vCenter and Resource Bridge are connected to Azure Arc, you can explore its content and connection status:
In order to use a resource in Azure, an activation is required: Use the Enable in Azure to activate an existing VMware resource in Azure. As with any Azure-based resource, RBAC strategies can be applied to provide or restrict access to Azure-enabled resources.
ResourcePool, Networks, Templates and Datastores will appear as hidden resources in Azure ResourceGroup you will select in the activation process. They will be used for the VM creation process but cannot be edited from Azure.
ResourcePools
VMware ResourcePools cannot be created, edited or remove but can be registered for VM creation scenario. By default, all resourcePools will be displayed in the inventory list (including Cluster and Hosts resourcePool representation). You can enable a ResourcePools in Azure by selecting it and click on Enable in Azure. You will be prompted for an Azure ResourceGroup attachment and the resourcePool will then be displayed with a link to explore its details.
VM Templates
VMware VM Templates cannot be created, edited or remove but can be registered for VM creation scenario. By default, all VM Templates will be displayed in the inventory list. You can enable a VM Template in Azure by selecting it and click on Enable in Azure. You will be prompted for an Azure ResourceGroup attachment and the Template will then be displayed with a link to explore its details.
Note: Currently, the template from the Content Library are not available. Only VM template from vCenter VM-folders inventory are usable in Azure Arc-enabled VMware vSphere.
Networks
VMware Networks cannot be created, edited or remove but can be registered for VM creation scenario. By default, all networks (NSX-T segments, PortGroups and DvPortGroups) will be displayed in the inventory list. You can enable a network in Azure by selecting it and click on Enable in Azure. You will be prompted for an Azure ResourceGroup attachment and the Template will then be displayed with a link to explore its details.
Datastores
VMware Datastores cannot be created, edited or remove but can be registered for VM creation scenario. By default, all Datastores will be displayed in the inventory list. You can enable a Datastore in Azure by selecting it and click on Enable in Azure. You will be prompted for an Azure ResourceGroup attachment and the Datastore will then be displayed with a link to explore its details.
VMware Virtual Machine management through Azure
As mentioned in the previous parts of this post, ResourcePool, Networks, Templates and Datastores cannot be created, edited or deleted through Azure (UI, API, ARM etc.) but can be registered with ReadOnly access to provide Virtual Machines deployment dependencies.
The set of actions available for VMware Virtual Machines through Azure is more significant as you can:
- Run power operations (Start/Stop/Restart)
- Reconfigure Virtual Machine:
- CPU/Memory (for powered-off VM)
- Disk(s) - Add/remove/resize
- Networks - Add/remove/Change network attachment
- Enable Arc-based guest management and install extensions
- Apply RBAC and tagging policies
VMware Arc-based guest extensions are currently limited to 2 extensions: Log Analytics agent and cCustom Script execution.
Azure Arc enabled servers
If Azure Arc-enabled VMware vSphere based guest agent is currently limited to 2 extensions, it is still possible to use the normal Arc process to integrate the guest OS management of deployed servers through Azure and to benefit from all the capabilities of Azure Arc like (as mentioned in the Arc documentation):
- Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.
- Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
- Use familiar Azure services and management capabilities, regardless of where they live.
- Continue using traditional ITOps while introducing DevOps practices to support new cloud native patterns in your environment.
- Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.
Personal experience: I use this combination of Azure Arc-enabled VMware vSphere and Azure Arc-enabled Servers to fully manage, with Azure, VMware Virtual Machine objects and their Guest OS. This provide me the best of the two solutions.
Register an existing VM
You can enable a Virtual Machine in Azure by selecting it and click on Enable in Azure. You will be prompted for an Azure ResourceGroup attachment and the VM will then be displayed with a link to explore its details.
Create a VM
A VM object can also be fully created from Azure (UI or API).
- From the Arc Virtual Machines or Arc-registered vCenter list of VMs, click on Create button to start the VM creation wizard.
- You can select a ResourceGroup to attach the VM to, then provide some details for the VM deployment:
- A name
- The custom-location and object type (VMware)
- The target resourcePool
- The VM Template to use
- VM CPU and Memory configuration if you choose to override the template settings
- Administrator login and password if you choose to enable guest management during the creation process
- The second step of the wizard is for virtual disks configuration: name, size, controller and persistence.
- The third step of the wizard provide network settings configuration (network attachment, IP settings etc.)
- In the fourth step, you can add tag/value to the VM object (tag will only apply on Azure side: not VMware side.)
- The last step provide a pane to validate the requested changes and to start the deployment.
- When the deployment process is completed, you can see its results and display the deployed resources.
You can now compare the view on the same VM object from vCenter and from Azure UI:
Azure governance on VMware based resources
One of the main benefit from managing VMware resources from Azure is the possibility to apply standard Azure governance strategies like:
Grouping and tagging
VMware resources that are enabled in Azure can be attached to Azure ResourceGroups and benefit from the governance inheritance on resource objects (RBAC, locks etc.)
VMware resources can also be tagged in order to filter resources in search operations or to manage resources costing and attributions.
RBAC
You can apply Azure RBAC strategies to VMware resources that are enabled in Azure and provide, ReadOnly, Contribution or ownership to the resources.
Lock
You can also prevent deletion or modification by using Azure Lock and the dependencies from Subscription or ResourceGroup:
Upcoming
As you may have noticed in the last screens of the deployment, it is possible to get/download the ARM template that represents the ongoing deployment. This will be covered in the upcoming post about automation capabilities provided by Azure Arc-enabled VMware vSphere.
And if you missed the first part of this series:
Credits
Title photo by Siarhei Palishchuk on Unsplash