Onboard VMs to Azure Arc through the multicloud connector

The Arc onboarding solution of the multicloud connector autodiscovers VMs in a connected public cloud, then installs the Azure Connected Machine agent to onboard the VMs to Azure Arc. This simplified experience lets you use Azure management services, such as Azure Monitor, providing a centralized way to manage Azure, AWS, and GCP VMs together.

Currently, the multicloud connector provides support for connecting resources from these public clouds:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP) (preview)

You can enable the Arc onboarding solution when you connect your public cloud to Azure.

Prerequisites

In addition to the general prerequisites for connecting a public cloud, be sure to meet the requirements for the Arc onboarding solution. This includes requirements for each EC2 instance or GCP VM to be onboarded to Azure Arc.

Resource representation in Azure

After you connect your AWS cloud and enable the Arc onboarding solution, the multicloud connector creates a new resource group with the naming convention <PublicCloud>_<AccountId>.

When EC2 instances or GCP VMs are connected to Azure Arc, representations of these machines appear in this resource group. These resources are placed in Azure regions, using a standard mapping scheme. You can filter for which Azure regions you would like to scan for. By default, all regions are scanned, but you can choose to exclude certain regions when you configure the solution.

The <PublicCloud>_<AccountId> resource group inherits permissions from its subscription. You can grant additional access to user accounts in your tenant as needed to enable specific scenarios.

Connectivity method

When creating the Arc onboarding solution, you select whether the Connected Machine agent should connect to the internet via a public endpoint or by proxy server. If you select Proxy server, you must provide a Proxy server URL to which the EC2 instance or GCP VM can connect. For more information, see Connected machine agent network requirements.

You can also select an Arc gateway resource to handle the connection for your Arc-enabled servers. Arc gateway reduces the number of endpoints that must be allowed in your environment to use Azure Arc. For more information, see Simplify network configuration requirements with Azure Arc gateway.

Periodic sync options

The periodic sync time that you select when configuring the Arc onboarding solution determines how often your source cloud is scanned and synced to Azure. By enabling periodic sync, whenever a new EC2 instance or GCP VM that meets the prerequisites is discovered, the Arc agent is automatically installed. The periodic sync option also helps clean up your resources in Azure. For instance, if the EC2 instance or GCP VM is removed from the source cloud, the corresponding Arc server created in the <PublicCloud>_<AccountId> resource group in Azure is also deleted.

If you prefer, you can turn periodic sync off when configuring this solution. If you do so, new EC2 instances and GCP VMs aren't automatically onboarded to Azure Arc, because Azure doesn't scan for new instances.

Filter options

You can choose to filter to scan for EC2 instances or GCP VMs based on:

• EC2 instances based on AWS regions or AWS tags.
• GCP VMs based on GCP regions or GCP labels.

You can select specific regions to scan for AWS or GCP resources. You can also filter by AWS tags or GCP labels so that only machines that have the matching tag or label (case-insensitive) are eligible for Arc onboarding.

Next steps

• Learn more about managing connected servers through Azure Arc.
• Learn about the multicloud connector Inventory solution.