This article provides a comprehensive guide for installing Linux servers to Azure Arc, covering prerequisites, deployment instructions, and advanced topics such as hybrid connectivity methods, proxies, and private endpoints.
For those managing hybrid environments with Windows, don’t miss my complementary article on Installing Azure Arc Agent on Windows Server to achieve a unified management strategy.
Why use Azure Arc for Linux servers?
Linux servers are at the heart of modern IT operations, supporting everything from applications to containerized workloads. By integrating Linux systems into Microsoft Azure, Azure Arc offers the following benefits:
- Centralized Governance: Apply Azure Policy and assign custom tags for compliance, organization, and cost tracking.
- Advanced Monitoring: Use Azure Monitor to collect telemetry, gain insights, and set up proactive alerts.
- Flexible Connectivity Methods: Choose between direct internet, proxies (via proxy URL and proxy port), or private endpoints for secure communication.
- Automation at Scale: Streamline deployment with onboarding scripts or tools like Ansible.
- Cost Visibility: Use tags and metadata to allocate costs effectively across projects and departments.
Real-world example: Azure Arc in action
A financial services company faced challenges managing Linux servers scattered across on-premises and AWS environments. By onboarding these servers as Azure Arc-enabled servers:
- They applied physical location tags to identify costs by region and branch.
- Hybrid connectivity without sacrificing security
- Azure Monitor provided real-time insights, improving performance monitoring across their hybrid environment.
- Azure Policy enforced compliance with regulatory requirements across multiple clouds.
Prerequisites for onboarding Linux servers
Before onboarding, confirm that your environment meets these requirements:
Supported Linux operating systems
Azure Arc supports popular distributions, including:
- Ubuntu 18.04 and 20.04
- Red Hat Enterprise Linux (RHEL) 7.6+ and 8
- CentOS 7 and 8
- SUSE Linux Enterprise Server (SLES) 12 SP3+
For the most up-to-date compatibility, refer to the official Azure Arc documentation.
Azure subscription
The following resource providers must be registered in your Azure subscription:
Microsoft.HybridComputeMicrosoft.GuestConfiguration
You can register these providers in the Azure Portal or via the Azure CLI:
az provider register --namespace Microsoft.HybridCompute
az provider register --namespace Microsoft.GuestConfiguration
It is also recommended to ensure your subscription has sufficient permissions, such as the Owner or Contributor role, for onboarding and managing Azure Arc-enabled servers.
Network connectivity and hybrid connectivity
Azure Arc supports three connectivity methods to suit different environments:
- Direct Internet Access: Outbound HTTPS traffic is required on port 443 to:
https://*.azure.comhttps://*.microsoft.comhttps://*.windows.net
- Proxy Configuration: For secure routing, configure a proxy URL and proxy port in the CMA settings.
- Private Endpoint: For environments requiring private network communication, Azure Private Link ensures all traffic remains within a private IP space.
Administrator permissions
Ensure you have sudo or root account permissions to install and configure the Azure Connected Machine Agent (CMA).
Step 1: Prepare your Linux server
Validate system readiness
- Check your Linux distribution and version:
cat /etc/os-release- Test network connectivity to Azure endpoints:
nslookup management.azure.comEnsure DNS resolution works correctly by running the above command. Connectivity issues often stem from misconfigured DNS settings.
Update Linux system packages
Keep the system up-to-date to ensure compatibility with Azure Arc:
sudo apt-get update && sudo apt-get upgrade # Ubuntu/Debian
sudo yum update # RHEL/CentOSStep 2: Install the Azure Connected Machine Agent
The Azure Connected Machine Agent (CMA) is critical for onboarding Linux servers to Azure Arc.
Download and install the agent
Azure provides .deb and .rpm packages for different Linux distributions. These can be downloaded from the Microsoft Download Center.
For Ubuntu/Debian:
- Download the
.debpackage using wget. - Install the package using dpkg.
bashCopy code wget https://aka.ms/azure-connected-machine-agent-linux.deb
bashCopy code sudo dpkg -i azure-connected-machine-agent-linux.debFor RHEL/CentOS:
- Download the
.rpmpackage. - Install the package.
bashCopy code wget https://aka.ms/azure-connected-machine-agent-linux.rpm
bashCopy code sudo rpm -ivh azure-connected-machine-agent-linux.rpm- Verify the agent installation:
bashCopy code
azcmagent show
Step 3: Connect the server to Azure Arc
Once the CMA is installed, connect your server to Azure Arc.
- Use the following command to onboard the server
azcmagent connect --resource-group <ResourceGroupName> --tenant-id <TenantId> --location <AzureRegion> --subscription-id <SubscriptionId>- Replace placeholders with your Azure details:
- ResourceGroupName: Azure resource group name.
- TenantId: Azure Active Directory tenant ID.
- AzureRegion: e.g.,
eastus. - SubscriptionId: Azure subscription ID.
- Confirm the connection:
azcmagent showYour server should now appear in the Azure Portal under Machines > Azure Arc. Note that from Azure’s perspective, it doesn’t matter whether your servers run Microsoft Windows or Ubuntu Linux. That’s the point: Arc-enabled servers all share the same Microsoft Cloud Platform security, governance, and compliance goodness.
Step 4: Enable monitoring and Advanced Insights
Configure Azure Monitor
Azure Monitor provides detailed performance metrics, including CPU, memory, and disk utilization. To enable monitoring:
- Navigate to your onboarded server in Machines > Azure Arc.
- Select Insights and link the server to a Log Analytics Workspace.
Install the Log Analytics Agent
The Log Analytics Agent is essential for collecting advanced telemetry, such as performance metrics, system logs, and diagnostic data, from your Linux server. This agent integrates seamlessly with Azure Monitor, allowing you to gain deep insights into your system’s health and performance. To install the agent, download the onboarding script directly from the Microsoft GitHub repository:
wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh
sudo sh onboard_agent.sh -w <WorkspaceID> -s <WorkspaceKey>
Replace <WorkspaceID> with the unique ID of your Log Analytics Workspace and <WorkspaceKey> with the primary or secondary key for your workspace. These values can be found in the Azure Portal under Log Analytics Workspaces > Agents Management. Once installed, the agent will begin sending telemetry data to Azure Monitor, enabling you to configure alerts, dashboards, and advanced reporting for your hybrid environment.
Step 5: Connectivity methods – Proxy configuration and private endpoints
Proxy configuration
For environments without direct internet access, update the CMA settings with your proxy URL and proxy port:
- Edit the
/etc/azcmagent/config.jsonfile:
{
"proxy_url": "http://proxy.company.com",
"proxy_port": 8080
}- Restart the agent:
sudo systemctl restart azcmagentAzure Private Link endpoints
Azure Private Link enables secure, private connectivity between your Linux server and Azure services, ensuring that all communication remains within your network. By routing traffic through a private IP space, Private Link eliminates the need for public IP addresses, greatly reducing your server’s exposure to Internet-based threats. This feature is especially valuable for organizations with strict compliance and data sovereignty requirements, as it keeps sensitive telemetry and management data within a controlled network boundary.
To implement a Private Endpoint, you need to create a private link in your Azure subscription and configure DNS settings to resolve Azure endpoints through the private IP address. This ensures seamless communication while maintaining isolation from public networks. Whether managing servers in a hybrid or multi-cloud environment, Private Link simplifies connectivity while providing an added layer of security.
For detailed instructions, refer to the Azure Private Link documentation.
Step 6: Organize resources with metadata and tags
Apply custom tags
Tags improve resource organization and cost tracking. Assign tags using the CLI:
az resource tag --tags Environment=Production Department=IT --ids <ResourceID>
Use the Tags blade
In the Azure portal, navigate to the Tags blade to inspect and manage tagged resources, streamlining your inventory management process.
Troubleshooting common issues
Installation errors
If the CMA installation fails, resolve dependency issues:
sudo apt-get install curl tar gzip # For Ubuntu/Debian
sudo yum install curl tar gzip # For RHEL/CentOSConnection failures
- Verify network connectivity:
curl -v https://management.azure.com
- Check agent logs for errors:
sudo journalctl -u azcmagentYou can always use the azcmagent connect command to initiate a reconnection to Microsoft Azure. For example, you can see the process occurring in the following screen capture:
Unify Linux servers under a centralized control plane
Azure Arc revolutionizes hybrid IT management by unifying Linux servers under a centralized control plane. From flexible connectivity methods like proxies and private endpoints to advanced monitoring with Azure Monitor, Azure Arc simplifies operations while ensuring compliance and cost efficiency.
Looking for Windows-specific guidance? Check out my companion article on Installing Azure Arc Agent on Windows Server for tips on onboarding Windows endpoints, ensuring consistency across your hybrid infrastructure.
The post Install Azure Arc Agent on Linux appeared first on Petri IT Knowledgebase.