Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Lighthouse helps service providers use Azure Arc to manage customers' hybrid environments, with visibility across all managed Microsoft Entra tenants.
Azure Arc simplifies complex and distributed environments across on-premises, edge, and multicloud, extending Azure management across infrastructures.
With Azure Arc–enabled servers, customers can manage Windows and Linux machines hosted outside of Azure on their corporate network, in the same way they manage native Azure virtual machines. Through Azure Lighthouse, service providers can then manage these connected non-Azure machines along with their customers' Azure resources.
Through Azure Lighthouse, service providers can connect Kubernetes clusters to Azure by using Azure Arc–enabled Kubernetes. These clusters can then be managed alongside the customer's Azure Kubernetes Service (AKS) clusters and other Azure resources.
Tip
Though this article refers to service providers and customers, this guidance also applies to enterprises using Azure Lighthouse to manage multiple tenants.
Manage hybrid servers at scale by using Azure Arc–enabled servers with Azure Lighthouse
As a service provider, you can connect and disconnect on-premises Windows Server or Linux machines outside Azure to your customer's subscription. When you generate a script to connect a server, use the --user-tenant-id parameter to specify your managing tenant, with the --tenant-id parameter indicating the customer's tenant.
When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with Azure Arc. You can manage these connected machines using Azure constructs, such as Azure Policy and tagging, just as you would manage the customer's Azure resources. You can also work across customer tenants to manage all connected machines together.
For example, you can ensure the same set of policies are applied across customers' hybrid machines. You can use Microsoft Defender for Cloud to monitor compliance across all of your customers' hybrid environments, or use Azure Monitor to collect data directly into a Log Analytics workspace. Virtual machine extensions can be deployed to non-Azure Windows and Linux VMs, simplifying management of your customers' hybrid machines.
Manage hybrid Kubernetes clusters at scale with Azure Arc-enabled Kubernetes
You can manage Kubernetes clusters that are connected to a customer's subscription with Azure Arc, just as if they were running in Azure.
If your customer uses a service principal account to onboard Kubernetes clusters to Azure Arc, you can access this account so that you can onboard and manage clusters. To do so, assign the Kubernetes Cluster - Azure Arc Onboarding built-in role to a user in the managing tenant when the subscription containing the service principal account is onboarded to Azure Lighthouse.
You can deploy configurations and Helm charts to Arc-enabled Kubernetes clusters by using GitOps for connected clusters.
You can also monitor connected clusters with Azure Monitor, use tagging to organize clusters, and use Azure Policy for Kubernetes to manage and report on compliance state.
Next steps
- Explore the Azure Arc Jumpstart.
- Learn about supported cloud operations for Azure Arc-enabled servers.
- Learn about accessing connected Kubernetes clusters through the Azure portal.