Published in

5 min read

2 days ago

In today’s cloud-centric world, hybrid cloud environments have become increasingly popular, allowing businesses to extend their on-premises infrastructure to the cloud seamlessly. However, onboarding isolated Windows VMs to Azure ARC, especially those with stringent security requirements, can be challenging.

This is where using an open-source proxy server like Squid comes into play. In this blog, we’ll explore why and how you can leverage Squid Proxy for onboarding isolated Windows VMs to Azure ARC.

Why Use a Proxy for Isolated VMs?

  1. Network Isolation
  2. Controlled Internet Access
  3. Cost Efficiency
  4. Centralized Management
  5. Enhanced Performance
  6. Facilitates Hybrid Cloud Environments

Setting Up Squid Proxy for Azure ARC Onboarding

Let’s dive into the steps to set up Squid Proxy for onboarding isolated Windows VMs to Azure ARC.

Step 1: Install Squid Proxy

First, you’ll need to install Squid Proxy on a suitable machine within your network. Squid is available for various operating systems, including Linux and Windows. In our case, we will be using Windows Server 2022.

a. Download the Squid for Windows setup

b. Follow the below steps to install:

Step 2: Adding Inbound Windows Firewall Rule

After installation, you need to add inbound windows firewall rule.

Add new rule and select ‘Port’
Specifying Port Number
Name the rule

Step 3: Configure Squid Proxy

After adding the rule, you need to configure Squid to suit your network requirements.

Open Squid Configuration
Squid.conf file configuration

Step 4: Restart Squid Service

The Squid Proxy is now setup and configured.

Step 5: Install Azure ARC Agent:

Use the Azure portal to create a script that automates the downloading and installation of the agent and establishes the connection with Azure Arc.

a. In the Azure portal, search for Servers — Azure Arc, and then select it in the results list.

b. On the Servers — Azure Arc page, select Add.

Add a machine

c. On the Add a single server tile, select Generate script.

Click generate script

Now, On the Resource details page, provide the following:

  • Select the subscription and resource group where you want the machine to be managed within Azure.
  • For Region, select the Azure region in which the server’s metadata will be stored.
  • For Operating system, select the operating system of the server you want to connect.
  • For Connectivity method, select how the Azure Connected Machine agent should connect to the internet.
  • In our case we are using proxy server so enter the proxy server IP address, or enter the name and port number that the machine will use, in the format http://<proxyURL>:<proxyport>.

In the Download or copy the following script section, review the script. As you can see the proxy server IP address and port is a part of this script.

Run the downloaded powershell script.

During the installation, you will be asked to log in to Azure and supply your (admin) credentials to prove you have access to your Azure subscription using the right role.

Once the credentials has been provided, it will show as authentication completed.

Now, the azure arc agent is installed. To verify if it is using proxy server or not, run ‘azcmagent show’ command. In that you will see that arc is using proxy server.

Also, to check the connectivity, run the following command ‘azcmagent check’.

Lastly, navigate back to Azure Portal to check if the Azure ARC profile for the on-premise server is there or not.

Onboarding isolated Windows VMs to Azure ARC using Squid Proxy is a strategic approach to managing hybrid cloud environments. By leveraging Squid Proxy, organizations can maintain network isolation, control internet access, optimize costs, and enhance performance while seamlessly integrating on-premises systems with Azure services. This method not only ensures the security and compliance of isolated environments but also provides a unified and efficient management experience across hybrid infrastructures.

Post
Filter
Apply Filters