Home /Blog/ Monitoring / Hybrid Monitoring solution using Azure Monitor Part 2 : OnBoarding Azure Arcs machines

Hybrid Monitoring solution using Azure Monitor Part 2 : OnBoarding Azure Arcs machines

Posted 01 January 2024

By Ramy RZEM 8 min read

In this part we will be able to onboard azure arc machines using powerShell script

Also we can integrate the Azure Arc machines by using the template arm provided on Azure Arc.

What is and why we use Workload Identity Federation?

Say goodbye to expired Secrets and rotation! 🔑
Unleash the Power of Identity Federation in Azure DevOps 💫

Old pratic is about to create a arm service connection using service principal which create us a secret and it needs to b renewed and that's a management for an organisation.
Workload identity federation allows Azure DevOps to access Azure resources securely without the need for storing credentials in Azure DevOps. Instead, it uses federated identities, which provides a more secure and low-maintenance approach to service-to-service authentication.

Security: No need to manage or rotate secrets, reducing the risk of credentials leakage.
Maintenance: Eliminates the need for periodic secret rotation tasks.
Compliance: Meets stringent compliance requirements for identity and access management.

Prerequisites

Before you start, ensure you have the following:

On premise machine port http open 403.
network prerequis 2.
Permission to deploy arc machines.

Step-by-Step Guide to onBoard azure arc machines

Create app registration.
Iam deploy arc role to the app registration.
Generate template from portal azure

Execute ps script
Grant Access to the Azure Resources.
Create the ARM Service Connection in Azure DevOps.
Verify the Connection.
Implement the Service Connection in Your Pipelines.

many ways could be offered to implement federation depending if you create new ones or you have already some service connection with secrets and then you can convert it.

Implement automatic ... automatic implemntation.
Implement manual ... manual implemntation.
Convert existant service connection ... service connection convertion.
Terraform implementationof service connectionterraform implemntation..

Conclusion:

Creating an ARM service connection using workload identity federation is a forward-thinking approach that can significantly boost your project's security posture.
For detailed instructions and more information, refer to the official Microsoft documentation.