Senior Cloud Solution Architect, cVation (part of Skaylink)
Many organizations today are embracing a hybrid cloud strategy. Workloads and data are spread across on-premises data centers, public clouds, and edge environments. This approach is often driven by data sovereignty, latency requirements, security, performance, or regulatory needs. At the same time, companies want to reap the benefits of cloud computing without moving everything there.
Hybrid setups are particularly widespread in industries like manufacturing, finance, healthcare, and retail – where cloud and on-premises systems often need to work hand in hand.
In reality, most companies don’t run everything in a single cloud. They often combine on-premises data centers with multiple cloud providers and edge deployments. This creates complexity – both technically and organizationally.
Azure Arc is Microsoft’s answer to this challenge. It provides a unified platform to manage and govern workloads, no matter where they reside.
So, why not stick with the setup you already have? After all, it works, right? Maybe you’re hesitant to change because it feels overwhelming. Or maybe it just feels too risky to change things?
The truth is, most companies end up with a hybrid IT architecture – not by design, but because business needs evolve, and new systems are added over time without a clear strategy. The result is often a patchwork of systems and custom solutions that are hard to oversee and even harder to clean up.
This gets worse when cloud is adopted without a clear strategy. In many cases, cloud gets layered on top of an old model still centered around on-premises infrastructure. Some organizations even try to architect their public cloud like it’s still on-premises. The result? A Frankenstein system that’s neither here nor there – and one that fails to deliver the value that the cloud was supposed to bring.
It’s not uncommon for us to hear: “We have a cloud-first strategy.” But on closer inspection, it’s clear their operations are still dictated by outdated, on-premises principles. That’s often the root of problems like poor scalability, lack of governance, or underutilized cloud capabilities – but few realize that the operational model itself is the issue.
Let’s start from the top. What is Azure Arc?
Azure Arc is a platform that allows you to manage, secure, and govern resources outside of Azure as if they were native Azure assets. This includes:
- Virtual machines in on-premises data centers or other clouds
- Servers and containers in AWS or Google Cloud
- Kubernetes clusters on edge devices
- SQL Servers running outside of Azure
Once onboarded to Azure Arc, these resources are treated as Azure Resource Manager assets. You can then use native Azure tools like Azure Policy, Azure Monitor, Defender for Cloud, and RBAC for governance and security.
Example: Onboarding on-premises VMs with Azure Arc
Let’s say you’re a manufacturing company with a central IT operations team. You still run critical applications on physical servers at your HQ data center because they’re tightly coupled with production equipment and can’t easily move to the cloud.
By onboarding these workloads with Azure Arc, you can:
- Monitor health and performance via Azure Monitor
- Enforce compliance with internal and external policies using Azure Policy
- Roll out updates centrally through Update Management
- Access risk insights and vulnerability scans via Defender for Cloud
This empowers your IT team to manage existing infrastructure through the same interface they already know from Azure, without needing to relocate it.
Bringing Azure-native services on-premises
Azure Arc doesn’t just give you visibility into your infrastructure – it lets you bring Azure services into your own data center or edge locations. That means you can leverage many of Azure’s advanced capabilities without moving everything to the cloud. Here are some key services you can run on-premises via Azure Arc:
Azure Arc-enabled SQL Managed Instance:
Run SQL Managed Instance locally with the same features as in Azure – automated backup, centralized management, high availability, patching, and advanced security – without data ever leaving your premises.
Azure Arc-enabled PostgreSQL:
Deploy Hyperscale PostgreSQL on-prem with elastic scaling, central management, and enterprise-grade features.
Azure App Services (preview):
Run App Services, Functions, and Logic Apps locally. Host web apps, APIs, and integrations on-prem while managing them from the Azure portal.
Azure Machine Learning:
Deploy and manage ML models on local servers or edge devices, while maintaining governance and logging through Azure.
Azure Kubernetes Service (AKS) on-premises:
Through Azure Stack HCI and Arc, get full AKS functionality on your own servers – consistent management, policy enforcement, and deployments across cloud and on-premises.
Governance, monitoring, and security:
Use tools like Azure Policy, Monitor, and Defender for Cloud on-premises to raise compliance and security standards, regardless of physical location.
With Azure Arc, you can unlock Azure’s capabilities locally without giving up your current investments or compromising on data residency and compliance.
Benefits for on-premises development
Azure Arc also benefits your development teams. Developers can keep working with the same tools, processes, and platforms they use in Azure whether the workloads live in the cloud or on-premises.
Key advantages:
- Consistent DevEx: Use the same APIs, deployment models, and pipelines everywhere.
- Faster innovation: Test, release, and scale quickly without waiting for full cloud migration.
- Central governance: Enforce policies across all environments from day one, avoiding shadow IT.
- Greater flexibility: Operations and development are aligned, regardless of workload location.
- Simplified migration and hybrid models: By building on Azure-native platforms locally, you can move workloads later or run them in hybrid mode for critical systems that need to stay on-site.
Azure Arc effectively bridges the gap between on-premises and cloud, letting you tap into modern development models wherever your resources reside.
Kubernetes and Azure Arc-enabled K8s
Kubernetes is now the standard for container orchestration across cloud and many on-premises environments. Large organizations often run Kubernetes on their own infrastructure or in non-Azure clouds for reasons like compliance, latency, existing investments, or avoiding vendor lock-in.
Azure Arc plays a crucial role here. With Azure Arc-enabled Kubernetes, you can onboard external clusters regardless of location to Azure. This allows you to apply the same governance, security, and monitoring as you would in Azure Kubernetes Service (AKS), without migrating the workloads.
Your on-premises (or GCP-based) K8s clusters become Azure resources and part of your broader cloud governance framework.
Key benefits include:
- Unified Azure Policy enforcement across all clusters
- Centralized role and access control via Azure AD
- Azure Monitor and Defender for Containers in any environment
- Resource Graph and tagging across hybrid landscapes
- GitOps integration with Flux, fully managed through Azure
- Scaled configuration management with Arc Config
This gives DevOps teams a consistent and efficient way to manage containerized environments wherever they run.
When does Azure Arc make sense?
Azure Arc is the right fit when:
- You run business-critical workloads outside Azure but want centralized governance.
- You operate hybrid environments spanning cloud, data center, and edge.
- You want consistent DevOps and security models across platforms.
- You plan to migrate to Azure gradually but want governance from day one.
The benefits include:
- Centralized governance: Set policies once and enforce them everywhere.
- Flexibility: You don’t need to move workloads to benefit from the Azure ecosystem.
- Scalable DevOps: GitOps + Azure Arc = easy deployments across all platforms
- Security and compliance: Vulnerability scanning and governance across all infrastructure
Challenges and considerations
But it’s not all magic. There are important considerations and some limitations to be aware of before embracing Azure Arc.
Onboarding can be complex, especially for organizations with a wide variety of legacy environments. Let’s say you’re a financial institution with multiple data centers, mixed OS versions, and poor documentation, onboarding Azure Arc is a real project. You’ll need a mature CMDB (Configuration Management Database) and a clear plan for which servers to onboard, when, and how.
You should also consider that using Azure Arc leads to a strong dependency on Azure as the main control plane. Even if your resources don’t run in Azure, your governance and operations will be tied to Azure services. This requires an internet connection and may not be a fit for offline environments.
Finally, licensing can add up. While Azure Arc is free for servers, services like Arc-enabled data (SQL Managed Instance, PostgreSQL) and advanced security do come with extra costs.
Azure Arc is a bare necessity – not just an option
Hybrid cloud is the new default – not because companies planned for it, but because business needs evolve fast and unpredictably. Azure Arc addresses this reality by providing a unified control layer that not only delivers visibility but also unlocks the power of cloud technologies regardless of where your data and workloads live.
It’s not about moving everything to the cloud. It’s about regaining control, unifying governance, and enabling development teams to innovate across all environments.
Those who stay stuck in legacy on-premises models or patch cloud onto old operations miss out and risk inefficiency, security gaps, and loss of competitiveness.
In my opinion Azure Arc isn’t just a tool. It’s the bridge between siloed legacy systems and the agile, scalable, secure IT organization of the future.
You might also like this
- Blog
- Case studies
- Blog