Arc-Enabled SQL Server Management Architecture

​Azure Arc-enabled SQL Server management requires deploying multiple local agents with administrative privileges and connecting SQL Server to Azure. The illustration provides an architecture for connecting a single on-premises server to Azure Arc:

Arc Server works at the OS level to provide SQL Server discovery, policy enforcement, and identity management through Entra ID (previously called Azure Active Directory). It uses a local Azure Connected Machine agent that requires local server administrative rights.

Arc SQL Server works with the Arc Server component. It provides instance and database inventory feature and controls automated backups and patching. It uses an extension to the Azure Connected Machine agent called the Azure Extension for SQL Server. It requires SQL Server administrative rights to perform the various functions.

Log Analytics and Microsoft Defender for Cloud provide best practice assessments and advanced threat protection and assessment, respectively. They use a local Azure Monitoring agent that needs permission to read server and SQL Server event logs and other performance data. Log Analytics also uses Azure Storage, which is not shown in this illustration.