Deploy Azure Arc gateway (Limited preview 2024)

The Azure Arc Gateway introduces two new components to allow a communication between a local server to Azure using “only 7” endpoints. This is currently (09.09.2024) private preview. This requires some steps to enable it in your network.

Requirements

You need to apply for the private preview by completing the Azure Arc gateway Limited Public Preview Sign-up form. This will allow one or multiple subscriptions to install the Azure Arc Gateway feature.

There is some network traffic that needs to be allowed. This is still quite a few URLs, but it significantly less compared to the 15 minimum Azure Arc Endpoints and those can turn easily to hundreds of URLs when using extensions with Azure Arc.

URLPurpose
[Your URL Prefix].gw.arc.azure.comYour gateway URL (This URL can be obtained by running az connectedmachine gateway list after you create your gateway Resource)
management.azure.comAzure Resource Manager Endpoint, required for Azure Resource Manager control channel
login.microsoftonline.comMicrosoft Entra ID’s endpoint, for acquiring Identity access tokens
gbl.his.arc.azure.comThe cloud service endpoint for communicating with Azure Arc agents
.his.arc.azure.comUsed for Arc’s core control channel
packages.microsoft.comRequired to acquire Linux based Arc agentry payload, only needed to connect Linux servers to Arc
download.microsoft.comUsed to download the Windows installation package
Required URL for Azure Arc Gateway – Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/arc-gateway

How to use an Azure Arc Gateway?

Always check the current information by Microsoft first. The information should be available here. This guide will share some screenshots and a more detailed how to, but with the Limited Preview status, this documentation might be outdated.

  1. Download the az connected.whl file and use it to install the az connectedmachine extension.
  2. Create an Arc gateway resource.
  3. Ensure the required URLs are allowed in your environment.
  4. Associate new or existing Azure Arc resources with your Arc gateway resource.
  5. Verify that the setup succeeded.

Installation of the Azure Arc Gateway extension using Azure Cloud Shell

Download the installation file named connectedmachine-0.7.0-py3-none-any.whl from here. If you need to know about other aka.ms, please check out the super cool search engine Search aka.ms | akaSearch

This file connectedmachine-0.7.0-py3-none-any.whl contains the az connected machine commands required to create and manage your gateway Resource.

To install it we open the Azure Cloud Shell or any Azure Cli option you like, i.e. you can use the configuration in the Windows Terminal.

Make sure you run the commands to first list the subscriptions

az account list

and then connect to the subscription you want to update.

az account set –subscription ‘my-subscription-name’

I like the Azure Cloud Shell, because I can easily upload the file for using it.

Azure Cloud Shell - Manage Files - Upload
Azure Cloud Shell – Manage Files – Upload

When the file is uploaded directly in the root of your Azure cloud shell you can execute a command similiar to mine (make sure you change the path)

az extension add --allow-preview true --source /home/andreas/connectedmachine-0.7.0-py3-none-any.whl  

The installation process gives a short feedback that it completed fine.

Azure Arc Gateway Preview Installation completed
Azure Arc Gateway Preview Installation completed

Create the Azure Arc Gateway Resource

On a machine with access to azure or in the Azure Cloud shell you need to run the following commands.

az login --use-device-code
az account set --subscription [subscription name or id]
az connectedmachine gateway create --name [Your gateway’s Name] --resource-group [Your Resource Group] --location [Location] --gateway-type public --allowed-features * --subscription [subscription name or id]

Here is my example code, which will first do a login using a device code. The first step is optional, since I will be using the Azure Cloud Shell and this is already authenticated through the Azure Portal Login.

az login --use-device-code
az account set --subscription devsubscription
az connectedmachine gateway create --name weu-arcgateway --resource-group weu-rg-azurearc --location West Europe --gateway-type public --allowed-features '*' --subscription devsubscription

The Microsoft documentation is not correct for the –allowed-features option, so check that you enter ‘*’ or you will get the error I had initially.

Azure Arc Gateway Deployment using Azure Cloud Shell
Azure Arc Gateway Deployment using Azure Cloud Shell

At this point it is important to understand, that the Microsoft Guide explains the whole process of onboarding new systems, which is rather complicated. In this guide I will assume you have used the Azure Arc GUI on the Windows Server 2025 and want the already Azure Arc enabled server to use the Azure Arc Gateway. Check this guide about Azure Arc, if you need support getting this done.

Important: The existing machine must be using the Arc-enabled servers connected machine agent version 1.43 or higher to use the Arc gateway Limited Public preview.

We first need the command to associate the existing machine with the Arc Gateway resource.

az connectedmachine setting update --resource-group [res-group] --subscription [subscription name] --base-provider Microsoft.HybridCompute --base-resource-type machines --base-resource-name [Arc-server's resource name]  --settings-resource-name default --gateway-resource-id [Full Arm resourceid]

The first command looks complex and it is, so here is my example:

az connectedmachine setting update --resource-group weu-rg-azurearc --subscription devsubscription --base-provider Microsoft.HybridCompute --base-resource-type machines --base-resource-name W2K22-Home-WAC --settings-resource-name default --gateway-resource-id /subscriptions/ef8a7d73-5a73-43c1-9957-3a6f22ead0a4/resourceGroups/weu-rg-azurearc/providers/Microsoft.HybridCompute/machines/W2K22-Home-WAC/providers/Microsoft.HybridCompute/settings/default

You need to get the “–gateway-resource-id” from the output after you installed the Azure Arc Gateway resource (see the screenshot above). The other information can all be found if you check your Azure Arc enabled server object in the Azure Portal

Azure Arc Enabled Server with details needed for the az connectedmachine setting update command
Azure Arc Enabled Server with details needed for the az connectedmachine setting update command

Configure the Azure Arc Gateway for Azure Arc Enabled Server

Once that step is completed you can update the machine by running the following command on the Azure Arc Enabled server with administrative rights

azcmagent config set connection.type gateway

Once that command has been executed you can run the following command to check the status

azcmagent show

When you see the “Using HTTPS Proxy” showing a value of “http://localhost:40343” you have completed your configuration of an Azure Arc Gateway and one Azure Arc enabled server.

"Using HTTPS Proxy" showing a value of "http://localhost:40343"
“Using HTTPS Proxy” showing a value of “http://localhost:40343”

Optional – Enable a Proxy for Azure Arc Enabled server

To enable the Azure Arc Gateway to communicate through an Enterprise Proxy requires an initial configuration or can be done later with this command.

azcmagent config set proxy.url "http://ProxyServerFQDN:port"

My proxy has the IP 192.168.0.52 and the port 3128. So my example command will look like.

azcmagent config set proxy.url 192.168.0.52:3128

With this command you can check the current configuration of your Azure Arc Agent on the Azure Arc enabled server.

azcmagent config get proxy.url

This command will disable the proxy config.

azcmagent config clear proxy.url

If you want to install a test server running Squid please check this guide.

In my test I did need to run the following command again to make sure the Agent Configuration was looking as expected. This command will enable the gateway function again.

azcmagent config set connection.type gateway

After running both commands you should see the “Using HTTPS Proxy” using the http://localhost:40343 and the Upstream Proxy should show your Proxy Server URL. This is my azcmagenet show output.

Azure Arc Gateway with Proxy enabled
Azure Arc Gateway with Proxy enabled

When you run an azcmagent check it will check the connection and if you check the Linux squid logfile it should look like this:

Squid Log using tail while checking Azure Arc Agent connectivity
Squid Log using tail while checking Azure Arc Agent connectivity

Important: This configuration for servers does not work with user authentication, so you need to create rules that will allow certain URLs (Azure Arc Gateway URLs) without authentication.

Check my guide “Squid on Hyper-V – new Ubuntu 24.04” on how to setup a squid with Ubuntu on Hyper-V if you need a proxy for your homelab or your dev environment.

Additional Resources

Check out the Youtube Video from Arc Jumpstart by the Product Manager Jalen McGee.

Youtube Video from Arc Jumpstart by the Product Manager Jalen McGee

Spread the knowledge
Avatar for Andreas Hartig
Andreas Hartig - MVP - Cloud and Datacenter Management, Microsoft Azure

Related Posts

A dragon from the Shadow Run world working as an IT Architect and training for the Azure AZ 104 training

Azure Administrator AZ-104 – free training

When seeking the most valuable Azure Hyperscaler certification, many individuals opt for the “The Microsoft Certified: Azure Administrator Associate (AZ-104)“. Obtaining this certification demonstrates your proficiency in managing cloud services…

Spread the knowledge
Read more
A dragon IT Architect in the shadowrun world, sitting in a datacenter and deploying an Azure VPN Gateway to his HomeLab

Connect Ubiquiti UniFi UDM to Azure VPN

My homelab and private network are segmented by a Ubiquiti Unifi UDM Pro for security and using some features like WAN port load balancing and failover. When setting up my…

Spread the knowledge
Read more
Azure Arc enabled servers with Microsoft technology and modern design, without dragons

What the best connection type to Azure Arc enable a server in 2024?

There are several ways to connect servers to Azure and enable them with Azure Arc, including using the Azure Arc Gateway. Today we will look at the options and when…

Spread the knowledge
Read more
OIG3.R

Quickly test Latency to Azure Locations 2024

Which data center is the right one for you if it’s all about latency? How can you test this quickly? Challenge – What is the best region? You have a…

Spread the knowledge
Read more
firefox IerpbiJPWC

Starlink and quick Windows Admin Center in Azure in 2024

Starlink is an amazing solution to the “work anywhere” problem, and I’m using it to get ready for my sabbatical in 2026. I’m thrilled to have the chance to use…

Spread the knowledge
Read more
AzureArcSite

Get started with the new Azure Arc Site Manager

Microsoft announced another Azure Arc preview tool. Azure Arc site manager will allow you to get a quick overview over all your Azure Arc resources. What is Azure Arc site…

Spread the knowledge
Read more