Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#MVPLABSerie Azure Update Management Center (Preview) and #AzureArc enabled Servers #AzureHybrid

Microsoft Azure Update Management Center (Preview)

Update management center (preview) is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard. Using Update management center (preview), you can make updates in real-time or schedule them within a defined maintenance window. Here you can find more information about Azure Update Management Center

In the following step-by-step guide, we will start with Azure Update Management Center (Preview) and Microsoft Azure Arc enabled Windows Servers running on-premises in my mvplab.local domain.

With getting started you can configure the environment.

I start here with my Azure Arc enabled Storage Server.

You have options like Hotpatch

We Check manually for Updates on Windows Server mvpstore01
Click on OK for Assessment.

Here are the Windows Server Security updates.
You can click on One-time-Update
But first we look in Update Management Center.

Here you see the Pending Windows Updates in Azure Update Management Center
Open query 

Microsoft Azure Resource Graph Explorer can be really powerful tool

When you have to manage many Windows Servers you can get the status
of these Azure Arc enabled servers and export the results into a CSV file.
Here you find some Azure Resource Graph Explorer queries

Now we start to Install One-time Updates.

Include Update Classification
Click on Add

Click on Next

Select the option if you want to reboot or not.

Review and Install

Updates installed on the Azure Arc Enabled Windows Server.

In Azure Update Management Center Overview Dashboard
you can see that one machine is completed.

For Monitoring you can make your own workbooks.

I like this History, to see if updates are successful or not.

Conclusion

Microsoft Azure Update Management Center is still in Preview but it’s a new way to manage all of your updates on your Servers on-premises with Azure Arc enabled, or on Azure Cloud, but also in other Clouds if you want. One Update Management Center from the Azure Portal is Awesome to work with and gives you control and overview of your update compliance in your datacenter(s).
Important: This Great tool is still in preview and not for production environments yet until it’s made GA by Microsoft and you have the full support on this awesome management tool.

JOIN Azure Hybrid Community Group on LinkedIn

 


Leave a comment

Security Baseline for Azure Arc enabled Servers and Arc Kubernetes #AzureHybrid #Security

Azure Arc Enabled Server network connectivity.

Baseline security is very important to have that in place to keep your Servers more secure in your datacenter. You want Hybrid Servers like Azure Arc enabled servers for example to be secure running in your datacenter. This begins to secure and have up-to-date Server hardware running in your datacenter. Monitor for security updates and install Server hardware based on best practices from the vendor.
Then the Operating System like Windows Server 2022 standard needs the OS Baseline security. This is called:

Microsoft Security Compliance Toolkit 1.0

When your Windows Servers are security compliant by the rules of the company and/or Security Officer, then we can have a look at the Well Architected Framework (WAF) for Azure Arc Enabled Servers.  Here you find an

Introduction to Azure Arc landing zone accelerator for hybrid and multicloud

Azure Arc Single Control Plane.

This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Arc-enabled servers. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Arc-enabled servers.

Security by Default in your Datacenter

Here you find more information about Azure Security Baseline for Azure Arc enabled Servers.

Here you find more information about Azure Security Baseline for Azure Arc enabled Kubernetes.

Security by Design with Azure Security Center and Azure Defender

Azure Arc Jumpstart

When you have read about Azure Arc Well Architected Framework (WAF) and you have your security in place, we can start with Microsoft Azure Arc.
Before you start implementing Azure Arc, you must have seen this Awesome website of Azure Arc Jumpstart!

The Azure Arc Jumpstart is designed to provide a “zero to hero” experience so you can start working with Azure Arc right away!

The Jumpstart provides step-by-step guides for independent Azure Arc scenarios that incorporate as much automation as possible, detailed screenshots and code samples, and a rich and comprehensive experience while getting started with the Azure Arc platform.
Our goal is for you to have a working Azure Arc environment spun-up in no time so you can focus on the core values of the platform, regardless of where your infrastructure may be, either on-premises or in the cloud.

Here you find my MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises blog 

 

Conclusion

You can manage your compliance and security policies with Azure Arc enabled Servers, Kubernetes, or SQL Managed instances to make your hybrid solutions with
the Microsoft Azure Cloud in a secure environment.  When you work with security by design based on OSI model with 7 security layers and use Microsoft Arc enabled servers, you get also more Azure Hybrid security features like Azure Defender for Cloud, and much more.
Don’t forget the Microsoft Azure Arc Community Monthly Meetup

 


Leave a comment

#MVPLABSerie Azure Arc enabled Servers #AzureHybrid

Azure Arc Infrastructure overview

In the last blogpost of MVPLABSerie we learned how to add Servers from anywhere to Microsoft Azure Arc services to get the Azure Hybrid benefit with awesome features and Management tools. you can find that blogpost over here:

MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises

So with this I have added my on-premises Windows Insider Servers to Microsoft Azure Arc:

Connected Azure Arc Servers

In the following steps we are going to add Windows Admin Center to the Arc enabled Windows Servers on-premises.
Here you can read more about Azure Arc-enabled Servers using Windows Admin Center in Azure (preview)

With Windows Admin Center in the Azure Portal you can manage the Windows Server operating system of your Arc-enabled servers, known as hybrid machines. You can securely manage hybrid machines from anywhere–without needing a VPN, public IP address, or other inbound connectivity to your machine.

Open Servers and open your Azure Arc Enabled Server.

First of all we have to add the right Role assignment.
Click on Access Control on the Left.
Click on Add => Add Role Assignment.

Here you have to add the following Role Assignment.
Windows Admin Center Administrator Login.
Add this to your account

When the account is done, then go to Windows Admin Center (Preview)
on the left panel. Click then on Setup.

Click on Install

Setup Successfully!

Now you can Connect your Azure Arc Enabled Windows Server.

Here we have my Storage Windows Insider Server in mvplab.local domain.
From here you can do your IT Management with WAC.

Remote PowerShell on Azure Arc enabled Server.

Microsoft Azure Arc Insights Monitoring and Log Analytics

For IT Management and troubleshooting, monitoring and getting Insights is important to act quickly to keep the business and IT solutions running. With Azure Arc Insights you can see with Maps the connections of the Windows Server.

Azure Arc Insights with Map.
See also the Quick Link to Connection details

This is a really cool overview of your connections.
Here you can see if you have a Malicious connection!

Microsoft Azure Arc Log Analytics is very Powerful
Here you find more information about Log Analytics

Here I do a Query on the Arc Enabled Server mvpstore01
Update Summary.

There are a lot of Log Analytics queries to play with and mark them as your favorite for your Arc enabled Windows Server 😉

In the following blogpost we will have a closer look at Microsoft Azure Auto Manage and Update Management Center for
Microsoft Azure Arc enabled Windows Servers. We will not forget Security with Azure Defender for Cloud coming in the next blogposts.

Conclusion

With Microsoft Azure Arc enabled Servers you get a Microsoft Azure Hybrid environment with Great features and solutions.
Some features are still in preview and not supported for production workloads, but you can test them now like I do with my mvplab.local
This new innovative technology is going fast forward for Azure Hybrid Services to Manage your Windows Servers, Azure Stack HCI Clusters or your Linux virtual Machines. Azure Arc rocks and you can connect Microsoft Azure Anywhere 🙂


Leave a comment

#MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises #AzureHybrid #Winserv

Microsoft Azure Hybrid with Arc enabled Servers

the last MVPLABSerie blogposts was about Windows Servers Insider with mvplab.local domain and SQL Clustering on-premises :

Today every company wants to benefit from Cloud to achieve more for the business. Microsoft made Azure Arc to simplify governance and management by delivering a consistent multi-cloud and on-premises management platform.

Microsoft Azure Hybrid

In the following steps we are going to onboard the Windows Insider Servers and Windows 11 Insider Beta Virtual Machine which are running in mvplab.local domain into the Microsoft Azure Cloud. We will install the Azure Connected Machine Agent via a PowerShell Script in the next steps :

Login in the Azure Portal

1. Search for azure arc
2. Click on Azure Arc.

Getting Started with Azure Arc

Click on Servers and then Click on Add.

Here you can Choose for the right script.
I choose for Add Multiple Servers with a Service Principle.
Click on Generate Script.

Read the prerequisites access to port 443.
view Outbound URLs link.
Click Next

Select the right Azure Subscription and Resource Group.
Select your Azure Region.
Select Operating System
Select the Connectivity method.
Click on Next

If you don’t have a Azure Service principal, you can create one here.

Click on Create Service principal.

Create your Service Principal

Copy your Client ID and Client Secret !
You need this later.

Select the just created Service Principal.

Here you can Tag the Arc Servers.
Here you can read more about Tagging
Click on Next

Choose the Deployment method :
Basic Script or Configuration Manager ( I choose for Basic)
Download the Script

I have copied the script to my Domain Controller On-premises here.

Open with PowerShell ISE the OnboardingScript.ps1
and Copy / Paste your
Service Principal Client ID and Secret here in the Script.
Click on save and run the script.

Start PowerShell in Admin modus

Run Script .\OnboardingScript.ps1

Server is connected with Azure 🙂

Here is the Azure Arc Enabled Server, my Domain Controller.

Here I have all the Azure Arc Capabilities available for my Domain Controller.
Azure Hybrid

With the Same Script I added the mvplab.local Windows Insider Servers to Azure
They are all Azure Arc Enabled Servers.

On all Azure Arc enabled Servers is the Azure Connected Machine Agent installed.

Conclusion

In a simple way you can deploy Azure Arc agent on your on-premises Servers to make them Azure Arc Enabled so you can enjoy the Azure Hybrid features from the Cloud. IT management and Security from Azure becomes available for your on-premises Servers.
It’s not only Infrastructure but also Data Services and Application Services what you can use for your Azure Hybrid Solution.
In the next Blogpost we will have a look at the Microsoft Azure Arc Features in my mvplab.local domain.


Leave a comment

#Microsoft Windows Server 2022 Insider Preview Build 25140 #Winserv #WindowsServerInsider #WAC

Here you can Download Windows Server Insider Preview Build

Ps. I downloaded the VHDX file for Hyper-V, but you can get also the ISO file here.

Getting started with the Windows Insider Program for Windows Server

Get exclusive access to Windows Server Insider Previews and Remote Server Administration tools and help shape the future of Windows Server in the Windows Insider Program for Windows Server. Register here for the Windows Server Insider program 

From here you can build your own local domain and Clusters in your LAB to test all the Features Windows Server 2022 Insider Preview Build 25140 has. Checking new Security features and doing your own pen tests.

Windows Server 2022 Insider Preview Build 25140.

Microsoft Vulnerable Driver Blocklist 

Testing security with Kali Linux Rolling distro in WSL 2.0 against Windows Server Insider
in my Lab. And give feedback about features and or issues on Windows Server Insider :

Give feedback on Windows Server Insider Preview Builds

And of course don’t forget Windows Admin Center for your LAB to manage your Servers, Azure Virtual Machines and your Clusters. You can download WAC here

What is new in preview is Windows Admin Center in the Azure Portal with Azure Arc Enabled Servers.

Windows Admin Center in the Azure Portal for Arc Enabled Servers 😉
Manage your Servers from the Cloud.

Conclusion

With Windows Server Insider Builds and Windows Admin Center, you can test and make your own LAB environment together for free. You can give the Microsoft product group feedback to make the product better. In the mean time your are learning new features and security in Windows Server Insider Preview Build and WAC before you go into production 🙂
I say a good win win situation and it’s fun to setup your own hybrid LAB.

Follow Microsoft Windows Server Insider Team on Tech Community

 

 

 


Leave a comment

Windows Admin Center and Deploying Windows Server Insider Build 25099 Core #WindowsAdminCenter #Winserv #WIMVP

Windows Admin Center Version 2110.2 Build 1.3.2204.19002

Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more about Windows Admin Center.

Benefits

  • Simple and modern management experience
  • Hybrid capabilities
  • Integrated toolset
  • Designed for extensibility

Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish

In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.

In WAC on my Hypervisor in Virtual Machines

When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.

Create a New Windows Server Insider VM called StormTrooper01

Here you can configure your new Windows Server 2022 Insider VM with the following :

  • What kind of Generation VM (Gen 2 Recommended)
  • The path of your Virtual Machine and the path of your virtual disk(s)
  • CPU and you can make nested Virtualization too
  • Memory and use of Dynamic Memory
  • Network select the Virtual Switch
  • Network Isolation by VLAN
  • Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)

I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse

Here you Browse Default on your Hyper-V Host and select the ISO.

When the Windows Server ISO is selected you can hit Create

We get the Notification that the virtual machine is successfully created.

Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.

After you started the VM, you can double click on it and go to Connect.
Click on Connect to the Virtual Machine.

Now you are on the console via VM Connect.

Click on Install Now

We are installing Windows Server 2022 Insider Core edition, because we have WAC 😉

Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center

Create New Administrator Password.

And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.

Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.

The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.

Click on the Top on Edit Computer ID
Click on Domain and type your domain name.
Click op Next
Add your administrator account for joining the server
Reboot the VM.

Windows Server 2022 Insider Preview Core edition is domain joined.

Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :

Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.

  • Microsoft Azure Arc
  • Azure Backup
  • Azure File Sync
  • Azure Site Recovery
  • Azure Network Adapter
  • Azure Monitor
  • Azure Update Management
  • and More…

Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:

Microsoft Azure Backup via WAC

Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.

Enter the Encryption passphrase and Apply.

Here you have Azure Backup Vault working together with WAC.

Azure Defender for Cloud Security

Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.

Configuring Azure Defender for Cloud agent and Subscription.

Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.

In Windows Admin Center there is also a Security tab for the Windows Server.

Here you can see your Secured-Core status

Here you can see if your system is supported for this security features 🙂

Enable the supported features and Restart de Virtual Machine.

And here you see my status overview.

Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.

You can find RBAC in settings.

Conclusion

Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.

Windows Admin Center Community Group on LinkedIn


Leave a comment

Azure Arc Kubernetes and Azure Defender Cloud for Containers with #Azure Policies

Azure Arc for Hybrid Cloud Management.

In my last blogpost I wrote about Azure Arc enabled Kubernetes and Container Insights with Alerting and Actions

In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates. Install the VSCode and install the Kubernetes extension, more information here

In the following steps we install DAPR and Redis on the Azure Arc enabled Kubernetes.

When you open your Kubernetes Cluster
Click then on Helm Repos
There you see Dapr repo.
Click on version 1.6.0.

Right click on version 1.6.0
Click on Install.

Dapr is installed by default on the Azure Arc enabled Kubernetes.

Type in Powershell :
dapr status -k
You will see the running pods of Dapr.

Dapr Dashboard is running
Important: This is running in a test environment and is now http.
For production you have to make it save!
Azure Arc Services and Azure Defender for Containers will help you with that.

 

Installing Redis in the same way.

Kubectl get pods

You will see the running Dapr and Redis pods.

Now we have installed two products on the Azure Arc enabled Kubernetes Cluster by default, but security is not in place based on best practices. For Dapr you have security best practices to follow and  Security for Redis.

But next to these security best practices from the software vendor, we also have Microsoft Azure Arc Security (Preview) on this kubernetes Cluster active. In the following steps you will see Security rules, Fixes and Azure Policies for Azure Arc Kubernetes to make your environment more secure and compliant.

Click on your Azure Arc enabled Kubernetes Cluster
This is my Dockkube.
Click then on Security (preview)

Here you see that I don’t have Azure Policy active to be compliant
on my Azure Arc enabled Kubernetes Cluster.
A lot of security issues are managed by policies.
Click on View Additional recommendations in Defender for Cloud

See Related recommendation (17)

Here you see all the dependent policies for your Azure Arc enabled Kubernetes Cluster.

Select your Azure Arc Enabled Kubernetes Cluster (Dockkube)
Click on Fix

Confirm and click on Fix 1 resource.

Remediation in progress.

Remediation Successful.
It can take some minutes to see your resources in the Healthy state.
Just refresh 😉

In Azure Policy you will see how Compliant you are with your
Azure Arc enabled Kubernetes.
Click on the ASC compliance.

Here you see the 10 Policies that are not Compliant.

Select a policy which is not compliant like here
Kubernetes Cluster containers should only use allowed images
Click on Details

Here you see the Component ID’s on my Azure Arc enabled Kubernetes Cluster
which are not compliant on this policy 😉
See the Tab bar, you are now on Component Compliance

Click on Policies tab
Dubbel click on the policy.

From here you can Assign the policy to your Azure Arc enabled Kubernetes Cluster.

See the TAB bar for deploying this policy.

Set your Managed Identity for deploying your policy.
Here you can read more how Remediation security works

More information on Microsoft Docs :

Enable Microsoft Defender for Containers

Azure Policy built-in definitions for Azure Arc-enabled Kubernetes

Understand Azure Policy for Kubernetes clusters

Overview of Microsoft Defender for Containers

Microsoft Azure Defender for Cloud Containers

Defender Plans for Azure Arc Enabled Kubernetes Clusters (Preview)
I have set these.
(Security Recommendations can take some time)

Security (preview) on your Azure Arc enabled Kubernetes Cluster

Here you get the Remediation steps to do and the Information.

There is information link to Mitre ATT&CK site.

And more information via a link to the Kubernetes site:
Resource Management for Pods and Containers

A New example and you can see the Affected Components
on my Azure Arc enabled Kubernetes Cluster Dockkube.

 

Conclusion

When you work in a DevOps way with Kubernetes containers and microservices, you want them as secure as possible. With application security and best practices from the software vendors. Security monitoring and compliance are important to keep you in control and to keep your environment safe. With Azure Arc enabled Kubernetes you get Azure Defender for Containers and Azure policy for security compliance to your Kubernetes Cluster.

Important: This is still in preview and should not be used in production environment yet until Microsoft makes it General Available for the world. Now you can test it in your test environment like me in my MVPLAB.


Leave a comment

Azure Arc Enabled Kubernetes Container Insights Alerts and Actions #Azure #Cloud #DevOps

Azure Arc-Enabled Data Services overview

Microsoft Azure Arc allows you to manage the following resource types hosted outside of Azure:

  • Servers: Manage Windows and Linux physical servers and virtual machines hosted outside of Azure.
  • Kubernetes clusters: Attach and configure Kubernetes clusters running anywhere, with multiple supported distributions.
  • Azure data services: Run Azure data services on-premises, at the edge, and in public clouds using Kubernetes and the infrastructure of your choice. SQL Managed Instance and PostgreSQL Hyperscale (preview) services are currently available.
  • SQL Server: Extend Azure services to SQL Server instances hosted outside of Azure.

I have a Kubernetes Cluster enabled with Azure Arc Services in my MVP LAB:

It’s Called Dockkube.

The Kubernetes Cluster is running on-premises and is enabled with Microsoft Azure Arc Services. With that said we get Azure Services available for management in the Cloud in a hybrid way. In the following step by step guide we activate Azure Monitor Insights for Containers on the Azure Arc enabled Kubernetes Cluster.

Container Insights Alerts / Actions on Azure Arc Enabled Kubernetes

Dockkube Insights

When you open Dockkube Azure Arc enabled Kubernetes, you will see on the left Monitoring Insights.
Then you have the options :

  • What’s New
  • Cluster
  • Nodes
  • Controllers
  • Containers.

Click on Containers, and you will see all the containers on the Azure Arc enabled kubernetes.
Then you have recommended Alerts (Preview) at the top, when you Click on it you will see all the predefined recommended alerts in preview. I have selected Node CPU % and Enabled the alert. With that you see on the above screenshot there is no action group assigned. That is the next step, click on No Action Group Assigned.

Click on Create a new action group.

Select the Azure Subscription, Resource group and give the
Action Group a name.
Click on Next: Notifications

Here you can select your type of Alert communication.
I have selected the option Email.

Setting the Name : Dock Kube Notify.

The next step you can select an action type :

  • Automation Runbook
  • Azure Function
  • Event Hub
  • ITSM
  • Logic App
  • Secure webhook
  • Webhook

In my MVP LAB, I don’t need an action but just a notification by email.

You can set a TAG here

Before you create the Alert rule with the action group, you get the option
to test the action group.
Click on Test Action Group.

Select a sample type.
I did Resource health alert
Click on Test.

The test is running.

I’m getting the Alert email in my box from Microsoft Azure.

Test is successful and click on Done.

Click on Create

Select the Action group for me is that DockKube CPU.
Click on Apply to Rule.

Now this Alert is active on my Azure Arc enabled Kubernetes 😉

When you go to Alert Rules, you will see the new Alert rule.
Here you can modify it if necessary.

For example, I want the severity from 3 Information to 2 Warning.

I made a severity 2 Warning.
Don’t forget to click on Save at the left top.

More Container Insights information on Microsoft docs :

Recommended metric alerts (preview) from Container insights 

Common alert schema

Use Cluster Connect to connect to Azure Arc-enabled Kubernetes clusters

Conclusion

Microsoft Azure Arc enabled kubernetes is Awesome for management in a hybrid way. I just showed you the power of Alert rules with action groups from the Azure Cloud to get Container Insights. Of course there are more Azure features for your Azure Arc enabled Kubernetes like Security (Preview) Kubernetes Resources, Policies, Gitops and more. Making your own dashboard with Container Insight information. Go for hybrid IT Management with Azure Arc enabled Kubernetes!

 


Leave a comment

Windows Admin Center and Windows Server 2022 #Docker Host – Azure Container Instances and #AKS #WAC #Azure #Winserv

Windows Admin Center

Windows Admin Center runs in a web browser and can manage :

  • Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2
  • Windows 11, Windows 10
  • Azure Stack HCI
  • Clusters
  • Containers; Docker, Kubernetes, AKS
  • Azure Virtual Servers, Azure integration via extensions like Azure Monitoring, Azure Security, and much more….
  • Lot of extensions to manage for example third party solutions.

This goes with the locally Windows Admin Center gateway installed on Windows Server or domain-joined Windows 10 /11.

Windows Admin Center Architecture.

Here you find more information about the Install options of Windows Admin Center

I’m working with Windows Admin Center every day to manage our datacenter and to mange my MVP LAB. When you have to install Windows Server Core
or Microsoft Azure Stack HCI Operating system, then Windows Admin Center is the right tool for you as an Administrator. You can use all the Server Manager tools via WAC
and you don’t have to work with Command-line tools only like CMD and PowerShell.


You can download Microsoft Windows Admin Center here

Installing Docker Host on Windows Server 2022

In my MVP LAB I have a Microsoft Windows Server 2022 Datacenter Edition Hyper-V Host, and I like to make a Docker Host Server for my Containers.
With Windows Admin Center it’s easy to roll out a Docker host Server for your Containers.
In the following steps I will Install a Docker Host Server on Windows Server 2022.

Open Windows Admin Center and connect to your Server.

I Have Container Extension installed version 1.150.0

Click on Containers and Click on Install
Windows Admin Center will Restart your Server for the Docker Installation!

Hang on while Docker Host will be Installed on Windows Server 2022.

Docker Host Installed Successfully.

Docker Host Container Overview Screen on Windows Server 2022.

From here you can Pull containers images to the Docker Host.
This is what I did but…..

Instead of pulling a Container Image you can also Create your Own Container Image.

Here I’m Pulling a ASP.NET Container Image from Microsoft.

Pulled Container Image Successfully.

The ASP.NET Container Image is now Available on the Docker Host.

Select the Container Image and Click on Run.

Give the Docker Container a name.
You can Manage the ports,
Hyper-V Isolation,
Memory,
CPU
And add addition Docker Run options,
Click on Run.

The ASP.NET Docker Container is running on Windows Server 2022.

When you Click on the running Container you will get options like :
Stats, Details, Logs, Console and Events.
When you Click on Console you will go remote by PowerShell to the Docker Host.

Here you got all the Docker commands 😉

And of course when you want to develop Containers as a developer you can use Microsoft Visual Studio Code as well.

The ASP.NET Container in VSCode.
Download Microsoft Visual Studio Code here

(I’m using Visual Studio Code Insiders version in my MVP LAB)

Microsoft Azure Container Instances

Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

For my MVP LAB Azure Container Instances (ACI) is a great way to run Containers fast in the Cloud and have a overview with Windows Admin Center for :

Here you have a overview of your Azure Container Instances in Windows Admin Center.

In the following steps I will create an Azure Container Instance via the Microsoft Azure Portal and show it in Windows Admin Center. For this you need to integrate Windows Admin Center with your Microsoft Azure Subscription. This you can do in settings of WAC:

Register your Azure Subscription with Windows Admin Center for Hybrid Benefit.
Here you find more information about Azure integration with Windows Admin Center

When you have your Azure Account active in Windows Admin Center, go to the Microsoft Azure Portal and search for Container instances.

Click on Create Container Instances

Here you set the basics of your Azure Container Instance

Here you set the following items for your Azure Container Instance (ACI) :

  1. Select your Azure Subscription which is integrated with your Microsoft Windows Admin Center.
  2. Select or Create the Resource Group for your Azure Container Instance.
  3. Give your Container a name.
  4. Select the Region in Microsoft Azure where you want your Azure Container Instance to run.
  5. Availability zones to select.
  6. Select your Image Source, I selected Quickstart images of Microsoft, but you can also select your own Container image.
  7. Then select the size for vcpu, memory, gpus for your Azure Container Instance application.

Click on Next for Networking.

I Selected Public for testing but here you can select private too
with your own DNS name Label with the
right ports and protocols.

At Advanced settings you can configure additional container properties and variables

here you can TAG the Owner of the Azure Container Instance.
Click on Review + Create.

Now you can Click Create or Download the template for Automation.

Have a look at the Options here what you can do with the Template from here.

Microsoft Azure Container Instance is Deployed and running.

Nginx Container Instance is running on Azure.

Now we have the Microsoft Azure Container Instance with Nginx running in the Cloud, we can see that in Windows Admin Center.

Azure Container Instance in Windows Admin Center in running state.
When you don’t need it anymore you can end it here or in the Azure Portal.

Azure Container Instance is stopped by Windows Admin Center.

Run your Own Azure Container Instances from the ACR via
Windows Admin Center.

Manage Kubernetes Clusters and Containers with Windows Admin Center

Azure Kubernetes Service (AKS) on Azure Stack HCI is an on-premises implementation of Azure Kubernetes Service, which automates running containerized applications at scale. Azure Kubernetes Service is available on Azure Stack HCI, Windows Server 2019 Datacenter, and Windows Server 2022 Datacenter, making it quicker to get started hosting Linux and Windows containers in your datacenter. This is the High Available Container Solution on-premises from Microsoft, where you can run Containers and microservices in a isolated way in your datacenter with your DevOps Team. But you can also make your Azure Stack HCI Cluster hybrid with Azure integration and Azure Arc Services to benefit of Azure Hybrid Services.

 

Setup AKS on Azure Stack HCI with Windows Admin Center

Create your Own locally Azure Stack HCI Cluster with Azure Kubernetes Services

Conclusion

Microsoft product team of Windows Admin Center | Windows Server | Azure Stack HCI are working hard to make the Windows Admin Center Tool better and better to install and manage Container / microservices solutions. With Microsoft Azure extensions in Windows Admin Center and Azure Arc Services, Microsoft features from the Azure Cloud becomes available for your Containers like Azure Defender for Cloud with Container Insights, Azure Monitor, Azure App Services and much more.
Windows Admin Center is a Great Server Manager tool for your Windows Servers in your Datacenter. Especially when you use Windows Server Core or Azure Stack HCI.

Important:

Some features in Windows Admin Center are preview and not production ready yet, like ACR and ACI Integration I just showed in preview.
Please feel free to provide Microsoft feedback on Windows Admin Center here.

JOIN Windows Admin Center Community Group on LinkedIn


Leave a comment

Apply #security principles to your #architecture to protect against attacks on your data and systems

Hope you started year 2022 in Good Health in a difficult pandemic time.

Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.

Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:

Microsoft Architecture and Security Docs

Here you find more information about NIST Cybersecurity Framework

The Microsoft Cybersecurity Reference Architectures (MCRA) describe Microsoft’s cybersecurity capabilities. These References and diagrams can support you with implementing Security by design.

Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly known as Azure Security Center) community repository. This repository contains:

  • Security recommendations that are in private preview
  • Programmatic remediation tools for security recommendations
  • PowerShell scripts for programmatic management
  • Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
  • Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
  • Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
  • Custom workbooks to visualize Defender for Cloud data

Become a Microsoft Defender for Cloud Ninja

Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.

Become a Microsoft Defender for Cloud Ninja here

Conclusion

Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud

Keep in Mind “Security is only as strong as the weakest component in the Chain”

So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.