Azure Arc Extensions
Keep your Azure Arc extensions up-to-date
Tag Archives: AzureArc
Azure Arc and Windows 11 Insider Preview Build Update #WindowsInsiders #WIMVP #AzureHybrid
Microsoft Azure Arc
Microsoft Azure Arc Services is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems. Do more with less by leveraging your existing investments to modernize with cloud-native solutions.
Azure Arc Control Plane
So with this Awesome Microsoft Feature Azure Arc, I have connected my Windows Insiders Domain mvplab.local servers like a Windows Server Insider Domain Controller, Windows Server Insider Cluster with a SQL Instance on it and Windows 11 Insider Preview Build in the Beta Channel domain joined. Here you can find how to install the Azure Arc Agent on your Servers
Microsoft Azure Arc comes with great features like Azure Security with Cloud Defender to keep your Azure Arc enabled Servers as secure as possible. Azure Policies is very handy to keep your IT governance on every Server the same. With inventory and Change tracking you are in control to get the right information of your machines. Monitoring your Azure Arc enabled servers with Insights and Log analytics is very powerful. But for now I’m going to use Updates feature of Azure Arc enabled Windows 11 Insider Preview Build machine.
Important : I’m working with Windows Server Insider preview Build and Windows 11 Insider Preview Build.
They are for testing purpose only and not for production environments!
Of course you can use Windows Server 2019 / 2022 or Windows 10 / 11 Build with Azure Arc 🙂
Here we have Windows 11 Insider Preview Build with new Updates in the Beta Channel.
Click on One time Update
I’m going to update this Azure Arc enabled Windows 11 Insider preview Build once manually but you can schedule updates also and use Update Management Center.
Select the Machine and Click on Next
Here you can select the updates or exclude updates.
Then Click on Next
Here you can set the Reboot option and
Maintenance Window in minutes.
Click on Next
Review and Click on Install
Install Updates Request is submitted.
At Updates of your Azure Arc enabled Machine you can open
Update Management Center
Here you can see the Complete Overview of the Updates on your Machines.
Left under you see the 3 updates for the Windows 11 Insider Beta Build.
When you Click on the left panel on Machines you get this status overview.
When you click on History you will see the status in progress.
Updates are running on the Machine.
But with the Azure Resource Graph Explorer you can also
see when the updates are succeeded.
Update Management Center after successful running updates
Updates Done for Azure Arc enabled Windows 11 Insider Beta Build.
Now I have got the Newest Windows 11 Insider Preview Build in the Beta Channel at this moment
Conclusion
You have seen how easy it is to work with Microsoft Azure Arc services to manage your Virtual Machine with Updates, when you have lot of Virtual Machines / Servers to manage you can configure them once and do this automatically via schedule tasks for every month. Now I can manage my on-prem Servers / machines in the same way I do the Microsoft Azure Virtual Machines.
So this was only Updates, but you can do the same for Security and keep your machines secure by default with the same Azure policies on your machines for IT Governance. Hope you see the benefits of Azure Hybrid and please start your own journey.
When you have a test environment, please consider the Microsoft Windows Insider program for Windows 11 Insider Builds and for Windows Server Insider Build to work with the newest features and getting experience before GA becomes available.
JOIN the Azure Hybrid Community Group on LinkedIn
#Microsoft Azure Arc enabled Servers managed with Windows Admin Center in #Azure #AzureHybrid #MVPBuzz
Microsoft Azure Hybrid Management
With Windows Admin Center in the Azure portal you can manage the Windows Server operating system of your Arc-enabled servers, known as hybrid machines. You can securely manage hybrid machines from anywhere–without needing a VPN, public IP address, or other inbound connectivity to your machine.
With Windows Admin Center extension in Azure, you get the management, configuration, troubleshooting, and maintenance functionality for managing your Arc-enabled servers in the Azure portal. Windows Server infrastructure and workload management no longer requires you to establish line-of-sight or Remote Desktop Protocol (RDP)–it can all be done natively from the Azure portal. Windows Admin Center provides tools that you’d normally find in Server Manager, Device Manager, Task Manager, Hyper-V Manager, and most other Microsoft Management Console (MMC) tools.
In the following steps we will install Azure Windows Admin Center (Preview) on a Microsoft Azure Arc enabled Server from the Azure Portal.
Click on Windows Admin Center (Preview) on the Left side.
Then click op Setup
Set the port.
Click on Install
Installing extension Windows Admin Center
At the Activity log you can follow the installation.
and See the Quick Insights
No Problems here 😉
Let’s Connect
Sign in with your Username and Password
Running Windows Admin Center from the Azure Portal.
Azure Windows Admin Center of the Azure Arc enabled Server.
PowerShell session remote on the Azure Arc enabled Server.
Events of the Azure Arc enabled Server.
Conclusion
With Microsoft Azure Windows Admin Center and Azure Arc enabled Servers you can manage your servers from anywhere.
You got all the benefits of Microsoft Azure Hybrid features. Try it yourself, Windows Admin Center is still in preview and for testing only.
You can experience this awesome Azure Hybrid solution before it goes in production 😉
Azure Arc enabled Server Insights #AzureHybrid #AzureArc #Winserv #Azure
Microsoft Azure Arc enabled Server Insights
Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud providers. VM insights monitors the performance and health of your virtual machines and virtual machine scale sets, including their running processes and dependencies on other resources. It can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues.
In the following steps you see more Azure Arc Insights of this On-premises domain controller.
Azure Arc Insights Performance monitor
Here you see by default performance counters in a dashboard of the Azure Arc enabled Server :
- CPU Utilization
- Available Memory
- Logical Disk IOPS
- Logical Disk MB/s
- Max Logical Disk Used %
- Bytes sent rate
- Bytes received rate
In the right corner you can show your own workbooks.
Azure Arc Insights Map dependencies
I really like this feature to see more Insights of your dependencies with this map. See if there are any communication issues
in your solution is great!
Here you see connections of the Azure Arc enabled domain controller from on-premises.
You even can see if you have Malicious Connections in your process, here they are all green 🙂
Azure Arc Insights Map Changes
You can Investigate Changes
Azure Arc Insights Map Alerts
Here you can Investigate the Alerts.
Azure Arc Insights Overview
Make your own Data Collection Rule.
Here is the Data Source MSVMI-HybridIT
Here you can configure your resources with the Data Sources.
Create your own Data Collection endpoint for your Azure Arc enabled Server
Create your endpoint and select your Tag
with Tags you can set the Owner or cost number on the data collection endpoint.
When It’s ready you can here select the Data collection endpoint for your Server.
We only have Performance Counters, so we will add more Data Sources.
Here you can see some default Data sources.
I select Windows Event Logs.
Here you can configure the event logs and levels to Collect.
I selected only these.
Click on Next : Destination>
Select the right destination.
Then Click on Add Data Source
Here you have your Data Sources
More information :
Microsoft Azure Monitor Overview
Azure Arc JumpStart YouTube Videos
Keep your Azure Arc Server extensions up-to-date #AzureHybrid #HybridIT #Azure
Microsoft Azure Arc enabled Servers
When you have your Servers Azure Arc enabled, you will work with Azure Arc extensions to work with Azure hybrid features like Defender for Cloud, Azure Monitor, Windows Admin Center and more. For each Azure Arc extension you can get updates, and it’s important to keep them up-to-date for new functionality and security. You have Azure Arc extensions for Windows Servers but also for Linux Servers.
Some of the Azure Arc extensions will automatic upgrade when you have enabled it and some must go manually from the Azure Portal.
More information about Azure Arc extensions you can find them here
In the next steps you will see the Update management of the Azure Arc enabled extensions :
Here I update one extension.
Inside the WindowsOsUpdateExtension
Here you can see that the WindowsOsUpdateExtension is up-to-date
and Status Succeeded
On the right of this screenshot you see Automatic Upgrade and some extensions are enabled, but some are not supported.
That’s why it’s important to check these updates.
Here you can see in the Status that two Azure Arc extensions are updating
And sometimes it failed to update.
But you can see what you can do best with this failed Status.
Here you see the error message and the Tips.
And when you can’t fix it yourself you can make a Support ticket right away.
Here you can see that all the Azure Arc extensions are updated successfully
So I selected all my Azure Arc enabled Servers and updated them all.
Conclusion
With Microsoft Azure Arc enabled Servers you have do some IT management to keep your Azure Arc extensions up-to-date.
I did this without rebooting Servers, just from the Azure Portal update Azure Arc extension.
Here you find more information about Microsoft Azure Arc for Azure Hybrid IT
Join Azure Hybrid Community Group on LinkedIn
Thank you #Community and #Microsoft for this Awesome Year 2022! Happy Holidays
What a Year 2022!!
I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups 💗 I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
I’m very proud and Honored on the Microsoft Global MVP Awards 2022-2023 !
- MVP Award for Cloud and Datacenter Management
- MVP Award for Windows Insiders
- MVP Award for Azure Hybrid
Thank you Microsoft Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building 🙂
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! 🎄🥂
Here are some Great links for Reading and Sharing :
JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:
Windows Admin Center Community Group
Containers in the Cloud Community Group
Microsoft Azure Monitor & Security for Hybrid IT Community Group
What I really love is the Microsoft Tech Community platform
For Microsoft Azure Hybrid:
Azure Hybrid and Multi Cloud documentation
Microsoft Azure Arc Community monthly Meetup (GitHub)
Follow on Twitter for Azure Hybrid:
——————————————————————————————————————————————————-
For Windows Insiders:
Microsoft Windows Insiders Blog
Windows Insider Team on YouTube
The Windows Insider Program Team is really active on Twitter:
@WindowsInsider
Get started with the Windows Server Insider program
What’s New in Windows Server 2022
Overview of Windows Admin Center
#MVPLABSerie Azure Defender for Cloud with #AzureArc enabled SQL Server #AzureHybrid #Security
Azure Arc enabled SQL Servers Architecture
To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running.
Here you find more information about Azure Arc enabled SQL Server
Microsoft Defender for Cloud on Azure Arc enabled SQL Server
Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.
On this same Azure portal page you will see the Vulnerability assessment findings.
When you Open a Vulnerability finding, you get more information and the remediation for the issue.
Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.
Here you see all the vulnerability findings on these four databases.
When you do the remediation you will see the healthy status.
on the Passed tab.
Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.
Here you see a vulnerability finding on the SCOM database with the Remediation 🙂
You can make your Own Workbooks or use them from the Gallery.
Workbook example of Vulnerability Assessment findings.
Conclusion
With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.
Please join the Azure Hybrid Community Group on LinkedIn for free ( Sharing is Caring together )
#MVPLABSerie Azure Arc enabled SQL Server Health Assessment #AzureHybrid #AzureArc #SQLServer
Azure Hybrid
In earlier MVPLABSerie blogpost I wrote about making your on-premises Servers hybrid with Azure Arc enabled Servers.
In my mvplab.local domain, there is a SQL 2022 Cluster running which also has the Azure Connected Machine Agent version 1.24.
One of the benefits of Azure Arc enabled Servers for SQL is that you can do on-demand SQL Health assessments on your SQL Environment in your On-premises Datacenter. In the following step-by-step guide we will prepare the SQL Cluster nodes.
Go to this link to watch the video
In my mvplab.local domain I’m doing the following steps :
Go in the Azure Portal to Azure Arc
Click on SQL Servers under Infrastructure.
Click on Add
I Choose for Connect Servers
because both SQL Nodes are already connected in my MVPLAB.local domain.
Prerequisites
Click on Next Server details.
Select the right Azure Subscription and Resource Group
Select the region and Operating System
Set Proxy server URL if you need one
Click on Next.
Set your owner tags if needed.
Here you can find more information about Tags Management
From here you have to download the Script
and Run it locally on both SQL Nodes. ( or your Single SQL Server )
Run the script in administrator modus of Powershell ISE.
go to page https://microsoft.com/devicelogin
and enter the Code
Login and continue.
Here you see that the Azure Connected Machine Agent already is installed.
But it will now add the SQL Extension.
Installation Completed Successfully.
Now we have two Azure Arc enabled SQL Servers connected.
Overview of SQL 2022 Node in Azure Arc.
You can see the Databases running.
Here you can set your Admin from Azure Active Directory.
But we want to do a SQL Assessment, but the Azure Monitoring Agent is still missing.
Here you see that the SQL extension is installed.
Now we will add the Azure Monitor Agent to my existing Log Analytics Workspace.
Click on Add
Select Log Analytics Agent – Azure Arc.
Add your Workspace ID
Add your Workspace Kay
Click on Review + Create
Validation Passed.
Azure Monitoring Agent is Installed.
From here you can do the On-Demand SQL Assessments via
Microsoft Azure Arc enabled SQL Servers.
The SQL Server Assessment focuses on several key pillars, including:
- SQL Server configuration
- Database design
- Security
- Performance
- Always On
- Cluster
- Upgrade readiness
- Error log analysis
- Operational Excellence
Example of SQL Server Assessment results.
On each assessment result you get a recommendation from Microsoft so you can make your SQL environment Health and Secure!
Conclusion
To get these health results of your SQL environment is Awesome 🙂 You are in control of your Azure Hybrid Arc enabled SQL Servers to keep them Healthy and Secure. The following Azure Arc enabled SQL Server blogpost is about Azure Defender for Cloud for your SQL Servers. With these two Azure Arc for SQL Server features you get the best Insights to keep your data as save as possible.
#MVPLABSerie Azure Update Management Center (Preview) and #AzureArc enabled Servers #AzureHybrid
Microsoft Azure Update Management Center (Preview)
Update management center (preview) is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard. Using Update management center (preview), you can make updates in real-time or schedule them within a defined maintenance window. Here you can find more information about Azure Update Management Center
In the following step-by-step guide, we will start with Azure Update Management Center (Preview) and Microsoft Azure Arc enabled Windows Servers running on-premises in my mvplab.local domain.
With getting started you can configure the environment.
I start here with my Azure Arc enabled Storage Server.
You have options like Hotpatch
We Check manually for Updates on Windows Server mvpstore01
Click on OK for Assessment.
Here are the Windows Server Security updates.
You can click on One-time-Update
But first we look in Update Management Center.
Here you see the Pending Windows Updates in Azure Update Management Center
Open query
Microsoft Azure Resource Graph Explorer can be really powerful tool
When you have to manage many Windows Servers you can get the status
of these Azure Arc enabled servers and export the results into a CSV file.
Here you find some Azure Resource Graph Explorer queries
Now we start to Install One-time Updates.
Include Update Classification
Click on Add
Click on Next
Select the option if you want to reboot or not.
Review and Install
Updates installed on the Azure Arc Enabled Windows Server.
In Azure Update Management Center Overview Dashboard
you can see that one machine is completed.
For Monitoring you can make your own workbooks.
I like this History, to see if updates are successful or not.
Conclusion
Microsoft Azure Update Management Center is still in Preview but it’s a new way to manage all of your updates on your Servers on-premises with Azure Arc enabled, or on Azure Cloud, but also in other Clouds if you want. One Update Management Center from the Azure Portal is Awesome to work with and gives you control and overview of your update compliance in your datacenter(s).
Important: This Great tool is still in preview and not for production environments yet until it’s made GA by Microsoft and you have the full support on this awesome management tool.
JOIN Azure Hybrid Community Group on LinkedIn
Security Baseline for Azure Arc enabled Servers and Arc Kubernetes #AzureHybrid #Security
Azure Arc Enabled Server network connectivity.
Baseline security is very important to have that in place to keep your Servers more secure in your datacenter. You want Hybrid Servers like Azure Arc enabled servers for example to be secure running in your datacenter. This begins to secure and have up-to-date Server hardware running in your datacenter. Monitor for security updates and install Server hardware based on best practices from the vendor.
Then the Operating System like Windows Server 2022 standard needs the OS Baseline security. This is called:
Microsoft Security Compliance Toolkit 1.0
When your Windows Servers are security compliant by the rules of the company and/or Security Officer, then we can have a look at the Well Architected Framework (WAF) for Azure Arc Enabled Servers. Here you find an
Introduction to Azure Arc landing zone accelerator for hybrid and multicloud
Azure Arc Single Control Plane.
This security baseline applies guidance from the Microsoft cloud security benchmark version 1.0 to Azure Arc-enabled servers. The Microsoft cloud security benchmark provides recommendations on how you can secure your cloud solutions on Azure. The content is grouped by the security controls defined by the Microsoft cloud security benchmark and the related guidance applicable to Azure Arc-enabled servers.
Security by Default in your Datacenter
Here you find more information about Azure Security Baseline for Azure Arc enabled Servers.
Here you find more information about Azure Security Baseline for Azure Arc enabled Kubernetes.
Security by Design with Azure Security Center and Azure Defender
Azure Arc Jumpstart
When you have read about Azure Arc Well Architected Framework (WAF) and you have your security in place, we can start with Microsoft Azure Arc.
Before you start implementing Azure Arc, you must have seen this Awesome website of Azure Arc Jumpstart!
The Azure Arc Jumpstart is designed to provide a “zero to hero” experience so you can start working with Azure Arc right away!
The Jumpstart provides step-by-step guides for independent Azure Arc scenarios that incorporate as much automation as possible, detailed screenshots and code samples, and a rich and comprehensive experience while getting started with the Azure Arc platform.
Our goal is for you to have a working Azure Arc environment spun-up in no time so you can focus on the core values of the platform, regardless of where your infrastructure may be, either on-premises or in the cloud.
Here you find my MVPLABSerie Azure Hybrid with Arc Enabled Windows Servers on-premises blog
Conclusion
You can manage your compliance and security policies with Azure Arc enabled Servers, Kubernetes, or SQL Managed instances to make your hybrid solutions with
the Microsoft Azure Cloud in a secure environment. When you work with security by design based on OSI model with 7 security layers and use Microsoft Arc enabled servers, you get also more Azure Hybrid security features like Azure Defender for Cloud, and much more.
Don’t forget the Microsoft Azure Arc Community Monthly Meetup
Cloud and Datacenter Management Blog 