Hope you started year 2022 in Good Health in a difficult pandemic time.
Starting 2022 by asking yourself, how is your Security by Design doing in 2022
Your Security is one of the most important aspects of any architecture for your Business.
It provides confidentiality, integrity, and availability assurances against attacks and abuse of your valuable data and systems. Losing these assurances can negatively impact your business operations and revenue, and your organization’s reputation.
Here you find Awesome information about Applying security principles to your architecture to protect against attacks on your data and systems:
Security recommendations that are in private preview
Programmatic remediation tools for security recommendations
PowerShell scripts for programmatic management
Azure Policy custom definitions for at-scale management of Microsoft Defender for Cloud
Logic App templates that work with Defender for Cloud’s Logic App connectors (to automate response to Security alerts and recommendations)
Logic App templates that help you run regular tasks or reports within the scope of Microsoft Defender for Cloud
Custom workbooks to visualize Defender for Cloud data
Become a Microsoft Defender for Cloud Ninja
Security and Learning is a ongoing process, I always say Learning on the Job 😉 is important to keep Up-to-Date every day of the week. Microsoft Tech Community platform and Microsoft Learning can support you to get the knowledge.
Microsoft and the community has a lot of good security information to start with for your Data and Systems to keep your business solution as save as possible. Here they write New blogposts for the community about Defender for Cloud
Keep in Mind “Security is only as strong as the weakest component in the Chain”
So keep your Security up-to-date and do assessments on vulnerabilities to keep your data and systems secure. Monitoring => Alerting => Remediation is 24/7/365 Process with Security people in the business.
Azure Monitor Insights for Monitoring your Containers.
In the last blogpost I wrote about Microsoft Azure Arc Services and how to connect a Docker for Desktop Kubernetes Cluster for testing your DevOps solution like Container Apps, Functions, App Services in a test environment. Here you find the Link to the Installation.
One of the Microsoft Azure Arc features is Azure Monitor Insights for monitoring your Kubernetes Cluster and the Containers.
Azure Arc Insights for Kubernetes Cluster anywhere
In the following step-by-step guide we will configure Azure Monitor Insights for your Kubernetes Cluster.
I Connected my Analytics Workspace CloudMVPLab.
Click on Configure.
Onboarding your Kubernetes Cluster will take some minutes.
After a while your Kubernetes Cluster Analytics data will show in Insights.
Here you see a navigation bar with the following topics
What’s New
Cluster
Reports
Nodes
Controllers
Containers.
Insights reports of the Kubernetes Cluster
Here you can Click on default reports of your Kubernetes Cluster.
Storage Capacity and Health Status report of your Kubernetes Cluster.
Storage Capacity more in Details.
Deployments Report of your Kubernetes Cluster.
Workload details Report of your Kubernetes Cluster.
Kubelet report of your Kubernetes Cluster
Data Usage of your Kubernetes Cluster
Data Usage
Insights the Nodes of the Kubernetes Cluster
Insights of the Nodes and on the right you can view Analytics.
Here you can work with Log Analytics on your Cluster.
Insights in Controllers of your Kubernetes Cluster
Insights of your Controllers
Insights Containers of your Kubernetes Cluster
Container Insights of your Kubernetes Cluster
Container Insights with Azure Log Analytics.
So with Azure Arc Enabled Kubernetes Clusters you can monitoring your Cluster and running Containers to keep you in Control on what is happening on the Cluster but also with your Container Apps and microservices. After this you can set Alerts and notifications when something is going wrong or offline. With this running you can start running your own App services, Containers or Azure functions on your Kubernetes Cluster.
This configuration with Docker for Desktop Kubernetes Cluster is for testing purpose only and can be used for your own DevOps solutions before you deploy on Production Ready Clusters. With Azure Arc Enabled Kubernetes Clusters you get the powerful Microsoft Azure Features and solutions in a secure way on your Kubernetes Cluster. I wish you lot of success with Azure Arc Enabled Kubernetes Clusters to make Awesome Apps and IT solutions for the Business 😉
I Hope everyone had a Great Microsoft Build 2021 Online Conference this week. Microsoft announced a lot of new features and Hybrid Cloud Solutions at Build 2021 🙂 If you missed this Awesome Build 2021 event, you can watch the highlights on demand here.
DevOps and developers are increasingly using microservices-based architectures with containerized applications for agility and flexibility. Azure Arc extends the single control plane from Azure to enable you to build apps consistently across hybrid and multi-cloud environments. With this information I was thinking, can I connect Microsoft Azure Arc Services to my Surface Book 3 with Windows 10 Preview Insiders Build 21390 and Docker for Windows with Kubernetes Cluster 1.19.7 active?
IMPORTANT: The following step-by-step guide is for testing purpose only.
Installing Docker for Windows with Kubernetes Cluster on Windows 10
First you need to have Docker for Windows 10.
System requirements
Your Windows machine must meet the following requirements to successfully install Docker Desktop.
WSL 2 backend
Hyper-V backend and Windows containers
WSL 2 backend
Windows 10 64-bit: Home, Pro, Enterprise, or Education, version 1903 (Build 18362 or higher).
Enable the WSL 2 feature on Windows. For detailed instructions, refer to the Microsoft documentation.
The following hardware prerequisites are required to successfully run WSL 2 on Windows 10:
With docker desktop for Windows you can switch between Windows Containers and Linux Containers. When you want to have a Kubernetes Cluster on your Windows 10 device active you have to switch to Linux Containers in the taskbar like this :
It’s now active for Linux Containers. (Default)
Right Click on the Docker tray icon and go to Settings.
Then go to Kubernetes to enable your Cluster locally on your Windows 10 Device.
When you apply it take some minutes for the installation.
When you see the Kubernetes icon on green, then your Cluster is running.
When you do a lot of DevOps work you use Microsoft Visual Studio Code for Free, because here you can see your Kubernetes Cluster and try your own code or Apps.
Kubernetes Cluster is running locally on your Windows 10 device.
Installing Microsoft Azure Arc Agent
The next step is to install the Microsoft Azure Arc agent on your Windows 10 device.
Login in your Azure Subscription, if you don’t have one you can start here
Search for Azure Arc in your subscription.
Click on Servers and Click on Add.
Click on add a Single Server.
Click on Generate Script.
Prerequisites for the Azure Arc Agent.
Select your Azure Subscription and Resource Group
Choose your Region.
Operating System is Windows. ( your Windows10 device)
Click on Next.
More Features like Security, Monitoring, Automation :
Features for Kubernetes in Azure Arc Services.
Here you see in Visual Studio Code your Azure-Arc Helm Release.
Conclusion
“Learn how to write once and run anywhere using your preferred cloud-native application services. Ensure governance, compliance and security for your deployments, all through a single pane of glass management experience in Azure.”
With Microsoft Azure Arc Services you bring Azure Cloud Technology anywhere for your Apps, Containers, microservices.
I Hope this is a first start for exploring and testing your Hybrid Cloud solution. Wish you a lot of fun and happy coding 😉
Windows Admin Center is a locally deployed, browser-based app for managing Windows servers, clusters, hyper-converged infrastructure, as well as Windows 10 PCs. It comes at no additional cost beyond Windows and is ready to use in production. If you want to work more secure with Windows Server Core images without the GUI or with Microsoft Azure Stack HCI operating system then Windows Admin Center is the tool for the Administrator to manage your workloads on-premises or in the Cloud. You have one web based interface for all your Server consoles (MMC) to manage your Hybrid Datacenter.
Here you can read more about Microsoft Windows Admin Center and download the free software.
Get the best with Windows Admin Center Extensions
Windows Admin Center and the Container Extension
When you have installed Microsoft Windows Admin Center you can configure the settings and extensions for your environment. When you want the benefits of the Microsoft azure Cloud Services you can configure your Azure subscription and add the extensions to your Windows Admin Center. There are also Third Party extensions like Dell, DataOn, Fujitsu and more. Here you find more information about how extensions work.
Container Extension
In the following step-by-step guide we will work with the Container Extension of Windows Admin Center on a Windows Server 2019. You have already added the server in WAC and installed the Container extension. In my MVPLAB.CLOUD is that Windows Server 2019 datacenter Starship01.mvplab.cloud. When you open the server you will come in the Overview of the Windows Server:
Click on Containers.
Click on Install for the Docker installation on Starship01.mvplab.cloud.
This will install Docker on the Windows Server 2019 and reboot when it’s ready to use for Containers. From this moment you can work with Windows Containers on the host via Windows Admin Center.
Remote Desktop in Windows Admin Center, the docker host is installed with the Windows Filter by default.
When you want to use Docker Linux Containers with Windows Server 2019 host, you have to configure the Linux kit LCOW with a distro on the host. More info here
Containers on Starship01.mvplab.cloud
To start with containers you can create your own, or pull an image from Docker Hub with Windows Admin Center. In my case I pull Windows Server 2019 ltsc with IIS image.
mcr.microsoft.com/windows/servercore/iis (Image)
windowsservercore-ltsc2019 (Tag)
Click then on Pull.
Select your image and click on Run.
Give your Container a name and set your settings.
Click on Run.
Click on Containers tab and you will see your running Container
More details you see the IP-Address of the Container.
IIS is running on Windows Server 2019 ltsc in a Docker Windows Container.
That was easy right 😉
Making your Own Docker file with Windows Admin Center Container Extension
When you have your own Github repository with your software, you can make your own docker file and make a docker image on your host for deployment. To show this I have used this sample on Microsoft docs, but you can clone also a github repository and copy the dockerfile on the host.
I copied the dockerfile on the host C:\BuildImage.
—————
# Sample Dockerfile
# Indicates that the windowsservercore image will be used as the base image. FROM mcr.microsoft.com/windows/servercore:ltsc2019
# Metadata indicating an image maintainer. LABEL maintainer=”jshelton@contoso.com”
# Uses dism.exe to install the IIS role. RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart
# Creates an HTML file and adds content to this file. RUN echo “Hello World – Dockerfile” > c:\inetpub\wwwroot\index.html
# Sets a command or process that will run each time a container is run from the new image. CMD [ “cmd” ]
In Windows Admin Center comes ITpro world and DevOps world Together in One web based console like with the Container extension. Microsoft is developing really fast in Windows Admin Center to get all the right Feature for ITPro, DevOps and SecOps Administrators in one place. Awesome are the Windows Admin Center Extensions, developers makes these better and better to do the job for Administrators 🚀
Windows Server 2019 Core and Azure Stack HCI are Operating systems without a GUI, and with Windows Admin Center they are really good to manage, update and keeping in control of security.
I like Windows Admin Center a lot and it Rocks for managing your hybrid Datacenter 😉
Send your comments and feedback via Microsoft GitHub repoby opening a new issue for the Container Extension. Follow @vrapolinario on Twitter
You can Follow Windows Admin Center here on Twitter : @servermgmt
Now is the time. Join your global partner community for the Microsoft Inspire digital event experience. Register today and get ready to extend your partner network as we explore what’s coming in the year ahead and work together to find shared solutions for our customers. Join Microsoft Inspire 2020 Global Event on July 21-22 Now at no Cost!
You will be Inspired by Microsoft New Technologies and Innovations !
Microsoft Azure Arc Servers On-Premises and Azure Cloud Services
Earlier I wrote a blogpost about Microsoft Azure Arc services installation to manage on-premises Servers with Azure Cloud Services, like Azure Monitor and Azure Security Centre from the Cloud.
Here in this post you will see the Newest Microsoft Azure Cloud Services to Manage and Monitor your Servers on-premises with security and compliance included.
Azure Arc Extensions settings of the Server.
Here you can see we have installed the Microsoft Monitoring Agent for Azure Monitor and log analytics, second we have installed the dependency Agent for Windows for
insights, Performance and Service maps. Here you find more information about Virtual machine extension management with Azure Arc for servers (preview)
After initial deployment of the Azure Arc for servers (preview) Connected Machine agent for Windows or Linux, you may need to reconfigure the agent, upgrade it, or remove it from the computer if it has reached the retirement stage in its lifecycle. You can easily manage these routine maintenance tasks manually or through automation, which reduces both operational error and expenses.
The Azure Arc Insights Performance monitor is there by default and installed with the following dashboards :
CPU Utilization
Available Memory
Logical disk IOPS
Logical disk MB/s
Logical disk Latency
Max logical disk used %
Bytes Sent Rate
Bytes Received Rate
Azure Arc Logs Analytics
Of course you can make your own custom Dashboards in the Azure Portal with your own triggers, so in this way you get the same Azure Monitor Innovative Tools for your On-Premises Servers. 😉
Within Microsoft Azure Arc Insights, you can also see a Service Map of the Server
Here is were the dependency agent comes in, you get a service map of the Server and see the communication lines with other resources. In this picture you see Server Yoda01 a Domain Controller of my MVPLAB.
You can see that there are three Clients are logged on the domain controller.
Microsoft Azure Security Center for Azure Arc Servers
One of the most powerful and important features of Microsoft Azure Cloud platform is Security! Microsoft Azure Security Center (ASC) is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.
Here you see my Azure Arc Servers (On-Premises) in Azure Security Center.
Azure Arc Server in Azure Security Center recommendations Summary
Five security assessments passed the test, but Azure Security assessment has two recommendations one is Medium Risk and one low.
Here you see the Security advise and the Remediation to take action on your Server.
Microsoft Azure Security Center Overview with the Overall Secure Score.
Security controls – Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces. A control is a set of security recommendations, with instructions that help you implement those recommendations. Your score only improves when you remediate all of the recommendations for a single resource within a control.
To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.
To get your Azure Arc Servers (On-premises) complaint for the business and security, you can use Microsoft Azure Arc Policies
Azure Arc Policies to meet your Compliance state.
Conclusion
Microsoft is bringing Azure Cloud Power tools everywhere with Azure Arc Services to give you modern tools like Azure Monitor and Azure Security Center to keep you in control, Secure and Compliant for your business. Keep following Microsoft for Hybrid IT Management, because more awesome features are added every day in Microsoft Azure Cloud Services. Let’s start to get your Azure Security Score UP and UP 😉
Monitor, diagnose, and gain insight into the performance and availability of your applications and services with Azure Monitor. In this video, you’ll learn how to use Azure Monitor to collect, analyze and act on telemetry from your cloud and on-premises environments.
Learn how to create time series charts of platform and resource metrics for visualization and analysis with Azure Monitor. Start in Azure Monitor to view metrics across multiple resources or start directly from individual resource blades. You will also learn how to add metrics charts to dashboards in the Azure portal for real-time monitoring and shared access across teams.
In this video, learn about action rules and how you can use them to configure actions and notifications for multiple alerts at scale across a subscription, resource group, and target resource.
In this video, learn how alerts enable you to proactively identify and address issues before it impacts the users of your system. Alerts are created on performance and availability data and can be associated with user-defined actions and notification mechanisms.
In this video, learn how to use source map support in Azure Monitor Application Insights to improve the diagnosis of client-side JavaScript errors. Source maps can be used to unminify call stacks found on the Application Insights end to end transaction details page.
Here you find more information about Microsoft Azure Monitor:
Microsoft Azure Stack is a family of products and solutions that extend Azure to your datacenter or the edge. Includes Azure Stack Hub,Azure Stack HCI, and Azure Stack Edge.
The Power of Hybrid IT Management is awesome with Azure Hybrid Services for your Servers with Microsoft Windows Admin Center. While you can set up most Azure hybrid services by downloading an app and doing some manual configuration, many are integrated directly into Windows Admin Center to provide a simplified setup experience and a server-centric view of the services. Windows Admin Center also provides convenient intelligent hyperlinks to the Azure portal to see connected Azure resources as well as a centralized view of your hybrid environment.
Microsoft Windows Admin Center for Hybrid IT Management
I really like to work with Microsoft Windows Admin Center for managing my Hybrid workloads Windows Servers in Azure Cloud Services but also our On-premises Servers on Hyper-V and VMware platform. Even our physical Windows Servers can be managed from Windows Admin Center.
You can extend on-premises deployments of Windows Server to the cloud by using Azure hybrid services. These cloud services provide an array of useful functions, including the following:
Protect virtual machines and use cloud-based backup and disaster recovery (HA/DR) with Azure Site Recovery.
Track what’s happening across your applications, network and infrastructure with the help of advanced analytics and machine learning in Azure Monitor.
Simplify network connectivity to Azure with Azure Network Adapter.
Keep virtual machines up to date with Azure Update Management.
Azure hybrid services work with Windows Servers in the following configurations:
Stand-alone physical servers and virtual machines (VMs)
I’m working with Windows Admin Center since day one, and you see the hybrid management tool evolving with great new features to make your life as an Administrator more easier. For example you get notifications when there are updates in extensions.
Notification details about update Extensions
When you click on the link “Go to Extensions” you will see the Extensions installed and the Updates which you can install from there.
Here you see an Azure Security Center Extension update.
There are not only Microsoft extensions, but also third party solution extensions and you could build your own extension for your solution. Here you find all the information about Windows Admin Center Extensions
Third Party Windows Admin Center Extensions
Installing a New extension is easy to do, the Azure Cloud Shell (Preview) was the last extension I installed in my Azure MVP Lab to work with. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. Cloud Shell enables access to a browser-based command-line experience built with Azure management tasks in mind. So how does this look in Windows Admin Center?
Install the Azure Cloud Shell (Preview) Extension
You find the Installed Azure Cloud Shell in the pulldown menu of WAC
For Management of your Windows Servers you need some tools and consoles. Windows Admin Center is supporting you to get the Management consoles in one place to do your administration and updates.
The next tree Features are in Windows Admin Center to manage your Windows Server.
Powershell inside WAC of my Domain Controller
Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows.
Here you find more information about Windows Commands
Windows Update in Windows Admin Center.
Of course you need to update your Windows Servers, and what I like in WAC is that you get the information if an update needs a reboot before you click on Install Updates. This option is good for my Azure MVP Lab but when you need to update more then 100 Servers, you would do that centrally managed like with Update Management solution in Azure
Windows Remote Desktop in WAC
Remote Desktop is one of the Features of Windows Admin Center, to take over the desktop for installations of Applications for example.
Windows Admin Center got a lot more Features and Tools to Manage your Windows Servers in a Hybrid world.
Like these :
Storage
Security
System Insights
Scheduled Tasks
Installing Roles and Features of Windows Server
Registry
Processes running on your Windows Server
Managing and deploying Clusters
and much More………
You can install the following Resources to Manage with WAC
Windows Admin Center Overview
Conclusion:
Microsoft Windows Admin Center is the New Management tool for your Hybrid IT Management to Controle your Servers for your Business. It got all the Management consoles covered of Windows Servers to manage from one tool.
It’s easy to use and It keeps you Up-to-date of what is happening on your Windows Server but also what is New and updated. With Microsoft Windows Admin Center your are learning on the job and that’s what I Like 😉
Hope you will use Microsoft Windows Admin Center too for your Business, download it here for Free!
Cloud and Datacenter Management Blog 