Today every company wants to benefit from Cloud to achieve more for the business. Microsoft made Azure Arc to simplify governance and management by delivering a consistent multi-cloud and on-premises management platform.
In the following steps we are going to onboard the Windows Insider Servers and Windows 11 Insider Beta Virtual Machine which are running in mvplab.local domain into the Microsoft Azure Cloud. We will install the Azure Connected Machine Agent via a PowerShell Script in the next steps :
Here you can Choose for the right script.
I choose for Add Multiple Servers with a Service Principle.
Click on Generate Script.
Read the prerequisites access to port 443.
view Outbound URLs link.
Click Next
Select the right Azure Subscription and Resource Group.
Select your Azure Region.
Select Operating System
Select the Connectivity method.
Click on Next
If you don’t have a Azure Service principal, you can create one here.
Click on Create Service principal.
Create your Service Principal
Copy your Client ID and Client Secret !
You need this later.
Choose the Deployment method :
Basic Script or Configuration Manager ( I choose for Basic) Download the Script
I have copied the script to my Domain Controller On-premises here.
Open with PowerShell ISE the OnboardingScript.ps1
and Copy / Paste your
Service Principal Client ID and Secret here in the Script.
Click on save and run the script.
Start PowerShell in Admin modus
Run Script .\OnboardingScript.ps1
Server is connected with Azure š
Here is the Azure Arc Enabled Server, my Domain Controller.
Here I have all the Azure Arc Capabilities available for my Domain Controller.
Azure Hybrid
With the Same Script I added the mvplab.local Windows Insider Servers to Azure
They are all Azure Arc Enabled Servers.
On all Azure Arc enabled Servers is the Azure Connected Machine Agent installed.
Conclusion
In a simple way you can deploy Azure Arc agent on your on-premises Servers to make them Azure Arc Enabled so you can enjoy the Azure Hybrid features from the Cloud. IT management and Security from Azure becomes available for your on-premises Servers.
It’s not only Infrastructure but also Data Services and Application Services what you can use for your Azure Hybrid Solution.
In the next Blogpost we will have a look at the Microsoft Azure Arc Features in my mvplab.local domain.
Microsoft System Center 2022 Operations Manager Web Console
In the Last Blogpost MVPLAB Serie we installed Microsoft System Center 2022 Operations Manager on a Windows Insider SQL Cluster for testing and monitoring. You can find that blogpost here
Before we install Microsoft System Center 2022 Operations Manager Web Console, you should have a look at the requirements of SCOM 2022 Web Console for the IIS settings and features.
In the following steps we will install SCOM 2022 Web Console
First of all you have to install the IIS Features.
See the Microsoft Docs.
Don’t worry if you missed a setting, Microsoft did make a requirements check in the installation procedure before you can move on with the installation of SCOM 2022 Web Console. You will see later.
Run the setup as Administrator of the SCOM 2022 software ISO.
Select Web Console.
Click on Next.
This is what I mean by forgetting a feature Role.
Install the feature Role.
Verify prerequisites again.
Then Click Next.
Check if the Installation Summary is good.
Click on Install
Setup is Completed
SCOM 2022 Web Console is running
Now you can configure your Microsoft System Center 2022 Operations Manager monitoring with the right Management Packs installed via your Edge web browser to get monitoring and alerts in place. Here you find more information about SCOM Management Packs
Now we have in our MVPLAB On-premises Datacenter everything running, we will have a look at Microsoft Azure Hybrid benefit in the following MVPLAB Series. Think about Microsoft Azure Arc Services, Security and more.
Installing Operations Manager creates aĀ management group. The management group is the basic unit of functionality. At a minimum, a management group consists of aĀ management server, theĀ operational database, and theĀ reporting data warehouse database.
TheĀ management serverĀ is the focal point for administering the management group and communicating with the database. When you open the Operations console and connect to a management group, you connect to a management server for that management group. Depending on the size of your computing environment, a management group can contain a single management server or multiple management servers.
TheĀ operational databaseĀ is a SQL Server database that contains all configuration data for the management group and stores all monitoring data that is collected and processed for the management group. The operational database retains short-term data, by default 7 days.
TheĀ data warehouse databaseĀ is a SQL Server database that stores monitoring and alerting data for historical purposes. Data that is written to the Operations Manager database is also written to the data warehouse database, so reports always contain current data. The data warehouse database retains long-term data.
When Operations Manager reporting functionality is installed, the management group also contains aĀ Reporting serverĀ which builds and presents reports from data in the data warehouse database.
These core components of a management group can exist on a single server, or they can be distributed across multiple servers, as shown in the following image.
In my Test LAB mvplab.local I will install the Management Server on a Windows Server Insider member Server and the Operational Database with the Data Warehouse Database on the SQL Cluster Instance. Here you find more Microsoft Information about System Center 2022 Operations Manager
Architecture SCOM 2022
IMPORTANT : In my MVPLAB I’m working with Windows Server Insider Preview Builds and with SQL Server 2022 CTP2.1 Preview version on a Cluster and is not supported yet for Production workloads, then you have to wait for Microsoft to make it General Available!
Now we have a SQL Cluster Instance running in my mvplab.local domain, I’m going to install Microsoft System Center 2022 Operations Manager (SCOM) for monitoring in the following step-by-step guide :
Run SCOM_2022 as Administrator
Click on Next
Click on Accept the Agreement.
Click on Next
Extract the files to your location.
Click on Next
Click on Extract
Completed Click on Finish
Run Setup
Click on Install
I’m installing only the Management Server and Operations Console.
When this was Production I would install every feature on separated Servers with
two Management Servers.
Click on Next
Select installation location
Click on Next
Click on Next
Give your Management Group a Name.
Click on Next
Agree with the License Terms.
Click on Next
Select de SQL Instance and Port.
Set Database Size.
and Data File Folders.
Click on Next
Here you can select de Instance for data warehouse database.
Click Next
Select the Service accounts
Click on Next
Click on Next
Check the Summary.
Click on Install
SCOM 2022 Installation in Progress.
Processing
SCOM License we set later.
I have installed both databases in one SQL Instance for in my MVPLAB.
System Center 2022 Operations Manager (SCOM)
Now you can Configure the Management Packs in SCOM for your environment and set the Alerts. More information about System Center 2022 Operations Manager can you find here :
In this blogpost of MVPLAB Serie, we are going to install Microsoft SQL Server 2022 CTP2.1 on my Windows Server Insider Preview Cluster in mvplab.local domain. Before this blogpost I installed the following basics in mvplab.local domain :
Now we are going to install the Backend of the datacenter, and that is SQL Server 2022 CTP2.1 on a Cluster resource with the first SQL Instance for databases which is High Available (HA).
SQL Server 2022 Preview is the most Azure-enabled release of SQL Server yet, with continued innovation in security, availability, and performance.
Integration with Azure Synapse Link and Azure Purview enables customers to drive deeper insights, predictions, and governance from their data at scale.
Cloud integration is enhanced with disaster recovery (DR) to Azure SQL Managed Instance, along with no-ETL (extract, transform, and load) connections to cloud analytics, which allow database administrators to manage their data estates with greater flexibility and minimal impact to the end-user.
Performance and scalability are automatically enhanced via built-in query intelligence.
There is choice and flexibility across languages and platforms, including Linux, Windows, and Kubernetes.
Mount the ISO file and Copy the files to a local disk location, then run Setup as Administrator with your personal Domain Administrator Account to install SQL Server 2022 CTP2.1. Before the installation read Configure Cluster accounts in Active Directory (AD)
Click on Yes.
Click on the left on Installation Then Click on New SQL Server Failover Cluster Installation
Here I choose for the Developer edition.
Click on Next
Accept the License terms
Click on Next
Check for Updates (recommended)
Click on Next
Check the Warnings and solve issues.
Click on Next
I Installed only the default for SQL Database.
(You can install later Shared SQL Features if you need them.)
Click on Next
Specify a network name for the New SQL Server Failover Cluster. mvpsql01 Click on Named Instance and type INSTANCE01 Click on Next
Click on Next
Select your Cluster disk
Click on Next
Select IPv4 and type the IP-Address of your Cluster Resource
mvpsql01
Then Click on Next
Select your domain Service accounts and type the passwords. Select if you want Maintenance Tasks privilege to your SQL Server Database Engine Service.
Click Next
Here you can add the SQL Admin Group from Active Directory (AD)
Click on top tab Data Directories
I Changed the User Database Log Directory.
Here you can set your directories.
Have a look at the Other TAB fields, I set Memory later. When you finished all the Tabs then click Next
Check the Summary and click on Install
SQL Server 2022 CTP2.1 Installed Successfully Click on Close.
This was on the first mvpfs01.mvplab.local, now you have to do the installation on the other node mvpfs02.mvplab.local.
Here we will add a SQL Node to the Cluster.
Click on the left on Installation
Then Click on Add Node to a SQL Server Failover Cluster
Add Node in Progress
Add Node to SQL Server 2022 CTP2.1 Failover Cluster is Successful
Click on Close
Here you see your SQL Server 2022 CTP2.1 Cluster Instance Running in Failover Cluster Manager.
Connecting the High Available SQL 2022 CTP2.1 Cluster Resource Instance01.
And you can connect the SQL Instance with Azure Data Studio š
With Azure Data Studio you can install marketplace extensions working with your SQL Instance.
Here you find more information about Microsoft Azure Data Studio
In my last MVPLAB Serie blogpost, I wrote about setting-up a Microsoft Domain mvplab.local and making a Windows Server Insider Cluster with an iSCSI Target Host Server for Shared iSCSI Storage provisioning. First thing I did was Installing Windows Admin Center for Hybrid IT Management. With WAC we can Manage the Cluster Nodes but also the Cluster, Installing new features via Windows Admin Center like Kubernetes for running Containers and microservices. But first we start with Microsoft Cluster Aware Updating to keep your Cluster up-to-date.
Windows Admin Center Cluster Manager
Installing Cluster Aware Updating
In the following steps you can see how easy it is to install Cluster Aware Updating with Windows Admin Center on your Windows Server Cluster, in my case mvpcl01.mvplab.local
Go to your Windows Server Insider Cluster
In Cluster Manager, go to Updates.
Click on Add Cluster Aware Updating Role
Microsoft Windows Admin Center is the Administrator Management tool to use in your hybrid datacenter. You see how easy it is to configure Cluster Aware Updating (CAU) on your Cluster. When you use Windows Server Core or Azure Stack HCI then Windows Admin Center is really handy instead of command-line tools or PowerShell scripting.Ā here you can find more information about Cluster Aware Updating requirements and Best Practices
I have made a new MVPLAB with Microsoft Windows Server Insider Preview Build 25158 to install Services and Features for learning but also to give Microsoft feedback about the products. When the MVPLAB domain and Clusters are ready in basic then I can use new Microsoft Azure Hybrid solutions as well, like Azure Arc Kubernetes services and Azure Cloud Defender for Servers and SQL.
Before we start, you need to become a Windows Server Insider so that you can download the newest Windows Server Insider Builds ISO.
Here you get more information for the Windows Server Insider Program registrationĀ
After the free registration you can download the new Microsoft Windows Server Insider Builds here :
To Build your Test and innovation LAB with the newest Microsoft technologies, you need a platform to Build on. Of course Microsoft Azure Cloud Services is Awesome to work with and Great to make test environments but I like to make a Azure Hybrid scenario with Azure Cloud and On-premises datacenter services like for example a Microsoft SQL Cluster with Cluster resources / Instances.
So my MVPLAB will be Azure Hybrid and for On-premises I use Windows Server Hyper-V to make virtual servers.
It’s Great when your hardware provider like Dell is Microsoft Azure Stack HCIcompliant to build your Hyper Converged Infrastructure in your on-premises datacenter.
Microsoft Azure Stack HCI Solution
When you work with Microsoft Azure and Azure Stack HCI, you really need Windows Admin Center for Hybrid IT Management.
This is a Great Administrator tool for managing your Windows Servers, Clusters, Azure Stack HCI, and Azure VM’s in a Hybrid environment.
Windows Admin Center Cluster Overview
Now that we have everything and Hyper-V is running, we will build the Following Windows Servers with the Insider Preview Build:
MVPDC01 ( the first domain controller for mvplab.local domain )
MVPStore01 ( ISCSI Target Host for deploying ISCSI Virtual Disks to my Cluster)
MVPFS01 ( Cluster Node 01 of Cluster MVPCL01 )
MVPFS02 ( Cluster Node 02 of Cluster MVPCL01 )
I install all the virtual servers with 50GB local harddisk for OS and start with 4GB of Dynamic Memory and a Nic.
Only the Cluster nodes get two Nics (One for Heartbeat of the Cluster)
This is for my MVPLAB, but for Production environments I always start with 3 Nics ( 1 = Production 2 = Heartbeat 3 = Storage )
In Hyper-V we make a New Virtual Machine with these specifications and we attach the Windows Server Insider Preview Build ISO.
We install Windows Server Insider Preview Build default and after the installation we set the NIC IP-Address on static and gave the Server the name MVPDC01. Then I installed all the Windows Updates, and after that I started Server Manager to install the Active Directory Feature :
Active Directory just follow the wizard and don’t forget to run DCPromo to
build your domain.
Active Directory and DNS is running locally like
mvplab.local
So now is my domain and DNS running in my MVPLAB, but what do I need more first to build a Windows Server Insider Cluster?
We need Shared storage, so we build a Windows Server Insider ISCSI Target Host to provision Shared VHD’s via ISCSI Initiator to the Cluster Nodes.
The Next member Windows Server Insider is MVPStore01.mvplab.local joined in our new domain. Here I installed the iSCSI Host features:
Start Server Manager and the Add Server role : – iSCSI Target Server – iSCSI Target Storage Provider
Click on Install
In Hyper-V Settings of the Virtual Machine MVPStore01, I have installed a extra disk of 25GB so that we can use that for iSCSI Target Host which is now running on this Server. Now we can provision storage when the new Windows Server Insider Cluster MVPCL01.mvplab.local is installed with the iSCSI Initiator to get Cluster storage. So now we are first going to build a Windows Server Insider Cluster and after that we will provision the Cluster Storage.
Installing a Windows Server Cluster with Insider preview Build 25158.
I deployed two member servers MVPFS01.mvplab.local and MVPFS02.mvplab.localĀ into the new domain. they have static IP-Address and are working fine with DNS resolving. On both Servers I installed the Feature Failover Clustering
Failover Clustering Installed.
from here we are going to install the new Windows Server Insider Cluster MVPCL01.mvplab.local
Start Failover Cluster Manager.
Create Cluster.
Click on Next
select the two new Cluster Nodes
Click on Next
Select Yes, run configuration validation tests
Click on Next
Click on Next
Run all tests
Click Next
Confirmation
Click Next
Type in the new Cluster name => mvpcl01
IP-Address => 192.168.2.43
Click Next
Confirmation
Click on Next
Creating Cluster….
We now have a Cluster mvpcl01.mvplab.local running, but without storage and without the witness disk. the iSCSI initiator is running on both Cluster nodes, so now we have to provision storage to the Cluster via the iSCSI Target Host MVPStore01.mvplab.local.
iSCSI Storage provisioning to Windows Server Insider Cluster
via the Server Manager of the iSCSI Target host, we are going to create a new iSCSI Virtual Disk for both Cluster Nodes :
Click on New iSCSI Virtual Disk
iSCSI Virtual Disk Name
Click on Next
Type in the Size I’m using 20GB of 24,9 because I need also a Quorum disk for the Cluster.
Select Fixed Size.
Click on Next.
New iSCSI Target
Click on Next
Give the iSCSI Target a Name
Click on Next
Add the Access Servers via iSCSI Initiator
Click on Next
Here you can set Authentication if you want.
Click on Next
Confirmation
Click on Create
the iSCSI Virtual Disk is successfully created.
the iSCSI Target VHD is not connected yet.
Now we connect with iSCSI Initiator from the Cluster Nodes.
The work on iSCSI Taget Host MVPStore01.mvplab.local is Done.
When you start the iSCSI Initiator it will set the services and the firewall settings on the Server.
You have to do this on both Cluster nodes.
First we add the Target portal and that is our iSCSI Taget Host MVPStore01.mvplab.local with
IP-Address 192.168.2.46 with port 3260.
This is under the discovery tab.
Select Targets tab
you see the Target mvpstore01 Inactive.
Select and click on Connect.
If you had Multi-path IO running, you could enable Multipath too.
Click on Ok
The iSCSI Taget Virtual Disk is connected.
On the iSCSI Target Host MVPStore01.mvplab.local is the target now also in Connected status.
You now can now bring the 20GB disk Online via Disk Management and give it a drive letter
for the Cluster.
Then you can add the 20GB disk via Storage of Cluster Manager tool.
You can make Cluster Shared Volume.
I made a Cluster for a SQL Instance and I made
a 2GB iSCSI Taget VHD for the Witness Disk.
So Now we have Cluster storage running and failovers are working, now we need to configure Quorum witness disk via
Failover Cluster Manager.
Go to more actions on the Cluster.
Configure Cluster Quorum
Click on Next
Select the quorum witness
Click on Next
You can configure your witness on different locations.
I will select our 2GB witness disk on our Cluster
Select the Quorum disk
Click on Next
Confirmation
Click on Next
You have successfully configured the quorum settings for the Cluster
Click on Finish
Witness disk is running.
So my Microsoft Windows Server Insider Cluster is ready for workloads, if you want to you can run a Cluster validation to see
if everything is okay. Now my MVPLAB is ready for the next installation on my Cluster and that is :
Installing the Newest SQL Server 2022 CTP2.1 on my Windows Server Insider Cluster.
But that will be a next Blogpost : Installing SQL Server 2022 CTP2.1 on a Windows Server Cluster š
Follow me on Twitter : @Jamesvandenberg
Ps. I downloaded the VHDX file for Hyper-V, but you can get also the ISO file here.
Getting started with the Windows Insider Program for Windows Server
Get exclusive access to Windows Server Insider Previews and Remote Server Administration tools and help shape the future of Windows Server in the Windows Insider Program for Windows Server.Register here for the Windows Server Insider programĀ
From here you can build your own local domain and Clusters in your LAB to test all the Features Windows Server 2022 Insider Preview Build 25140 has. Checking new Security features and doing your own pen tests.
Testing security with Kali Linux Rolling distro in WSL 2.0 against Windows Server Insider
in my Lab. And give feedback about features and or issues on Windows Server Insider :
And of course don’t forget Windows Admin Center for your LAB to manage your Servers, Azure Virtual Machines and your Clusters. You can download WAC here
What is new in preview is Windows Admin Center in the Azure Portal with Azure Arc Enabled Servers.
Windows Admin Center in the Azure Portal for Arc Enabled Servers š
Manage your Servers from the Cloud.
Conclusion
With Windows Server Insider Builds and Windows Admin Center, you can test and make your own LAB environment together for free. You can give the Microsoft product group feedback to make the product better. In the mean time your are learning new features and security in Windows Server Insider Preview Build and WAC before you go into production š I say a good win win situation and it’s fun to setup your own hybrid LAB.
Running Ubuntu and Debian Linux Distro on Windows Server 2022
Preview Build 25120.1010 with WSL 2.0
In the Week of MS-Build 2022 Event, Microsoft is announcing that WSL 2.0 is coming to Windows Server 2022 Preview Build on twitter.
In the following step-by-step guide we will install Windows Subsystem for Linux 2.0 (WSL) on Microsoft Windows Server 2022 Insider Preview Build 25120.1010 to run Ubuntu and Debian Linux Distro’s.
All this is still in Preview and not ready for production environment yet. I installed this all in my MVP Test Lab for learning and testing. Hope you find this useful for your test environment to play with the newest Windows Server 2022 Insider Preview and WSL 2.0 with
all kind of Linux distro’s.
Windows Admin Center Version 2110.2 Build 1.3.2204.19002
Windows Admin Center is a customer-deployed, browser-based app for managing servers, clusters, hyper-converged infrastructure, and Windows PCs. It comes at no additional cost beyond Windows and is ready to use in production. Learn more aboutĀ Windows Admin Center.
Benefits
Simple and modern management experience
Hybrid capabilities
Integrated toolset
Designed for extensibility
Languages
Chinese (Simplified), Chinese (Traditional), Czech, Dutch (Netherlands), English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish (Sweden), Turkish
In the following step-by-step guide I will deploy Windows Server 2022 Insider Build 25099 Core Edition with Windows Admin Center tool together with some great features for managing Windows Servers in a secure hybrid way with Microsoft Azure Cloud services. Like Azure Defender for Cloud, Azure Backup Vault, Azure Monitor, Security and more.
So I have Windows Admin Center 2110.2 installed and I have a Windows Server 2022 Hyper-V Server for my Virtual Machines in my MVPLAB Domain.
Now we will deploy the new Windows Server 2022 Insider Preview Build 25099.
In WAC on my Hypervisor in Virtual Machines
When you explore and open your Hyper-V Host and go to Virtual Machines, you can Click on Add and then on New for Creating your Windows Server Insider VM.
Create a New Windows Server Insider VM called StormTrooper01
Here you can configure your new Windows Server 2022 Insider VM with the following :
What kind of Generation VM (Gen 2 Recommended)
The path of your Virtual Machine and the path of your virtual disk(s)
CPU and you can make nested Virtualization too
Memory and use of Dynamic Memory
Network select the Virtual Switch
Network Isolation by VLAN
Storage, Create the size of the Virtual Disk. Choose an ISO or Select an existing VHD(x)
I Created a New 70GB OS Disk
and I want to Install the New Windows Server Insider OS from ISO.
Click on Browse
Here you Browse Default on your Hyper-V Host and select the ISO.
When the Windows Server ISO is selected you can hit Create
We get the Notification that the virtual machine is successfully created.
Only the Virtual Machine is now made with your specs and visible on the Hyper-V Host.
Select the New Virtual Machine (StormTrooper01) click on Power and hit Start.
After you started the VM, you can double click on it and go to Connect. Click on Connect to the Virtual Machine.
Now you are on the console via VM Connect.
Click on Install Now
We are installing Windows Server 2022 Insider Core edition, because we have WAC š
Installing Windows Server 2022 Insider Core Preview Build 25099 via Windows Admin Center
Create New Administrator Password.
And here we have Sconfig of the Windows Server 2022 Core.
via Virtual Machine Connect.
Now we can add and connect the New Virtual Machine with Windows Server 2022 Insider Preview Build in Windows Admin Center via IP-Address.
The Next step is to join the Windows Server 2022 Insider to my Domain MVPLAB.
Click on the Top on Edit Computer ID Click on Domain and type your domain name.
Click op Next Add your administrator account for joining the server
Reboot the VM.
Windows Server 2022 Insider Preview Core edition is domain joined.
Now we have the New Microsoft Windows Server 2022 Insider Preview Build 25099 running in Windows Admin Center, we can use all the tooling provided by WAC also in a Azure Hybrid way. Think about Azure Defender for Cloud, Azure Monitor. In Microsoft Windows Admin Center we also have a topic Azure Hybrid Center :
Here you see all the Azure Hybrid benefit features for your Windows Server 2022 Insider.
Microsoft Azure Arc
Azure Backup
Azure File Sync
Azure Site Recovery
Azure Network Adapter
Azure Monitor
Azure Update Management
and More…
Microsoft Azure and the Windows Admin Center Team made the wizards customer friendly and easy to get those Azure Hybrid services for your Windows Server.
When you have your Server running, you want to make backups and Monitoring your Server for management. And after that you want to be in control of your security of your new Server. In the following steps you see some examples on the same Windows Server 2022 Insider Preview Build:
Microsoft Azure Backup via WAC
Click on Azure Backup
Select your Azure Subscription and the Azure Backup Vault.
Select your data and make the schedule.
Enter the Encryption passphrase and Apply.
Here you have Azure Backup Vault working together with WAC.
Azure Defender for Cloud Security
Click op Microsoft Defender for Cloud
Click on Setup
Add the right Azure Subscription and Workspace
Click on Setup.
Configuring Azure Defender for Cloud agent and Subscription.
Azure Defender for Cloud in Windows Admin Center on your Windows Server 2022 Insider Preview Build.
In Windows Admin Center there is also a Security tab for the Windows Server.
Here you can see if your system is supported for this security features š
Enable the supported features and Restart de Virtual Machine.
And here you see my status overview.
Further more you can manage RBAC in Windows Admin Center when you have to work with different kind of users.
You can find RBAC in settings.
Conclusion
Windows Server Insider Core edition and Windows Admin Center are working better together! You have all the tools you need to startup your Windows Server and
manage it with WAC. Windows Admin Center is getting better and better to manage your Hybrid Datacenter and keep you as an Administrator in Control!
So is how I manage my MVPLAB but also for Production workloads I use Windows Admin Center and the Azure Portal together. With Microsoft Azure Arc Services
Azure Hybrid becomes your solution where Windows Admin Center can Support you with making Azure Stack HCI Clusters with Azure Kubernetes for your DevOps environment.
In the following steps I will install some containers (Pods) on my Azure Arc enabled Kubernetes so I have some data to work with in my MVP LAB. I did that with Microsoft Visual Studio Code and with Helm predefined templates. Install the VSCode and install the Kubernetes extension, more information here
In the following steps we install DAPRand Redis on the Azure Arc enabled Kubernetes.
When you open your Kubernetes Cluster
Click then on Helm Repos
There you see Dapr repo.
Click on version 1.6.0.
Right click on version 1.6.0
Click on Install.
Dapr is installed by default on the Azure Arc enabled Kubernetes.
Type in Powershell : dapr status -k You will see the running pods of Dapr.
Dapr Dashboard is running Important: This is running in a test environment and is now http.
For production you have to make it save! Azure Arc Services and Azure Defender for Containers will help you with that.
But next to these security best practices from the software vendor, we also have Microsoft Azure Arc Security (Preview) on this kubernetes Cluster active. In the following steps you will see Security rules, Fixes and Azure Policies for Azure Arc Kubernetes to make your environment more secure and compliant.
Click on your Azure Arc enabled Kubernetes Cluster
This is my Dockkube. Click then on Security (preview)
Here you see that I don’t have Azure Policy active to be compliant
on my Azure Arc enabled Kubernetes Cluster.
A lot of security issues are managed by policies. Click on View Additional recommendations in Defender for Cloud
See Related recommendation (17)
Here you see all the dependent policies for your Azure Arc enabled Kubernetes Cluster.
Select your Azure Arc Enabled Kubernetes Cluster (Dockkube) Click on Fix
Confirm and click on Fix 1 resource.
Remediation in progress.
Remediation Successful.
It can take some minutes to see your resources in the Healthy state.
Just refresh š
In Azure Policy you will see how Compliant you are with your
Azure Arc enabled Kubernetes. Click on the ASC compliance.
Here you see the 10 Policies that are not Compliant.
Select a policy which is not compliant like here Kubernetes Cluster containers should only use allowed images Click on Details
Here you see the Component ID’s on my Azure Arc enabled Kubernetes Cluster
which are not compliant on this policy š See the Tab bar, you are now on Component Compliance
Click on Policies tab
Dubbel click on the policy.
From here you can Assign the policy to your Azure Arc enabled Kubernetes Cluster.
A New example and you can see the Affected Components
on my Azure Arc enabled Kubernetes Cluster Dockkube.
Conclusion
When you work in a DevOps way with Kubernetes containers and microservices, you want them as secure as possible. With application security and best practices from the software vendors. Security monitoring and compliance are important to keep you in control and to keep your environment safe. With Azure Arc enabled Kubernetes you get Azure Defender for Containers and Azure policy for security compliance to your Kubernetes Cluster.
Important: This is still in preview and should not be used in production environment yet until Microsoft makes it General Available for the world. Now you can test it in your test environment like me in my MVPLAB.
Cloud and Datacenter Management Blog 