Step by Step how to manage your Systems with Azure Arc #Azure #Arc #RBAC #AKS #Security #ASC

This Blog post is about Azure Arc, how to set this up and get you started with Azure Arc. For customers who want to simplify complex and distributed environments across on-premises, edge and multi cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.

So Azure Arc is not a replacement for the old Azure Server manager tools! So no remote RDP or open MMC only log analytics, policy’s, CLI etc. https://robertsmit.wordpress.com/2016/08/25/azure-server-management-tools-manage-your-servers-from-anywhere-servermgmt-azure-smt/

image

That could be a really nice add on to Windows Admin center #WAC best tools available in Azure and on premise.

The hybrid management could be done with Windows admin center on a VM running into Azure. https://robertsmit.wordpress.com/tag/windows-admin-center/

Azure Arc is in preview At this time, there is no cost to use this service. as long as it is in Preview. Configuring this is been done from the Azure portal. And get your non Azure servers also connected to Policy’s and security center.

image

Starting with Azure Arc is done in a few easy steps.

image

Sign up for the preview  https://aka.ms/hybridmachineportal

first we open the Azure portal and go to Azure Arc or use the url https://aka.ms/hybridmachineportal

I signed up for the Organize & govern across environments so go to manage servers to get into the next menu.

image

Sign up for the preview  https://aka.ms/hybridmachineportal

First we need to add the Server ( register the server to Azure Arc)

image

Adding the server to Azure Arc can be done with a provided PowerShell script

Azure Connected Machine Onboarding

The downloaded script contains the following.

$sp = New-AzADServicePrincipal -DisplayName "Arc-for-servers" -Role "Azure Connected Machine Onboarding"

$sp

New-AzRoleAssignment -RoleDefinitionName "Azure Connected Machine Onboarding" -ServicePrincipalName $sp.ApplicationId

$credential = New-Object pscredential -ArgumentList "temp", $sp.Secret
$credential.GetNetworkCredential().password

# Download the package
Invoke-WebRequest -Uri
https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

As you can see the agent is downloaded and installed as a new App registration so make sure you have to proper Azure Rights when doing this.

image

Adding this to a resource group and a Region.

image

Make sure you select the proper OS.

image

I add also the server Tags to the servers just as I do this for the Azure VM’s.

image

Now we can download the complete PowerShell script

# Download the package
Invoke-WebRequest -Uri
https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

# Run connect command
& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "MVPRSG-Azure-Arc" –tenant-id "xxxxxxxxxxxx" –location "westus2" –subscription-id "xxxxxxxxxxxx" –tags "Arc=Server-DC01"

image

After running this script there is a URL https://microsoft.com/devicelogin and you will need the CODE provided by the script

image

https://microsoft.com/devicelogin

image

This will add the Azure AD and you will need to sign in.

Azure Arc

Azure Arc

When correctly signed in the message is successfully.

image

Looking in the Portal the machine is Connected.

image

At this point you can set Azure policy’s and send data to the Azure log analytics.

Azure Arc

In the Azure resources Overview you can see the Servers and the Type with a different Icon.

Azure Arc

For Now Azure Arc is a bit limited for the windows servers, If this will be combined with the Old Server Management tools then you have a great option to manage the on premise servers. Currently it is still in preview so I expect a lot of changes during the year.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog https://robertsmit.wordpress.com Linkedin Profile Http://nl.linkedin.com/in/robertsmit Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

One thought on “Step by Step how to manage your Systems with Azure Arc #Azure #Arc #RBAC #AKS #Security #ASC”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: