This Blog post is about Azure Arc, how to set this up and get you started with Azure Arc. For customers who want to simplify complex and distributed environments across on-premises, edge and multi cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
So Azure Arc is not a replacement for the old Azure Server manager tools! So no remote RDP or open MMC only log analytics, policy’s, CLI etc. https://robertsmit.wordpress.com/2016/08/25/azure-server-management-tools-manage-your-servers-from-anywhere-servermgmt-azure-smt/
That could be a really nice add on to Windows Admin center #WAC best tools available in Azure and on premise.
The hybrid management could be done with Windows admin center on a VM running into Azure. https://robertsmit.wordpress.com/tag/windows-admin-center/
Azure Arc is in preview At this time, there is no cost to use this service. as long as it is in Preview. Configuring this is been done from the Azure portal. And get your non Azure servers also connected to Policy’s and security center.
Starting with Azure Arc is done in a few easy steps.
Sign up for the preview https://aka.ms/hybridmachineportal
first we open the Azure portal and go to Azure Arc or use the url https://aka.ms/hybridmachineportal
I signed up for the Organize & govern across environments so go to manage servers to get into the next menu.
Sign up for the preview https://aka.ms/hybridmachineportal
First we need to add the Server ( register the server to Azure Arc)
Adding the server to Azure Arc can be done with a provided PowerShell script
The downloaded script contains the following.
$sp = New-AzADServicePrincipal -DisplayName "Arc-for-servers" -Role "Azure Connected Machine Onboarding"
$sp
New-AzRoleAssignment -RoleDefinitionName "Azure Connected Machine Onboarding" -ServicePrincipalName $sp.ApplicationId
$credential = New-Object pscredential -ArgumentList "temp", $sp.Secret
$credential.GetNetworkCredential().password
# Download the package
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi
# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String
As you can see the agent is downloaded and installed as a new App registration so make sure you have to proper Azure Rights when doing this.
Adding this to a resource group and a Region.
Make sure you select the proper OS.
I add also the server Tags to the servers just as I do this for the Azure VM’s.
Now we can download the complete PowerShell script
# Download the package
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi
# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String
# Run connect command
& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "MVPRSG-Azure-Arc" –tenant-id "xxxxxxxxxxxx" –location "westus2" –subscription-id "xxxxxxxxxxxx" –tags "Arc=Server-DC01"
After running this script there is a URL https://microsoft.com/devicelogin and you will need the CODE provided by the script
https://microsoft.com/devicelogin
This will add the Azure AD and you will need to sign in.
When correctly signed in the message is successfully.
Looking in the Portal the machine is Connected.
At this point you can set Azure policy’s and send data to the Azure log analytics.
In the Azure resources Overview you can see the Servers and the Type with a different Icon.
For Now Azure Arc is a bit limited for the windows servers, If this will be combined with the Old Server Management tools then you have a great option to manage the on premise servers. Currently it is still in preview so I expect a lot of changes during the year.
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Robert Smit MVP Linkedin profile
Google : Robert Smit MVP profile
One thought on “Step by Step how to manage your Systems with Azure Arc #Azure #Arc #RBAC #AKS #Security #ASC”