Archive for the ‘Azure;Azure Arc’ Tag

Step by Step how to manage your Systems with Azure Arc #Azure #Arc #RBAC #AKS #Security #ASC   1 comment

This Blog post is about Azure Arc, how to set this up and get you started with Azure Arc. For customers who want to simplify complex and distributed environments across on-premises, edge and multi cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.

So Azure Arc is not a replacement for the old Azure Server manager tools! So no remote RDP or open MMC only log analytics, policy’s, CLI etc. https://robertsmit.wordpress.com/2016/08/25/azure-server-management-tools-manage-your-servers-from-anywhere-servermgmt-azure-smt/

image

That could be a really nice add on to Windows Admin center #WAC best tools available in Azure and on premise.

The hybrid management could be done with Windows admin center on a VM running into Azure. https://robertsmit.wordpress.com/tag/windows-admin-center/

Azure Arc is in preview At this time, there is no cost to use this service. as long as it is in Preview. Configuring this is been done from the Azure portal. And get your non Azure servers also connected to Policy’s and security center.

image

Starting with Azure Arc is done in a few easy steps.

image

Sign up for the preview  https://aka.ms/hybridmachineportal

first we open the Azure portal and go to Azure Arc or use the url https://aka.ms/hybridmachineportal

I signed up for the Organize & govern across environments so go to manage servers to get into the next menu.

image

Sign up for the preview  https://aka.ms/hybridmachineportal

First we need to add the Server ( register the server to Azure Arc)

image

Adding the server to Azure Arc can be done with a provided PowerShell script

Azure Connected Machine Onboarding

The downloaded script contains the following.

$sp = New-AzADServicePrincipal -DisplayName "Arc-for-servers" -Role "Azure Connected Machine Onboarding"

$sp

New-AzRoleAssignment -RoleDefinitionName "Azure Connected Machine Onboarding" -ServicePrincipalName $sp.ApplicationId

$credential = New-Object pscredential -ArgumentList "temp", $sp.Secret
$credential.GetNetworkCredential().password

# Download the package
Invoke-WebRequest -Uri
https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

As you can see the agent is downloaded and installed as a new App registration so make sure you have to proper Azure Rights when doing this.

image

Adding this to a resource group and a Region.

image

Make sure you select the proper OS.

image

I add also the server Tags to the servers just as I do this for the Azure VM’s.

image

Now we can download the complete PowerShell script

# Download the package
Invoke-WebRequest -Uri
https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

# Run connect command
& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "MVPRSG-Azure-Arc" –tenant-id "xxxxxxxxxxxx" –location "westus2" –subscription-id "xxxxxxxxxxxx" –tags "Arc=Server-DC01"

image

After running this script there is a URL https://microsoft.com/devicelogin and you will need the CODE provided by the script

image

https://microsoft.com/devicelogin

image

This will add the Azure AD and you will need to sign in.

Azure Arc

Azure Arc

When correctly signed in the message is successfully.

image

Looking in the Portal the machine is Connected.

image

At this point you can set Azure policy’s and send data to the Azure log analytics.

Azure Arc

In the Azure resources Overview you can see the Servers and the Type with a different Icon.

Azure Arc

For Now Azure Arc is a bit limited for the windows servers, If this will be combined with the Old Server Management tools then you have a great option to manage the on premise servers. Currently it is still in preview so I expect a lot of changes during the year.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Posted January 9, 2020 by Robert Smit [MVP] in Azure

Tagged with

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: