Thomas Maurer Cloud and Datacenter

Nov162022November 16, 2022November 16, 20220 Commentby Thomas Maurer

Azure Arc-enabled SQL Managed Instance Landing zone accelerator

In this episode of the Azure Enablement Show, I am joined by Lior Kamrat, from the Azure Arc team to discuss the how the Azure Arc-enabled SQL Managed Instance Landing Zone Accelerator, which covers nine critical design areas, will help customers who are operating a hybrid or multi-cloud environment.

Azure Arc-enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.

If you want to learn more, check out the following links:

Cloud Adoption Framework https://aka.ms/adopt
Azure Arc landing zone accelerator for hybrid and multicloud https://aka.ms/ArcLZAcceleratorReady
Blog: Announcing Landing Zone Accelerator for Azure Arc-enabled SQL Managed Instance https://aka.ms/ArcSQLMILZBlog
Blog: Announcing Jumpstart ArcBox for DataOps https://aka.ms/ArcBoxDataOpsBlog
Related episodes Introduction to the hybrid and multicloud Scenario https://aka.ms/azenable/75
Introduction to the Arc-enabled Kubernetes landing zone accelerator https://aka.ms/azenable/91

Nov082022November 8, 2022November 8, 20220 Commentby Thomas Maurer

Manage Azure Arc-enabled Azure Stack HCI with Azure Arc

Manage Azure Arc-enabled Azure Stack HCI from Azure

Posted in Microsoft Azure, Virtualization

In this blog post we are going to have a quick look on how you can manage Azure Arc-enabled Azure Stack HCI (Hyper-Converged Infrastructure) directly from Microsoft Azure using the Azure Arc integration. As part of the Azure Arc-enabled infrastructure, Azure Stack HCI can be managed directly from the Azure control plane.

Azure Arc-enabled Azure Stack HCI provides you with unified resource management and a flexible cloud-connected architecture. Which means you can always stay up to date with the latest Azure security, performance, and capabilities with Azure Arc–enabled Azure Stack HCI. Discover, monitor, and manage the Azure Stack HCI hosts as well as the virtual machines (VMs) and containers running on them from within the Azure portal or the Azure Resource Manager (ARM) APIs.

Azure Arc-enabled Infrastructure with Azure Stack HCI

After you have deployed and registered Azure Stack HCI with Azure Arc, you can now see the resource in the Azure portal. From here you can leverage different Azure management tools and hybrid cloud services.

Monitor Azure Stack HCI with Azure Monitor

You can now monitor your Azure Stack HCI clusters directly from Azure using Azure monitor. This also provides a great overview if you manage multiple Azure Stack HCI clusters.

Enable Azure Hybrid benefits for Azure Stack HCI

You can easily enable the Azure Hybrid benefits for your Azure Stack HCI cluster and other features directly from the Azure portal.

Enable Azure Hybrid benefits on Azure Stack HCI

Deploy virtual machines (VMs) using the Azure Arc resource bridge

With the Azure Arc resource bridge integration, you can easily deploy new virtual machines on your Azure Stack HCI clusters running on-premises or at the edge.

Create VM on Azure Stack HCI using the Azure Portal

You can use your own images stored locally, on a central Azure storage account, or even use Azure marketplace images.

Manage VM images on Azure Stack HCI with Azure Marketplace

Use Windows Admin Center in the Azure Portal

If you need some more granular management, you can also use Windows Admin Center directly from the Azure portal. No VPN needed; the connection works securely over the integrated Azure Arc agent.

And more

I hope this blog and the video provided you with an overview on how you can manage your Azure Arc-enabled Azure Stack HCI cluster directly from Azure. This only converted some of the features, there is more than just that.

If you have any questions, feel free to comment below.

Nov022022November 2, 2022November 2, 20220 Commentby Thomas Maurer

Speaking at the Windows Server Summit 2022

Posted in Microsoft Azure, Speaking, Thomas Maurer, Windows Server

I am happy to let you know that I will be speaking at the Windows Server Summit 2022 and show you how you can run the Azure Kubernetes Service (AKS) Hybrid deployment options on Windows Server and Azure Stack HCI, as well as manage it through Azure Arc. But there is more to learn here, and we have some great speakers, such as Roanne Sones, Bernardo Caldas, and many more, showing you all the best about Windows Server.

Join us on: Tuesday, December 6, 2022 9:00 AM–10:30 AM Pacific Time and register right here.

Make sure you check out the latest about the Azure Hybrid Benefit for Windows Server customers.

Learn how to open up new opportunities for your org to innovate and operate more efficiently—while also improving security—at the Windows Server Summit. Join your peers and Microsoft experts for sessions and demos on the latest Windows Server 2022 and Azure capabilities.

You’ll gain practical skills and insights on how to:

Fortify your security with improved multilayer protection.
Easily manage and integrate your on-premises servers to Azure with Automanage and Windows Admin Center.
More efficiently secure and manage hybrid or multi-cloud environments.
Run apps seamlessly across on-premises datacenters and the cloud with Azure Arc.
Make the most of the management capabilities in System Center 2022.

And you’ll be able to ask the experts about your own use cases during the live Q&A.

I hope to see you live on the Windows Server Summit 2022!

Oct252022October 25, 2022October 25, 20220 Commentby Thomas Maurer

Reset and Reinstall Windows 11 from the Cloud

Posted in Microsoft, Windows

In Windows 11 you have a new feature called Windows 11 Cloud Reset. This new feature helps you to reset and reinstall your Windows 11 machine from the cloud. If you wanted to reset or reinstall your Windows 11 machine, you already had the option of doing that from your local installed copy of Windows 11 and reusing existing Windows files to construct a fresh copy. Or if you wanted a completely fresh installation of your Windows machine, you needed to download Windows and create a USB stick to boot from. The new Cloud download option in the Windows 11 recovery settings allows you to get the best of both worlds.

Reset and reinstall Windows 11 using the cloud download feature ☁

The new Windows cloud download feature allows you to reinstall Windows 11 using fresh Windows installation files from the cloud. There is no need for a recovery partition or create a USB drive.

Brandon LeBlanc from the Windows team wrote about the benefits of using cloud download for the reset or fresh installation:

A more reliable way to reinstall Windows ✅
Depending on your internet speed it can be faster ✅
No need for a USB stick or DVD ✅

There are two options to reset from the cloud. First, if you have a running copy of Windows 10 and you want to do a fresh installation, you can use recovery.

How to reset your Windows 11 PC from the cloud in the recovery settings 💻

Reset and Reinstall Windows 11 using Cloud download

If you currently have a running Windows 11 machine and you want to initiate a reset or reinstallation from with the cloud download option, you can do this through the Windows settings.

Open Settings
Go to System
Click on Recovery
On the recovery screen, select Reset PC
Choose between Keep my files or Remove everything
Now you can select Cloud download or Local reinstallation
If you select Cloud download, this will use Windows Update to download the fresh Windows files

How to reinstall Windows 11 from the cloud if you can’t boot 💻

In the case that you are not able to boot your Windows 11 machine anymore, you can start your reinstallation using cloud download from Windows Recovery Environment (Windows RE).

Click on Troubleshoot
Click on Reset this PC
Choose between Keep my files or Remove everything
Now you can select Cloud download or Local reinstallation
This will need drivers for the network adapter in the Windows RE image. Most of the time you have drivers for the wired connection. It might also work with wireless network connection depending on the drivers loaded by the PC vendor in the Windows RE image.

Conclusion

Cloud download is a great new option to reset and reinstall your Windows 11 computer and get it back to a healthy and fresh installation. This is just another great new feature in Windows like other improvements we have seen over the last couple of years.

If you have any questions, feel free to leave a comment and use the Feedback Hub.

Oct192022October 19, 2022October 19, 20220 Commentby Thomas Maurer

Livestream: Ignite 2022 Azure Hybrid Cloud announcements recap

Posted in Microsoft Azure, Thomas Maurer

Last week at Microsoft Ignite 2022 we had a huge amount of Azure Hybrid Cloud announcements. Today, Lior Kamrat (Principal Program Manager Arc Platform at Microsoft) and Thomas Maurer (Senior PM & Chief Evangelist Azure Hybrid) will host a livestream on October 19, where you can learn about the latest Azure hybrid cloud news announcements from Microsoft Ignite.

If you can’t wait for the latest news, make sure you check out my blog posts on the new AKS Hybrid deployment options and AKS Lite, as well was my post on Azure Automanage for Azure Arc-enabled Servers, which is now generally available.

Join the Azure Hybrid Ignite 2022 recap livestream with Lior Kamrat and Thomas Maurer to learn about the latest Azure hybrid

Join us on the YouTube Livestream

If you are interested, join us on October 19 online. I am really looking forward to chatting with you in the Livestream about the latest Microsoft Azure Hybrid news from Microsoft Build. You can find the live stream here on YouTube.

If you have any questions, feel free to leave a comment.

Oct172022October 17, 2022October 17, 20220 Commentby Thomas Maurer

PowerShell Unplugged 2022 Edition

Posted in Microsoft, PowerShell

April Edwards and I had the chance to host the PowerShell Unplugged 2022 Edition and the video is now available on YouTube! In the PowerShell Unplugged 2022 Edition we talked to the PowerShell product group at Microsoft to learn more about PowerShell 7, secret management, PowerShell Crescendo, Remoting, Predictive IntelliSense, VS Code, the roadmap, and the future of PowerShell!

PowerShell Unplugged 2022 Timestamps

The timestamps for the video:

0:00 – Video Intro
03:29 – Secret Management in PowerShell
07:10 – Installing PowerShell 7
09:20 – Installing the SecretManagement Module
31:08 – PowerShell Crescendo
1:03:47 – PowerShell Team Blog
1:08:50 – Remoting with PowerShell
1:36:05 – Shell of an Idea
1:36:12 – Predictive IntelliSense with PowerShell
1:52:05 – Using VSCode with PowerShell
1:57:16 – PowerShell 7 Roadmap

Links

Some useful links:

I hope you liked the PowerShell Unplugged 2022 Edition, let me know what you think!

Oct132022October 13, 2022October 17, 20220 Commentby Thomas Maurer

Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc

New AKS hybrid deployment options enabled by Azure Arc, AKS Lite and Hybrid Benefit

Posted in Microsoft Azure, Virtualization, Windows Server

This week at Microsoft Ignite Microsoft announced some new features and improvements to the Azure Kubernetes Service (AKS) hybrid deployment options enabled by Azure Arc. This allows you to run the Azure Kubernetes Service (AKS) you know as a managed Kubernetes on Azure, in a hybrid cloud environment on-premises, and edge locations. These include AKS Lite, new lifecycle management for AKS hybrid clusters, and the Azure Hybrid Benefit for Azure Kubernetes Service (AKS).

Azure Arc enabled AKS Hybrid at Microsoft Ignite

AKS Lite

AKS Lite allows you to deploy AKS as a light weight, static Kubernetes platform that enables rapid innovation and application modernization at the edge on Windows devices. AKS lite is designed PC-class devices running Windows 10/11 IoT Enterprise, Windows 10/11 Pro or Windows Server. AKS Lite is Microsoft-managed light-weight Kubernetes distribution, which can run both Linux and Windows containers, and coupled with Azure Arc customers can manage their edge Kubernetes cluster from Azure. You can learn more about AKS Lite here.

Lifecycle management of AKS hybrid clusters using Azure

With the new preview feature you can now directly deploy and manage AKS hybrid clusters running on Azure Stack HCI or Windows Server directly via Azure Portal or Azure CLI. This means you can also use Azure Resource Manager (ARM) or Bicep templates. This will provide a great management experience similar to the one for AKS in Azure. You can learn more about the AKS hybrid lifecycle management here.

Azure Hybrid Benefit for Azure Kubernetes Service

Microsoft Azure already offers great Azure Hybrid Benefits if you already own Windows Server and SQL Server licenses. With the Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and your existing Windows Server Datacenter and Standard Software Assurance (SA) and Cloud Solution Provider (CSP) licenses you can run AKS on Windows Server and Azure Stack HCI at no additional cost in your datacenter and edge locations.

In addition to this, Windows Server Datacenter SA customers can now use Azure Stack HCI at no additional cost.

Learn more about these announcements on the official Tech Community blog.

If you are interested to get a sneak of some AKS hybrid deployment options, check out my video here (this doesn’t include the new lifecycle management)

Oct062022October 6, 2022October 6, 20224 Commentsby Thomas Maurer

Use the Azure Arc Managed Identity with Azure PowerShell

Posted in Microsoft Azure

In this blog post we are going to have a look at how you can use the Azure Arc provided Azure Active Directory (Azure AD) managed identity (MSI) to authenticate in Azure PowerShell on your on-premises Linux and Windows Server machines.

The moment you want to run some automation directly on your servers, you often end up in a scenario where you need some credentials to run your PowerShell script. Now the issue with that is that you need to store or get your credentials from somewhere and that can be an issue. Luckly, Azure Arc provides you with an Azure Active Directory Managed Identity which can be used for that.

Azure PowerShell allows you an uncomplicated way to login using that managed identity.

Prerequisites

On Windows, you must be a member of the local Administrators group or the Hybrid Agent Extension Applications group.
On Linux, you must be a member of the himds group.
I connected my servers to Azure using Azure Arc enabled servers and installed the Azure connected machine agent.

You are a member of the Owner group in the subscription or resource group, in order to perform required resource creation and role management steps.

Add Role Assignment to resource or resource group for Azure Arc-enabled Server APP01

Have Azure PowerShell installed, depending on what you are planning to use.

Get an access token using REST API

For an Azure Arc-enabled Windows server, using PowerShell, you invoke the web request to get the token from the local host in the specific port. Specify the request using the IP address or the environmental variable IDENTITY_ENDPOINT.

$apiVersion = "2020-06-01"
$resource = "https://management.azure.com/"
$endpoint = "{0}?resource={1}&api-version={2}" -f $env:IDENTITY_ENDPOINT,$resource,$apiVersion
$secretFile = ""
try
{
    Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing
}
catch
{
    $wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
    if ($wwwAuthHeader -match "Basic realm=.+")
    {
        $secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
    }
}
Write-Host "Secret file path: " $secretFile`n
$secret = cat -Raw $secretFile
$response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
if ($response)
{
    $token = (ConvertFrom-Json -InputObject $response.Content).access_token
    Write-Host "Access token: " $token
}

For an Azure Arc-enabled Linux server, using Bash, you invoke the web request to get the token from the local host in the specific port. Specify the following request using the IP address or the environmental variable IDENTITY_ENDPOINT. To complete this step, you need an SSH client.

ChallengeTokenPath=$(curl -s -D - -H Metadata:true "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com" | grep Www-Authenticate | cut -d "=" -f 2 | tr -d "[:cntrl:]")
ChallengeToken=$(cat $ChallengeTokenPath)
if [ $? -ne 0 ]; then
    echo "Could not retrieve challenge token, double check that this command is run with root privileges."
else
    curl -s -H Metadata:true -H "Authorization: Basic $ChallengeToken" "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com"
fi

You can learn more about this on Microsoft Learn.

Login with Azure PowerShell on Azure Arc enabled server using Managed Identity

To login with your managed identity using Azure PowerShell, run the following command:

Connect-AzAccount -Identity

Now you have access to the resources your Azure AD managed identity (MSI) on your Azure Arc-enabled server has permissions to.

Azure PowerShell on Azure Arc enabled server using Managed Identity

Conclusion

I hope this post is helpful to build some automation with Azure PowerShell on your on-premises or multi-cloud servers with Azure Arc. Let me know if you have any questions in the comments below.

Sep282022September 28, 2022September 28, 20220 Commentby Thomas Maurer

Clouded Clouded Uncovering The Culture Of Cloud (2022) Thomas Maurer Coming Soon

Clouded – Uncovering The Culture Of Cloud (2022) Documentary

Posted in Thomas Maurer

I am excited and proud to share with you that I will be part of the Clouded – Uncovering The Culture Of Cloud (2022) Documentary produced by Dark Matter Film. The documentary will be shown as a premiere in London on October 18th and until then you can watch the official trailer here.

Clouded | Uncovering The Culture Of Cloud (2022)
An original film that is uncovering the realities of cloud technology and its effects on both business and society. Many have grown confused with our relationship with a rapidly expanding cloud market, others are reflecting on their strategies. The question is, when did cloud become so ‘Clouded’.
Clouded confronts some of the uncomfortable truths that exist in today’s cloud culture. This is a journey of discovery that uncovers topics which undoubtedly require further thought by governments, enterprise businesses and technology executives.
Clouded | Uncovering The Culture Of Cloud (2022)

Register for the Exclusive “Clouded” Premiere in London

I hope to see you at the premiere of Clouded in London!

When and Where: 18th October 2022 | Ham Yard Hotel, London

Register to secure your seat to join us at the exclusive premiere of ‘Clouded’. The event will include an exclusive screening followed by afternoon tea.

There are a limited number of spaces at the in-person event – you will be contacted to confirm your space and provided with further details. If you are unable to attend in-person, the documentary will be available on general release in the weeks following the premiere.

About Thomas Maurer

Thomas works as a Senior Program Manager & Chief Evangelist Azure Hybrid at Microsoft (Cloud + AI). He engages with the community and customers around the world to share his knowledge and collect feedback to improve the Azure hybrid cloud and edge platform. Prior to joining the Azure engineering team (Cloud + AI), Thomas was a Lead Architect and Microsoft MVP, to help architect, implement and promote Microsoft cloud technology.

If you want to know more about Thomas, check out his blog: www.thomasmaurer.ch and Twitter: www.twitter.com/thomasmaurer

Sep162022September 16, 2022September 16, 20220 Commentby Thomas Maurer

Check expire date for Azure Arc service principal created by PowerShell

Create an Azure Arc Service Principal with longer expiration date using PowerShell

Posted in Microsoft Azure, PowerShell

When you are onboarding at scale of Azure Arc enabled servers or Azure Arc enabled Kubernetes clusters, you want to use service principals for automated authentication during the onboarding process for Azure Arc resources. Microsoft provides you with an option in the Azure portal to create that service principal. When you use this, you can set an expiration date for that service principal, which is great because you don’t want this to be available for ever, even do you can only onboard machines with it. In this blog post we are going to have a look at how you can create an Azure Arc Service Principal with longer expiration date using Azure PowerShell.

New Azure Arc service principal in the Azure portal with max expire date of 1 month — New Azure Arc service principal in the Azure portal with max expiration date of 1 month

For some customers, one month expiration time for a service principal to onboard Azure Arc enabled servers or Kubernetes clusters might be a little short.

Check expire date for Azure Arc service principal — Check expiration date for Azure Arc service principal

To create a service principal to onboard an Azure Arc enabled server or Kubernetes cluster resource, you can use Azure PowerShell using the following commands:

# Set how many days the password will be valid for
$startDate = get-date
$endDate = $start.AddDays(90)

# Create a new service principal
$arcServiceprincipalName = "tm-arcserveronboarding-pwsh-sp"
New-AzADServicePrincipal -DisplayName $arcServiceprincipalName -Role "Azure Connected Machine Onboarding" -StartDate $startDate -EndDate $endDate

This will create a service principal to onboard servers for 90 days. In my case I used Azure PowerShell running inside Azure CloudShell.

Create an Azure Arc Service Principal with longer expiration date using PowerShell

Now if you check the expiration date, you can see it is 90 days.

I hope this blog post was help full on showing you how you can create an Azure Arc Service Principal with longer expiration date using PowerShell. If you want to learn more about onboarding Azure Arc enabled servers at scale, check out the following Microsoft Docs article: Connect hybrid machines to Azure at scale. If you have any questions, feel free to leave a comment below.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Create an Azure Arc Service Principal with longer expiration date using PowerShell

About Thomas Maurer

Follow Me

Subscribe

Sponsors