Category: Microsoft Azure

Nov162022November 16, 2022November 16, 20220 Commentby Thomas Maurer

Azure Arc-enabled SQL Managed Instance Landing zone accelerator

In this episode of the Azure Enablement Show, I am joined by Lior Kamrat, from the Azure Arc team to discuss the how the Azure Arc-enabled SQL Managed Instance Landing Zone Accelerator, which covers nine critical design areas, will help customers who are operating a hybrid or multi-cloud environment.

Azure Arc-enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.

If you want to learn more, check out the following links:

Cloud Adoption Framework https://aka.ms/adopt
Azure Arc landing zone accelerator for hybrid and multicloud https://aka.ms/ArcLZAcceleratorReady
Blog: Announcing Landing Zone Accelerator for Azure Arc-enabled SQL Managed Instance https://aka.ms/ArcSQLMILZBlog
Blog: Announcing Jumpstart ArcBox for DataOps https://aka.ms/ArcBoxDataOpsBlog
Related episodes Introduction to the hybrid and multicloud Scenario https://aka.ms/azenable/75
Introduction to the Arc-enabled Kubernetes landing zone accelerator https://aka.ms/azenable/91

Nov082022November 8, 2022November 8, 20220 Commentby Thomas Maurer

Manage Azure Arc-enabled Azure Stack HCI with Azure Arc

Manage Azure Arc-enabled Azure Stack HCI from Azure

Posted in Microsoft Azure, Virtualization

In this blog post we are going to have a quick look on how you can manage Azure Arc-enabled Azure Stack HCI (Hyper-Converged Infrastructure) directly from Microsoft Azure using the Azure Arc integration. As part of the Azure Arc-enabled infrastructure, Azure Stack HCI can be managed directly from the Azure control plane.

Azure Arc-enabled Azure Stack HCI provides you with unified resource management and a flexible cloud-connected architecture. Which means you can always stay up to date with the latest Azure security, performance, and capabilities with Azure Arc–enabled Azure Stack HCI. Discover, monitor, and manage the Azure Stack HCI hosts as well as the virtual machines (VMs) and containers running on them from within the Azure portal or the Azure Resource Manager (ARM) APIs.

Azure Arc-enabled Infrastructure with Azure Stack HCI

After you have deployed and registered Azure Stack HCI with Azure Arc, you can now see the resource in the Azure portal. From here you can leverage different Azure management tools and hybrid cloud services.

Monitor Azure Stack HCI with Azure Monitor

You can now monitor your Azure Stack HCI clusters directly from Azure using Azure monitor. This also provides a great overview if you manage multiple Azure Stack HCI clusters.

Enable Azure Hybrid benefits for Azure Stack HCI

You can easily enable the Azure Hybrid benefits for your Azure Stack HCI cluster and other features directly from the Azure portal.

Enable Azure Hybrid benefits on Azure Stack HCI

Deploy virtual machines (VMs) using the Azure Arc resource bridge

With the Azure Arc resource bridge integration, you can easily deploy new virtual machines on your Azure Stack HCI clusters running on-premises or at the edge.

Create VM on Azure Stack HCI using the Azure Portal

You can use your own images stored locally, on a central Azure storage account, or even use Azure marketplace images.

Manage VM images on Azure Stack HCI with Azure Marketplace

Use Windows Admin Center in the Azure Portal

If you need some more granular management, you can also use Windows Admin Center directly from the Azure portal. No VPN needed; the connection works securely over the integrated Azure Arc agent.

And more

I hope this blog and the video provided you with an overview on how you can manage your Azure Arc-enabled Azure Stack HCI cluster directly from Azure. This only converted some of the features, there is more than just that.

If you have any questions, feel free to comment below.

Nov022022November 2, 2022November 2, 20220 Commentby Thomas Maurer

Speaking at the Windows Server Summit 2022

Posted in Microsoft Azure, Speaking, Thomas Maurer, Windows Server

I am happy to let you know that I will be speaking at the Windows Server Summit 2022 and show you how you can run the Azure Kubernetes Service (AKS) Hybrid deployment options on Windows Server and Azure Stack HCI, as well as manage it through Azure Arc. But there is more to learn here, and we have some great speakers, such as Roanne Sones, Bernardo Caldas, and many more, showing you all the best about Windows Server.

Join us on: Tuesday, December 6, 2022 9:00 AM–10:30 AM Pacific Time and register right here.

Make sure you check out the latest about the Azure Hybrid Benefit for Windows Server customers.

Learn how to open up new opportunities for your org to innovate and operate more efficiently—while also improving security—at the Windows Server Summit. Join your peers and Microsoft experts for sessions and demos on the latest Windows Server 2022 and Azure capabilities.

You’ll gain practical skills and insights on how to:

Fortify your security with improved multilayer protection.
Easily manage and integrate your on-premises servers to Azure with Automanage and Windows Admin Center.
More efficiently secure and manage hybrid or multi-cloud environments.
Run apps seamlessly across on-premises datacenters and the cloud with Azure Arc.
Make the most of the management capabilities in System Center 2022.

And you’ll be able to ask the experts about your own use cases during the live Q&A.

I hope to see you live on the Windows Server Summit 2022!

Oct192022October 19, 2022October 19, 20220 Commentby Thomas Maurer

Livestream: Ignite 2022 Azure Hybrid Cloud announcements recap

Posted in Microsoft Azure, Thomas Maurer

Last week at Microsoft Ignite 2022 we had a huge amount of Azure Hybrid Cloud announcements. Today, Lior Kamrat (Principal Program Manager Arc Platform at Microsoft) and Thomas Maurer (Senior PM & Chief Evangelist Azure Hybrid) will host a livestream on October 19, where you can learn about the latest Azure hybrid cloud news announcements from Microsoft Ignite.

If you can’t wait for the latest news, make sure you check out my blog posts on the new AKS Hybrid deployment options and AKS Lite, as well was my post on Azure Automanage for Azure Arc-enabled Servers, which is now generally available.

Join the Azure Hybrid Ignite 2022 recap livestream with Lior Kamrat and Thomas Maurer to learn about the latest Azure hybrid

Join us on the YouTube Livestream

If you are interested, join us on October 19 online. I am really looking forward to chatting with you in the Livestream about the latest Microsoft Azure Hybrid news from Microsoft Build. You can find the live stream here on YouTube.

If you have any questions, feel free to leave a comment.

Oct132022October 13, 2022October 17, 20220 Commentby Thomas Maurer

Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc

New AKS hybrid deployment options enabled by Azure Arc, AKS Lite and Hybrid Benefit

Posted in Microsoft Azure, Virtualization, Windows Server

This week at Microsoft Ignite Microsoft announced some new features and improvements to the Azure Kubernetes Service (AKS) hybrid deployment options enabled by Azure Arc. This allows you to run the Azure Kubernetes Service (AKS) you know as a managed Kubernetes on Azure, in a hybrid cloud environment on-premises, and edge locations. These include AKS Lite, new lifecycle management for AKS hybrid clusters, and the Azure Hybrid Benefit for Azure Kubernetes Service (AKS).

Azure Arc enabled AKS Hybrid at Microsoft Ignite

AKS Lite

AKS Lite allows you to deploy AKS as a light weight, static Kubernetes platform that enables rapid innovation and application modernization at the edge on Windows devices. AKS lite is designed PC-class devices running Windows 10/11 IoT Enterprise, Windows 10/11 Pro or Windows Server. AKS Lite is Microsoft-managed light-weight Kubernetes distribution, which can run both Linux and Windows containers, and coupled with Azure Arc customers can manage their edge Kubernetes cluster from Azure. You can learn more about AKS Lite here.

Lifecycle management of AKS hybrid clusters using Azure

With the new preview feature you can now directly deploy and manage AKS hybrid clusters running on Azure Stack HCI or Windows Server directly via Azure Portal or Azure CLI. This means you can also use Azure Resource Manager (ARM) or Bicep templates. This will provide a great management experience similar to the one for AKS in Azure. You can learn more about the AKS hybrid lifecycle management here.

Azure Hybrid Benefit for Azure Kubernetes Service

Microsoft Azure already offers great Azure Hybrid Benefits if you already own Windows Server and SQL Server licenses. With the Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and your existing Windows Server Datacenter and Standard Software Assurance (SA) and Cloud Solution Provider (CSP) licenses you can run AKS on Windows Server and Azure Stack HCI at no additional cost in your datacenter and edge locations.

In addition to this, Windows Server Datacenter SA customers can now use Azure Stack HCI at no additional cost.

Learn more about these announcements on the official Tech Community blog.

If you are interested to get a sneak of some AKS hybrid deployment options, check out my video here (this doesn’t include the new lifecycle management)

Oct062022October 6, 2022October 6, 20224 Commentsby Thomas Maurer

Use the Azure Arc Managed Identity with Azure PowerShell

Posted in Microsoft Azure

In this blog post we are going to have a look at how you can use the Azure Arc provided Azure Active Directory (Azure AD) managed identity (MSI) to authenticate in Azure PowerShell on your on-premises Linux and Windows Server machines.

The moment you want to run some automation directly on your servers, you often end up in a scenario where you need some credentials to run your PowerShell script. Now the issue with that is that you need to store or get your credentials from somewhere and that can be an issue. Luckly, Azure Arc provides you with an Azure Active Directory Managed Identity which can be used for that.

Azure PowerShell allows you an uncomplicated way to login using that managed identity.

Prerequisites

On Windows, you must be a member of the local Administrators group or the Hybrid Agent Extension Applications group.
On Linux, you must be a member of the himds group.
I connected my servers to Azure using Azure Arc enabled servers and installed the Azure connected machine agent.

You are a member of the Owner group in the subscription or resource group, in order to perform required resource creation and role management steps.

Add Role Assignment to resource or resource group for Azure Arc-enabled Server APP01

Have Azure PowerShell installed, depending on what you are planning to use.

Get an access token using REST API

For an Azure Arc-enabled Windows server, using PowerShell, you invoke the web request to get the token from the local host in the specific port. Specify the request using the IP address or the environmental variable IDENTITY_ENDPOINT.

$apiVersion = "2020-06-01"
$resource = "https://management.azure.com/"
$endpoint = "{0}?resource={1}&api-version={2}" -f $env:IDENTITY_ENDPOINT,$resource,$apiVersion
$secretFile = ""
try
{
    Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing
}
catch
{
    $wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
    if ($wwwAuthHeader -match "Basic realm=.+")
    {
        $secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
    }
}
Write-Host "Secret file path: " $secretFile`n
$secret = cat -Raw $secretFile
$response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
if ($response)
{
    $token = (ConvertFrom-Json -InputObject $response.Content).access_token
    Write-Host "Access token: " $token
}

For an Azure Arc-enabled Linux server, using Bash, you invoke the web request to get the token from the local host in the specific port. Specify the following request using the IP address or the environmental variable IDENTITY_ENDPOINT. To complete this step, you need an SSH client.

ChallengeTokenPath=$(curl -s -D - -H Metadata:true "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com" | grep Www-Authenticate | cut -d "=" -f 2 | tr -d "[:cntrl:]")
ChallengeToken=$(cat $ChallengeTokenPath)
if [ $? -ne 0 ]; then
    echo "Could not retrieve challenge token, double check that this command is run with root privileges."
else
    curl -s -H Metadata:true -H "Authorization: Basic $ChallengeToken" "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com"
fi

You can learn more about this on Microsoft Learn.

Login with Azure PowerShell on Azure Arc enabled server using Managed Identity

To login with your managed identity using Azure PowerShell, run the following command:

Connect-AzAccount -Identity

Now you have access to the resources your Azure AD managed identity (MSI) on your Azure Arc-enabled server has permissions to.

Azure PowerShell on Azure Arc enabled server using Managed Identity

Conclusion

I hope this post is helpful to build some automation with Azure PowerShell on your on-premises or multi-cloud servers with Azure Arc. Let me know if you have any questions in the comments below.

Sep162022September 16, 2022September 16, 20220 Commentby Thomas Maurer

Check expire date for Azure Arc service principal created by PowerShell

Create an Azure Arc Service Principal with longer expiration date using PowerShell

Posted in Microsoft Azure, PowerShell

When you are onboarding at scale of Azure Arc enabled servers or Azure Arc enabled Kubernetes clusters, you want to use service principals for automated authentication during the onboarding process for Azure Arc resources. Microsoft provides you with an option in the Azure portal to create that service principal. When you use this, you can set an expiration date for that service principal, which is great because you don’t want this to be available for ever, even do you can only onboard machines with it. In this blog post we are going to have a look at how you can create an Azure Arc Service Principal with longer expiration date using Azure PowerShell.

New Azure Arc service principal in the Azure portal with max expire date of 1 month — New Azure Arc service principal in the Azure portal with max expiration date of 1 month

For some customers, one month expiration time for a service principal to onboard Azure Arc enabled servers or Kubernetes clusters might be a little short.

Check expire date for Azure Arc service principal — Check expiration date for Azure Arc service principal

To create a service principal to onboard an Azure Arc enabled server or Kubernetes cluster resource, you can use Azure PowerShell using the following commands:

# Set how many days the password will be valid for
$startDate = get-date
$endDate = $start.AddDays(90)

# Create a new service principal
$arcServiceprincipalName = "tm-arcserveronboarding-pwsh-sp"
New-AzADServicePrincipal -DisplayName $arcServiceprincipalName -Role "Azure Connected Machine Onboarding" -StartDate $startDate -EndDate $endDate

This will create a service principal to onboard servers for 90 days. In my case I used Azure PowerShell running inside Azure CloudShell.

Create an Azure Arc Service Principal with longer expiration date using PowerShell

Now if you check the expiration date, you can see it is 90 days.

I hope this blog post was help full on showing you how you can create an Azure Arc Service Principal with longer expiration date using PowerShell. If you want to learn more about onboarding Azure Arc enabled servers at scale, check out the following Microsoft Docs article: Connect hybrid machines to Azure at scale. If you have any questions, feel free to leave a comment below.

Sep142022September 14, 2022September 14, 20220 Commentby Thomas Maurer

Manage Hybrid Server Management Survey with Azure Arc

Microsoft Azure Arc-enabled Servers Survey 2022

Posted in Microsoft Azure

We want to learn from you about hybrid server management, so the team build a Microsoft Azure Arc-enabled servers survey 2022.

Give us your thoughts on hybrid server management with Azure Arc! Take the survey at https://aka.ms/ArcServersSurveyLI for a chance to win a $300 virtual gift card!

This survey asks about your experience with trying, using, and/or advocating for Azure Arc-enabled servers and reasons to use it or not. Our goal is to make managing on-premises, hybrid and/or multi-cloud infrastructure easier for you.

Previous experience with Azure Arc-enabled servers is NOT required to participate in this survey. Your feedback will help us shape the future of our products.

There are three parts in this survey, and it will take about 12-15 minutes to complete.

Open only to people 18+ using servers/VM infrastructure. Ends 9/30/22. For details, see Official Rules.

Thank you for taking the Azure Arc-enabled Servers Survey 2022!

Sep082022September 8, 2022September 8, 20220 Commentby Thomas Maurer

Speaking at MCT Summit 2022 Hybrid Cloud with Azure Arc

Speaking at the European MCT Summit 2022

Posted in Microsoft Azure, Speaking, Thomas Maurer

I am happy to let you know that I will be speaking at the European Microsoft Certified Trainer (MCT) Summit 2022 in Zürich, Switzerland from September 12-14th. I will be delivering two sessions around Azure Hybrid Cloud and some soft skill topic on how to deliver great tech demos.

Hybrid and Multicloud with Azure Arc

For customers who want to simplify complex and distributed environments across on-premises, edge and multi-cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure. In this session, Thomas Maurer will demonstrate the new Azure Arc capabilities for your Hybrid environment. This session includes an overview of the different features such as:

Multi and Hybrid Cloud Governance
Using Azure as a Control plane for Linux, Windows Server, Kubernetes cluster, SQL DBs
Azure Kubernetes Service in your datacenter and edge
Deploy Azure services such as Logic Apps, Web Apps, Azure SQL, and many more anywhere

How To Create Great Tech Demos And Presentations

Delivering great demos can be the key to delivering a great presentation. In the last decade Thomas delivered hundreds of presentations at different events around the world, in-person and online.
In this session you will learn how to set up your computer to deliver great demonstrations to make sure your audience can follow and get excited about what you are showing.

I hope to see you at the European Microsoft Certified Trainer (MCT) Summit 2022 in Zürich!

Sep062022September 6, 2022November 21, 20222 Commentsby Thomas Maurer

Start PowerShell Script Runbook on Hybrid Worker with Azure Arc

Run PowerShell Scripts with Azure Automation Hybrid Workers on-premises using Azure Arc

Posted in Microsoft Azure, PowerShell

If you want to automate your on-premises environment Azure Arc enabled Server is a great offering to onboard Azure management services such as Azure Monitor, Defender for Cloud, and many others. One of the integrations is with Azure Automation Hybrid Worker. This allows you to run Azure Automation PowerShell or Phyton runbooks on-premises directly on your Azure Arc enabled servers. In this blog post we are going to have a look on how you can run your PowerShell scripts on-premises using Azure Automation Hybrid Workers with Azure Arc.

Azure Automation Hybrid Runbook Worker with Azure Arc

Create Azure Automation Account

First, you will need to create an Azure Automation account, this is very straight forward.

On the Advanced tab, you can configure the managed identity option for your new Automation account. This is the identity under which the runbook can sign in into Azure PowerShell for example. In this case I am going to use a System assigned identity.

Check out Microsoft Docs for more information.

Connect Server to Azure using Azure Arc

To connect a server running on-premises or at another cloud provider to Azure using Azure Arc, you can simply go to the Azure Portal to the Azure Arc Center and select Azure Arc enabled servers. Here you can click on the “Add” button and you can run through the onboarding wizard. To learn more, check out my blog post here on connect a Hybrid Server to Azure using Azure Arc.

You learn more about onboarding Azure Arc enabled servers here on Microsoft Docs.

Create Hybrid Worker Group

Now you can create and maintain hybrid worker groups for running hybrid jobs, which provides resiliency to run jobs across multiple hybrid workers. With extension-based hybrid worker (preview), both Azure machines and non-Azure machines (through Arc enabled server) can be managed through ARM templates and policies.

To create you a hybrid worker which can be Windows and Linux servers, you provide a name, and you can also add custom credentials to run the script.

You will also select the hybrid workers (Azure Arc enabled Servers) you want to run the scripts on.

Hybrid Worker Group Azure Arc enabled Servers

This process will automatically install the Hybrid Worker Extension.

You can always add or remove hybrid workers from the hybrid worker group.

Azure Automation hybrid Workers with Azure Arc-enabled server

You can learn more here on Microsoft Docs.

Create a new Azure Automation Runbook

You can create a new Azure Automation PowerShell runbook, which will host the script you are going to run or schedule. Depending on what version of runbook runtime you are choosing you need to prepare the host by installing PowerShell 7 or Python.

Here you can now add your PowerShell script.

Run and schedule PowerShell scripts as Azure Automation runbooks on hybrid workers connected with Azure Arc

You can now run and schedule PowerShell scripts as Azure Automation runbooks on hybrid workers connected with Azure Arc. When you run the runbook, you can now select on which hybrid worker group this script should be running.

Now you can monitor the job and the output:

You can also schedule a runbook on a specific schedule. Simply click on “Link to schedule” and select or create a schedule and set parameters as well as run book settings to run on the Hybrid Runbook Workers.

Schedule and Configure Hybrid Runbook settings

Example for schedule:

Conclusion

I hope that post was helpful and showed you how you can run PowerShell Scripts with Azure Automation Hybrid Workers on-premises using Azure Arc. Let me in the comments if you have any questions.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Category: Microsoft Azure

Create an Azure Arc Service Principal with longer expiration date using PowerShell

About Thomas Maurer

Follow Me

Subscribe

Sponsors