Category: Windows Server 2019

Monitoring and Insights for Azure Arc enabled Servers and Azure Monitor

Monitoring and Insights for Azure Arc enabled Servers

As many customers are moving to a hybrid cloud environment, where they run servers and applications not just in Microsoft Azure, but also on-premises, at the edge, or even in a multi-cloud environment, Azure Arc can provide them with a single control plane to manage all of these servers. One of the management capabilities you can enable for servers running outside of Azure Arc is monitoring and insights. With monitoring and insights for your, Azure Arc enabled servers, you can use Azure Monitor to keep control of your hybrid environment directly from Azure. In this blog post, we are going to have a quick look at how you can leverage Azure Monitor for monitoring and insights for your Azure Arc enabled servers.

Before you can get started to use the monitoring and insights feature for your servers, you will need to add the server to Azure Arc and deploy the Azure Monitoring Agent. You can also learn more about the new extensions in my video. You can connect your hybrid servers running Linux or Windows Server, running on-premises, at the edge, or even another cloud provider.

Monitoring and Insights for Azure Arc enabled Servers using Azure Monitor

After you have connected the server, which can be a Windows Server or a Linux server, you can enable Insights within the Azure portal. Just navigate to the Azure Arc enabled servers and on the menu, you can find insights. Here you can now find Azure Monitor tools like the dependency map to view a map directly from a VM or view a map from Azure Monitor to see the components across groups of VMs.

Azure Arc Enabled Server Monitoring and Insights Dependency Map

Azure Arc Enabled Server Monitoring and Insights Dependency Map

You can learn more about dependency maps in Azure Monitor on Microsoft Docs.

Another part of insights for your Azure Arc enabled servers is performance monitoring. Azure Monitor includes a set of performance charts that target several key performance indicators (KPIs) to help you determine how well a virtual machine is performing. The charts show resource utilization over a period of time so you can identify bottlenecks, anomalies, or switch to a perspective listing each machine to view resource utilization based on the metric selected.

Azure Arc Enabled Server Performance Monitoring

Azure Arc Enabled Server Performance Monitoring

The following capacity utilization charts are provided:

  • CPU Utilization % – defaults showing the average and top 95th percentile
  • Available Memory – defaults showing the average, top 5th, and 10th percentile
  • Logical Disk Space Used % – defaults showing the average and 95th percentile
  • Logical Disk IOPS – defaults showing the average and 95th percentile
  • Logical Disk MB/s – defaults showing the average and 95th percentile
  • Max Logical Disk Used % – defaults showing the average and 95th percentile
  • Bytes Sent Rate – defaults showing average bytes sent
  • Bytes Receive Rate – defaults showing average bytes received

You can learn more about performance monitoring in Azure Monitor on Microsoft Docs.

If you want to learn more about Azure Arc enabled servers monitoring, I recommend that you follow the Tutorial: Monitor a hybrid machine with Azure Monitor for VMs.

I hope that quick blog post provide you with an overview about monitoring and insights for Azure Arc enabled servers in a hybrid cloud environment. If you have any questions, feel free to leave a comment.



Collect data from a Windows computer in a hybrid environment with Azure Monitor

Collect data from a Windows computer in a hybrid environment with Azure Monitor

I quickly want to share some of our new Azure tips videos. In this video, we are going to have a look at how to collect data from a Windows computer in a hybrid environment with Azure Monitor. Azure Monitor can collect data directly from your physical or virtual Windows computers in your environment into a Log Analytics workspace for detailed analysis and correlation. Installing the Log Analytics agent allows Azure Monitor to collect data from a datacenter or other cloud environment. This video shows you how to configure and collect data from your Windows computer with a few easy steps.

You can find more information about how to collect data from a Windows computer in a hybrid environment with Azure Monitor on Microsoft Docs. You can also check out the following the quickstart guide.

If you have any questions or comments, feel free to leave a comment below.



Azure Hybrid Cloud Architectures

How to create Azure Hybrid Cloud Architectures

Hybrid Cloud is important for many companies out there since hybrid cloud will be an end state for many customers and not just an in-between state until they have moved everything into the cloud. But how do we leverage all the hybrid cloud offerings of Microsoft Azure, and how do we build Azure hybrid cloud architectures? That is what we addressed with many new hybrid cloud architectures in the Azure Architecture Center. There you can find Architecture diagrams, reference architectures, example scenarios, and solutions for common hybrid cloud workloads.

These architectures focus on my different topics like:

Azure Hybrid Cloud Architectures

Here are some of the examples we have added to the Azure Architecture Center. You can find more Azure hybrid cloud architectures here.

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

This reference architecture illustrates how to use Azure Security Center and Azure Sentinel to monitor the security configuration and telemetry of on-premises and Azure operating system workloads. This includes Azure Stack.

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

You can find the full Hybrid Security Monitoring using Azure Security Center and Azure Sentinel architecture here.



Automanage for Azure virtual machines

Automanage for Azure virtual machines

For me, one of the most impressive announcements at Microsoft Ignite, next to many of the Azure Arc and Azure Stack announcements, was the announcement of the Azure Automanage for virtual machines (VMs) public preview. As you know, Microsoft Azure offers many management services for Azure virtual machines (VMs). However, finding and configured these services can be some work. Azure Automanage for virtual machines helps to address precisely that. Azure Automanage for virtual machines is a service that eliminates the need to discover, know how to onboard, and how to configure certain services in Azure that would benefit your virtual machine.

In summary, Azure Automanage provides the following features to reduced cost by automating Windows Server management, improved workload uptime with optimized operations, and implementation of security best practices.

  • Intelligently onboards virtual machines to select best practices Azure services
  • Automatically configures each service per Azure best practices.
  • Monitors for drift and corrects for it when detected.
  • Provides a simple experience (point, click, set, forget)

You can find more information on Microsoft Docs.



Azure Hybrid Cloud Webinar Series

Join the Microsoft Azure Hybrid Cloud Webinar Series

Together with Microsoft Indonesia, we are offering an Azure Hybrid Cloud Webinar Series with two webinars around Azure Hybrid Cloud. The first one on September 22nd will be called: Innovation Anywhere with Azure Hybrid and on September 23rd: Deep Dive VM and Kubernetes Management to any Infrastructure with Azure Arc.

Innovation Anywhere with Azure Hybrid

Tuesday, 22nd September 2020 | 2.00 PM-3.30 PM (GMT+7) ūüďÜ

Free Registration ‚úĒ

Join us in the first session of the Azure Hybrid Cloud Training Series to learn and discover how Microsoft Azure Hybrid Cloud products and services help to manage your environment. In this session, Cloud Advocate Thomas Maurer will give you an overview of the Microsoft Azure Hybrid Cloud offering. Learn how you can use the Azure Hybrid services and products like Azure Arc, Azure Update Management, the new Azure Stack portfolio, Azure Stack HCI, and many more to introduce hybrid cloud management to your environment.

Deep Dive VM and Kubernetes Management to any Infrastructure with Azure Arc

Wednesday, 23rd September 2020 | 2.00 PM-3.30 PM (GMT+7) ūüďÜ

Free Registration ‚úĒ

Azure Arc has the ability to managed multi-cloud and on-premise. Join us on the second day of the Azure Hybrid Cloud Webinar Series to learn and discover how to manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines.

When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Azure Arc provides you with the familiar cloud-native Azure management experience, like RBAC, Tags, Azure Policy, Log Analytics, and more.

Conclusion

These two sessions will be a lot of fun including an overview of the Azure Hybrid Cloud capabilities. I hope this gets your interested and I hope to see you there!



Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as¬†Critical¬†or¬†Security¬†are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the¬†Azure VM Agent¬†installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Hyper-V VM Stop-VM failed to change state

Force Hyper-V Virtual Machine VM to turn off

In this blog post, we are going to have a look at how you can force a Hyper-V virtual machine (VM) to turn off using the HCSDiag tool. A couple of days ago I had an issue where I wasn’t able to shut down and turn off a Hyper-V virtual machine (VM). After I tried to shut down the Hyper-V VM using the Hyper-V Manager the VM was in a locked state and I couldn’t really do anything with it. Of course the first thing I tried using the PowerShell Stop-VM cmdlet with the force parameter to turn off the virtual machine.

Hyper-V VM Stop-VM failed to change state

Hyper-V VM Stop-VM failed to change state

But as you can see I had no success. Luckily I remembered a tool called the Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe), which provides me with a couple of advanced options when it comes to Hyper-V virtual machine, container, and Windows Sandbox management.

The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

Hyper-V Get-VM list VMiD

Hyper-V Get-VM list VM ID

HCSDiag allows me to list all the running Hyper-V containers, including virtual machines. With the HCSDiag kill command, I can then force the Hyper-V VM to turn off.

Force Turn Off of Hyper-V virtual machine VM

Force Turn Off of Hyper-V virtual machine VM

I hope this post was helpful if you have a Hyper-V VM which you can’t turn off. If you have any questions, feel free to leave a comment. You can find more information about the HCSDiag tool, how it works with containers and other tools here on my blog.