Tag: Kubernetes

Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc

New AKS hybrid deployment options enabled by Azure Arc, AKS Lite and Hybrid Benefit

This week at Microsoft Ignite Microsoft announced some new features and improvements to the Azure Kubernetes Service (AKS) hybrid deployment options enabled by Azure Arc. This allows you to run the Azure Kubernetes Service (AKS) you know as a managed Kubernetes on Azure, in a hybrid cloud environment on-premises, and edge locations. These include AKS Lite, new lifecycle management for AKS hybrid clusters, and the Azure Hybrid Benefit for Azure Kubernetes Service (AKS).

Azure Arc enabled AKS Hybrid at Microsoft Ignite
Azure Arc enabled AKS Hybrid at Microsoft Ignite

AKS Lite

AKS Lite allows you to deploy AKS as a light weight, static Kubernetes platform that enables rapid innovation and application modernization at the edge on Windows devices. AKS lite is designed PC-class devices running Windows 10/11 IoT Enterprise, Windows 10/11 Pro or Windows Server. AKS Lite is Microsoft-managed light-weight Kubernetes distribution, which can run both Linux and Windows containers, and coupled with Azure Arc customers can manage their edge Kubernetes cluster from Azure. You can learn more about AKS Lite here.

Lifecycle management of AKS hybrid clusters using Azure

With the new preview feature you can now directly deploy and manage AKS hybrid clusters running on Azure Stack HCI or Windows Server directly via Azure Portal or Azure CLI. This means you can also use Azure Resource Manager (ARM) or Bicep templates. This will provide a great management experience similar to the one for AKS in Azure. You can learn more about the AKS hybrid lifecycle management here.

Azure Hybrid Benefit for Azure Kubernetes Service

Microsoft Azure already offers great Azure Hybrid Benefits if you already own Windows Server and SQL Server licenses. With the Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and your existing Windows Server Datacenter and Standard Software Assurance (SA) and Cloud Solution Provider (CSP) licenses you can run AKS on Windows Server and Azure Stack HCI at no additional cost in your datacenter and edge locations.

In addition to this, Windows Server Datacenter SA customers can now use Azure Stack HCI at no additional cost.

Learn more about these announcements on the official Tech Community blog.

If you are interested to get a sneak of some AKS hybrid deployment options, check out my video here (this doesn’t include the new lifecycle management)



Check expire date for Azure Arc service principal created by PowerShell

Create an Azure Arc Service Principal with longer expiration date using PowerShell

When you are onboarding at scale of Azure Arc enabled servers or Azure Arc enabled Kubernetes clusters, you want to use service principals for automated authentication during the onboarding process for Azure Arc resources. Microsoft provides you with an option in the Azure portal to create that service principal. When you use this, you can set an expiration date for that service principal, which is great because you don’t want this to be available for ever, even do you can only onboard machines with it. In this blog post we are going to have a look at how you can create an Azure Arc Service Principal with longer expiration date using Azure PowerShell.

New Azure Arc service principal in the Azure portal with max expire date of 1 month
New Azure Arc service principal in the Azure portal with max expiration date of 1 month

For some customers, one month expiration time for a service principal to onboard Azure Arc enabled servers or Kubernetes clusters might be a little short.

Check expire date for Azure Arc service principal
Check expiration date for Azure Arc service principal

To create a service principal to onboard an Azure Arc enabled server or Kubernetes cluster resource, you can use Azure PowerShell using the following commands:

# Set how many days the password will be valid for
$startDate = get-date
$endDate = $start.AddDays(90)

# Create a new service principal
$arcServiceprincipalName = "tm-arcserveronboarding-pwsh-sp"
New-AzADServicePrincipal -DisplayName $arcServiceprincipalName -Role "Azure Connected Machine Onboarding" -StartDate $startDate -EndDate $endDate 

This will create a service principal to onboard servers for 90 days. In my case I used Azure PowerShell running inside Azure CloudShell.

Create an Azure Arc Service Principal with longer expiration date using PowerShell
Create an Azure Arc Service Principal with longer expiration date using PowerShell

Now if you check the expiration date, you can see it is 90 days.

Check expire date for Azure Arc service principal created by PowerShell
Check expiration date for Azure Arc service principal created by PowerShell

I hope this blog post was help full on showing you how you can create an Azure Arc Service Principal with longer expiration date using PowerShell. If you want to learn more about onboarding Azure Arc enabled servers at scale, check out the following Microsoft Docs article: Connect hybrid machines to Azure at scale. If you have any questions, feel free to leave a comment below.



Learn Live – Manage Azure Kubernetes Service (AKS) on Azure Stack HCI

Learn Live – Manage Azure Kubernetes Service (AKS) on Azure Stack HCI

As you know we are currently running the Learn Live Azure Hybrid Cloud Study Hall on Microsoft Learn TV. The first learn live episodes around our hybrid services with Azure Arc and Azure Stack HCI are now done and available on-demand. But we have more to come! In the upcoming episode I have the chance to go through the Manage Azure Kubernetes Service on Azure Stack HCI Microsoft Learn module together with Senior Cloud Advocate Vinicius Apolinario.

The session will run Thursday  June 16, 2022 10:00AM – 11:30AM (Pacific) and will also be available on-demand. You can download a calendar invite right here.

In this Learn Live episode we will go through the Manage Azure Kubernetes Service (AKS) on Azure Stack HCI and AKS on Windows Server. You can watch live and later the recording here:

Manage Azure Kubernetes Service (AKS) on Azure Stack HCI

This module describes how to implement and manage Microsoft Azure Kubernetes Service on Azure Stack HCI. In this episode, you will:

  • Describe Kubernetes and Azure Kubernetes Service (AKS).
  • Describe Azure Kubernetes Service on Azure Stack HCI.
  • Deploy AKS and Kubernetes clusters.
  • Connect Azure Kubernetes Service on Azure Stack HCI to Microsoft Azure Arc for Kubernetes.
  • Manage pod placement on multi-pool Kubernetes clusters.
  • Manage pod storage on Kubernetes clusters.

I hope you will enjoy the Learn Live Manage Azure Kubernetes Service on Azure Stack HCI session, if you want to learn more and check out the upcoming Learn Live Azure Hybrid Cloud Study Hall sessions, check out the main page on Microsoft Learn.

About the Learn Live Azure Hybrid Cloud Study Hall

Join us for the new Azure Hybrid study hall series. This fourteen-part weekly series will answer your questions live, walk through how to configure, deploy, manage your hybrid cloud resources using services and hybrid cloud technologies, and walk-through Microsoft Learn modules focused on Azure Arc and Azure Stack HCI. You will learn how you can manage your on-premises, edge and multicloud resources, and how you can deploy Azure services anywhere with Azure Arc and Azure Stack




New-AksHciCluster PowerShell comand

Set up a single-node AKS cluster on Windows Server on-premises

In this blog post we are going to have a look at how you can deploy a single-node Azure Kubernetes Service (AKS) cluster on Windows Server running on-premises in your hybrid cloud environment and connect it with Azure Arc.

Many customers want to modernize their application landscape and are using managed Kubernetes services from cloud providers such as the Azure Kubernetes Service (AKS) on Microsoft Azure. Many of these organizations also require running Kubernetes on-premises in their hybrid cloud and edge environment. With Microsofts offering you can deploy the Azure Kubernetes Service (AKS) on-premises on Windows Server, Azure Stack HCI or Azure Stack Hub.

If you want to run AKS on-premises in product obviously you will need to deploy a Windows Server Hyper-V, Azure Stack HCI, or Azure Stack Hub cluster, however, if you just want to evaluate AKS or run it in a development environment, you can also run it on a single-node Windows Server with Hyper-V.

Prerequisites

If you want to run a single-node AKS on a Windows Server, there are a couple of prerequisites.

  • An Azure subscription to register the AKS cluster
  • 32 GB of memory or more depending on the workloads
  • Minimum of 500GB direct attached storage (Data drive)
  • Networking
    • One Network Adapter
    • Verify that you have disabled IPv6 on all network adapters.
    • Must have external internet connectivity.
    • Make sure all subnets you define for the cluster are routable amongst each other and to the internet.
    • Make sure that there’s network connectivity between the Windows Server host and the tenant VMs.
    • DNS name resolution is required for all nodes to be able to communicate with each other.
    • (Recommended) Enable dynamic DNS updates in your DNS environment to allow AKS on Azure Stack HCI and Windows Server to register the cloud agent generic cluster name in the DNS system for discovery. If dynamic DNS isn’t an option, use the steps prescribed in ‘Set-AksHciConfig’.

To learn more about the AKS on Azure Stack HCI or Windows Server prerequisites, check out Microsoft Docs.

Set up an Azure Kubernetes Service host Windows Server and deploy a workload cluster using PowerShell

Now before we get started, I want to mention that you can also set up the AKS on Windows Server cluster using Windows Admin Center, you can find more here on Microsoft Docs. However, I prefer the PowerShell way.

Set up Azure Kubernetes Service AKS on Windows Server
Set up Azure Kubernetes Service AKS on Windows Server

Windows Admin Center provides a super straight forward wizard to install AKS on Windows Server or Azure Stack HCI.

Set up Hyper-V

First set up Hyper-V on your Windows Server and create a virtual switch.

# Install the Hyper-V Role
Install-WindowsFeature  "Hyper-V" -IncludeAllSubFeature -IncludeManagementTools -Restart
# After the reboot create the virtual Switch
New-VMSwitch -Name VirtualSwitch -NetAdapterName Ethernet -AllowManagementOS $true
# Set Default Storage Path
Set-VMHost -VirtualHardDiskPath "E:\VMs" -VirtualMachinePath "E:\VMs"
# Disable IPv6 on all network adapters
Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6
Install Hyper-V
Install Hyper-V

Install the AksHci PowerShell module

If you have not installed the AksHci PowerShell module, run the following commands to install the modules. You must close all existing PowerShell windows and open a fresh administrative session to install the pre-requisite PowerShell packages and modules.

# Prepare PowerShell
Install-PackageProvider -Name NuGet -Force 
Install-Module -Name PowershellGet -Force -Confirm:$false -SkipPublisherCheck
# Install PowerShell modules
Install-Module -Name Az.Accounts -Repository PSGallery -RequiredVersion 2.2.4
Install-Module -Name Az.Resources -Repository PSGallery -RequiredVersion 3.2.0
Install-Module -Name AzureAD -Repository PSGallery -RequiredVersion 2.0.2.128
Install-Module -Name AksHci -Repository PSGallery
# Import PowerShell modules
Import-Module Az.Accounts
Import-Module Az.Resources
Import-Module AzureAD
Import-Module AksHci
# Validate your installation
Get-Command -Module AksHci
Install AksHci PowerShell modules
Install AksHci PowerShell modules

Register the resource provider to your Azure subscription and login to Azure

Before the registration process, you need to enable the appropriate resource provider in Azure for AKS on Azure Stack HCI and Windows Server registration. To do that, run the following PowerShell commands.

# Login
Connect-AzAccount -Tenant <tenantId> -DeviceCode
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"
# Register Resource Providers
Register-AzResourceProvider -ProviderNamespace Microsoft.Kubernetes
Register-AzResourceProvider -ProviderNamespace Microsoft.KubernetesConfiguration

To validate the registration process, run the following PowerShell command:

# Verify
Get-AzResourceProvider -ProviderNamespace Microsoft.Kubernetes
Get-AzResourceProvider -ProviderNamespace Microsoft.KubernetesConfiguration

Prepare your machine for deployment

Run checks on every physical node to see if all the requirements are satisfied to install AKS on Azure Stack HCI and Windows Server. Open PowerShell as an administrator and run the following Initialize-AksHciNode command.

Initialize-AksHciNode
Initialize-AksHciNode
Initialize-AksHciNode

Create a virtual network using the virtual switch earlier. If you don’t remember the name, use the Get-VMSwitch command to find the virtual switch.

To create a virtual network for the nodes in your deployment to use, create an environment variable with the New-AksHciNetworkSetting PowerShell command. This will be used later to configure a deployment that uses static IP.

#Set up vNet with static IP
$vnet = New-AksHciNetworkSetting -name myvnet -vSwitchName "VirtualSwitch" -k8sNodeIpPoolStart "172.21.21.21" -k8sNodeIpPoolEnd "172.21.21.49" -vipPoolStart "172.21.21.51" -vipPoolEnd "172.21.21.120" -ipAddressPrefix "172.21.21.0/24" -gateway "172.21.21.1" -dnsServers "172.21.21.11"

To create the configuration settings for the AKS host, use the Set-AksHciConfig command. You must specify the imageDirworkingDir, and cloudConfigLocation parameters. If you want to reset your configuration details, run the command again with new parameters.

Set-AksHciConfig -imageDir E:\Images -workingDir E:\ImageStore -cloudConfigLocation E:\Config -vnet $vnet -cloudservicecidr "172.21.21.121/24"

Run the following Set-AksHciRegistration PowerShell command with your subscription and resource group name to log into Azure. You must have an Azure subscription, and an existing Azure resource group in the Australia East, East US, Southeast Asia, or West Europe Azure regions to proceed.

Set-AksHciRegistration -subscriptionId "<subscriptionId>" -resourceGroupName "<resourceGroupName>" -TenantId "<tenantId>" -UseDeviceAuthentication
Create AKS Configuration and Registration in Azure
Create AKS Configuration and Registration in Azure

After you’ve configured your deployment, you must start it to install the AKS on Azure Stack HCI and Windows Server agents/services and the AKS host. To begin deployment, run the following commands:

# More detail
$VerbosePreference = "Continue"
# Install AKS on Windows Server
Install-AksHci
Installation Azure Kubernetes Service AKS on Windows Server with PowerShell
Installation Azure Kubernetes Service AKS on Windows Server with PowerShell

This will also download the necessary images for the Azure Kubernetes Service (AKS) cluster.

Downloading images
Downloading images

Manage your AKS on Windows Server deployment

You can now manage your AKS on Windows Server deployment using PowerShell or Windows Admin Center.

Azure Kubernetes Service Runtime on Windows Server​​ with Windows Admin Center
Azure Kubernetes Service Runtime on Windows Server​​ with Windows Admin Center

You can also see the deploy virtual machines for the AKS services and the future Kubernetes clusters you create in Hyper-V Manager

Hyper-V Manager
Hyper-V Manager

If you need to update your Azure Kubernetes Cluster (AKS) on Azure Stack HCI or Windows Server, you can simply open the host settings.

Update AKS on Azure Stack HCI and Windows Server
Update AKS on Azure Stack HCI and Windows Server

Create a Kubernetes Cluster

After installing your AKS host, you are ready to deploy a Kubernetes cluster. To create a new Kubernetes cluster on AKS on Windows Server, you can use PowerShell or Windows Admin Center.

PowerShell

Open PowerShell as an administrator and run the following New-AksHciCluster command. This command will create a new Kubernetes cluster with one Linux node pool named linuxnodepool with a node count of 2. To read more information about node pools, visit Use node pools in AKS on Azure Stack HCI and Windows Server.

New-AksHciCluster -name mycluster -nodePoolName linuxnodepool -nodeCount 2 -osType Linux
New-AksHciCluster PowerShell comand
New-AksHciCluster PowerShell comand

Windows Admin Center

Or use the web-based UI from Windows Admin Center following the wizard.

Create Kubernetes Cluster AKS on Windows Server using Windows Admin Center
Create Kubernetes Cluster AKS on Windows Server using Windows Admin Center

Connect your cluster to Azure Arc enabled Kubernetes

Connect your cluster to Arc enabled Kubernetes by running the Enable-AksHciArcConnection command. The command below connects your AKS on Windows Server cluster to Azure Arc.

Connect-AzAccount -Tenant <tenantId> -DeviceCode
Enable-AksHciArcConnection -name mycluster

Now you can view and manage your AKS on Windows Server running on-premises directly from the Azure portal using Azure Arc. This allows you to enable monitoring, use Microsoft Defender for Kubernetes, Azure Policy, configure GitOps, leverage role-based access control (RBAC), and much more.

Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc
Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc

Manage your Hybrid AKS Kubernetes Cluster on Windows Server

Access your cluster using kubectl

To access your Kubernetes clusters using kubectl, run the Get-AksHciCredential PowerShell command. This will use the specified cluster’s kubeconfig file as the default kubeconfig file for kubectl. You can also use kubectl to deploy applications using Helm.

If you haven’t installed kubectl on your Windows machine, you can simply do that using the following commands:

mkdir C:\kube
Start-BitsTransfer -Source "https://dl.k8s.io/release/v1.24.0/bin/windows/amd64/kubectl.exe" -Destination "C:\kube"
$Env:PATH += ";C:\kube"
Get-AksHciCredential -name mycluster
Access your AKS on Windows Server Kubernetes cluster using kubectl
Access your AKS on Windows Server Kubernetes cluster using kubectl

Monitoring with Azure Monitor using Azure Arc

Once your AKS cluster running on-premises is connected to Azure Arc you can enable Azure Monitor for containers. This is straight forwarded, just click on Insights, and enable Azure Monitor.

Enable Monitoring for Azure Arc enabled Kubernetes cluster
Enable Monitoring for Azure Arc enabled Kubernetes cluster

After enabling monitoring, you can review information about the AKS cluster on Windows Server directly in Azure Monitor, and you can also set up alerting.

Azure Monitor AKS on Windows Server and Azure Stack HCI using Azure Arc
Azure Monitor AKS on Windows Server and Azure Stack HCI using Azure Arc
Monitoring Containers
Monitoring Containers

By enabling Azure Monitor you can also access the logs.

Get Kubernetes Logs using Azure Arc and Log Analytics
Get Kubernetes Logs using Azure Arc and Log Analytics

Scale a Kubernetes Cluster

If you need to scale your cluster up or down, you can change the number of control plane nodes using the Set-AksHciCluster command, and you can change the number of Linux or Windows worker nodes in your node pool using the Set-AksHciNodePool command.

To scale control plane nodes, run the following command.

Set-AksHciCluster -name mycluster -controlPlaneNodeCount 3

To scale the AKS worker nodes in your node pool, run the following command.

Set-AksHciNodePool -clusterName mycluster -name linuxnodepool -count 3

You can also use vertical node scaling in AKS on Windows Server & Azure Stack HCI to change the size of the virtual machines in each node pool to increase the resources available to your node pool.

# Show available VM sizes
Get-AksHciVmSize
# Set new VM size for the nodepool
Set-AksHciNodePool -ClusterName mycluster -name mycluster-linux -vmsize Standard_A4_v2

Security and GitOps for your Kubernetes cluster using Azure Arc

By connecting your Kubernetes cluster to Azure using Azure Arc, you can enable Microsoft Defender for Containers and Azure Policy to make sure your cluster is secure and compliant.

GitOps on Azure Arc-enabled Kubernetes or Azure Kubernetes Service uses Flux, a popular open-source tool set. Flux provides support for common file sources (Git and Helm repositories, Buckets) and template types (YAML, Helm, and Kustomize). Flux also supports multi-tenancy and deployment dependency management, among other features.

Run Azure services on-premises using Azure Arc

By deploying the Azure Kubernetes Service (AKS) on-premises and Azure Arc enabling it, you can also start running Azure services such as Azure Arc-enabled data services with SQL MI or Azure Arc-enabled application services on top of your Kubernetes cluster.

End to End Azure Hybrid withAzure Stack HCI AKS and Azure Arc
End to End Azure Hybrid with Azure Stack HCI AKS and Azure Arc

Conclusion

Setting up the Azure Kubernetes Service on Windows Server or Azure Stack HCI is super straightforward. You can easily set it up using the wizard in Windows Admin Center or PowerShell. And with the additional management capabilities with PowerShell, CLI, Windows Admin Center, Azure Arc, administration, and deployment of apps is super easy.



Book Azure Arc-Enabled Kubernetes and Servers Extending Hyperscale Cloud Management to Your Datacenter

Book: Azure Arc-Enabled Kubernetes and Servers: Extending Hyperscale Cloud Management to Your Datacenter

I know many of you want to learn more about Azure Arc and how you can leverage the Azure management and control plane for your hybrid and multicloud environments. Microsoft MVPs and Azure experts Steve Buchanan and John Joyner have authored a book about Azure Arc which I would highly recommend. The Azure Arc-Enabled Kubernetes and Servers: Extending Hyperscale Cloud Management to Your Datacenter book is an introductory guide to using Microsoft’s Azure Arc service.

You can order the book from Amazon (affiliate link)

Welcome to this introductory guide to using Microsoft’s Azure Arc service, a new multi-cloud management platform that belongs in every cloud or DevOps estate. As many IT pros know, servers and Azure Kubernetes Service drive a huge amount of consumption in Azure―so why not extend familiar management tools proven in Azure to on-premises and other cloud networks? This practical guide will get you up to speed quickly, with instruction that treads light on the theory and heavy on the hands-on experience to make setting up Azure Arc servers and Kubernetes across multiple clouds a lot less complex. 

Azure experts and MVPs Buchanan and Joyner provide just the right amount of context so you can grasp important concepts, and get right to the business of using and gaining value from Azure Arc. If your organization has resources across hybrid cloud, multi-cloud, and edge environments, then this book is for you. You will learn how to configure and use Azure Arc to uniformly manage workloads across all of these environments.

Amazon

What You Will Learn

  • Introduces the basics of hybrid, multi-cloud, and edge computing and how Azure Arc fits into that IT strategy
  • Teaches the fundamentals of Azure Resource Manager, setting the reader up with the knowledge needed on the technology that underpins Azure Arc
  • Offers insights into Azure native management tooling for managing on-premises servers and extending to other clouds
  • Details an end-to-end hybrid server monitoring scenario leveraging Azure Monitor and/or Azure Sentinel that is seamlessly delivered by Azure Arc
  • Defines a blueprint to achieve regulatory compliance with industry standards using Azure Arc, delivering Azure Policy from Azure Defender for Servers
  • Explores how Git and GitHub integrate with Azure Arc; delves into how GitOps is used with Azure Arc
  • Empowers your DevOps teams to perform tasks that typically fall under IT operations
  • Dives into how to best use Azure CLI with Azure Arc

Who This Book Is For

DevOps, system administrators, security professionals, and IT workers responsible for servers both on-premises and in the cloud. Some experience in system administration, DevOps, containers, and use of Git/GitHub is helpful.

You can order the Azure Arc book from Amazon.com.



Azure Regions and custom locations

Run cloud-native apps on Azure PaaS anywhere

At Microsoft Build 2021, Microsoft just announced the availability of Azure Arc enabled Application services. This allows you to deploy Azure application services such as Azure App Service, Functions, Logic Apps, Event Grid, and API Management anywhere, on-premises, edge locations, or any other cloud provider. This is great if you are building and running cloud-native applications on Azure PaaS services and want them to run outside of Azure without rearchitecting them. With the new Platform-as-a-Service (PaaS) services and the existing Azure Arc enabled Data services, and Azure Arc enabled Kubernetes, you get a powerful platform to run your cloud-native applications in a consistent way in your hybrid or multicloud environment.

To learn more about Azure Arc, check out the Microsoft Docs.

Azure Arc enabled Application Services

These are the new Azure Arc enabled Application services announced at Microsoft Build 2021. These allow you to run Azure PaaS services on-premises and at other cloud providers.

  • Azure App Service makes building and managing web applications and APIs easy with a fully managed platform and features like autoscaling, deployment slots, and integrated web authentication.
  • Azure Functions makes event-driven programming simple, with state-of-the-art autoscaling, and triggers and bindings to integrate with other Azure services.
  • Azure Logic Apps produces automated workflows for integrating apps, data, services, and backend systems with a library of more than 400 connectors.
  • Azure Event Grid simplifies event-based applications with a single service for managing the routing of events from any source to any destination.
  • Azure API Management provides a unified management experience and full observability across all internal and external APIs.

Azure Arc enabled Data Services

The applications services can be combined with the Azure Arc enabled Data services which inlcuded:

  • Azure Arc enabled Azure SQL Managed Instance – Azure Arc enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.
  • Azure Arc enabled Azure PostgreSQL Hyperscale – This is the hyperscale form factor of the Postgres database engine that is available with Azure Arc enabled data services. It is also powered by the Citus extension that enables the hyperscale experience. In this form factor, our customers provide the infrastructure that hosts the systems and operate them.

Azure Arc enabled Infrastructure

Azure Arc enabled infrastructure allows you to manage and operator Linux and Windows Servers as well as Kubernetes clusters outside of Azure.

  • Azure Arc enabled Kubernetes – With Azure Arc enabled Kubernetes, you can attach and configure Kubernetes clusters located either inside or outside Azure. You can benefit from Azure Management services such as Azure Monitor, Azure Policy, Azure Defender for Kubernetes, and many more. You can deploy applications and apply configuration using GitOps-based configuration management.
  • Azure Arc enabled Servers – enables you to manage your Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. This management experience is designed to be consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. That includes an Azure Managed Identity which can be used for Azure AD authentication within your apps.

How to run Azure Application Services anywhere

To run the Azure Application on-premises or at another cloud provider you will need an Azure Arc enabled Kubernetes cluster. On this cluster you can then deploy the Azure Application services. Azure Arc enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters. The Azure Arc team has worked with key industry partners to validate conformance of their Kubernetes distributions with Azure Arc enabled Kubernetes.

How to connect a Kubernetes cluster to Azure using Azure Arc

To connect a Kubernetes cluster using Azure Arc you can follow the following Microsoft Docs article.

Deploy App Service extensions

Now navigate to the Azure Arc enabled Kubernetes cluster you want to deploy the Azure Application services on.

Azure Arc enabled Kubernetes Cluster running on-premises
Azure Arc enabled Kubernetes Cluster running on-premises

In the navigate to Extensions, and select add.

Azure Arc enabled Kubernetes Cluster Extensions
Azure Arc enabled Kubernetes Cluster Extensions

Select the Azure service you want to enable.

Add Application Services Extension
Add Application Services Extension

In my case I select Application services, which includes Azure Web Apps, Functions, and Logic Apps.

Application services extension Preview
Application services extension Preview

Click on Create to open the wizard which will help you deploy the Application services extension.

Define the instance name and select a custom location if you already have one. The custom location in an Azure Arc enabled Kubernetes cluster. This can then be used instead of an Azure region when you deploy a service.

Install application services extension and create custom location
Install application services extension and create custom location

After that, you can configure Monitoring and add Azure Tags. In the end, the wizard will create you a script that you can run using the Azure CLI locally or directly within Azure Cloud Shell.

Download or Copy script to deploy the Azure App Service for Kubernetes with Azure Arc
Download or Copy script to deploy the Azure App Service for Kubernetes with Azure Arc

Now you can find your new custom location in the custom locations list in the Azure Arc Center. You can see, in my list, I have Kubernetes clusters running on-premises or at another cloud provider.

Custom Locations
Custom Locations

I can now navigate to App services so add a new Web App.

Create App Service and select a custom location
Create App Service and select a custom location

When I select the Region, I can now not just select the Azure Regions, but also my custom locations.

Azure Regions and custom locations
Azure Regions and custom locations

Conclusion

I hope this blog gave you a quick overview on how you can create and run your cloud-native applications running on Azure PaaS Services using Azure Arc. This is ideal for you to build applications running on modern services in hybrid and mutlicloud environments using a single architecture. If you have any questions feel free to leave a comment.



Book Windows Containers for IT Pros

Book: Windows Containers for IT Pros

One of the big topics for IT Pros is how they can leverage containers to modernize their application landscape. Getting started with that topic can be challenging since it includes a couple of new concepts. Luckily, there is a great new book written by Vinicius Ramos Apolinario is Senior Program Manager on the Windows Container Platform team at Microsoft, called Windows Containers for IT Pros: Transitioning Existing Applications to Containers for On-premises, Cloud, or Hybrid.

I was lucky and had the chance to read and review the book before it got published, and I can tell you I can highly recommend it. It is very focused on the basics and practical examples, not just the concepts. I think this is the ideal book for IT Pros who want to get started with Windows Containers.

This book is for Windows IT pros and technical professionals deploying Windows Server and server applications today, such as .NET, ASP.NET, IIS, and more. The book assumes little to no experience with scripting as readers deploy their workloads via one of the Windows UIs (Hyper-V, Server Manager, Windows Admin Center, etc.). Knowledge of VMs and infrastructure, such as clustered operating systems, is recommended but not required.

You can get the Windows Containers for IT Pros book directly here from Amazon (affiliate link).

Also, make sure you check out my current content on how to modernize Windows Server Apps on Microsoft Azure using Containers with Windows Admin Center and AKS.

You can find the full blog post on ITOpsTalk.com. In that video and blog post, we will see how we can create a new custom Docker container image using Windows Admin Center, upload that to an Azure Container registry and deploy it to our Azure Kubernetes Service cluster.

I hope you enjoyed that Windows Containers for IT Pros book recommendation and it helps you to get started with your Windows Containers journey. If you have any questions feel free to leave a comment.



Azure Hybrid Cloud Deep Dive Sessions

Azure Hybrid Cloud Deep Dive Sessions

As mentioned before, our team created a virtual free event called ITOps Talks – All Things Hybrid.  ITOps Talks – All Things Hybrid is an initiative of our Cloud Advocacy AzOps team, to bring you Azure Hybrid Cloud deep dive sessions from your favorite speakers and program managers at Microsoft. You can learn directly from the people behind the products how you can make your on-premises environment better using build-in technologies in Windows Server, Microsoft Azure, and many more! ☁

I am happy to let you know that the Azure Hybrid Cloud deep dive sessions from our ITOps Talks All Things Hybrid event are now available! You can find the full list of sessions from our team here on YouTube. 📺

I had the chance to work with some top Program Managers within Microsoft, to create some Hybrid Cloud deep-dive sessions. So I am happy to share my list of sessions directly embedded here for you. ⚡

OPS109 – Getting started with Azure Kubernetes Service (AKS) on Azure Stack HCI

with Matt McSpirit (@mattmcspirit) – Senior Program Manager

In this session, you’ll learn about the new Azure Kubernetes Service on Azure Stack HCI, how you can use it to run your containerized Windows and Linux apps, how it integrates with Azure, and how it provides the best platform to run additional Azure services, including Arc-enabled Data Services. This will help you to modernize your existing applications on our Azure Stack HCI Hybrid Cloud Platform.

This session includes:

0:00 Introduction
2:00 Azure Hybrid Overview
5:10 Kubernetes on Azure
8:39 What is Azure Kubernetes Service (AKS) on Azure Stack HCI
15:34 High-Level Architecture
18:51 Architecture AKS-HCI Components
21:21 Demo: Deployment
33:19 Demo: Deploy Worker Nodes
43:41 Demo: Deploy an Application
59:27 How to evaluate the new AKS on Azure Stack HCI
1:00:58 Wrap up

Learn More

OPS111 – Learn the 5 key areas to consider for your hybrid workloads

with David Kurth (@TheDaveKurth) – Senior Product Marketing Manager

In this whiteboard session (after a few slides for context), we will discuss the 5 key areas of any hybrid cloud workload, connectivity, application, data, identity, security & management.

This session includes:

0:00 Introduction
0:55 About Dave
3:56 Why Hybrid
11:38 Azure Hybrid Overview
19:08 Whiteboard Session Hybrid areas
30:15 Wrap up

Learn More

OPS112 – Azure Stack HCI Hybrid is built-in: How does it really work?

with Kerim Hanif (@kerimhanif) – Senior Program Manager

Ready to deploy Azure Stack HCI, the new hyperconverged infrastructure operating system delivered as an Azure service? Join this session to learn everything you need to know about how Azure Stack HCI’s hybrid connectivity works. Is it hard to register? (Hint: no.) Is there an agent? (Hint: no.) Does Azure see my VMs and their data? (Hint: no.) Do I need to open my firewall to freely allow Internet traffic? (Hint: no.) All these answers and more.

This session includes:

0:00 Introduction
1:50 What is Azure Stack HCI?
5:55 Azure Stack HCI as a Hybrid services
8:30 Native OS-level integration with Azure
11:20 Demo: Azure Stack HCI
14:10 Registering with Azure
20:19 Demo: How to register
25:21 What happens in the background in Azure?
37:06 Azure Stack HCI Connectivity requirements
44:00 Data privacy
49:36 How can I see the diagnostic data myself?
51:39 Just the foundation more to come!
58:10 Wrap Up

Learn More

OPS113 – From WS2008 to Azure with containers – An Ops view on how to modernize existing applications with Windows Admin Center

with Vinicius Apolinario (@vrapolinario) – Senior Program Manager

ITPros around the globe are trying to figure out how to modernize existing applications. End of Support for Windows Server 2008, how to move applications to the cloud, and how to leverage new technologies such as Kubernetes have become a daunting process for Ops teams. In this session, we will cover how to containerize existing applications from the perspective of an ITPro. We will use tools that you are used to – such as Windows Admin Center to jumpstart your modernization process and show how to move an application from Windows Server 2008 to Azure Kubernetes Service.

This session includes:

0:00 Introduction
3:33 What are containers?
5:35 Windows Server 2008 and 2008 R2 End of Life
9:56 The benefits of using containers
17:25 Demo: IIS Application to be containerized
24:14 Demo: Windows Admin Center Container Management
29:50 Demo: Create a Container Image using Windows Admin Center
36:40 Demo: Run Container Image on Windows Server Container Host
41:25 Demo: Push Container Image to Container Registry (ACR)
47:01 Demo: Create Azure Kubernetes Service Cluster
52:37 Demo: Deploy Container to AKS cluster
59:15 Wrap Up

Learn More

OPS114 – Governing baselines such as STIG in hybrid server environments using Azure Policy Guest Configuration

with Michael Greene (@migreene) – Principal Program Manager

Learn to use services in Azure to audit the state of servers across private and public clouds and upcoming plans to expand capabilities in this area.

This session includes:

0:00 Introduction
3:40 Providing Feedback and Community
5:10 Hybrid solution using Azure Arc
8:30 Demo using Azure Policy Guest Configuration
18:39 Demo How to set up Azure Policy Guest Configuration for Azure Arc machines
23:19 Azure Arc enabled servers
27:33 What is next for Azure Policy Guest Configuration
31:13 Wrap up

Learn More

OPS119 – Databases are cattle too! Running highly available databases consistently on any infrastructure using Arc data services

with Travis Wright (@radtravis) – Principal Group Program Manager

Have you heard people say ‘containers or Kubernetes is not for databases’? Let me show you how that is definitely not the case in 2021. Kubernetes provides an abstraction layer over any infrastructure and an orchestration engine that powers Arc enabled data services so DevOps, DBAs, and developers can provision and manage highly available SQL and PostgreSQL database instances on any infrastructure – on-prem, AWS, or Google. In this session, I’ll dive deep into the technical weeds with nearly 100% demos that show you exactly how it all works and you can manage it all with GUI, CLI, Azure-native tools, or Kubernetes-native tools.

This session includes:

0:00 Introduction
0:45 Databases are cattle
3:36 Are databases cattle or pets?
06:41 Database cow wannabes
07:47 Database cows
11:12 Traditional Always On
11:50 Azure SQL
12:18 Azure Arc enabled data services
17:35 Built-In, Automated High Availability
18:03 Standard HA
19:46 Premium HA
21:38 Demo: Databases are cattle too!
47:48 Wrap Up

Learn More

OPS121 – Modernize how you manage hybrid servers with Azure Arc

with Ryan Puffer – Senior Program Manager

Think the cloud is just for things that are…in the cloud? Come learn how you can use Azure Arc to simplify IT operations across your entire fleet, no matter where your servers run. We’ll start with a deep dive into the architecture and benefits of Azure Arc followed by a demonstration of how Azure Arc can help you monitor, secure, and simplify the management of a multi-tier on-premises application.

This session includes:

0:00 Introduction
1:25 Agenda
2:25 What is Azure Arc
4:18 Azure and Azure Arc Architecture
12:58 Demo: Management of Azure VMs
14:39 Azure Arc enabled servers architecture
25:01 Demo: Extensions
26:46 Demo: Azure Arc enabled server and how to add a server
33:51 Demo: How to manage an Azure Arc enabled server
49:49 Demo: Update Management
59:44 Demo: Access Control and RBAC
1:01:28 Demo: Azure Monitoring for hybrid servers
1:06:38 Wrap Up

Learn More

ITOps Talks – Azure Hybrid Cloud Deep Dive sessions

I hope you will enjoy these Azure Hybrid Cloud Deep Dive sessions. If you have any questions, feel free to leave a comment or ping us with a tweet using the #AzOps hashtag on Twitter. I hope you will enjoy ITOps Talks All Things Hybrid!



Microsoft Learn Windows Server Hyper-V and Virtualization

Learn about Windows Server Hyper-V and Virtualization

As you know, my background is doing a lot of datacenter and virtualization projects using Hyper-V and System Center. I often get asked, how do I start learning about Windows Server Hyper-V, and virtualization, including Windows Server Containers. So if you are a Windows Server Hyper-V admin or want to learn about virtualization, we have a new Microsoft Learn learning path ready. In the new Windows Server Hyper-V and Virtualization learning path you will be able to learn to implement and manage Windows Server virtual machines (VMs) and container workloads using Windows Server Hyper-V.

Windows Server Hyper-V and Virtualization Microsoft Learn Modules

Currently, the learning path consists of 6 modules:

Configure and manage Hyper-V
Learn about virtualization and the Microsoft Hyper-V role with Windows Server. Learn about best practices for preparing Hyper-V hosts, in addition to Hyper-V networking features and implementing nested virtualization.

Configure and manage Hyper-V virtual machines
Learn about configuring and managing Hyper-V virtual machines in Windows Server 2019.

Secure Hyper-V workloads
Learn about securing Hyper-V workloads in Windows Server 2019, installing and configuring the Host Guardian Service (HGS), the attestation modes available with the HGS, and the creation and deployment of shielded virtual machines (VMs).

Run containers on Windows Server
Learn about Windows Server and Hyper-V containers, associated isolation modes, running containers, and preparing the Windows Server host for running containerized workloads. Learn about Docker, preparing Windows Server for running container workloads, and managing containers.

Orchestrate containers on Windows Server using Kubernetes
Learn about Kubernetes, containers, container orchestration, and Kubernetes orchestration in Windows Server 2019. Also learn the process for deploying a Kubernetes cluster on Windows and describe how to use Azure Arc for Kubernetes.

Implement Hyper-V Replica
Learn about Hyper-V Replica, scenarios for its use, and prerequisites to use it. Learn about Azure Site Recovery and the benefits of using it, focusing on implementing Site Recovery in on-premises scenarios.

Conclusion

I hope these links are useful to you and it helps you to learn more. If you have any questions feel free to leave a comment, and for more Hyper-V content, check out my blog.



Manage hybrid cloud using Azure Arc

Azure Arc Video – Manage your Hybrid Cloud environment

In this Azure Arc video, I want to share the latest Azure Arc hybrid cloud management capabilities. Hybrid Cloud management becomes more and more important for many customers. We are seeing the customers taking advantage of cloud computing, but at the same time have the need to run applications on-premises or at other cloud providers. These can have multiple reasons like data sovereignty, network latency and connectivity, leveraging your existing investments, and many more. However, by running applications and services in different locations, we can also see that most environments get more complex to manage. This is where Microsoft Azure Arc can help you to connect services outside of Azure, running on-premises, other cloud providers, or at the edge, and use Microsoft Azure as a single control plane to manage your hybrid infrastructure and applications.

Azure Arc Azure Management Control Plane
Azure Arc Azure Management Control Plane

A while ago, I presented an overview of Azure Arc with the latest capabilities at an online conference. Since I get a lot of questions, I thought that I should share a recording of my presentation with all of you. Here is my Azure Arc video, 2021 edition:

In this video, you will see how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as an Azure resource. Azure Arc provides you with the familiar cloud-native Azure management experience, like RBAC, Tags, Azure Policy, Log Analytics, and more.

If you want to learn more on Azure Arc, we also have a Microsoft Learn learning path, which will provide you with some guided learning modules.

To learn more check out the following links:

I hope this Azure Arc video provides you with a short overview of how you can use Azure Arc as a single control plane to manage resources outside of Azure. For more Hybrid Cloud architectures, check out my blog on how to create Azure Hybrid Cloud Architectures. If you have any questions, feel free to leave a comment below.