Tag: Management

Azure Friday - Manage and govern your hybrid servers using Azure Arc

Azure Friday: Manage hybrid servers using Azure Arc

Last Friday, I had the chance to join Donovan Brown on Azure Friday to talk about how you can manage and govern your hybrid servers using Azure Arc. I showed how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. You can watch the full episode here on Microsoft Channel 9.

Azure Friday - Manage and govern your hybrid servers using Azure Arc

Azure Friday – Manage and govern your hybrid servers using Azure Arc

If you want to know more about the Azure Arc and Azure Hybrid services, check out the following blog post and Microsoft Docs articles:

If you want to check out my other Azure Friday episode, in which I was joining Scott Hanselman to talk about how you can connect Windows Server to Azure Hybrid Cloud services using Windows Admin Center. And how you can use other Azure Hybrid services to improve your on-premises environment, check out my blog here.

I hope you liked this Azure Friday episode about how you can manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, using Azure Arc for servers. If you have any questions, feel free to leave a comment. And yes, this is a Surface Pro X.



Azure Locks - Governance

Prevent Azure Resources from unexpected deletion using Locks

In this blog post, we will have a quick look at the basics of Azure Governance and how you can use Locks in Azure to govern your environment and protect resources from accidental deletion or changes. Cloud Computing is excellent, and you can deploy and delete services in seconds and go full speed. However, with that, there are also many challenges that are coming your way. Think about control over cost, security, or compliance. You don’t want everyone to be able to deploy a large Mv2-series virtual machine to test their application, and you might also not want people deploying services all over the world using one of the 55 Azure regions worldwide. The way to prevent things like this is called technical governance. However, it can be implemented in different ways.

Technical Governance

Technical Governance

The traditional approach was that you set a team or a person in front of the cloud, which can be called a cloud custodian or cloud broker team. And this team then decided on which services are going to get deployed and how. Now with that approach, people and processes become the limiting factor if you look at speed and agility.



Azure Cloud Shell in Windows Admin Center

Run Azure Cloud Shell in Windows Admin Center

As you know Windows Admin Center enables you to not just manage Windows Server machines with a web-based user interface, but also to easily connect Azure Hybrid services to your on-premises Windows Server environment. Windows Admin Center allows you to connect services like Azure File Sync, Azure Update Management, Azure Backup, Azure Site Recovery and many more to your Windows Server and Azure Stack HCI environment. With the latest release of Windows Admin Center (WAC) which was announced at Microsoft Ignite 2019, we get another hybrid cloud feature. We get a new Azure Cloud Shell extension in Windows Admin Center. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. We are able to use Cloud Shell directly from the Azure portal, shell.azure.com, in Visual Studio Code, in the new Windows Terminal or even in the Azure mobile app. Now with the new solution/extension, administrators can also run Cloud Shell directly within WAC.

How to run Azure Cloud Shell in Windows Admin Center

First, you will need to enable and install the new Azure Cloud Shell solution. For that open Windows Admin Center, go to Settings and in the menu click on Extensions.

Extensions

Extensions

Under available extensions, you will find the new Azure Cloud Shell (Preview) extension. Click on Install, the WAC portal will refresh automatically.

After the page has refreshed, the Cloud Shell option will show up in the top menu.

Start Cloud Shell in Windows Admin Center

Start Cloud Shell in Windows Admin Center

If you start Azure Cloud Shell for the first time, you will need to login to Azure.

After that, you can run the PowerShell or Bash experience, depending on what you prefer. You also have access to the clouddrive which comes with Cloud Shell.

Azure Cloud Shell in Windows Admin Center

Azure Cloud Shell in Windows Admin Center

In that, you can run tools like the Azure CLI, Azure PowerShell and much more. If you want to learn more about Azure Cloud Shell, check out my blog post, Mastering Azure with Cloud Shell. Windows Admin Center is a free download to use with your Windows Servers, you can download Windows Admin Center here. If you want to know more about the Hybrid capabilities, check out my blog post on ITOpsTalk.com.

I hope this gives you an overview of how you can run Azure Cloud Shell in Windows Admin Center. Let me know if you have any questions in the comments.



Azure Hybrid

Azure Arc – Cloud-native Management for Hybrid Cloud

Azure Hybrid is not just Azure Stack, it also includes a couple of other Azure Hybrid services like Azure Update Management, Azure File Sync and many more. Today, Microsoft will extend the hybrid cloud solutions in Azure and announced Azure Arc, which is designed to extend Azure Management to any infrastructure. In the new world where organizations run servers, containers, and applications across multi-cloud environments, on-premises locations, and the edge, managing these hybrid resources becomes challenging. Azure Arc enables cloud-native Azure management across any infrastructure and also allows you to run Azure data services to be deployed anywhere. It includes hybrid server management, Kubernetes and Azure data services.

Azure Arc Overview

Azure Arc Overview

As you can see Azure Arc consists of a set of different technologies and components like:

  • Organize and govern all your servers – Azure Arc extends Azure management to physical and virtual servers anywhere. Govern and manage servers from a single scalable management pane. You can learn more about Azure Arc for servers here.
  • Manage Kubernetes apps at scale – Deploy and configure Kubernetes applications consistently across all your environments with modern DevOps techniques.
  • Run data services anywhere – Deploy Azure data services in moments, anywhere you need them. Get simpler compliance, faster response times, and better security for your data. You can learn more here.
  • Adopt cloud technologies on-premises – Bringing cloud-native management to your hybrid environment.

In this blog post, we will have a closer look at hybrid server management. If you want to know more about Azure Arc, check out the announcement blog post by Jeremy Winter, Director of Program Management, Microsoft Azure.

Cloud-native Azure management for hybrid environments with Azure Arc

By extending Azure Resource Manager to support hybrid cloud environments, Azure Arc to make it easier to implement cloud security across environments with centralized role-based access control, security policies. Azure Management provides you now with a single control plane for Azure native and Azure Arc resources.

Azure Management Overview

Azure Management Overview

Hybrid Server Management

Today Azure Arc allows you to onboard physical and virtual servers in your hybrid environment (on-premises, edge, and multi-cloud). By joining serves to Azure Arc, you get the benefits you are used from native Azure resources, like tags, RBAC, and many more. In the preview, you can now use Azure Management services like Azure Log Analytics and Azure Policy to make sure your servers are compliant across your hybrid environment.

Hybrid Server Management

Hybrid Server Management

I had the chance to have a very early chat with Jian Yan from the Azure Management team, a couple of weeks ago, about hybrid server management. Check out the video here:

Join the Preview

Azure Arc for Server is currently in public preview, while you can sign up for the preview to manage Kubernetes and data services. To enable hybrid server management, you must register the required Resource Providers.

  • Microsoft.HybridCompute
  • Microsoft.GuestConfiguration

You can register the resource providers with the following Azure PowerShell commands:

Login-AzAccount
Set-AzContext -SubscriptionId [subscription you want to onboard]
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration

or with Azure CLI:

az account set --subscription "{Your Subscription Name}"
az provider register --namespace 'Microsoft.HybridCompute'
az provider register --namespace 'Microsoft.GuestConfiguration'

You can also run them from Azure Cloud Shell. If you want to know more, check out the following Microsoft Docs article.

Onboarding Servers to Azure Arc

As mentioned we will have a closer look here at how you can onboard Linux and Windows Server to Azure Arc. To onboard a server which can run Linux or Windows, physical or virtual, and can run on-premises or at another service provider, you open Azure Arc in the Azure Portal. There you can select manage servers.

Azure Arc Portal

Azure Arc Portal

Here you will see your existing servers which you have on-boarded.

Azure Arc Server in Portal

Azure Arc Server in Portal

 

You can click on Add, to add another server. You will be able to add a single server or get instructions to onboard servers at scale.

Add server to Azure Arc

Add server to Azure Arc

Here you can go through a wizard that will help you to generate a script, which you can copy or download to run it on your server. You can select the subscription and resource group, as well as the region where you want to join your server.

You will also be able to configure a proxy server if your server is behind a proxy. Since this will use the Azure Resource Manager, you will also be able to use tags. After you are done with the wizard, you are able to download or copy the command to run that on your server.

Generate Script

Generate Script

After you have run that command on your on-premises server, your server will show up as an Azure resource in a couple of minutes.

Use Windows Admin Center to onboard a server to Azure Arc

Windows Admin Center and Azure Stack HCI

Windows Admin Center and Azure Stack HCI

If you are using Windows Admin Center on Windows Server or with Azure Stack HCI, you can also onboard servers directly from there. Go to the settings of the server and click on Azure Arc. Now you can sign in and select the specific subscription and resource group.

More

If you want to know more about the Azure Hybrid announcements at Microsoft Ignite 2019, check out the blog post of Julia White. If you want to know more about Azure Arc, check out the blog post from Jeremy Winter. If you have any questions about it feel free to leave a comment, or if you are at Microsoft Ignite, feel free to talk to me and the Azure team.

I will also host a Microsoft Ignite Live interview with Jian Yan, which you can watch live in Orlando or online.

Microsoft Ignite Live

Azure is built from the ground up to manage at-scale, cross-geography environments with multiple operational models and DevOps patterns. The vision is to keep Azure at the center of the enterprise as the control plane for governance, management, and modern development and bring the Azure management capabilities and services to any customer environment. In this session, we demo one of the extension services to enable you to bring servers from anywhere to Azure, and use Azure to get a compliance view for all your server assets.



New Windows Server Performance Monitor

New Performance Monitor for Windows Server

In this blog post, I am going to show you the new Windows Performance Monitor feature in Windows Admin Center. This feature was announced publicly at Microsoft Ignite 2019. But before we are going to have a look at the new Windows Admin Center Performance Monitor extension, it is time for some history. If you have worked with Windows or Windows Server in the past, you almost certainly have used a tool called perfmon.exe, or Windows Performance Monitor.

You can use Windows Performance Monitor to examine how programs affect your computer’s performance, both in real-time and by collecting log data for later analysis. It uses performance counters, event trace data, and configuration information, which can be combined into Data Collector Sets. Perfmon exists already for a long time. It is super powerful for troubleshooting Windows. However, it is definitely if you look at the classic MMC user-interface and the user-experience in general, probably not your favorite tool to use. That is why we needed something better.

Perfmon

Perfmon.exe

Windows Reliability and Performance Monitor is a Microsoft Management Console (MMC) snap-in that provides tools for analyzing system performance. From a single console, you can monitor application and hardware performance in real time, customize what data you want to collect in logs, define thresholds for alerts and automatic actions, generate reports, and view past performance data in a variety of ways.

You can find more about the classic perfmon.exe here.

A couple of weeks ago, I was contacted by Windows Server Program Manager Cosmos Darwin, who works at great features in Windows Server like Storage Spaces Direct. He asked me if I remember my feedback item in user voice, which I created a couple of years ago.

Windows Server Windows Admin Center User Voice Feedback

Windows Server Windows Admin Center User Voice Feedback

Back then, I wasn’t working for Microsoft, but I was working in a couple of different projects where we were using Windows Server and needed to build a real-time performance monitoring system. Which allowed us to monitor remote servers and clusters.

And here it is, the shiny new Windows Admin Center Performance Monitor extension. This new UI is integrated into the web-based Windows Admin Center management tool.

Windows Admin Center Performance Monitor

Windows Admin Center Performance Monitor

Using the Performance Monitor extension in Windows Admin Center uses the same performance data as perfmon, like performance counters, which means that it will just work with your existing configuration. However, it adds a couple of benefits. No worries, the classic perfmon.exe is still there for you to use it.

  • Easy Remoting ✔ – You can easily use it on your remote machine. Windows Admin Center uses PowerShell remoting in the background to connect to the remote computer.
  • Share Workspaces ✔ – You can create workspaces that you can save and use for multiple systems within the same Windows Admin Center instance. But you can also export them and import them on other Windows Admin Center gateway installations.
    Upload and Download Workspaces

    Upload and Download Workspaces

  • Search and highlighting ✔ – You can easily search for objects and counters. Performance Monitor also highlights the useful objects for your system. So you don’t have to guess which counter to use.
    Performance Monitor Search Counter

    Performance Monitor Search Counter

  • Different Graph Types ✔ – You can use different types of graphs, which make it easier to find and compare the right information depending on your scenario.
    Min-Max View

    Min-Max View

    Windows Server Performance Monitor Heatmap

    Windows Server Performance Monitor Heatmap

     

I hope this gives you a quick overview of the new Performance Monitor extension in Windows Admin Center. You can get Windows Admin Center from here. If you have any questions, feel free to leave a comment. There is also a short survey, about different tools like perfmon, this will directly influence the work on Windows Admin Center. You can check out the official announcement blog here.

By the way, Windows Admin Center also offers a great set of Azure Hybrid services integration. Check out my blog post and videos about the Azure Hybrid services in Windows Admin Center.



Connect Azure VMs with Windows Admin Center

How to manage Azure VMs with Windows Admin Center

Windows Admin Center is a browser-based management tool to manage your servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. You can deploy it anywhere you want. If you run on-prem, you can install it on a Windows Server running in your infrastructure, or you can also install Windows Admin Center on an Azure virtual machine (VM). In this post, we want to address scenarios where you have deployed Windows Admin Center on-premises, and you want to manage some Azure VMs. In this post, I am going to show you how you can manage Azure VMs with Windows Admin Center (WAC).

If you want to know more about Windows Admin Center in general, check out my blog post.

How to manage Azure IaaS VMs with your on-premises Windows Admin Center gateway

As mentioned before, you can also install a Windows Admin Center server running on Azure IaaS virtual machine, but more on that in another post. In this post, I will cover how you can connect to an Azure VM from your on-prem Windows Admin Center (WAC) installation. There are two ways you can connect from WAC to Azure VMs.

The first one would be using the public IP address of a virtual machine running in Azure. This would mean that you need to open the PowerShell remoting port in the network security group (NSG), to be able to connect. I wouldn’t recommend this scenario since this exposes your virtual machines to the public internet. However, if you want to know more about that solution, check out the Microsoft Docs.

What I wound recommend is that you use a VPN connection to connect to your Azure virtual network where your VM is running. However, I know that in a lot of cases, you might not have a Site-2-Site VPN connection to your Azure virtual network. To still be able to connect form Windows Admin Center to an Azure VM, you can use the Azure Network Adapter feature. The Azure Network Adapter will create a Point-2-Site VPN connection from your Windows Server to Azure. And we are going to use this feature on our WAC gateway, so the WAC gateway is able to reach the virtual machine in Azure.

Add Azure Network Adapter

Add Azure Network Adapter

First, you will need to add a new Azure Network Adapter. This can be done in the Network extension in Windows Admin Center. This will open up a wizard that will guide you through the setup and if needed also helps you to register WAC in Microsoft Azure.

Create Azure Network Adapter

Create Azure Network Adapter

The setup can take a while, depending on if you already have a VPN gateway in Azure or not. WAC will create all the necessary resources in Azure, and create the Point-to-Site VPN connection for you. Also, keep in mind that the VPN gateway is an additional resource and will have an additional cost.

Connect to an Azure Virtual network

Connect to an Azure Virtual network

Now you can add and connect to your virtual machine running in Azure, using the private IP address of the machine.

Connect Azure VMs with Windows Admin Center

Connect Azure VMs with Windows Admin Center

You add a server by directly entering the IP address or you can use the Add Azure Virtual Machine wizard, to discover the VM in your Azure subscription.

Add Azure VM in Windows Admin Center

Add Azure VM in Windows Admin Center

I hope this helps you to connect your Azure virtual machines security without exposing ports to the public internet. If you have a site-to-site VPN connection to your Azure virtual network, you can use this as well without the need of setting up Azure Network Adapter.

If you are interested in other Azure Hybrid services in Windows Admin Center, check out the following blog post including the video series: Configure Azure Hybrid Services in Windows Admin Center

Besides, you can also have a look at my other blog post about how to set up Azure hybrid cloud services.

If you want to download Windows Admin Center, check out the download page. If you have any questions, feel free to leave a comment.



VeeamON Virtual 2019

Experts Lounge at VeeamON Virtual 2019 Conference

I am happy to announce that I will be part of this year’s VeeamON Virtual Conference for Cloud Data Management. I will be part of the virtual expert’s lounge during the online event. As a Veeam Vanguard, this is a great opportunity and I am already looking forward to being part of this event. VeeamON Virtual will be on November 20, 2019, and you can find more information here.