Tag: Microsoft Azure

Azure Arc-enabled SQL Managed Instance Landing zone accelerator

Azure Arc-enabled SQL Managed Instance Landing zone accelerator

In this episode of the Azure Enablement Show, I am joined by Lior Kamrat, from the Azure Arc team to discuss the how the Azure Arc-enabled SQL Managed Instance Landing Zone Accelerator, which covers nine critical design areas, will help customers who are operating a hybrid or multi-cloud environment.

Azure Arc-enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.

If you want to learn more, check out the following links:



Manage Azure Arc-enabled Azure Stack HCI with Azure Arc

Manage Azure Arc-enabled Azure Stack HCI from Azure

In this blog post we are going to have a quick look on how you can manage Azure Arc-enabled Azure Stack HCI (Hyper-Converged Infrastructure) directly from Microsoft Azure using the Azure Arc integration. As part of the Azure Arc-enabled infrastructure, Azure Stack HCI can be managed directly from the Azure control plane.

Azure Arc-enabled Azure Stack HCI provides you with unified resource management and a flexible cloud-connected architecture. Which means you can always stay up to date with the latest Azure security, performance, and capabilities with Azure Arc–enabled Azure Stack HCI. Discover, monitor, and manage the Azure Stack HCI hosts as well as the virtual machines (VMs) and containers running on them from within the Azure portal or the Azure Resource Manager (ARM) APIs.

Azure Arc-enabled Infrastructure with Azure Stack HCI
Azure Arc-enabled Infrastructure with Azure Stack HCI

After you have deployed and registered Azure Stack HCI with Azure Arc, you can now see the resource in the Azure portal. From here you can leverage different Azure management tools and hybrid cloud services.

Azure Stack HCI in the Azure Portal
Azure Stack HCI in the Azure Portal

Monitor Azure Stack HCI with Azure Monitor

You can now monitor your Azure Stack HCI clusters directly from Azure using Azure monitor. This also provides a great overview if you manage multiple Azure Stack HCI clusters.

Monitor Azure Stack HCI with Azure Monitor
Monitor Azure Stack HCI with Azure Monitor

Enable Azure Hybrid benefits for Azure Stack HCI

You can easily enable the Azure Hybrid benefits for your Azure Stack HCI cluster and other features directly from the Azure portal.

Enable Azure Hybrid benefits on Azure Stack HCI
Enable Azure Hybrid benefits on Azure Stack HCI

Deploy virtual machines (VMs) using the Azure Arc resource bridge

With the Azure Arc resource bridge integration, you can easily deploy new virtual machines on your Azure Stack HCI clusters running on-premises or at the edge.

Create VM on Azure Stack HCI using the Azure Portal
Create VM on Azure Stack HCI using the Azure Portal

You can use your own images stored locally, on a central Azure storage account, or even use Azure marketplace images.

Manage VM images on Azure Stack HCI with Azure Marketplace
Manage VM images on Azure Stack HCI with Azure Marketplace

Use Windows Admin Center in the Azure Portal

If you need some more granular management, you can also use Windows Admin Center directly from the Azure portal. No VPN needed; the connection works securely over the integrated Azure Arc agent.

And more

I hope this blog and the video provided you with an overview on how you can manage your Azure Arc-enabled Azure Stack HCI cluster directly from Azure. This only converted some of the features, there is more than just that.

If you have any questions, feel free to comment below.



Windows Server Summit 2022 Speakers

Speaking at the Windows Server Summit 2022

I am happy to let you know that I will be speaking at the Windows Server Summit 2022 and show you how you can run the Azure Kubernetes Service (AKS) Hybrid deployment options on Windows Server and Azure Stack HCI, as well as manage it through Azure Arc. But there is more to learn here, and we have some great speakers, such as Roanne Sones, Bernardo Caldas, and many more, showing you all the best about Windows Server.

Join us on: Tuesday, December 6, 2022 9:00 AM–10:30 AM Pacific Time and register right here.

Make sure you check out the latest about the Azure Hybrid Benefit for Windows Server customers.

Windows Server Summit 2022 Speakers
Windows Server Summit 2022 Speakers

Learn how to open up new opportunities for your org to innovate and operate more efficiently—while also improving security—at the Windows Server Summit. Join your peers and Microsoft experts for sessions and demos on the latest Windows Server 2022 and Azure capabilities.

You’ll gain practical skills and insights on how to:

  • Fortify your security with improved multilayer protection.
  • Easily manage and integrate your on-premises servers to Azure with Automanage and Windows Admin Center.
  • More efficiently secure and manage hybrid or multi-cloud environments.
  • Run apps seamlessly across on-premises datacenters and the cloud with Azure Arc.
  • Make the most of the management capabilities in System Center 2022.

And you’ll be able to ask the experts about your own use cases during the live Q&A.

I hope to see you live on the Windows Server Summit 2022!



Ignite 2022 Azure Hybrid Cloud announcements recap

Livestream: Ignite 2022 Azure Hybrid Cloud announcements recap

Last week at Microsoft Ignite 2022 we had a huge amount of Azure Hybrid Cloud announcements. Today, Lior Kamrat (Principal Program Manager Arc Platform at Microsoft) and Thomas Maurer (Senior PM & Chief Evangelist Azure Hybrid) will host a livestream on October 19, where you can learn about the latest Azure hybrid cloud news announcements from Microsoft Ignite.

If you can’t wait for the latest news, make sure you check out my blog posts on the new AKS Hybrid deployment options and AKS Lite, as well was my post on Azure Automanage for Azure Arc-enabled Servers, which is now generally available.

Join the Azure Hybrid Ignite 2022 recap livestream with Lior Kamrat and Thomas Maurer to learn about the latest Azure hybrid

Join us on the YouTube Livestream

If you are interested, join us on October 19 online. I am really looking forward to chatting with you in the Livestream about the latest Microsoft Azure Hybrid news from Microsoft Build. You can find the live stream here on YouTube.

If you have any questions, feel free to leave a comment.



PowerShell Unplugged 2022

PowerShell Unplugged 2022 Edition

April Edwards and I had the chance to host the PowerShell Unplugged 2022 Edition and the video is now available on YouTube! In the PowerShell Unplugged 2022 Edition we talked to the PowerShell product group at Microsoft to learn more about PowerShell 7, secret management, PowerShell Crescendo, Remoting, Predictive IntelliSense, VS Code, the roadmap, and the future of PowerShell!

PowerShell Unplugged 2022 Timestamps

The timestamps for the video:

  • 0:00 – Video Intro
  • 03:29 – Secret Management in PowerShell
  • 07:10 – Installing PowerShell 7
  • 09:20 – Installing the SecretManagement Module
  • 31:08 – PowerShell Crescendo
  • 1:03:47 – PowerShell Team Blog
  • 1:08:50 – Remoting with PowerShell
  • 1:36:05 – Shell of an Idea
  • 1:36:12 – Predictive IntelliSense with PowerShell
  • 1:52:05 – Using VSCode with PowerShell
  • 1:57:16 – PowerShell 7 Roadmap

Some useful links:

I hope you liked the PowerShell Unplugged 2022 Edition, let me know what you think!



Manage your AKS on Windows Server cluster from the Azure Portal using Azure Arc

New AKS hybrid deployment options enabled by Azure Arc, AKS Lite and Hybrid Benefit

This week at Microsoft Ignite Microsoft announced some new features and improvements to the Azure Kubernetes Service (AKS) hybrid deployment options enabled by Azure Arc. This allows you to run the Azure Kubernetes Service (AKS) you know as a managed Kubernetes on Azure, in a hybrid cloud environment on-premises, and edge locations. These include AKS Lite, new lifecycle management for AKS hybrid clusters, and the Azure Hybrid Benefit for Azure Kubernetes Service (AKS).

Azure Arc enabled AKS Hybrid at Microsoft Ignite
Azure Arc enabled AKS Hybrid at Microsoft Ignite

AKS Lite

AKS Lite allows you to deploy AKS as a light weight, static Kubernetes platform that enables rapid innovation and application modernization at the edge on Windows devices. AKS lite is designed PC-class devices running Windows 10/11 IoT Enterprise, Windows 10/11 Pro or Windows Server. AKS Lite is Microsoft-managed light-weight Kubernetes distribution, which can run both Linux and Windows containers, and coupled with Azure Arc customers can manage their edge Kubernetes cluster from Azure. You can learn more about AKS Lite here.

Lifecycle management of AKS hybrid clusters using Azure

With the new preview feature you can now directly deploy and manage AKS hybrid clusters running on Azure Stack HCI or Windows Server directly via Azure Portal or Azure CLI. This means you can also use Azure Resource Manager (ARM) or Bicep templates. This will provide a great management experience similar to the one for AKS in Azure. You can learn more about the AKS hybrid lifecycle management here.

Azure Hybrid Benefit for Azure Kubernetes Service

Microsoft Azure already offers great Azure Hybrid Benefits if you already own Windows Server and SQL Server licenses. With the Azure Hybrid Benefit for Azure Kubernetes Service (AKS) and your existing Windows Server Datacenter and Standard Software Assurance (SA) and Cloud Solution Provider (CSP) licenses you can run AKS on Windows Server and Azure Stack HCI at no additional cost in your datacenter and edge locations.

In addition to this, Windows Server Datacenter SA customers can now use Azure Stack HCI at no additional cost.

Learn more about these announcements on the official Tech Community blog.

If you are interested to get a sneak of some AKS hybrid deployment options, check out my video here (this doesn’t include the new lifecycle management)



Azure Arc-enabled Server APP01

Use the Azure Arc Managed Identity with Azure PowerShell

In this blog post we are going to have a look at how you can use the Azure Arc provided Azure Active Directory (Azure AD) managed identity (MSI) to authenticate in Azure PowerShell on your on-premises Linux and Windows Server machines.

The moment you want to run some automation directly on your servers, you often end up in a scenario where you need some credentials to run your PowerShell script. Now the issue with that is that you need to store or get your credentials from somewhere and that can be an issue. Luckly, Azure Arc provides you with an Azure Active Directory Managed Identity which can be used for that.

Azure PowerShell allows you an uncomplicated way to login using that managed identity.

Prerequisites

Azure Arc-enabled Server APP01
Azure Arc-enabled Server APP01
  • You are a member of the Owner group in the subscription or resource group, in order to perform required resource creation and role management steps.
Add Role Assignment to resource or resource group for Azure Arc-enabled Server APP01
Add Role Assignment to resource or resource group for Azure Arc-enabled Server APP01

Get an access token using REST API

For an Azure Arc-enabled Windows server, using PowerShell, you invoke the web request to get the token from the local host in the specific port. Specify the request using the IP address or the environmental variable IDENTITY_ENDPOINT.

$apiVersion = "2020-06-01"
$resource = "https://management.azure.com/"
$endpoint = "{0}?resource={1}&api-version={2}" -f $env:IDENTITY_ENDPOINT,$resource,$apiVersion
$secretFile = ""
try
{
    Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing
}
catch
{
    $wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
    if ($wwwAuthHeader -match "Basic realm=.+")
    {
        $secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
    }
}
Write-Host "Secret file path: " $secretFile`n
$secret = cat -Raw $secretFile
$response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
if ($response)
{
    $token = (ConvertFrom-Json -InputObject $response.Content).access_token
    Write-Host "Access token: " $token
}

For an Azure Arc-enabled Linux server, using Bash, you invoke the web request to get the token from the local host in the specific port. Specify the following request using the IP address or the environmental variable IDENTITY_ENDPOINT. To complete this step, you need an SSH client.

ChallengeTokenPath=$(curl -s -D - -H Metadata:true "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com" | grep Www-Authenticate | cut -d "=" -f 2 | tr -d "[:cntrl:]")
ChallengeToken=$(cat $ChallengeTokenPath)
if [ $? -ne 0 ]; then
    echo "Could not retrieve challenge token, double check that this command is run with root privileges."
else
    curl -s -H Metadata:true -H "Authorization: Basic $ChallengeToken" "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2019-11-01&resource=https%3A%2F%2Fmanagement.azure.com"
fi

You can learn more about this on Microsoft Learn.

Login with Azure PowerShell on Azure Arc enabled server using Managed Identity

To login with your managed identity using Azure PowerShell, run the following command:

Connect-AzAccount -Identity

Now you have access to the resources your Azure AD managed identity (MSI) on your Azure Arc-enabled server has permissions to.

Azure PowerShell on Azure Arc enabled server using Managed Identity
Azure PowerShell on Azure Arc enabled server using Managed Identity

Conclusion

I hope this post is helpful to build some automation with Azure PowerShell on your on-premises or multi-cloud servers with Azure Arc. Let me know if you have any questions in the comments below.



Clouded Clouded Uncovering The Culture Of Cloud (2022) Thomas Maurer Coming Soon

Clouded – Uncovering The Culture Of Cloud (2022) Documentary

I am excited and proud to share with you that I will be part of the Clouded – Uncovering The Culture Of Cloud (2022) Documentary produced by Dark Matter Film. The documentary will be shown as a premiere in London on October 18th and until then you can watch the official trailer here.

Clouded Clouded Uncovering The Culture Of Cloud (2022) Thomas Maurer Coming Soon
Clouded Clouded Uncovering The Culture Of Cloud (2022) Thomas Maurer

Clouded | Uncovering The Culture Of Cloud (2022)

An original film that is uncovering the realities of cloud technology and its effects on both business and society. Many have grown confused with our relationship with a rapidly expanding cloud market, others are reflecting on their strategies. The question is, when did cloud become so ‘Clouded’.

Clouded confronts some of the uncomfortable truths that exist in today’s cloud culture. This is a journey of discovery that uncovers topics which undoubtedly require further thought by governments, enterprise businesses and technology executives.

Clouded | Uncovering The Culture Of Cloud (2022)

Register for the Exclusive “Clouded” Premiere in London

I hope to see you at the premiere of Clouded in London!

When and Where: 18th October 2022 | Ham Yard Hotel, London

Register to secure your seat to join us at the exclusive premiere of ‘Clouded’. The event will include an exclusive screening followed by afternoon tea.

There are a limited number of spaces at the in-person event – you will be contacted to confirm your space and provided with further details. If you are unable to attend in-person, the documentary will be available on general release in the weeks following the premiere.

About Thomas Maurer

Thomas works as a Senior Program Manager & Chief Evangelist Azure Hybrid at Microsoft (Cloud + AI). He engages with the community and customers around the world to share his knowledge and collect feedback to improve the Azure hybrid cloud and edge platform. Prior to joining the Azure engineering team (Cloud + AI), Thomas was a Lead Architect and Microsoft MVP, to help architect, implement and promote Microsoft cloud technology.

If you want to know more about Thomas, check out his blog: www.thomasmaurer.ch and Twitter: www.twitter.com/thomasmaurer



Check expire date for Azure Arc service principal created by PowerShell

Create an Azure Arc Service Principal with longer expiration date using PowerShell

When you are onboarding at scale of Azure Arc enabled servers or Azure Arc enabled Kubernetes clusters, you want to use service principals for automated authentication during the onboarding process for Azure Arc resources. Microsoft provides you with an option in the Azure portal to create that service principal. When you use this, you can set an expiration date for that service principal, which is great because you don’t want this to be available for ever, even do you can only onboard machines with it. In this blog post we are going to have a look at how you can create an Azure Arc Service Principal with longer expiration date using Azure PowerShell.

New Azure Arc service principal in the Azure portal with max expire date of 1 month
New Azure Arc service principal in the Azure portal with max expiration date of 1 month

For some customers, one month expiration time for a service principal to onboard Azure Arc enabled servers or Kubernetes clusters might be a little short.

Check expire date for Azure Arc service principal
Check expiration date for Azure Arc service principal

To create a service principal to onboard an Azure Arc enabled server or Kubernetes cluster resource, you can use Azure PowerShell using the following commands:

# Set how many days the password will be valid for
$startDate = get-date
$endDate = $start.AddDays(90)

# Create a new service principal
$arcServiceprincipalName = "tm-arcserveronboarding-pwsh-sp"
New-AzADServicePrincipal -DisplayName $arcServiceprincipalName -Role "Azure Connected Machine Onboarding" -StartDate $startDate -EndDate $endDate 

This will create a service principal to onboard servers for 90 days. In my case I used Azure PowerShell running inside Azure CloudShell.

Create an Azure Arc Service Principal with longer expiration date using PowerShell
Create an Azure Arc Service Principal with longer expiration date using PowerShell

Now if you check the expiration date, you can see it is 90 days.

Check expire date for Azure Arc service principal created by PowerShell
Check expiration date for Azure Arc service principal created by PowerShell

I hope this blog post was help full on showing you how you can create an Azure Arc Service Principal with longer expiration date using PowerShell. If you want to learn more about onboarding Azure Arc enabled servers at scale, check out the following Microsoft Docs article: Connect hybrid machines to Azure at scale. If you have any questions, feel free to leave a comment below.



Manage Hybrid Server Management Survey with Azure Arc

Microsoft Azure Arc-enabled Servers Survey 2022

We want to learn from you about hybrid server management, so the team build a Microsoft Azure Arc-enabled servers survey 2022.

Give us your thoughts on hybrid server management with Azure Arc! Take the survey at https://aka.ms/ArcServersSurveyLI for a chance to win a $300 virtual gift card!

This survey asks about your experience with trying, using, and/or advocating for Azure Arc-enabled servers and reasons to use it or not. Our goal is to make managing on-premises, hybrid and/or multi-cloud infrastructure easier for you.

Previous experience with Azure Arc-enabled servers is NOT required to participate in this survey. Your feedback will help us shape the future of our products.

There are three parts in this survey, and it will take about 12-15 minutes to complete.

Open only to people 18+ using servers/VM infrastructure. Ends 9/30/22. For details, see Official Rules.

Thank you for taking the Azure Arc-enabled Servers Survey 2022!