Tag: on-premises

Azure Regions and custom locations

Run cloud-native apps on Azure PaaS anywhere

At Microsoft Build 2021, Microsoft just announced the availability of Azure Arc enabled Application services. This allows you to deploy Azure application services such as Azure App Service, Functions, Logic Apps, Event Grid, and API Management anywhere, on-premises, edge locations, or any other cloud provider. This is great if you are building and running cloud-native applications on Azure PaaS services and want them to run outside of Azure without rearchitecting them. With the new Platform-as-a-Service (PaaS) services and the existing Azure Arc enabled Data services, and Azure Arc enabled Kubernetes, you get a powerful platform to run your cloud-native applications in a consistent way in your hybrid or multicloud environment.

To learn more about Azure Arc, check out the Microsoft Docs.

Azure Arc enabled Application Services

These are the new Azure Arc enabled Application services announced at Microsoft Build 2021. These allow you to run Azure PaaS services on-premises and at other cloud providers.

  • Azure App Service makes building and managing web applications and APIs easy with a fully managed platform and features like autoscaling, deployment slots, and integrated web authentication.
  • Azure Functions makes event-driven programming simple, with state-of-the-art autoscaling, and triggers and bindings to integrate with other Azure services.
  • Azure Logic Apps produces automated workflows for integrating apps, data, services, and backend systems with a library of more than 400 connectors.
  • Azure Event Grid simplifies event-based applications with a single service for managing the routing of events from any source to any destination.
  • Azure API Management provides a unified management experience and full observability across all internal and external APIs.

Azure Arc enabled Data Services

The applications services can be combined with the Azure Arc enabled Data services which inlcuded:

  • Azure Arc enabled Azure SQL Managed Instance – Azure Arc enabled SQL Managed Instance has near 100% compatibility with the latest SQL Server database engine, and enables existing SQL Server customers to lift and shift their applications to Azure Arc data services with minimal application and database changes while maintaining data sovereignty. At the same time, SQL Managed Instance includes built-in management capabilities that drastically reduce management overhead.
  • Azure Arc enabled Azure PostgreSQL Hyperscale – This is the hyperscale form factor of the Postgres database engine that is available with Azure Arc enabled data services. It is also powered by the Citus extension that enables the hyperscale experience. In this form factor, our customers provide the infrastructure that hosts the systems and operate them.

Azure Arc enabled Infrastructure

Azure Arc enabled infrastructure allows you to manage and operator Linux and Windows Servers as well as Kubernetes clusters outside of Azure.

  • Azure Arc enabled Kubernetes – With Azure Arc enabled Kubernetes, you can attach and configure Kubernetes clusters located either inside or outside Azure. You can benefit from Azure Management services such as Azure Monitor, Azure Policy, Azure Defender for Kubernetes, and many more. You can deploy applications and apply configuration using GitOps-based configuration management.
  • Azure Arc enabled Servers – enables you to manage your Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. This management experience is designed to be consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. That includes an Azure Managed Identity which can be used for Azure AD authentication within your apps.

How to run Azure Application Services anywhere

To run the Azure Application on-premises or at another cloud provider you will need an Azure Arc enabled Kubernetes cluster. On this cluster you can then deploy the Azure Application services. Azure Arc enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters. The Azure Arc team has worked with key industry partners to validate conformance of their Kubernetes distributions with Azure Arc enabled Kubernetes.

How to connect a Kubernetes cluster to Azure using Azure Arc

To connect a Kubernetes cluster using Azure Arc you can follow the following Microsoft Docs article.

Deploy App Service extensions

Now navigate to the Azure Arc enabled Kubernetes cluster you want to deploy the Azure Application services on.

Azure Arc enabled Kubernetes Cluster running on-premises
Azure Arc enabled Kubernetes Cluster running on-premises

In the navigate to Extensions, and select add.

Azure Arc enabled Kubernetes Cluster Extensions
Azure Arc enabled Kubernetes Cluster Extensions

Select the Azure service you want to enable.

Add Application Services Extension
Add Application Services Extension

In my case I select Application services, which includes Azure Web Apps, Functions, and Logic Apps.

Application services extension Preview
Application services extension Preview

Click on Create to open the wizard which will help you deploy the Application services extension.

Define the instance name and select a custom location if you already have one. The custom location in an Azure Arc enabled Kubernetes cluster. This can then be used instead of an Azure region when you deploy a service.

Install application services extension and create custom location
Install application services extension and create custom location

After that, you can configure Monitoring and add Azure Tags. In the end, the wizard will create you a script that you can run using the Azure CLI locally or directly within Azure Cloud Shell.

Download or Copy script to deploy the Azure App Service for Kubernetes with Azure Arc
Download or Copy script to deploy the Azure App Service for Kubernetes with Azure Arc

Now you can find your new custom location in the custom locations list in the Azure Arc Center. You can see, in my list, I have Kubernetes clusters running on-premises or at another cloud provider.

Custom Locations
Custom Locations

I can now navigate to App services so add a new Web App.

Create App Service and select a custom location
Create App Service and select a custom location

When I select the Region, I can now not just select the Azure Regions, but also my custom locations.

Azure Regions and custom locations
Azure Regions and custom locations

Conclusion

I hope this blog gave you a quick overview on how you can create and run your cloud-native applications running on Azure PaaS Services using Azure Arc. This is ideal for you to build applications running on modern services in hybrid and mutlicloud environments using a single architecture. If you have any questions feel free to leave a comment.



Connect a hybrid server to Azure using Azure Arc

Connect a Hybrid Server to Azure using Azure Arc

New week, new Azure tip video!. This week we are going to have a look at how you can connect a hybrid server to Azure using Azure Arc. Azure Arc enabled servers enables you to manage and govern your Windows and Linux machines hosted across on-premises, edge, and multi-cloud environments. You’ll learn how to deploy and configure the Connected Machine agent on your Windows or Linux machine hosted outside of Azure for management by Arc enabled servers.

You can also check out the following links to learn more about Azure Arc enabled servers and how you can connect a hybrid server to Azure using Azure Arc.

Connect a Hybrid Server to Azure using Azure Arc

To connect a server running on-premises or at another cloud provider to Azure using Azure Arc, you can simply go to the Azure Portal to the Azure Arc Center and select Azure Arc enabled servers. Here you can click on the “Add” button.

Add Azure Arc Enabled Server

Add Azure Arc Enabled Server

There are currently two different ways to onboard a server. You can use an interactive script or an adding servers at scale method. With the interactive script method, you will need to provide credentials when running the script on a machine. With the onboarding at scale method, you will need to create a Service Principal Name with the minimum set of Azure permissions to onboard your servers. I highly recommend that in production environments, you o for the service principal method.

Select a method

Select a method

For demonstration purposes, we will go on with the interactive script method because this provides you with more details when you do it the first time. You will be provided with some of the prerequisites for Azure Arc enabled servers.

Add a server with Azure Arc

Add a server with Azure Arc.

You will need to provide some resources details, such as the Azure subscription, resource group, region for the metadata. You will also need to select the operating system type since the script you will get at the end will be a PowerShell script for your Windows machines and a shell script for your Linux servers.

Resource Details

Resource Details

You can now configure tags for your Azure Arc enabled server, or you can skip that step and do that later. In the end, you will be provided with a script, which you can run on the server you want to onboard to Azure Arc. This script will download the Azure Connected Machine agent, install the agent and register the server to Microsoft Azure.

Azure Arc Onboarding Script

Azure Arc Onboarding Script

This should provide you with a quick overview of how you can add a hybrid server to Azure using Azure Arc. Now the Azure Arc enabled server will show up as an Azure resource, and you can start using Azure management services for your on-premises server, like monitoring. If you want to learn more about Azure Arc, check out the recording of my session at Experts Live – Azure Hybrid Cloud Management.

If you have any questions or comments, feel free to leave a comment below.



Azure Arc enabled SQL Server

Azure Arc enabled SQL Server Preview is now available

As you know, I do a lot of work on Hybrid Cloud topics like Azure Arc, which allows you to extend Azure management and Azure services to any infrastructure. I talk a lot about how you can use Microsoft Azure to manage your servers running on-premises or at other cloud providers, or how you can connect and manage Kubernetes clusters. The Azure Data services team at Microsoft Ignite 2019 also announced the private preview of Azure Arc Data services, which allow you to deploy services like Azure SQL on any infrastructure. This week they had another news to share, and it is the private preview of Azure Arc enabled SQL Server. With Azure Arc enabled SQL Server, you can use the Azure Portal to register and track the inventory of your SQL Server instances across on-premises, edge sites, and multi-cloud in a single view. You can also take advantage of Azure security services, such as Azure Security Center and Azure Sentinel.

Onboarding SQL Server to Azure Arc

Onboarding SQL Server to Azure Arc

The preview of Azure Arc enabled SQL Server Preview includes the following features:

  • Use the Azure Portal to register and track the inventory of your SQL Server instances across on-premises, edge sites, and multi-cloud in a single view.
  • Use Azure Security Center to produce a comprehensive report of vulnerabilities in SQL Servers and get advanced, real-time security alerts for threats to SQL Servers and the OS.
  • Investigate threats in SQL Servers using Azure Sentinel.

Azure Security Center assessment of on-premises SQL Server

Azure Security Center assessment of on-premises SQL Server

You can register any Windows or Linux based SQL Server to track your inventory. Azure Security Center’s advanced data security works on Windows-based SQL Server version 2012 or higher, running on physical or virtual machines and hosted on any infrastructure outside of Azure.

If you are interested in participating in this preview, check out the official blog post. If you have any questions, feel free to leave a comment.



Secure your Server with Azure Security Center

Use Azure Security Center with Windows Server on-premises

Windows Admin Center makes it easy to connect Azure Hybrid Cloud services to your on-premises Windows Server environment. For a while now we can connect services like Azure Monitor, Azure File Sync, Azure Update Management and many more to Windows Server. This helps us to make our on-premises environment even better, by using Azure Cloud Services. At Microsoft Ignite we also announced Azure Arc, which brings cloud-native management to your on-premises environment. With the latest version of the Windows Admin Center, we can now easily connect Windows Servers to Azure Security Center. Azure Security Center will help you to quickly strengthen your security posture and protect against threats. It will not just scan your Azure resources but also your hybrid resources, for example, servers running on-premises or at other cloud providers. You can add Linux and Windows servers to Azure Security Center, and Windows Admin Center makes it easy to onboard your Windows Server.

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you’re on top of your security posture.

You can find more about Azure Security Center here.

Add an on-premises Windows Server to Azure Security Center

To add an on-premises Windows Server to Azure Security Center you can install an agent or you can use Windows Admin Center.

Secure your Server with Azure Security Center

Secure your Server with Azure Security Center

Open Windows Admin Center and click on Azure Security Center in the menu. Click on Sign into Azure and set up. This will open the wizard to onboard the server.

Onboard Server to Azure Security Center with Windows Admin Center

Onboard Server to Azure Security Center with Windows Admin Center

The wizard will ask you to with Azure subscription, resource group and log analytics workspace the server should be connected to. After a couple of minutes, you will get recommendations which you can review in the Azure Security Center or directly for the Windows Server in Windows Admin Center.

Azure Security Center Recommendations

Azure Security Center Recommendations

Get Windows Admin Center

Windows Admin Center is a free download to use with your Windows Servers, you can download Windows Admin Center here. If you want to know more about the Hybrid capabilities, check out my blog post on ITOpsTalk.com. If you want to know more about Azure Hybrid Cloud, check out azure.com/hybrid.

I hope this gives you an overview of how you add Windows Servers to Azure Security Center using Windows Admin Center. Let me know if you have any questions in the comments.



Azure Hybrid

Azure Arc – Cloud-native Management for Hybrid Cloud

Azure Hybrid is not just Azure Stack, it also includes a couple of other Azure Hybrid services like Azure Update Management, Azure File Sync and many more. Today, Microsoft will extend the hybrid cloud solutions in Azure and announced Azure Arc, which is designed to extend Azure Management to any infrastructure. In the new world where organizations run servers, containers, and applications across multi-cloud environments, on-premises locations, and the edge, managing these hybrid resources becomes challenging. Azure Arc enables cloud-native Azure management across any infrastructure and also allows you to run Azure data services to be deployed anywhere. It includes hybrid server management, Kubernetes and Azure data services.

Azure Arc Overview

Azure Arc Overview

As you can see Azure Arc consists of a set of different technologies and components like:

  • Organize and govern all your servers – Azure Arc extends Azure management to physical and virtual servers anywhere. Govern and manage servers from a single scalable management pane. You can learn more about Azure Arc for servers here.
  • Manage Kubernetes apps at scale – Deploy and configure Kubernetes applications consistently across all your environments with modern DevOps techniques.
  • Run data services anywhere – Deploy Azure data services in moments, anywhere you need them. Get simpler compliance, faster response times, and better security for your data. You can learn more here.
  • Adopt cloud technologies on-premises – Bringing cloud-native management to your hybrid environment.

In this blog post, we will have a closer look at hybrid server management. If you want to know more about Azure Arc, check out the announcement blog post by Jeremy Winter, Director of Program Management, Microsoft Azure.

Cloud-native Azure management for hybrid environments with Azure Arc

By extending Azure Resource Manager to support hybrid cloud environments, Azure Arc to make it easier to implement cloud security across environments with centralized role-based access control, security policies. Azure Management provides you now with a single control plane for Azure native and Azure Arc resources.

Azure Management Overview

Azure Management Overview

Hybrid Server Management

Today Azure Arc allows you to onboard physical and virtual servers in your hybrid environment (on-premises, edge, and multi-cloud). By joining serves to Azure Arc, you get the benefits you are used from native Azure resources, like tags, RBAC, and many more. In the preview, you can now use Azure Management services like Azure Log Analytics and Azure Policy to make sure your servers are compliant across your hybrid environment.

Hybrid Server Management

Hybrid Server Management

I had the chance to have a very early chat with Jian Yan from the Azure Management team, a couple of weeks ago, about hybrid server management. Check out the video here:

Join the Preview

Azure Arc for Server is currently in public preview, while you can sign up for the preview to manage Kubernetes and data services. To enable hybrid server management, you must register the required Resource Providers.

  • Microsoft.HybridCompute
  • Microsoft.GuestConfiguration

You can register the resource providers with the following Azure PowerShell commands:

Login-AzAccount
Set-AzContext -SubscriptionId [subscription you want to onboard]
Register-AzResourceProvider -ProviderNamespace Microsoft.HybridCompute
Register-AzResourceProvider -ProviderNamespace Microsoft.GuestConfiguration

or with Azure CLI:

az account set --subscription "{Your Subscription Name}"
az provider register --namespace 'Microsoft.HybridCompute'
az provider register --namespace 'Microsoft.GuestConfiguration'

You can also run them from Azure Cloud Shell. If you want to know more, check out the following Microsoft Docs article.

Onboarding Servers to Azure Arc

As mentioned we will have a closer look here at how you can onboard Linux and Windows Server to Azure Arc. To onboard a server which can run Linux or Windows, physical or virtual, and can run on-premises or at another service provider, you open Azure Arc in the Azure Portal. There you can select manage servers.

Azure Arc Portal

Azure Arc Portal

Here you will see your existing servers which you have on-boarded.

Azure Arc Server in Portal

Azure Arc Server in Portal

 

You can click on Add, to add another server. You will be able to add a single server or get instructions to onboard servers at scale.

Add server to Azure Arc

Add server to Azure Arc

Here you can go through a wizard that will help you to generate a script, which you can copy or download to run it on your server. You can select the subscription and resource group, as well as the region where you want to join your server.

You will also be able to configure a proxy server if your server is behind a proxy. Since this will use the Azure Resource Manager, you will also be able to use tags. After you are done with the wizard, you are able to download or copy the command to run that on your server.

Generate Script

Generate Script

After you have run that command on your on-premises server, your server will show up as an Azure resource in a couple of minutes.

Use Windows Admin Center to onboard a server to Azure Arc

Windows Admin Center and Azure Stack HCI

Windows Admin Center and Azure Stack HCI

If you are using Windows Admin Center on Windows Server or with Azure Stack HCI, you can also onboard servers directly from there. Go to the settings of the server and click on Azure Arc. Now you can sign in and select the specific subscription and resource group.

More

If you want to know more about the Azure Hybrid announcements at Microsoft Ignite 2019, check out the blog post of Julia White. If you want to know more about Azure Arc, check out the blog post from Jeremy Winter. If you have any questions about it feel free to leave a comment, or if you are at Microsoft Ignite, feel free to talk to me and the Azure team.

I will also host a Microsoft Ignite Live interview with Jian Yan, which you can watch live in Orlando or online.

Microsoft Ignite Live

Azure is built from the ground up to manage at-scale, cross-geography environments with multiple operational models and DevOps patterns. The vision is to keep Azure at the center of the enterprise as the control plane for governance, management, and modern development and bring the Azure management capabilities and services to any customer environment. In this session, we demo one of the extension services to enable you to bring servers from anywhere to Azure, and use Azure to get a compliance view for all your server assets.