Tag: Server

Azure Arc Center - Azure Portal

Check out the new Azure Arc Center – Azure Portal

During the Microsoft Ignite 2020 virtual conference, Azure Arc got a couple of enhancements and announcements. For example, Azure Arc enabled servers is now generally available and Azure Arc and Azure Arc enabled data services is now in public preview. If you want to learn more what Azure Hybrid announcements we had at Microsoft Ignite 2020, check out (Corporate Vice President, Microsoft Azure) blog post. One of the enhancements which I find super helpful, but didn’t get a special mention, is the new Azure Arc Center blade in the Azure Portal.

All Azure Arc Resources

All Azure Arc Resources

In the Azure Arc Center, you can now find an overview of all your hybrid cloud resources and services you can use together with Azure Arc. These include different Azure Arc enabled services like:

You cannot just get an overview of different Azure Arc services, but also find an easy way to onboard, connect, and register new hybrid resources. To open the Azure Arc Center Blade, navigate to Azure Arc in the Azure Portal.

I hope this was helpful if you have any questions feel free to leave a comment.



Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Filter for Azure VMs and Azure Arc Machines

Inventory for Azure Arc enabled Servers

Azure Arc for Servers allows you to manage servers running in your on-premises location, at the edge, or in a multi-cloud environment directly from the Azure portal. There are many features available to manage these hybrid Azure Arc enabled servers, like Log Analytics or Azure Arc Machine extensions. However, one of the basic features of Azure Arc enabled Servers, is that you can now get an inventory and overview of all your servers. This allows you to see and manage your Azure Arc enabled servers next to your Azure resources.

Inventory for Azure Arc enabled Servers and Azure VMs

Inventory for Azure Arc enabled Servers and Azure VMs.

You can see that your Azure Arc enabled servers show up as Azure resources. You can use the filter to limit the view to only Azure virtual machines (VMs), and Azure Arc enabled servers.



Create Custom Script Extension for Windows - Azure Arc

How to Run Custom Scripts on Azure Arc Enabled Servers

With the latest update for Azure Arc for Servers, you are now able to deploy and use extensions with your Azure Arc enabled servers. With the Custom Script extension, you can run scripts on Azure Arc enabled servers and works similar to the custom script extension for Azure virtual machines (VMs). There is an extension for Windows and Linux servers, which is a tool that can be used to launch and execute machine customization tasks post configuration automatically.

When this Extension is added to an Azure Arc machine, it can download PowerShell and shell scripts and files from Azure storage and launch a script on the machine, which in turn can download additional software components. Custom Script Extension for Linux and Windows – Azure Arc tasks can also be automated using the Azure PowerShell cmdlets and Azure Cross-Platform Command-Line Interface (Azure CLI).

Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.

How to run Custom Scripts on Azure Arc enabled servers

To run a custom script on an Azure Arc enabled server, you can simply deploy the Custom Script Extension. You open the server you want to run the custom script in the Azure Arc server overview. Navigate to Extensions and click on Add, and select the Custom Script Extension for Windows – Azure Arc or on Linux the Custom Script Extension for Linux – Azure Arc.

Add Custom Script Extension

Add Custom Script Extension

Now you can select the PowerShell or shell script you want to run on that machine, as well as adding some optional arguments for that script.

Create Custom Script Extension for Windows - Azure Arc

Create Custom Script Extension for Windows – Azure Arc

After that, it will take a couple of minutes to run the script on the machine.

Conclusion

The Custom Script Extensions for Linux and Windows can be used to launch and execute machine customization tasks post configuration automatically.

You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.

If you have any questions or comments, feel free to leave a comment below.



Azure Arc Servers Log Analytics

Azure Log Analytics for Azure Arc Enabled Servers

In this blog post, we are going to have a quick look at how you can access Azure Log Analytics data using Azure Arc for Servers. The Azure Log Analytics agent was developed for management across virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager. The Windows and Linux agents send collected data from different sources to your Log Analytics workspace in Azure Monitor, as well as any unique logs or metrics as defined in a monitoring solution. When you want to access these logs and run queries against these logs, you will need to have access to the Azure Log Analytics workspace. However, in many cases, you don’t want everyone having access to the full workspace. Azure Arc for Servers provides RBAC access to log data collected by the Log Analytics agent, stored in the Log Analytics workspace the machine is registered.

Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.

How to enable Log Analytics for Azure Arc Enabled Servers

To enable log collection, you will need to install the Microsoft Monitoring Agent (MMA) on your Azure Arc enabled server. You can do this manually for Windows and Linux machines, or you can use the new extension for Azure Arc enabled servers. If you already have the MMA agent installed, you can start using logs in Azure Arc immediately.

Create Microsoft Monitoring Agent - Azure Arc

Create Microsoft Monitoring Agent – Azure Arc

After you have installed the agent, it can take a couple of minutes until the log data shows up in the Azure Log Analytics workspace. After the logs are collected in the workspace, you can access them with Azure Arc.

Azure Arc Servers Log Analytics

Azure Arc Servers Log Analytics

Now you can run queries using the Keyword Query Language (KQL) as you would in the Azure Log Analytics workspace, but limited to the logs for that specific server.

Conclusion

With Azure Arc for Servers, we can use role-based access controls to logs from a specific server running on-prem or at another cloud provider, without having access to all the logs in the log analytics workspace.

You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.

If you have any questions or comments, feel free to leave a comment below.



Add Microsoft Monitoring Agent Extension

How to Add the Microsoft Monitoring Agent to Azure Arc Servers

To use some of the functionality with Azure Arc enabled servers, like Azure Update Management, Inventory, Change Tracking, Logs, and more, you will need to install the Microsoft Monitoring Agent (MMA). In this blog post, we are going to have a look at how you can install the Microsoft Monitoring Agent (MMA) on an Azure Arc enabled server using extensions.

Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.

You can learn more about the manual MMA setup on Microsoft Docs.

How to install the Microsoft Monitoring Agent on Azure Arc enabled servers

To install the Microsoft Monitoring Agent (MMA) you can use the new extension in Azure Arc. You open the server you want to install the MMA agent in the Azure Arc server overview. Navigate to Extensions and click on Add, and select the Microsoft Monitoring Agent – Azure Arc. This works for Windows and Linux servers.

Add Microsoft Monitoring Agent Extension

Add Microsoft Monitoring Agent Extension

Now you can enter the Azure Log Analytics workspace ID and the key. This will create a job and install the Microsoft Monitoring Agent on the server.

Create Microsoft Monitoring Agent - Azure Arc

Workspace ID and Key

After that, you can start using features like Azure Log Analytics, Inventory, Change Tracking, Update Management, and more. You can also do this manually for Windows and Linux machines.

Conclusion

Azure Arc for servers makes it super simple to deploy the Microsoft Monitoring Agent to servers running on-premises or at other cloud providers.

You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.

If you have any questions or comments, feel free to leave a comment below.



Intel NUC Windows Server LAB

Install Intel NUC Windows Server 2019 Network Adapter Driver

As you know, I am using an Intel NUC as my Windows Server lab machine, where I run Windows Server 2019 and Hyper-V on. Many people asked me about how you can install the Intel NUC Windows Server 2019 Network Adapter driver because there are no Windows Server 2019 drivers for it. My blog reader, Michael Williams, shared how you can install the Windows Server 2019 Network adapter drivers on the Intel NUC 8th generation.

Here are the simple steps you can follow to install the Intel NUC Windows Server 2019 Network Adapter Driver:

  1. Download the latest PROWinx64.exe for Windows Server 2019 from Intel including drivers for the Intel® Ethernet Connection I219-V
  2. To manually install the network drivers, extract PROWinx64.exe to a temporary folder – in this example to the C:\Drivers\Intel\ folder. Extracting the .exe file manually requires an extraction utility like WinRAR or others. You can also run the .exe and it will self-extract files to the %userprofile%\AppData\Local\Temp\RarSFX0 directory. This directory is temporary and will be deleted when the .exe terminates.
  3. The driver for the Intel I219-V network adapter can be found in the C:\Drivers\Intel\PRO1000\Winx64\NDIS68.

    Extracted Network Drivers for Windows Server 2019 - Intel NUC PROWinx64

    Extracted Network Drivers for Windows Server 2019 – Intel NUC PROWinx64

  4. Open Device Manager right click on Ethernet Controller and select Update Driver.

    Device Manager Update Driver Ethernet Controller - Intel NUC Windows Server 2019 Driver

    Device Manager Update Driver Ethernet Controller – Intel NUC Windows Server 2019 Driver

  5. Select “Browe on my computer for driver software”, and select “Let me pick from a list of available drivers on my computer”, now you can select Network Adapter.

    Update Driver

    Update Driver

  6. Click on “Have Disk…” enter the following path “C:\Drivers\Intel\PRO1000\Winx64\NDIS68.”

    Driver Location

    Driver Location

  7. Now select Intel Ethernet Connection I219-LM (The I219-V version is not shown)

    Select the Intel Ethernet Connection I219-LM

    Select the Intel Ethernet Connection I219-LM

  8. And you are done.

Huge thank you again to Michael Williams for sharing that with us. I hope this short blog post provides you a step by step guide on how you can install Windows Server 2019 Network adapter drivers on the Intel NUC. If you have any questions, feel free to leave a comment.