Configure Azure Arc for servers

Azure Arc for servers is a tool that can be used to add on-prem physical / virtual servers or servers running in other cloud providers to Azure, this allow these servers to be centrally organised and to be connected to Azure services like Azure policy or log analytics.

Azure Arc for servers is in public preview, so this should not be used on production system until there is a full release version. Currently the only support OS version’s are below.

  • Windows Server 2012 R2 and newer
  • Ubuntu 16.04 and 18.04

If there is a content filter or proxy, the URL’s in the below link will  need to be white-listed all traffic will go over HTTPS (Port 443)

https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#networking-configuration

To add a server to Azure Arc, logon to the Azure portal.

Go to All services > Machines – Azure ArcArc13

Click on create machine – Azure ArcArc1There are two options add machines using interactive script or add machines at scale. In this post we will be using the scripted method. Arc2

Select the subscription, resource group and region. When selecting  the operating system we can chose between Windows or Linux. Windows will create a PowerShell script and Linux will create a Linux .sh script.Arc3

As this feature is currently preview it will ask you to register before completing the download. Arc4Arc5Once the registration is completed, we can either copy the command or click download to get a copy of the PowerShell script. Below is how the script should look the only difference would be the Azure specific setting like resource group, tenantid…Arc6Once the script has run and the connect command has completed it will request that we connect to the device login site https://Microsoft.com/devicelogin and put in the authentication code. Arc7Arc8

Once completed go back to the PowerShell windows that the script was run from and we should see successfully onboarded to Azure resource. Arc9After a few minutes the device should show in Azure Arc. Arc10We can now apply Azure policies .Arc11

There are some additional steps required to configure the servers to integrate with Azure log analytics.

First step is to install the MMA (Microsoft Monitoring Agent) agent, to download the agent go to Log Analytics workspace and select the require workspace > Advanced settings

Arc14

Select the required connection source, then OS version. We will also need to take note of the workspace ID and Primary Key which will be used during the agent install to connect to the log workspace.Arc15

Go through the agent install.Arc16

Select Azure connect the agent to Azure Log Analytics (OMS).Arc22

To connect to Azure log analytics put in the workspace id and key.Arc18

Once the install has finished we can check the agent in control panel > All Control Panel Items > Microsoft monitoring agent.Arc20

We should now be able to query log from the server in Azure Arc for servers. Arc21