Guest Configuration issue with Azure ARC managed servers
I will keep this post as short as possible. If you're managing your servers with Azure Arc then be wary that by having the default Guest
Recently I implemented Azure Arc in a production deployment. After seeing that it's working perfectly outside a POC/Demo environment, I decided that it's very worth talking about it.
In a nutshell, Azure ARC is a management system inside Azure that allows you to onboard Windows, Linux systems, SQL, and Kubernetes systems from any cloud or on-premises and manage them in a single pane of glass.
The deployment I've done is for on-premises servers. The first problem we wanted to tackle was patch management, which can be tiresome if manually done every month.
For that type of management, you had three options:
- Manual
- Scripted
- Microsoft Endpoint Configuration Manager or MECM
Manual work is error-prone, tiresome, and can take eons if you do more than one server.
The scripted approach is better, but you have to handle errors, retry policies, handle issues, handle modules, etc. This can be time-consuming once you get it right, but then it's donuts and coffee time each month you have to do patching.
MECM is the best approach but the most expensive. It's agent-based, you configure schedules, and then you fire and forget.
With Azure ARC, there's a fourth option on the table, and that's with the Update Management extension, which leverages Azure Automation Accounts feature to update machines. ARC onboards the machines, and then you configure schedules in the Automation Account at a meager cost compared with the other options.
I'm getting ahead of myself, but I wanted to give a bit of context where we started using Arc.
With ARC, we don't just have update management; we have many features that we can leverage to manage our servers better.
We have:
- Log Analytics
- Application Insights
- Azure Policies with Guest Policies (DSC management)
- Change Tracking
- Security
All that for a small price. : Pricing – Azure Arc | Microsoft Azure at least from my opinion.
Onboarding
You can access the Azure Arc dashboard and start onboarding by just going to the Azure Portal and typing Azure Arc in the search bar
Once you get to the Azure Arc dashboard, you can press on add infrastructure button and stat onboarding systems.
You can onboard Servers, Kubernetes Cluster, and SQL Server instances.
Adding a service in Azure Arc can be done using the single-mode, multi-mode, update management, and from Azure Migrate.
I onboarded the servers using the "add single server" option, and then after understanding what happened, I switched to the "multiple servers" option.
The main difference between the two is that when you want to add multiple servers, a service principal is recommended to ease and speed up the process, but for starters, go ahead with the single server option when you're getting started.
Once you press on the single server option, you will be greeted with a deployment type blade where you're going to fill in the information, and at the end, you will get the deployment script.
Once you have the script, go to your servers and run it in a PowerShell terminal running in admin mode.
The process will take around 5 minutes to get finished, but after that, you will see the server / VM onboarded in Azure, and you can now start managing it.
My suggestion would be to give Azure Arc and see what it can do for you and throw an eye on Azure Arc Jumpstart, which is the best place to learn how you can manage your on-premises or hybrid cloud environment. Give it a try; In my case, it saved me a lot of time and added plenty of features for a meager price.
The servers now managed by Arc have proper logging using Log Analytics, which means I can now run Kusto queries with ease and figure out problems. I have performance monitoring, security, vulnerability scanning, and so on.
That being said, I was skeptical about Azure Arc, but after playing around with it and deploying it in production, I got to the point where it convinced me :)
Have a good one!
