Onboard On-Premises Servers To Azure ARC From Windows Admin Center

6 min read

Introduction

Windows Admin Center (WAC) is a flexible, locally-deployed, browser-based management platform and solution. It contains core tools for troubleshooting, configuration, management and maintenance for Windows Server, Windows Client, Software-Defined Storage (SDS), Software-Defined Network (SDN), Microsoft Hyper-V Server, and more…

Windows Admin Center is not only for managing servers, clusters, hyper-converged infrastructure, and Windows 10 PCs, but it also lets you connect your Windows Server to Azure hybrid services whether they are running on-premises or in a different cloud provider. There are many more hybrid services for Windows Server, which you can leverage with Windows Admin Center.

For the complete list of all Azure hybrid services integration with Windows Admin Center, please check the official documentation from Microsoft here.

At Ignite 2019, Microsoft announced a new service called Azure ARC which is in public (preview) at the time of this writing, with Azure ARC you can run Azure data services anywhere. By running Azure data services anywhere, you get automated patching, upgrades, security and scale on-demand across on-premises, edge and multi-cloud environments for your data estate, and much more. This a big game-changer for hybrid and multi-cloud environments where you can organize and govern across environments, deploy and manage Kubernetes applications at scale.

For more information about Azure ARC, please register for this free, 60-minute online event which is taken place on March 31st 2020, to learn about strategies, insights, and technologies to optimize your hybrid cloud across on-premises, multicloud, and the edge. You can also watch it on-demand if you missed it.

The Windows Admin Center team has added support Azure Arc for Servers which enables you to easily connect your servers to Azure and use unified management and governance centrally from Azure. You can use the Windows Admin Center to connect your on-premises servers to Azure Arc agents with just a few clicks.

In this blog post, I will show you how to onboard on-premises servers to Azure ARC from Windows Admin Center.

Prerequisites

The prerequisites are very simple as follows:

  1. You need to make sure you are running Windows Admin Center (WAC) Version 1910 or later.
  2. Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
  3. Since Azure Arc is in preview at the time of this writing, you need to register your subscription before connecting your machines to Azure. From the Azure Portal, search for Azure Arc, click on Manage servers and then select Create machine – Azure Arc. In the Select a method page, click Generate script and follow the wizard to register your subscription as shown in the screenshot below. (please note that this may take several minutes to complete).
  4. Server running on-premises (physical or virtual) or a machine running in a different cloud provider.
  5. The server of which you want to onboard to Azure Arc from Windows Admin Center should be running Windows Server 2012 R2, Windows Server 2016, or Windows Server 2019.
  6. Finally, make sure to connect the Windows Admin Center gateway to Azure. Please check the following article to see how to register Windows Admin Center gateway with Azure.

Once the Windows Admin Center version 1910 is deployed in your environment with all prerequisites mentioned above, you are ready to start.

Onboard On-Premises Servers To Azure Arc

Launch the Windows Admin Center portal and take the following steps:

  1. Choose the desired server, then select Settings from the left-hand-side bottom menu, and then under General click Azure Arc for Servers to begin the set-up process.
  2. Windows Admin Center will authenticate with your Azure account. In the Connected server to Azure page, select the desired Azure subscription, then create or select an existing Resource group, and then choose the desired Azure region. If you are using a proxy server in your environment, you can opt that option too. Make sure to select the subscription that you registered with Azure Arc (preview) as noted in the prerequisites section. At the time of this writing, the following 3 Azure regions (Southeast Asia, West Europe, West US 2) are supported during the preview period. When done, click Set up to continue.
  3. The setup will take a couple of minutes to complete. Behind the scene, Windows Admin Center will download and install the Azure Connected Machine Agent as shown under Programs and Features.
  4. Once the setup is completed, you will see the following screen in Windows Admin Center.

Manage on-premises servers from Azure

Once you’ve on-boarded all your on-premises machines to Azure Arc. They’ll be in the Resource Group that was specified during the onboarding process as shown in the screenshot below with the purple icon.

You can treat them now as regular workload resources in Azure. They’re given a ResourceId, Location, Resource Group, Tags just like all your Azure native resources.

Now you can start inventorying your on-premises servers in Azure, organizing and managing them using Tags.

Additionally, the most useful scenario that you can leverage is to govern your on-premises servers using Azure Policy using the Guest Configuration category. Think of Guest Configuration as the traditional Group Policy Object (GPO) where you can enforce policies/audits without joining the machine to a domain controller. There are a lot of Guest Configuration policies that you can choose from as shown in the screenshot below. For more information about Azure Policy Guest Configuration, please check the official documentation from Microsoft.

Last but certainly not least, Azure Arc also extend Role-Based Access Control RBAC managed by Azure to on-premises environments. This means that any groups, policies, settings, security principals and managed identities that were deployed by Azure AD can now access all managed cloud resources. Azure AD also provides auditing so it is easy to track any changes made by users or security principals across the hybrid cloud. For more information about Role-Based Access Control, please check the official documentation from Microsoft.

That’s it there you have it!

Summary

Azure Arc for servers allows you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is managed as part of a resource group inside a subscription, and benefits from standard Azure constructs such as Azure Policy and applying Tags.

Behind the scene Azure Arc for Servers in Windows Admin Center will do the following:

  • Downloading and installing the Azure Connected Machine Agent on your server.
  • Connecting and registering your on-premises server to the Azure Arc service.
  • Microsoft also added deep links, so if you can click on any Web links in the Azure Arc solution in Windows Admin Center, it will lead you to the Azure Arc blade in the Azure Portal allowing you to do more advanced configuration.

As you can see, onboarding on-premises servers to Azure Arc from Windows Admin Center is very simple. Please note that Azure Arc for Servers comes at no additional cost.

At the time of this writing, Azure Arc in Windows Admin Center is in public preview, I hope that Microsoft will support Linux machines, so you can onboard both (Windows/Linux) servers end-to-end without leaving the Windows Admin Center portal. I expect further enhancement to the Azure Arc solution in Windows Admin Center.

Windows Admin Center is a freely available management tool for anyone to use and makes managing a set of servers with or without GUI remotely, very easy, especially for “day-to-day activities”. Download the latest copy of Windows Admin Center from here, deploy it in a failover cluster for high availability, and govern your on-premises servers.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

About Charbel Nemnom 552 Articles
Charbel Nemnom is a Cloud Architect, ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.