As with the previous Azure Advent Calendar this new Festive Tech Calendar is again a fantastic idea that was created by Gregor Suttie and Richard Hooper. It gives the chance for everyone to contribute by not only a video or write a blog post, but this year they are aiming for something a bit different. They are bringing lots of new content from different communities and people around the globe! Really exciting things and even non-technical related stuff.
Azure Automanage
My contribution will be this blogpost and a video about Azure Automanage.
Visit also my video contribution for the Festive Tech Calendar 2020 and learn something new about Azure Automanage!
Azure Automanage for virtual machines
At Microsoft Ignite 2020 Azure Automanage for virtual machines has been announced. This is an exciting new product (still in preview for now, therefore not usable in production!) which aims to simplify the management of Windows Server virtual machines.
Why should you use it?
Azure Automanage for virtual machines is incredibly simple to use. Microsoft describes it as: point, click, set, forget and it helps users to apply virtual machine management best practices that are defined in the best practices white paper refered to in the Microsoft Cloud Adoption Framework for Azure.
Automanage will help you in automating frequent management tasks based on those best practices from the Cloud Adoption Framework.
So if you are implementing and managing Azure workloads you can use Automanage to onboard your IaaS VM’s and do the work for you.
Typical management tasks like:
- Add log analytics and configure Azure Monitor
- Configuration of Update Management
- Configuration of Azure Backup
- Onboarding and configuration for Security Center
- Other configuration of anti-malware services (Windows Defender)
Best practices are different for each of the services. For example: Azure Backup, where the best practice might be to back up the virtual machine once a day and have a retention period of six months.
If a virtual machine is onboarded to Azure Automanage, it utilizes Configuration Management and Azure Automation to look automatically at the VM’s configuration and see if they are changed from the best practices applied to it. If the virtual machine does drift or deviate from those practices, the service will correct it and pull the machine back into the desired state.
What do you need?
Keep in mind that there are several things to know best, before enabling Azure Automanage on your virtual machines.
- Windows Server VM’s only!
- No Linux support at this time
- No support for VM’s in VM Scale Sets
- VM’s must be running
- VM’s must be in a supported region (West Europe, East US, West US 2, Canada Central, West Central US.)
- User must have correct permissions
- Automanage does not support Sandbox subscriptions at this time
You must have the Contributor role on the resource group containing your VM’s to enable Automanage on VM’s using an existing Automanage Account.
If you are enabling Automanage with a new Automanage Account, you need the following permissions on your subscription: Owner role or Contributor along with User Access Administrator roles. The Automanage Account is the security context or the identity under which the automated operations occur.
I can see the benefit from this service because you can include more management baseline profiles that are compatible with ISO standards, HIPAA or PCI and CIS compliance. If this service will extend the Linux VM management, you can assure the compliance of your VM’s and your complete Azure (IaaS) environment.
Configuration profiles
When onboarding a virtual machine to Azure Automanage, a configuration profile is required. In those configuration profiles you define exactly which services to use when onboarding your machines and you describe what the configuration of those services would be.
There are two configuration profiles currently available.
- Azure virtual machine best practices - Dev/Test configuration profile that is designed for Dev/Test machines.
- Azure virtual machine best practices - Production configuration profile to use in production.
Those profiles are the default configuration profiles.
The reason for those different profiles is because certain services are recommended based on the workload running. For example, in a Dev/Test configuration profile, there will be no backup of the VM at all, but in production backup will be enabled!
You can configure a certain subset of preferences yourself. These preferences are allowed within a range of configuration options that do not breach the Cloud Adoption best practices. So to customize a configuration profile you can use preferences.
For example, in the case of Azure Backup you can change the frequency of the backup and the day of the week it occurs on. But, it is not allowed to switch off Azure Backup completely. Therefore, you must select a different profile.
Keep in mind that you cannot change the configuration profile on your VM while Automanage is enabled. You will need to disable Automanage for that VM and then re-enable it.
What I’m missing here is providing greater flexibility in the configuration.
Conclusion
Azure Automanage is still in preview and will continue to get better and add more capabilities.
In large environments, managing VM’s can be time-consuming and therefore the cost will be higher. Manual steps that are repeated frequently can be prone to errors, so automation here is in place!. With this new service, you can simplify and automate all the necessary steps to ensure that your virtual machines meet the desired requirements.
Thanks for reading, and don’t forget to also check out the video contribution from Wim Matthyssen en Tim Hermie!
Subscribe to the Festive Tech Calendar YouTube Channel and like my video!
