Share via

Some problem to implement Azure Arc

Viktor Korokhov 130 Reputation points
2023-02-09T12:11:21.2266667+00:00

Hi all,

I am trying to implement Azure Arc for on-prem machines and have had some troubles. Unfortunately, I haven't found solutions of these troublem in Internet. Probably, someone had the similar problems and have found solutions. It would be great to get any tips and recommendations.

  1. After installing Arc agent into on-prem server using script I have noticed that some servers in Arc don't have needed Extensions. I have tried to add it manually using portal but I have had surprise that no neede extensions there. For example, AzureMonitorWindowsAgent, WindowsOsUpdateExtension, WindowsPatchExtension. Is it only one way to get it re-installing Arc agent?
  2. I'd like to install MS Windows updates in Arc servers using Update management center and I have noticed only one manual way via portal to enable Periodic assessment for each machine. I have implemented some Policies for Arc servers but it didn't solve this problem
  3. I have configure a Policy "Enable Azure Monitor for Hybrid VMs with AMA". One of problem was configuring name of Data Collection Rule. It sets name using its own template :(. Second problem - how to assign Data collection endpoint for each Arc server in Data Collection Rule? It needs to allow traffic from on-prem to Log Analytics workspace. Otherwise no data for Insights.

Thanks in advance for your answers and tips

Viktor

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
412 questions
0 comments
Accepted answer
  1. AnuragSingh-MSFT 21,376 Reputation points
    2023-02-17T06:04:44.7066667+00:00

    @Viktor Korokhov In addition to the response provided by Shayoni above, the following information should help you:

    1. "...I have noticed that some servers in Arc don't have needed Extensions." Azure Arc is used to connect the non-Azure machines to Azure for their management and governance. It simply connects the machine to the Azure platform so that it can be managed from there. However, it will not install the extensions/agents unless it is required, or you have configured it for it to be installed. For example, AzureMonitorWindowsAgent is the extension name for Azure Monitor Agent installed on Windows Machines. If you have not created and associated any DCR to this Arc Server, this extension won't be installed.
    2. "I'd like to install MS Windows updates in Arc servers using Update management center..." I was not able to understand this question. Using Update Management Center (Preview), the update scan and installation can be done one time or it can be scheduled to happen on periodic basis. Please see the following link for detailed step about the same - Quickstart: Check and install on-demand updates or configure periodic assessment. In case your question was about something else, please share additional details with screenshots/example to help us better understand it.
    3. "I have configure a Policy "Enable Azure Monitor for Hybrid VMs with AMA..." Please note that it is an Initiative which is a collection of multiple policies to achieve this purpose. When you assign this Initiative, the Parameters tab has option to override the default values of parameters, when you uncheck the "Only show parameters that need input or review", as shown in the following image.
      User's image Regarding "Data Collection Endpoint", you only need it if one of the following is required to be set up. Otherwise, the data gets collected from on-prem to the Log Analytics workspace even without DCE.
    4. "....how to link existed Data collection endpoint to each arc server automatically?" The Data Collection Endpoints are linked to VMs using the "Data Collection Rule"-->Resources. After the DCRs have been created, you will find this option below (depending on whether an existing DCE (if available) can be used or not, you will see the option to "create" or "select" a DCE here. Please see the image below for details: User's image The Data Collection Endpoints are region specific, i.e., An endpoint in a given region can only be associated with machines in the same region. Therefore, the generic way of associating the Data collection endpoint to rule is not going to be an easy thing (check for region of VM, see if there is an DCE available in that region etc.). Therefore, it is not included in the policy/initiative at the moment. However, using the Azure PowerShell/Azure Cli, the scripts can be created to perform this task based on your requirement. The following resources should help:

    Hope this helps. Please let me know if you have any questions.

    Please click Accept answer and Yes if the answer helped so that it can help others in the community looking for help on similar topics.

    1.

    -

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shayoni Seth 1 Reputation point Microsoft Employee
    2023-02-09T16:39:40.6066667+00:00
    1. Some extensions may not be supported via Portal installation method. You can install them via non-Portal methods, for example here is the steps to install AzureMonitorWindowsAgent: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-powershell#install-on-azure-arc-enabled-servers
      The option to install the same using portal will be available in a few weeks
    2. Adding @Ryan Willis and @Riva Yadav to comment
    3. You can create a copy of the policy (i.e. a custom policy) wherein you can change the name as needed. For allowing traffic from on-prem to Log Analytics, you don't need to use Data Collection endpoint, unless you need private links support (and don't want to use public internet)

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.