CST06235 - Lecture 09

9.1 Managing Servers and Workloads in a Hybrid Environment

Windows Admin Center Overview

• Windows Admin Center (WAC) is a centralized management platform designed for hybrid server environments, integrating various tools in one interface.

• Hyper-converged Infrastructure (HCI) combines storage, compute, and networking into a single system, generally cloud-based for better management efficiency.

Key Features of Windows Admin Center

• Offers benefits such as monitoring and managing servers from one location, enhancing productivity.

• Role-based wizards simplify common tasks, allowing users to navigate efficiently based on their needs.

• Integrates third-party tools, thus expanding its functionality and customization for users.

Installation and Configuration Requirements

• Minimum Requirements:

  • Windows Management Framework (WMF) version 5.1

  • Compatible with Server 2012, Server 2016, and Hyper-V Server versions (2012/2016).

• Network Requirements:

  • Outbound requirements include Port 443 while Inbound requires Port 445 (for SMB protocol).

Installation Types

• Local Client Installation: Best suited for testing and small-scale deployments on Windows 10 machines.

• Managed Server Installations: Work optimally in distributed environments.

• Failover Cluster Installation: Provides high availability benefits for production settings, ensuring consistent operation.

Connecting and Using Azure with WAC

• Integration capability with Azure allows users to manage Azure tools and create Azure VMs directly within WAC.

• Underlying technology primarily utilizes PowerShell, offering scripts for enhanced control and operations efficiency.

9.2 Windows PowerShell Remoting

Overview

• PowerShell Remoting enables cmdlet execution on remote systems, vital for managing hybrid environments with multiple servers.

Key Concepts

• Cmdlet: PowerShell commands similar to small scripts that perform specific functions.

• Kerberos Delegation: A security feature that streamlines credential passing in the remoting process.

Configuration Requirements

• The Kerberos second hop problem limits credential sharing between multiple servers, which can be addressed by Credential Security Support Provider (CredSSP).

• Using Just Enough Administration (JEA) ensures users have access only to necessary cmdlets during remote sessions.

Manage Remote Sessions

• Configuring PowerShell Remoting requires enabling WinRM service and adjusting firewall settings.

• Admin can execute scripts and commands remotely, enhancing management of several servers efficiently.

9.3 Azure Arc Management

Overview

• Azure Arc helps manage servers, Kubernetes clusters, and databases in a hybrid environment, ensuring resources across on-premise and cloud are under centralized management.

Key Components

• Containers: Lightweight applications with all dependencies for consistent deployment across environments.

• Kubernetes Cluster: Facilitates orchestration of containerized applications which Microsoft supports.

• Azure Monitor and Automation: Tools integrated into Azure Arc for operational efficiency and security monitoring.

Use Cases

• Azure Arc can manage on-premise Azure resources, facilitating compatibility in a hybrid setup.

• Supports monitoring, compliance, and policy adherence across various infrastructures and cloud services.

9.4 Implementing Azure Automation

Overview

• Azure Automation enhances efficiency by automating frequent tasks using runbooks which consist of various scripts to streamline workflows.

Key Features

• Hybrid Runbook Worker: To allow automation of tasks across different environments, especially important for non-Azure resources.

• Change Tracking and Inventory: Essential for monitoring hybrid resources maintaining desired states with PowerShell DSC.

Benefits

• Enables time-saving automations, allowing administrators to schedule and manage tasks seamlessly across various systems.

9.5 Azure Monitor Integration

Overview

• Azure Monitor collects and analyzes resource metrics and logs, allowing administrators to gain actionable insights for maintaining hybrid environments.

Key Terms and Features

• Metrics: Real-time data beneficial for quick analysis of system performance.

• Log Analytics: A potent feature that helps in diving deep into log data, utilizing Kusto Query Language for insights.

Analysis and Reporting

• Azure Monitor Insights offers a graphical representation and analytical capabilities for performance tracking and troubleshooting.

9.6 Utilizing Azure Security Center

Overview

• Azure Security Center provides comprehensive security management features to safeguard hybrid environments.

Key Features

• Secure Score: Gives admins a quick view of security postures, recommending improvements for maintaining compliance.

• Threat Intelligence: Monitors for threats, refining alerts and response mechanisms based on intelligence gathered from various resources.

Recommended Practices

• Regular security assessments, adjusting configurations, and aligning with security initiatives to ensure robust protection of environments.

9.7 Azure Policy Management

Overview

• Azure Policy is essential for maintaining security compliance across hybrid network resources, making sure every deployment adheres to organizational standards.

Key Concepts

• Desired State Configuration (DSC): Ensures specific configurations are maintained across the lifecycle of Azure resources.

• Compliance Evaluation: Automates the evaluation process of resources against pre-defined compliance policies.

Policy Definitions

• Policies define security standards that help manage resources effectively, ensuring proper configurations and minimizing drift between intended states and deployed configurations.