OPS114: Governing baselines in hybrid server environments using Azure Policy Guest Configuration

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

In this session, Michael Greene and Thomas Maurer discuss Azure Policy Guest Configuration in a Hybrid Cloud environment. Learn to use services in Azure to audit the state of servers across private and public clouds and upcoming plans to expand capabilities in this area.

 

Speaker:

Michael Greene, Principal Program Manager Microsoft Azure 

 

 

Understand Azure Policy's Guest Configuration

Azure Policy can audit settings inside a machine, both for machines running in Azure and Arc Connected Machines. The validation is performed by the Guest Configuration extension and client. The extension, through the client, validates settings such as:

  • The configuration of the operating system
  • Application configuration or presence
  • Environment settings

 

What is Azure Arc enabled servers?

Azure Arc enabled servers allows you to manage your Windows and Linux machines hosted outside of Azure, on your corporate network, or other cloud provider consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is included in a resource group, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer's on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using Azure Lighthouse with Azure Arc.

To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn't replace the Azure Log Analytics agent. The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like Azure Security Center.

 

This session includes:

0:00 Introduction
3:40 Providing Feedback and Community
5:10 Hybrid solution using Azure Arc
8:30 Demo using Azure Policy Guest Configuration
18:39 Demo How to set up Azure Policy Guest Configuration for Azure Arc machines
23:19 Azure Arc enabled servers
27:33 What is next for Azure Policy Guest Configuration
31:13 Wrap up

 

Community Chat

Want to chat about this session? Come join us on Discord! https://aka.ms/ops114-chat 

 

Learn More

I hope you enjoyed that session. Please take a moment to submit your feedback at https://aka.ms/ops114-feedback 

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.