Deploy Monitoring Agent Extension on Azure Arc Linux and Windows servers using Extension Management

The following Jumpstart scenario will guide you on how to manage extensions on Azure Arc-enabled servers. Virtual machine extensions are small applications that provide post-deployment configuration and automation tasks such as software installation, anti-virus protection, or a mechanism to run a custom script.

Azure Arc-enabled servers, enables you to deploy Azure VM extensions to non-Azure Windows and Linux VMs, giving you a hybrid or multi-cloud management experience that levels to Azure VMs.

You can use the Azure portal, Azure CLI, an ARM template, PowerShell script or Azure policies to manage the extension deployment to Azure Arc-enabled servers, both Linux and Windows. In this scenario, you will use an ARM template deploy the Microsoft Monitoring Agent (MMA) to your servers so they are onboard on Azure services that leverage this agent: Azure Monitor, Azure Security Center, Azure Sentinel, etc.

NOTE: This guide assumes you already deployed VMs or servers that are running on-premises or other clouds and you have connected them to Azure Arc but If you haven’t, this repository offers you a way to do so in an automated fashion:

Please review the Azure Monitor supported OS documentation and ensure that the VMs you will use for this exercise are supported. For Linux VMs, check both the Linux distribution and kernel to ensure you are using a supported configuration.

Prerequisites

  • As mentioned, this scenario starts at the point where you already deployed and connected VMs or servers to Azure Arc. In the screenshots below you can see a GCP server has been connected with Azure Arc and is visible as a resource in Azure.

    Screenshot Azure Arc-enabled server on resource group

    Screenshot Azure Arc-enabled server connected status

  • Install or update Azure CLI. Azure CLI should be running version 2.7** or later. Use az --version to check your current installed version.

  • Create Azure Service Principal (SP)

    To connect a VM or bare-metal server to Azure Arc, Azure service principal assigned with the “contributor” role is required. To create it, login to your Azure account run the below command (this can also be done in Azure Cloud Shell).

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "<Unique SP Name>" --role "Contributor" --scopes /subscriptions/$subscriptionId
    

    For example:

    az login
    subscriptionId=$(az account show --query id --output tsv)
    az ad sp create-for-rbac -n "JumpstartArc" --role "Contributor" --scopes /subscriptions/$subscriptionId
    

    Output should look like this:

    {
    "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "displayName": "JumpstartArc",
    "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
    

    NOTE: If you create multiple subsequent role assignments on the same service principal, your client secret (password) will be destroyed and recreated each time. Therefore, make sure you grab the correct password.

    NOTE: The Jumpstart scenarios are designed with as much ease of use in-mind and adhering to security-related best practices whenever possible. It is optional but highly recommended to scope the service principal to a specific Azure subscription and resource group as well considering using a less privileged service principal account

  • You will also need to have a Log Analytics workspace deployed. You can automate the deployment by editing the ARM template parameters file and provide a name and location for your workspace.

    Screenshot ARM template parameters file

    To deploy the ARM template, navigate to the “deployment folder” ../extensions/arm and run the below command:

    az deployment group create --resource-group <Name of the Azure resource group> \
    --template-file <The *log_analytics-template.json* template file location> \
    --parameters <The *log_analytics-template.parameters.json* template file location>
    

Deployment Options and Automation Flow

This Jumpstart scenario provides multiple paths for deploying and configuring resources. Deployment options include:

  • Azure portal
  • ARM template via Azure CLI

The steps below will help you get familiar with the automation and deployment flow.

  1. User provides the ARM template parameter values, either via the portal or editing the parameters file. These parameter values are being used throughout the deployment.

  2. User deploys the ARM template at the resource group level.

  3. User is verifying the successful extension deployment.

Deployment Option 1: Azure portal

  • For Windows VMs, click the button and enter values for the the ARM template parameters.

    Screenshot showing Azure portal deployment

    Screenshot showing Azure portal deployment

  • For Linux VMs, click the button and enter values for the the ARM template parameters:

    Screenshot showing Azure portal deployment

    Screenshot showing Azure portal deployment

  • To match your configuration you will need to provide:

    • The VM name as it is registered in Azure Arc.

      Screenshot Azure Arc-enabled server computer name

    • The location of the resource group where you registered the Azure Arc-enabled server.

      Screenshot Azure Arc-enabled server location

    • Information of the Log Analytics workspace you previously created: workspace ID and key. These parameters will be used to configure the MMA agent. You can get this information by going to your Log Analytics workspace and under “Settings” select “Agent management”.

      Screenshot Azure Arc-enabled server Agent management

      Screenshot workspace configuration

Deployment Option 2: ARM template with Azure CLI

As mentioned, this deployment will leverage ARM templates.

  • Clone the Azure Arc Jumpstart repository

    git clone https://github.com/microsoft/azure_arc.git
    
  • Edit the extensions parameters file providing the values that match your configuration as described above.

    Screenshot ARM template parameters file

  • Choose the ARM template that matches your operating system, for Windows and Linux, deploy the template by running the following command:

    az deployment group create --resource-group <Name of the Azure resource group> \
    --template-file <The *mma-template.json* template file location> \
    --parameters <The *mma-template.parameters.json* template file location>
    
  • Once the template has completed its run, you should see an output as follows:

    Screenshot ARM template execution output

  • You will have the Microsoft Monitoring agent deployed on your Windows or Linux system and reporting to the Log Analytics workspace that you have selected. You can verify by going back to the “Agents management” section of your workspace and choosing either Windows or Linux, you should see now an additional connected VM.

    Screenshot Windows connected agents

    Screenshot Linux connected agents

Clean up environment

Complete the following steps to clean up your environment.

Remove the virtual machines from each environment by following the teardown instructions from each guide.