servers
38 TopicsAnnouncing Jumpstart ArcBox 25Q1 general availability
We are thrilled to announce the first major update to ArcBox following our release of ArcBox 3.0 in August 2024. ArcBox has been an invaluable resource for IT professionals, DataOps teams, and DevOps practitioners, providing comprehensive solutions to evaluate how to deploy, manage, and operate Arc-enabled environments. With this release, we have introduced Windows Server 2025 on both the ArcBox-Client as well as in a nested VM, making it possible for you to evaluate a range of new features and enhancements that elevate the functionality, performance, and user experience. WinGet and Windows Terminal Integration One of the standout enhancements in Windows Server 2025 is the inclusion of WinGet and Windows Terminal. These tools are now built-in components of Windows Server 2025 and no longer require bootstrapping in our automation processes. Advanced Management Capabilities for Arc-enabled servers Windows Server 2025 introduces new management capabilities specifically designed for Arc-enabled servers. These capabilities enhance the control and oversight of server environments, providing more robust tools for monitoring, configuration, and maintenance. The enhancements are now available in ArcBox to be evaluated. SSH Included and Enabled Another significant update in Windows Server 2025 is the inclusion of SSH as a native component. This addition is a major step forward, as it eliminates the need for external SSH installations. However, it is important to note that while SSH is included, it needs to be enabled manually. This feature enhances secure access to servers, facilitating more efficient remote management and operations. In ArcBox, SSH is enabled by the automated setup and ready to start evaluating. SSH for Arc-enabled servers enables SSH based connections to Arc-enabled servers without requiring a public IP address or additional open ports. This functionality can be used interactively, automated, or with existing SSH based tooling, allowing existing management tools to have a greater impact on Azure Arc-enabled servers. You can use Azure CLI or Azure PowerShell to connect to one of the Azure Arc-enabled servers using SSH. In addition to SSH, you can also connect to the Azure Arc-enabled servers, Windows Server virtual machines using Remote Desktop tunneled via SSH. Also, Remote PowerShell over SSH is available for Windows and Linux machines. SSH for Arc-enabled servers also enables SSH-based PowerShell Remoting connections to Arc-enabled servers without requiring a public IP address or additional open ports. After setting up the configuration, we can use native PowerShell Remoting commands. Configurable SQL Server Edition to support Performance Dashboards ArcBox now provides the flexibility to deploy SQL Server Standard or Enterprise editions on the ArcBox-SQL guest VM, replacing the previously default Developer edition. This enhancement empowers users to experience advanced Arc-enabled SQL Server monitoring through Performance Dashboard reports. Available in both the ITPro and DataOps configurations, this feature ensures tailored performance monitoring capabilities for diverse use cases. To configure the SQL Server edition during deployment: Portal Deployment: Specify the desired SQL Server edition during setup. Bicep Deployment: Use the sqlServerEdition parameter to define the edition. ARM Template Deployment: Set the edition via the sqlServerEdition parameter. Below is an example Performance Dashboard report from an Arc-enabled SQL Server using the Standard or Enterprise editions, highlighting comprehensive insights and monitoring capabilities. Cost Optimizations We optimized the storage costs significantly by changing the ArcBox Client VM data disk from Premium SSD to Premium SSD v2. This change allows for better performance at a lower cost, making ArcBox even more economical for various use cases. With this optimization, users can enjoy faster data access speeds and increased storage efficiency. We also introduced support for enabling Azure VM Spot pricing for the ArcBox Client VM, allowing users to take advantage of cost savings on unused Azure capacity. This feature is ideal for workloads that can tolerate interruptions, providing an economical option for testing and development environments. By leveraging Spot pricing, users can significantly reduce their operational costs while maintaining the flexibility and scalability offered by Azure. You may leverage the advisor on the Azure Spot Virtual Machine pricing page to estimate costs for your selected region. Here is an example for running the ArcBox Client Virtual Machine in the East US region: Visit the ArcBox FAQ to see the updated price estimates for running ArcBox in your environment. The new deployment parameter enableAzureSpotPricing is disabled by default, so users who wants to take advantage of this capability will need to opt-in. Along with the option to opt-in for Azure Spot pricing, we also added new parameters for enabling Auto Shutdown: Auto Shutdown is enabled by default, and will configure the built-on Auto-shutdown feature for Azure VMs: Summary The latest update to ArcBox not only focuses on new features but also on enhancing overall cost and performance. The integration of new operating system versions and management capabilities ensures a smoother, more efficient workflow for IT professionals, DataOps teams, and DevOps practitioners to evaluate Azure Arc services. We invite our community to explore these new features and take full advantage of the enhanced capabilities of ArcBox with Windows Server 2025 support. Your feedback is invaluable to us, and we look forward to hearing about your experiences and insights as you navigate these new enhancements. Watch our release announcement episode of Jumpstart Lightning and get started today by visiting aka.ms/JumpstartArcBox!758Views2likes0CommentsAnnouncing General Availability: Windows Server Management enabled by Azure Arc
Windows Server Management enabled by Azure Arc offers customers with Windows Server licenses that have active Software Assurances or Windows Server licenses that are active subscription licenses the following key benefits: Azure Update Manager Azure Change Tracking and Inventory Azure Machine Configuration Windows Admin Center in Azure for Arc Remote Support Network HUD Best Practices Assessment Azure Site Recovery (Configuration Only) Upon attestation, customers receive access to the following at no additional cost beyond associated networking, compute, storage, and log ingestion charges. These same capabilities are also available for customers enrolled in Windows Server 2025 Pay as you Go licensing enabled by Azure Arc. Learn more at Windows Server Management enabled by Azure Arc - Azure Arc | Microsoft Learn or watch Video: Free Azure Services for Non-Azure Windows Servers Covered by SA Powered by Azure Arc! To get started, connect your servers to Azure Arc, attest for these benefits, and deploy management services as you modernize to Azure's AI-enabled set of server management capabilities across your hybrid, multi-cloud, and edge infrastructure!11KViews9likes10CommentsOperate everywhere with AI-enhanced management and security
Farzana Rahman and Dushyant Gill from Microsoft discuss new AI-enhanced features in Azure that make it simpler to acquire, connect, and operate with Azure's management offerings across multiple clouds, on-premises, and at the edge. Key updates include enhanced management for Windows servers and virtual machines with Windows Software Assurance, Windows Server 2025 hotpatching support in Azure Update Manager, simplified hybrid environment connectivity with Azure Arc gateway, a multicloud connector for AWS, and Log Analytics Simple Mode. Additionally, Azure Migrate Business Case helps compare the total cost of ownership, and new Copilot in Azure capabilities that simplify cloud management and provide intelligent recommendations.1.6KViews1like0CommentsGenerally Available: Transition to WS2012 / R2 ESUs enabled by Azure Arc from Volume Licensing
Customers that have enrolled in WS2012/ R2 ESUs through Volume Licensing for Year 1 can transition to Azure Arc for Year 2 of the program by specifying their Volume Licensing entitlements (Invoice Ids) in provisioning new Azure Arc WS2012/R2 ESU licenses. Extended Security Updates afford customers with critical security patches for end of support Windows Server 2012/R2 machines.5.3KViews3likes3CommentsNew options for Extended Security Updates enabled by Azure Arc
Today, we’re announcing Extended Security Updates enabled by Azure Arc for Windows Server 2012/R2 and SQL Server 2012 (year 2 onwards), a new and enhanced cloud experience alternative to traditional Extended Security Updates (classic). With this new option, security updates will be natively available in the Azure Portal through Azure Arc for resources for up to 3 .41KViews2likes26CommentsThe first Windows Server 2012/R2 ESU Patches are out! Are you protected?
Receive critical security patches for your WS2012/R2 machines enrolled in ESUs enabled by Azure Arc. Follow these detailed instructions outlining all of the enrollment and prerequisites, so you are protecting your EOL infrastructure.9.4KViews1like5CommentsFive Key Updates on WS2012 ESUs enabled by Azure Arc
We’re excited to announce the public preview of the Azure Arc ESU Usage View and Transition Scenario from Year 1 Volume Licensing. Additionally, we have made a breadth of improvements to pre-requisites, billing service, and included capabilities.3.6KViews4likes2CommentsSimplify certificate management of on-prem IIS server with Azure Arc & Azure Key Vault VM extension
One common question which I’ve come across is certificate management for web servers. Usually when servers are hosted on Azure there are ways like storing certificates and secrets in Azure Key vault is a viable solution. I’ve come across customers who’re running servers in hybrid and few servers would still remain on-premises because of dependencies. For these web servers managing certificates is a costly affair. Common practice which I’ve seen is admin sharing the certificate with application team on some file share. This has few disadvantages. Storing the certificate in file share or on email. Based on the number of application team a lot of team gets access to certificates. Manually applying updated certificates once the expiry is near also finding which all servers this certificate is being used is a pain if you’ve a big environment with lots of web service. One better way to handle this scenario is to Store certificate in Azure Key vault centrally and Arc Enable the web server. One last step which will do the magic is Azure Key vault VM Extension. Which can be enabled on Arc Server as extension. This setup provides the advantages below. All the certificates are stored centrally in Azure Key Vault which is protected. No application team has got manual access to certificates, on-prem server will pull the certificate based on the managed identity assigned via Azure Arc. Once the cert expiry is near Admin/app team need to just goto Azure Key Vault and update the certificate with the latest version. Azure Key vault VM Extension will pull the latest certificate and apply the same to the website. $Settings = @{ secretsManagementSettings = @{ observedCertificates = @( "https://keyvaultname.vault.azure.net/secrets/certificatename" # Add more here in a comma separated list ) certificateStoreLocation = "LocalMachine" certificateStoreName = "My" pollingIntervalInS = "3600" # every hour } authenticationSettings = @{ # Don't change this line, it's required for Arc enabled servers msiEndpoint = "http://localhost:40342/metadata/identity" } } $ResourceGroup = "ARC_SERVER_RG_NAME" $ArcMachineName = "ARC_SERVER_NAME" $Location = "ARC_SERVER_LOCATION (e.g. eastus2)" New-AzConnectedMachineExtension -ResourceGroupName $ResourceGroup -MachineName $ArcMachineName -Name "KeyVaultForWindows" -Location $Location -Publisher "Microsoft.Azure.KeyVault" -ExtensionType "KeyVaultForWindows" -Setting (ConvertTo-Json $Settings) For auto renewal of certificate, we’ll need to enable IIS Rebind. This is how Arc VM Extension looks like when it’s enabled. Assigning permission to Arc server to fetch the certificate from keyvault. You can use access policy on Keyvault as well, it’s supported. Versions of the certificate/new certificate can be uploaded from key vault certificate blade and looks like below. If you’re renewing certificates and wanted to see if certificates are getting pulled down properly or not you can check error logs located here. C:\ProgramData\Guestconfig\extension_logs\Microsoft.Azure.Keyvault.keyvaultforwindows If you’re running Azure VM similar thing can be achieved : https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/key-vault-windows Cert Rebind in IIS: https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-85/certificate-rebind-in-iis85 Visit my Blog: https://www.azuredoctor.com/ Public blogpost: https://www.azuredoctor.com/posts/arc-keyvault/8.5KViews8likes5Comments