Forum Widgets
Latest Discussions
Lots of spam, is there a way to report and filter them?
Is there any way to flag or report these spam posts? As some of you may be aware, I've seen them multiple times, and sometimes they disappear for a while, only to come back later. This makes it difficult for important topics to stay visible in the forums. Is there a way we can help by reporting them? Makes any difference?Register now for the Migrate to Innovate Summit
Join the summit on March 11, presented in partnership with Intel. Stay agile, innovate for the future, and maintain a competitive edge by accelerating your cloud migration and modernization journey. Microsoft thought leaders will discuss the latest news and trends, showcase real-world case studies, and share how Azure can help you fully embrace AI. Join us to: Maximize business value and build the foundation for successful innovation by leveraging the latest Azure and Intel capabilities for your workloads. Dive into case studies and real-world examples showcasing how organizations have successfully transformed their business and how you can be next by migrating and modernizing on Azure. Make sure your cloud migration and modernization journey is using the best practices and strategies featured in product demonstrations. Register now > Migrate to Innovate Summit Tuesday, March 11, 2025 9:00 AM–11:30 AM Pacific Time (UTC-7)
LAB: Azure Arc Enabled Kubernetes
Below are the steps and commands you can use to deploy Kubernetes and connect it to azure arc. My test machine: Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-1021-azure x86_64) Kubernetes Distribution: Minikube Note: You need to follow different installation procedure according to the OS and processor architecture of your test system. The installation link provided in each step. Install Docker sudo apt update sudo apt upgrade #Install Docker #Link for Docker installation sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker -v Install Kubectl #Install Kubectl #link for kubectl curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" kubectl version --client Install Minikube #Install Minikube # Link for Minikube installation curl -LO https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube && rm minikube-linux-amd64 sudo usermod -aG docker $USER minikube start --driver=docker Connect to azure arc #Connect to azure arc az connectedk8s connect --name k8clust3 --resource-group myrd --location swedencentral kubectl get deployments,pods -n azure-arcLAB: Onboarding On-premises Machine to Azure Arc by using Proxy as Connectivity Method
What is Azure Arc? Azure Arc is a set of technologies that extends Azure management and enables Azure services to run across on-premises, multi-cloud, and edge environments. It allows you to manage resources such as servers, Kubernetes clusters, databases, and applications running outside Azure using familiar Azure tools and services like Azure Policy, Azure Monitor, and Defender for cloud. With Azure Arc, you can bring these resources into Azure's control plane, standardize operations, and apply consistent security and governance across your entire IT landscape. This simplifies hybrid and multi-cloud management while leveraging Azure's features, making it easier to innovate and maintain control over your infrastructure. LAB Architecture Lab pre-requisites: Set up and on-premises environment with an VM and Enterprise Proxy. An Azure subscription where we can on board machine. Understand the system, network pre-requisite. Plan Deployment Please note the hostname as this will show in azure arc portal once you on board machine into azure arc. Also, you can verify whether proxy is configured using command netsh winhttp show proxy Note: You don't need to use proxy connectivity option if your internet traffic is already routing via proxy in the network level. You can use this option if you need your agent to communicate via a different proxy which not already configured at network level. Steps to deploy: Generate Script to on-board on-premises machine: Go to Azure Arc-->Machines and Click on Create. Select an option best suited for you. I am using Add multiple servers Option Fill the details, provide your proxy sever URL. Provide service principal already have or create new one. Provide tags if you need. Go to download and run script option. Either you can download or copy the script and directly and run it in your machine. Update Service Principal secret inside script then the script is ready to use. Run the script in on-premises machine Go to on-premises machine PowerShell and run script. The script will install the Azure Arc agent and connect the system with Arc control Plane. Not necessarily these steps need to do by PowerShell. You are having multiple way to connect machine to azure arc. Eg: CLI, API calls etc. Please go through Azure arc documentation to know more. The following action will take place once you run the script. Azure Connected Machine Agent Installation Setting proxy configuration Connect machine to Azure Now your machine is onboarded, and you can enjoy all the services in azure. In nutshell you can treat your on-premises machine as azure vm and apply all the related series.Azure Arc Gateway with Custom internet Proxy: LAB
What is Azure Arc? Azure Arc is a set of technologies that extends Azure management and enables Azure services to run across on-premises, multi-cloud, and edge environments. It allows you to manage resources such as servers, Kubernetes clusters, databases, and applications running outside Azure using familiar Azure tools and services like Azure Policy, Azure Monitor, and Defender for cloud. With Azure Arc, you can bring these resources into Azure's control plane, standardize operations, and apply consistent security and governance across your entire IT landscape. This simplifies hybrid and multi-cloud management while leveraging Azure's features, making it easier to innovate and maintain control over your infrastructure. What is Azure Arc Gateway? If you use enterprise proxies to manage outbound traffic, the Azure Arc gateway lets you onboard infrastructure to Azure Arc using only seven (7) endpoints. With Azure Arc gateway, you can: Connect to Azure Arc by opening public network access to only seven fully qualified domain names (FQDNs). View and audit all traffic an Azure Connected Machine agent sends to Azure via the Arc gateway. How the Azure Arc gateway works Azure Arc gateway consists of two main components: The Arc gateway resource: An Azure resource that serves as a common front-end for Azure traffic. This gateway resource is served on a specific domain. Once the Arc gateway resource is created, the domain is returned to you in the success response. The Arc Proxy: A new component added to Arc agentry. This component runs as a service called "Azure Arc Proxy" and acts as a forward proxy used by the Azure Arc agents and extensions. No configuration is required on your part for the Arc Proxy. This Proxy is part of Arc core agentry and runs within the context of an Arc-enabled resource. When the gateway is in place, traffic flows via the following hops: Arc agentry → Arc Proxy → Enterprise proxy → Arc gateway → Target service Important Note: The Arc gateway feature for Azure Arc-enabled servers is currently in Public Preview in all regions where Azure Arc-enabled servers is present LAB Architecture Lab pre-requisites: Set up and on-premises environment with an VM and Enterprise Proxy. An Azure subscription where we can on board machine. Understand the limitations and system requirements: Limitations Please note the hostname as this will show in azure arc portal once you on board machine into azure arc. Also, you can verify whether proxy is configured using command netsh winhttp show proxy Note: You don't need to use proxy connectivity option if your internet traffic is already routing via proxy in the network level. You can use this option if you need your agent to communicate via a different proxy which not already configured at network level. Steps to deploy Azure Arc Gateway with Proxy Create an Azure Arc Gateway: Go to Azure Arc Gateway session, click on create and create an arc gateway Generate Script to on-board on-premises machine: Go to Azure Arc-->Machines and Click on Create. Select an option best suites for you . I am using Add multiple servers Option Fill the details, provide your proxy sever URL and select arc gateway created Provide service principal already have or create new one. Provide tags if you need. Go to download and run script option. Either you can download or copy the script and directly and run it in your machine. Update Service Principal secret inside script then the script is ready to use. Run the script in on-premises machine Go to on-premises machine PowerShell and run script. The script will install the Azure Arc agent and connect the system with Arc control Plane. The script will take care of proxy direction and arc gateway setting. Not necessarily these steps need to do by PowerShell. You are having multiple way to connect machine to azure arc. Eg: CLI, API calls etc. Please go through Azure arc documentation to know more. Azure Arc Enabled Servers The following action will take place once you run the script. Azure Connected Machine Agent Installation Setting proxy configuration Enabling and starting Azure Arc Proxy service Connection Type will set to 'gateway' Connect machine to Azure Now your machine is onboarded, and you can enjoy all the services in azure. In nutshell you can treat your on-premise machine as azure vm and apply all the related series.
Azure Arc enabled Servers unable to assess Updates
Starting yesterday, several of my Arc-enabled Win 2019 and 2022 Servers are unable to assess Windows Updates anymore. Error: "Assessment failed due to this reason: Not able to complete assessment within specified time." Is there anything I can do to reinstall "WindowsPatchExtension" as it won't automatically install itself after removing it from the Extensions? (It's not available for manual install, at least not via "Install extension" GUI)
Monitor a Hybrid computer shutdown in Azure Arc
Hi, I have created this alert to monitor when a Hybrid computer I have in Azure Arc is down. The computer is running but I am receiving emails. The query is not returning any values. I tried setting the threshold value to 1 but it did not work. Thank you!
Uploading files from IOT edge using Azure ARC Managed Identity
Customer want to upload files form IoT edge to Storage account in few cases and currently as per Microsoft document File upload is not supported link for IoT edge devices. As alternative we can use storage blob modules and we can upload the files to storage account as draw back we need to provide the storage account Access key link. Security is not ok with Access keys and SAS token. I have found that we can use Azure ARC managed identity to connect the storage account IoT Edge file upload using Azure ARC To overcome the security issues we have another solution which is Azure ARC , the advantage of Azure ARC is once we onboarded the IoT edge to azure ARC it will have managed identity using that we can provide access to storage account. On board the machine to Azure ARC Install the agent on the IoT edge and it will connect to Azure ARC as pre request only x86-64 (64-bit) architectures are supported https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication For an Azure Arc-enabled Linux server, using Bash invoke the web request to get the token from the local host in the specific port. Specify the following request using the IP address or the environmental variable IDENTITY_ENDPOINT. To complete this step, you need an SSH client. Pre request for storage account:- “Storage Blob Data Contributor” role should be assigned to Azure ARC machine Create a sample file and upload in to container to check the access from Iot edge device Generating Access token To connect the storage account, we need to generate the bearer token, use below token for generating the bearer token run this on sudo privilege mode and copy the bearer token in the note pad. Depends on the service which we are accessing from ARC server accordingly we need use the endpoint for storage we have to use “storage.azure.com” and for vault it will be “vault.azure.net” CHALLENGE_TOKEN_PATH=$(curl -s -D - -H Metadata:true "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F" | grep Www-Authenticate | cut -d "=" -f 2 | tr -d "[:cntrl:]") CHALLENGE_TOKEN=$(cat $CHALLENGE_TOKEN_PATH) if [ $? -ne 0 ]; then echo "Could not retrieve challenge token, double check that this command is run with root privileges." else curl -s -H Metadata:true -H "Authorization: Basic $CHALLENGE_TOKEN" "http://127.0.0.1:40342/metadata/identity/oauth2/token?api-version=2021-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F" fi Access the files using curl commands. We have uploaded a txt file on https://iot10084.blob.core.windows.net/roshith/hello_world.txt And we can validate the file using curl commands. Curl command to check the file contents. curl https://iot10084.blob.core.windows.net/roshith/hello_world.txt -H "x-ms-version: 2017-11-09" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiJodHRwczovL3N0b3JhZ2UuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzBkOTkzYWQzLWZhNzMtNDIxYS1iMTI5LTFmZTU1OTAxMDNmMy8iLCJpYXQiOjE3MDU2ODA4MjgsIm5iZiI6MTcwNTY4MDgyOCwiZXhwIjoxNzA1NzY3NTI4LCJhaW8iOiJFMlZnWUFpUWVkYnBkbkdLc09pRkF4TjVaSlZYaVYvZFdCOGtYTW84KzlrVTlzd1Vkd1lBIiwiYXBwaWQiOiJkMDM1ODk5Ni03M2FmLTQ4NjYtOGNjNi02NjIwNGIwNGI0MjMiLCJhcHBpZGFjciI6IjIiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wZDk5M2FkMy1mYTczLTQyMWEtYjEyOS0xZmU1NTkwMTAzZjMvIiwib2lkIjoiYzViYTVhMjItNjQxMy00ZmNhLTg1NGUtNjNmNWU1YTUwOGNjIiwicmgiOiIwLkFSOEEwenFaRFhQNkdrS3hLUl9sV1FFRDg0R21CdVRVODZoQ2tMYkNzQ2xKZXZFZkFBQS4iLCJzdWIiOiJjNWJhNWEyMi02NDEzLTRmY2EtODU0ZS02M2Y1ZTVhNTA4Y2MiLCJ0aWQiOiIwZDk5M2FkMy1mYTczLTQyMWEtYjEyOS0xZmU1NTkwMTAzZjMiLCJ1dGkiOiJ2WW5zTFVVdDZrNkRrMldGRnRraUFBIiwidmVyIjoiMS4wIiwieG1zX21pcmlkIjoiL3N1YnNjcmlwdGlvbnMvM2JmMjM0OTItYTVkMS00M2VhLWIyYzUtOWMwNmIwNDU0MjVkL3Jlc291cmNlZ3JvdXBzL3NkYzMtMTAwODQtZGV2LXJnL3Byb3ZpZGVycy9NaWNyb3NvZnQuSHlicmlkQ29tcHV0ZS9tYWNoaW5lcy9pb3RlZGdlIiwieG1zX3RkYnIiOiJFVSJ9.rCaw6mHd0JB4siUeIpG6tLMr18hSZHER3j0sBxnSLlKKbuhsZWBk34gJV2y5iGhTcUvC6-Wn9W1f3ccfDqx407hF3VyYDtiEudvimHyX1p8I1rXxHJbfOzvl-ebmTg-AY6mva0PMl6vHU2gY-bNqvDsQ3taWmWdEsJ8H-4H8KZ2ejQGl-AXNZsMMhFQ2TYYvctO7bjz7o6-jWvElFa93tL1qfCe49M8AIpbFSzTQPhDqjsuvjBg0YmgKgUv2CRf3FwMkBMvXn2FqrwQ6P0F2NK9n8wRj5YuoBfA1zcIb5GAprGIyH6ZzobdFYUzQgrgk6X4kpeITYum-_st0JpKa1Q" Result :- Steps to upload the files to storage account using REST API Create a text file using vi command use below commands to upload the files to storage account. Sample command curl -i -X PUT -T /home/roshith/test.txt -H "x-ms-version:2021-06-08" -H "x-ms-blob-type: BlockBlob" -H "Content-Length: 5" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiJodHRwczovL3N0bXXXXXXXXXX1OTAxMDNmMy8iLCJpYXQiOjE3MDU5OTU3NDAsIm5iZiI6MTcwNTk5NTc0MCwiZXhwIjoxNzA2MDgyNDQwLCJhaW8iOiJBU1FBMi8XXXXXXXXXXk8ybDhwU0I2b1IrcmpNPSIsImFwcGlkIjoiZDAzNTg5OTYtNzNhZi00ODY2LThjYzYtNjYyMDRiMDRiNDIzIiwiYXBwaWRhY3IiOiIyIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvMGQ5OTNhZDMtZmE3My00MjFhLWIxMjktMWZlNTU5MDEwM2YzLyIsIm9pZCI6ImM1YmE1YTIyLTY0MTMtNGZjYS04NTRlLTYzZjVlNWE1MDhjYyIsInJoIjoiMC5BUjhBMHpxWkRYUDZHa0t4S1JfbFdRRUQ4NEdtQnVUVTg2aENrTGJDc0NsSmV2RWZBQUEuIiwic3ViIjoiYzViYTVhMjItNjQxMy00ZmNhLxxxxxxxxxNDkyLWE1ZDEtNDNlYS1iMmM1LTljMDZiMDQ1NDI1ZC9yZXNvdXJjZWdyb3Vwcy9zZGMzLTEwMDg0LWRldi1yZy9wcm92aWRlcnMvTWljcm9zb2Z0Lkh5YnJpZENvbXB1dGUvbWFjaGluZXMvaW90ZWRnZSIsInhtc190ZGJyIjoiRVUifQ.TdO6e7OJsBWO812Gu75cGX3PGEHYEtGkJEN5yzXeyxjiY6GWvBZ0A6uZPffA-E67aZXudNdEqdtuq4KGBvifid2B-BNov0iwd4iLtTnepRLmtbybJleAp4KRtgqqZr0r6DI8-1sAHDg6h8B_5EqMQNTpGWpMtR0_tkEGFJlcqD2bxoS_TaQlBu6f3Ogsv-6LpXN8oYwYO2dlXTCgpg6B9iNZO2T8J6WR9gZZXf_FxRxuaN9gjH8_TCcRn5xHVyzq6PpVfJG2aNnyn9L8rEop57re5eVLo8Dl1z9zuaLXgd6VV0ic9ZbXQxdb_CH4E5SOgIDzgzwb3ez0EA72_q3Zpw" "https://iot10084.blob.core.windows.net/roshith/test.txt" Result:-
