This Snipp describes the main steps to set up a VM as Azure Arc Server on Azure. For more details visit Reconfigure Azure VM von Microsoft Docs.
For VMs on Azure, we need to uninstall Windows Azure Guest Agent
Set-Service WindowsAzureGuestAgent -StartupType Disabled -Verbose
Stop-Service WindowsAzureGuestAgent -Force -Verbose
VERBOSE: Performing the operation "Set-Service" on target "Windows Azure Guest Agent (WindowsAzureGuestAgent)".
VERBOSE: Performing the operation "Stop-Service" on target "Windows Azure Guest Agent (WindowsAzureGuestAgent)".
WARNING: Waiting for service 'Windows Azure Guest Agent (WindowsAzureGuestAgent)' to stop...
WARNING: Waiting for service 'Windows Azure Guest Agent (WindowsAzureGuestAgent)' to stop...
And then block the access to IMDS
New-NetFirewallRule -Name BlockAzureIMDS -DisplayName "Block access to Azure IMDS" -Enabled True -Profile Any -Direction Outbound -Action Block -RemoteAddress 169.254.169.254
Name : BlockAzureIMDS
DisplayName : Block access to Azure IMDS
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Any
Platform : {}
Direction : Outbound
Action : Block
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
For Windows Server 2016 set the TLS version with
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
On the Azure portal add a new Server - Azure Arc resource and download the generated script ./OnboardingScript.ps1. On the server run the script.
./OnboardingScript.ps1
VERBOSE: Installing Azure Connected Machine Agent
VERBOSE: Downloading agent package
VERBOSE: Installing agent package
Installation of azcmagent completed successfully
time="2021-11-10T09:57:53Z" level=info msg="Loading AgentConfig file from: C:\\ProgramData\\AzureConnectedMachineAgent\\Config\\agentconfig.json"
time="2021-11-10T09:57:53Z" level=info msg="Onboarding Machine. It usually takes a few minutes to complete. Sometimes it may take longer depending on network and server load status."
time="2021-11-10T09:57:53Z" level=info msg="Check network connectivity to all endpoints..."
time="2021-11-10T09:57:54Z" level=info msg="All endpoints are available... continue onboarding"
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DJXUVZHNS to authenticate.
time="2021-11-10T10:00:52Z" level=info msg="Successfully Onboarded Resource to Azure" VM Id=5e36b216-afe3-455a-a26b-a490056db95c
To view your onboarded server(s), navigate to https://ms.portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.HybridCompute%2Fmachines
Create a Data Controller
az arcdata dc create --connectivity-mode Indirect --name arc-dc --namespace arcds `
--azure-subscription $sub --resource-group ArcRes --location eastus `
--profile azure-arc-kubeadm --use-k8s --storage-class local-storage
Check out the pods
kubectl get pods -n arcds
Create a managed instance
az SQL mi-arc create --name local-mi-01 --namespace arcds --use-k8s `
--storage-class-data local-storage --storage-class-logs local-storage `
--storage-class-datalogs local-storage --storage-class-backup local-storage
Restore DB
kubectl cp ..\AdvantureWorks2017.bak arcds/local-mi-01-0:var/opt/mssql/data/AdvantureWorks2017.bak -c arc-sqlmi
Export and upload metrics & logs
az arcdata dc export -t metrics --path metrics.json --namespace arcds --force az arcdata dc export -t logs --path logs.json --namespace arcds --force az arcdata dc upload --path metrics.json az arcdata dc upload --path logs.json