Azure Automation Hybrid Worker with Azure Arc Enabled Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we use Azure Arc enabled hybrid workers with Azure automation [Music] hybrid workers extend the functionality of azure automation outside of azure and into on-premises or multi-cloud environments coming up we go over how to configure and use Azure Arc enabled hybrid workers before that please like subscribe click the Bell icon for notifications of new content your support for this channel is greatly appreciated become a member for Early Access to videos ad free while private and check out my courses on Azure virtual desktop and hybrid identities with Windows ad and Azure ad on udemy.com let's get back to it with the most important question why why should we care about hybrid workers here's the value proposition automation of any kind is good I think we can all agree on that what makes Azure automation great is we can use it outside of azure with Azure automation we can create automation scripts or run books in a centralized location we can manage the code with Git if we want to add versioning and group authoring and with a hybrid worker we can extend as your automation to your on-premises or multi-cloud environment Azure automation provides a single solution for managing automations across the entire organization not just within Azure we extend Azure automation's functionality outside of azure by deploying hybrid worker agents on servers inside a private Network on premises or in another Cloud both windows and Linux are supported for the hybrid worker agent a hybrid worker is a member of One hybrid worker group we can add one or more computer to the group having multiple workers provide High availability if one becomes unavailable the hybrid worker connects to Azure automation over TCP Port 443 no inbound ports are required when we create the runbook job we target the hybrid runbook worker group the worker checks in every 30 seconds and runs the code locally a worker can only be a member of One worker group one important thing to note we can add Powershell or python modules to our Azure automation account so they're available to the runbook that doesn't extend to hybrid workers we have to manually add the modules to the workers so that they're available on the runbook be sure to update all workers in the worker group so the modules are consistent the runbook on a hybrid worker runs under the default system account in Windows and the NX automation account in Linux we can add custom hybrid worker credentials for the job to use if needed custom credentials do not support MFA and something else to know there are two types of runbook workers there's a system worker this is used by update management and runs hidden run books to update the system and the other type is a user worker this worker is part of a worker group and supports run books outside of azure we add a user worker by installing an agent there are two types of agents available for a user worker the agent-based version 1 hybrid run book worker relies on the log analytics agent the newer version is the extension-based version 2 hybrid runbook worker the extension-based agent relies on Azure Arc to add the extension to an arc enabled server this is the most current option and we'll use it in this video in order to use the extension-based hybrid runbook worker on a non-azure VM we need to add it to Azure Arc with the connected machine agent there's a wide range of both windows and Linux servers supported for the connected machine agent and the hybrid worker extension once the server is Arc enabled we can add the hybrid worker extension let's hop into the portal next to create a hybrid worker group the lab has two windows servers on premises and one Azure automation account already set up to create our hybrid worker group We'll add the connected machine agent to add the machine to Azure Arc then add the hybrid runbook worker extension finally we'll test a simple run book to verify it runs on the hybrid worker let's go to our Azure automation account to get started here we are in the Azure portal let's start by adding a hybrid worker group go to hybrid worker group we have an empty user hybrid worker group and if we go to system hybrid worker group this one is empty also but if we used update management it would look like this these are all system hybrid workers we can't Target them for automation jobs we do that with the user work group let's go back to user hybrid worker groups we'll create a new hybrid worker group the worker groups are targeted for the automation job not the individual server having multiple servers in a work group provides High availability we'll create a new one give it a name work a group one for this example we can leave the hybrid worker credentials set to default with this setting the job will run under the local system account credentials on the server we could add different account credentials for the hybrid workers the job will run under the context of that user this is helpful if you want the job to access something like network resources we'll close that leave it to default and go next we can add VMS at this point but let's skip that for now and go next to review and create and create once that finishes we can hit refresh and we'll go into the worker group from there go to hybrid workers click add to add a worker there's a list of VMS that we can add the hybrid worker agent to but these are all in Azure we want to add servers that aren't in Azure let's fix that next in order to use the version 2 extension-based hybrid worker role on a non-azure VM we need to add the Azure connected machine agent part of azure Arc once the computer has that installed we can use a lot of the same management options available for Azure VMS including adding the hybrid worker extension let's add our non-azure servers to Azure Arc next so we can add the hybrid worker extension search for Azure Arc if we go to servers we don't have any servers yet go to add we get a couple options to add servers to Azure Arc for this example I'll pick the first option to add a single server this is for adding servers one at a time there are other options for this example I'll take the simple manual way by the way if you'd like to know more about Azure Arc leave a comment below if I get enough comments I'll add some Arc content we'll click generate script we get a prerequisite screen make sure servers we're adding have outbound Port 443 available and we have a local admin password go next select the subscription and Resource Group I'll add a new Resource Group Arc hybrid RG for this example select the region Central us for this example and we're adding Windows servers the servers we're using have access to the public endpoint go next to tags and here we'll add some values to these tags you can add whatever you'd like my data center is at home city is Minneapolis that's in Minnesota and the U.S you can add additional tags if needed once finished click next we end up with a Powershell script that we can run on the service to add it to Arc there's an option to download the script or you can copy the script let's click copy now that we have the script let's hop over to our non-azure server so we can add the connected machine agent this step will onboard it to Azure Arc here we are on our non-azure server I'm going to paste in the contents of that script and if you use the copy button it doesn't include the line breaks it pastes in as one line so one other option if you want to take a look at the full script is either you can download it and then copy that full script over to the new computer or we can jump back real quick and highlight the code that's on the screen copy that and then we'll paste that in it doesn't need to be formatted this way it just makes it easier if you want to look at the code you're running but one important note before you run it install edger Chrome if not already added and set that as the default browser or disable IE enhanced security configuration we need to sign in to Azure as part of this install and if internet explorers the default browser within the hand security it will fail to authenticate once we have that set we can highlight and run this will install the Azure connected machine agent it may take a minute to finish if prompted open up with add your Chrome not Internet Explorer sign in to the tenant with an account that includes the contributor role or the Azure connected machine onboarding role on the subscription we signed in and now it's finished installing let's go back to the Azure portal we'll go back to Azure Arc in Azure Arc server if we hit refresh we see our new arc enabled servers if you have multiple servers that will be part of the hybrid worker group run the script on each to add them to Azure Arc next we'll go back to our Azure automation account and add the agent from our automation account go to hybrid worker group open up our hybrid worker group go to hybrid workers click add it shows all available servers changing the filter to type equals server Azure Arc we'll apply now we see the servers that have the connected machine agent this example there's two one would be fine as well we'll select them and then add this step adds the Azure automation hybrid worker extension to the computer deploying it through the Azure Arc agent we'll give it a minute to finish the job finished let's refresh now we have our non-azure hybrid workers in the worker group Let's test it with a simple command go back to our automation account go to run books we'll create a new runbook give it a name computer name for this example select the runbook type Powershell set the version to 5 1 add a description if you'd like and create let's give it a very simple command we'll view the computer name using the environmental variable this will simply output the computer name save it and go to test pane for the first run leave it set to Azure and click Start this lets us view the output without using the hybrid worker and the output is simply client now let's switch to the hybrid worker select the hybrid worker group we set up and start it finish and now it shows the computer name for one of the computers we added to the hybrid worker group that's a good indication it's working let's exit the test and publish let's schedule a job to run on the hybrid worker group now that a runbook is published from within the runbook go to schedules we have to create a schedule with a new automation account we'll go add schedule go into the schedule give it a name computer name for this example we can leave the rest set as default great and now go into configure parameters select run on hybrid worker and make sure our worker group is selected and ok and OK again now when the job runs it will run on the hybrid worker we can wait for it to finish or start up manually by going to overview in the runbook and select start here we'll select our hybrid worker make sure the group we created is selected and click ok that starts the job give it a minute to finish once finished go to Output and there is our hostname that is how to use Azure Arc to enable non-azure servers as hybrid workers in a hybrid worker group I hope this helps you with deploying an Azure automation hybrid worker group with Azure Arc enabled servers please don't forget to like And subscribe and thanks for watching

Info

Channel: Travis Roberts

Views: 6,470

Rating: undefined out of 5

Keywords: Azure Automation, Azure Runbook, Azure, Azure Automation Hybrid, Azure Automation Tutorial, Hybrid, Hybrid Worker, Arc, Azure Arc, Worker Group, On-premises, Multi-cloud, Automation, Automation Runbook, Azure Automation step by step, Azure Automation Log, PowerShell, python, runbook, hybrid worker, Script, Azure Walkthrough, free, free tutorial, cloud admin, cloud computing, system administrator, Modules

Id: LJWtAqEvZ1o

Channel Id: undefined

Length: 13min 54sec (834 seconds)

Published: Sun Nov 27 2022