 So good afternoon, my name is Jason Watson I'm delighted to be your new host today on what is now episode two of the third season of the show First of all, I want to say a big thank you for Tom Tom Hall who was out my predecessor and did a such a great job I'm sure is watching this and of course a massive thank you to you the audience for allowing us to give Giving you an excuse to keep doing these shows. Yeah Great look we love spending this time with you geeking out on all topics around Windows Server 2022 and It's come up to the end of month four now at Microsoft for me and the huge part of our culture is all about learning Which I'm loving quite frankly and but the idea of this show is to share that wealth and you know expand on that learning culture So each episode of from rock to the cloud We will have some of the world's most foremost figures in Windows Server to help you get whatever you need To know or just what you want to know about Windows Server And as always if you have any questions about the episode, please make sure you pop to me into the the comments section below So let's look at today's agenda. Yes below. Thank you very much Pierre Today's agenda and today's episode is all about managing your Windows Server with Azure For the next 30 minutes, I'll be catching up with yours truly here. Mr. Pierre Roman, I'll let him introduce himself in a second And we also have some elements as always a little bit of fun That that you guys can get involved with so please do stick around So From here on in We would like to introduce you to Pierre Roman who today is joining me Pierre Can you please introduce yourself to the audience who's watching? Yes, my name is Pierre Roman I'm a senior cloud advocate with Microsoft and you mentioned that the foremost experts The the world at foremost experts were on this show. They couldn't be here today. So you get me No, I've been I've been in it for and I'm going to age myself here for over 30 years How many more over How many more over 30? Uh, four more over 30 Yeah, well you've beaten me by two actually Pierre so uh, also show my I think it must be the gray, right? Yeah, you can tell by that's why I shaved the head that way that my my head my whole head is not silver But in that time we've managed everything from vax and and mainframes to servers to and now cloud So we've been go we've gone through multiple transition periods in the world where Like technology drastically changed the way we do things and cloud is here now and we're in the middle of this shift uh to the cloud and Don't get me wrong. Uh, we are at some point going to be mostly cloud-based, but I think that and Uh, Jason zander our uh, corporate vice president for uh, azure The last on the last in person event that he spoke at Uh said that's iBrid is now we realize that iBrid is our customers end state So when you're talking to Marketing people and you're talking to sales people are you talking to a technologist of any kind? And they're telling you that you have to migrate everything to the cloud. That's not true Yeah, iBrid is our end state but because of that we had to come up with multiple ways In easier ways to manage All of your machines regardless where they may be In the same way because nobody wants to have to learn Three different sets of tools to manage three different sets of machines Indeed not efficient silos. Absolutely and cost not cost efficient either right never mind operational simplicity Um, so too many balls in the air you're gonna drop one Indeed absolutely and i'm no juggler. I don't know about you No So shall we jump into today's topic? Absolutely. Are you ready? Yeah, so, um As I say the topic title is managing your window server with azure So i've got some questions pierre that i've kind of prepared I hope you're gonna be in a good position to answer them. I don't want to catch you out by any surprise or anything I'm sure that's not going to be the case. So let's look at question number one Shall we how does cloud services improve your on-prem environment? How does cloud services improve your environment? No first thing Is that cloud services are always evolving? So as New threats are coming in new management um paradigms are being Brought forward Those tools will be evolving and if you take advantage of them You don't have to Deploy everything again on-prem like I love System center Configuration management and all of that system center type of management tools that that are still available to date and are great great um management tools But anybody who deals with them knows that whenever there's an update It's it's a project in itself just to roll out the updates and you need an infrastructure to manage the infrastructure So you end up like a chicken and the egg. Well, how do you manage the infrastructure that's managing the infrastructure? Yeah by using cloud services you kind of Eliminate holes kind of layer of complexity over your on-prem environment But we're not just talking about on-prem environment. You may have servers on-prem. You may have servers in aws You may have servers at a hoster Uh somewhere else down the road Uh and some in azure Who knows maybe all of them all of the above maybe gp gcp as well You don't want to have to have different sets of tools for managing all of these or having Four times the same set of tools in four different locations. So you don't have a A top-down view of all of the responsibility areas that you have You don't have a top-down view of the health of your environment you don't have a top-down view of Whether or not attacks or occurring and where they're coming from and where are they going? So when we're looking at cloud What cloud services can do to help you manage your windows server environment? That's what it does is it simplifies that it allows you to take advantage of best of breed And all of the innovation that's being put into it all of the ai that's being put in the back of them Because you can collect as many logs as you want like I mentioned I've been in the business for a long time like one of my first job My my my role on monday morning was to go to the server room and log into every server and go as windows server Uh and basically go to events viewer and look for any red Stop signs on the event viewer and then investigate whether or not this was an actual critical that we needed to deal with Or was that just informational and so on? brain human brain's not meant to be going through hundreds and hundreds of lines of Of logs by by line 200 your brain's not even registering trends. You're seeing Yellows and greens and reds, but you're not registering any trends Yeah, absolutely. I mean this i'm assuming these are the days before you were utilizing more of a manager of manager type In the very early days of windows server Yes, yes very very early days before the tools like sccm and config manager Became available, but that's that kind of tells you what the involvement How evolved it's become But now the those that ai model that's sitting behind for example azure monitor or or Insight in azure It's already knows and it's constantly learning. It's taking Uh telemetry from from microsoft from our own for example security groups and for our management groups and our networking groups And it and it's uh putting models together and it's applying those models to your data To surface up potentially like threats potentially uh issues that are going to come up Um trends in terms of okay your cpu has been going Slightly on the upward trends for the last six months and at that rate we expense we expect that your Your workload is going to run out of resources on that server in six months So it does give you the opportunity to say, okay, what am I going to do with it? Am I going to move it? Am I going to add more resources to it? Um, am I going to split the load across multiple machine like it it gives you time as opposed to Getting the alert that oh that machine is out of resources and they're like now you are scrambling Yeah I was going to say in the risk of also taking something down right in the old days It'd be a reactive kind of situation. Nobody's running around frantically to go and fix things, right? So to be predictive is obviously a good thing Which kind of brings me up to the next question then Pierre so Kind of alluded to it to an extent now. What tools do you need to achieve this really? For windows server Uh, there's there's a little linchpin here and I and I talked about it this week on another show Uh, I it's it's almost like the lord of the rings. I like it's the it's the precious It's the one the one rule the one ring to rule them all. Uh, and I'm talking about azure arc So our arc enabled server Which by the way is free. So you deploy that to any server And what it does is it's identified. So if you got servers windows servers in azure The tools are available to you no problem But if you got on prem servers and if you got servers on other platforms Or at hosters you can deploy those agents to that server and what that does is it creates an identity from that server into the cloud Once you've got that identity that relationship between that on prem server and the cloud services Now it's really easy for you to say, okay on these servers that are on prem In a to b us wherever they may be and say I want to deploy patch management to those or update management as it's officially called. I want to deploy Um desired configuration state. There's a desired state configuration to them. I want to deploy Auto managed to make sure that they're backed up that they're protected I want to make sure that sentinel is using the logs of that machine so that we can if there is a Break-in if anybody gets compromised that we can actually trace and investigate Where where it came in and and how and what's been compromised So all of these require logs required metrics to require data And that is provided by that link that azure arc provides So can I just be clear then all those logs and data all still sit within the server arc is just extracting what it needs to understand Or is everything ported back up into arc as a central console back into the azure cloud? How does that work exactly no arc arc? Which is also in some cases misunderstood arc is basically the facilitator Arc creates the relationship and the and maintains the identity of those servers in azure Arc doesn't send any data over and only sends metadata About that server in terms of maintaining the relationship. So in terms of compliance and stuff like that No, no issues there Now if you decide to start monitoring that server using Other tools like azure monitor or microsoft defender or microsoft sentinel Or update management in that case you need to start ingesting some of the data in in terms of What all the patches are installed on each server and that gets brought in By azure monitor. So you roll out azure monitor agent So you tell basically arc take the azure monitor agent and deploy it on my servers So it deploys the agent and then azure monitor starts collecting that data It only collects what you tell it to connect to collect And it is uh, you manage where it's sent. So you basically create your log analytics workspace. So if you're in In england and graven and you have a a requirement to stay within the confines of the country You can define I want my log analytics workspace to be in in uh in england Or for me in canada And then once your machines are connected to it. They only send their data to that location So you control where and how much data is being sent But once that data is the in the azure monitor in the log analytics workspace Then other services like update management like sentinel start using that data in order to surface up This server is missing a critical update or that server has been compromised or there's been 20 admin log on Attempts on this particular Workstation or server and then you can start acting Or reacting to that or planning Based on the metrics that are being uploaded Yep, got it. So I think this is kind of rhetorical and you alluded to it earlier already alluded to it earlier in terms of cost Where does the cost aside? Is there a cost? I think you mentioned as your arc is is free of charge But i'm assuming once the other tools start to then Take effect, then there's probably going to be some kind of cost to that would that be a first thing Yes, so arc is to establish that relationship and exchange of that metadata. That's free. That's included in your subscription no extra cost When you start collecting logs and metrics from all of those machines Because you control how much of it you're ingest and what you're ingesting There is a cost for that log ingestion On log analytics, it's not a huge cost It's still significantly lower than if you would have to deploy your own System center configuration management infrastructure because you don't have to pay for servers. You don't have to pay for licensing You don't have to pay for anything else You pay for the ingestion of the data into log analytics, then if you deploy Sentinel or or Update management, then you're charged The same as you would be for an azure machine and I don't have the the the cost Associated with me. I try as much as possible to stay away from cost and licensing I I'm more of the tech guy and I leave the licensing and cost to the sales people And all the people out there who are clearly looking to sell these things and Kind of make some money at the same time, right? Yeah, I'm just looking at how we can use the technology in order to bring value to the Enterprise. I know there's a cost associated with it But the cost is you you have some control over how much it costs because you have a control over how much data you're ingesting And then for like azure sentinel, there's a cost per machine to be protected And I think as you mentioned Sorry, I think as you mentioned as well and one of my former roles as infrastructure management and tools and so on and so forth And you know They sometimes take a lot of effort to maintain If there's you know to the point that cost comparison with something like azure Doing some of this work or all of this work in comparison to the build your own type scenario Is going to be pretty significant regardless, right? It's absolutely going to be a significant considering too that We're now looking at hybrid. So it's not just on prem machines, but it may be your hoster's machine And maybe your aws machines. So imagine if you had to set up this environment Let's set it up four times and then set up some kind of of link so that they could Exchange that data so that you could have a top-down view of your entire environment Yeah, are you gonna say single pane of glass? I was going to but i'm trying not to as much anymore because it's it's the term that's been overused I think Yeah, I have a thing I have a thing for for for marketing terms like everybody that keeps talking about Skilling when yeah, I just okay. We've been calling it training for like ever. Why are we suddenly have to change the term? Indeed. Yes or empowerment perhaps So in terms of all that where do you think you know the benefits would be who would you know? Would it help security companies or government departments? For example, where do you think the best area of of where this fits? I'm going to give you the consulting answer and say it depends but I'm sharing a slide here That's kind of like a top-down view of everything that we have And if you're looking at that one where you have your your services across your infrastructure and your infrastructure can be on prem in azure somewhere else anywhere And then through azure arc and that's metadata and that identity that's created You can have like defender and sentinel monitor azure policies, which we management loves especially when you have Uh compliance and regulations that you have to apply to because you set up a policy and you can apply to all your machines regardless where it is So in terms of password management in terms of auditing in terms of guest configuration management You can set policies And even have remediation tied to those policies. So if a machine drifts out of policy It can be brought back into policy update management inventory management azure auto manage, which is newly added to that list where the backup of that machine the auto Updates all of the normal stuff that you would normally set up on a machine Just gets turned on by default Yeah automatic you just say auto manage this machine and it takes care of the rest in the background Of course, there's always a cost associated with some of those services But there's something in there for there's something in there for the it guys and and girls that need to uh Have a visibility and alerts into resources and utilization of those resources through azure monitor azure monitor alerting Uh, there is something in there for the security groups that with microsoft defender and microsoft sentinel There is management For azure policy update management inventory management like there there are a series of tool To basically cover everyone And it's just a matter of turning it on Once the uh the relationship with azure is created with the arc enable the arc agent And that's what I call like the agent is like that the agent that rules them all because it will manage installing all of the other agents As you require them Once that relationship is done then you can take advantage of all these tools and that list is just growing Indeed. Yes. I mean the seems to be new services coming out of constantly, right? And yeah, and I wouldn't be surprised if at some point We don't end up having no difference in terms of what's available in terms of management tools for whether or not your machine is On-prem or whether or not it's in the azure cloud Yeah, good Great. Listen. Thank you. We're going to do some recapping of some of these key points towards the end of the shelf here Um But now we're going to move on to what I think is you know, this is my first time I've doing this Let's see what happens This is the part of this show. It's called the server acronym review Um, and I think like everyone involved in the tech world I kind of we all love a long confusing acronym and certainly my time in microsoft I thought I'd had lots of acronyms before my friend, but my goodness me there is There is it's just a plethora of acronyms out there So but look luckily for us the producers have found a few server acronyms to show us We're going to put ourselves on the spot. I haven't seen these up to now. Clearly you haven't Um, so let's see if we can guess what they are We'd love you guys out there to pop your thoughts in the comment section below Tell us what you think about these acronyms. Uh, tell us what you think of us, whatever it may be um, but let's Let's let's move ahead now. Um aas or do I dare say it arse Well, I was going to say my dyslexia kind of played tricks on me there for a second Uh, I thought it was something inappropriate, but anyway, um Air as a service perhaps I'm thinking I was thinking No, was I thinking azure as a service? No, it can't be can it azure is a service automated Something system automated audit system. We're gonna get some clue as your analysis services Okay, well, I should have known that one You should have I'm still learning clearly. I'm month four. So, you know, I've got an excuse here, right? Um, shall we move on to the next one? Sure Oh database management system Hey, I was gonna say that Yeah, this one has been around for decades. So the acronym is not new Uh, the acronym was not do we have any more out there? We've just got the two I think that could be it. So look I've been taking a couple of notes here. So let me try and recap if I can um in terms of, you know Overall azure arc scenario arc enables that on-premise So interconnect It comes at no cost Um, if you start there for consuming services around azure, there clearly is a cost But then if you start offsetting that against other options It's still a significant saving massively improved simplicity operational simplicity Gives you obviously a you know a single pane of glass Across both your on-prem And your public cloud azure Uh infrastructure, shall we call it any cloud Any cloud has got oh, yes, of course because we can move it into different clouds as well, right? um, exactly And you know things like the AA models the data as I say simplifying the operation um Anything else you want to add to that in terms of recapping? well This is the the main tool in terms of managing managing windows and linux servers in a hybrid model There are other tools, uh, such as like for example the windows admin center Which is kind of like managing servers on-prem, but also is now a dedicated Plane a blade on azure, so it's embedded into azure to manage servers So so and those tools have kind of like overlapping capabilities and sometime complementary couple capabilities So in on-prem through the windows admin center, you could go to the hybrid center and basically enable Or turn on an arc identity through it. So there's metal. That's just another way of onboarding a server into arc But windows admin center is Also a great set of tools if you don't have a cloud footprint So it all depends on it all depends on where you are in your journey Some customers are going to be On-prem only some customers are going to be cloud only and the majority of customers are going to have a foot in both worlds So tools are there regardless. Uh, what your situation or where you are in that journey Absolutely. Absolutely. Listen piet, thank you so much for your time today It's been an absolute pleasure meeting you for the first time listening to your Expert knowledge of one of our world's leading experts. I know you said you weren't but from what I heard today I would completely disagree um and For you guys out there, please keep an eye out Right here on it obs talk linkedin or youtube for the next episode, which I will again be hosting for the rest of this series I'm not quite sure who's going to be joining us next time. But hopefully they're going to be well equally if not Probably not near as good as what pier has but i'm going to say that to next guy as well or lady for that matter So look remember to drop your thoughts below and thank you very much for joining. It's been a pleasure. Thanks again, pier Thank you. All right. Thank you Cheers. Bye. Bye