 Good morning, good afternoon, good evening, good night, I'm not sure when you're watching this. And welcome to another Learn Live Edition. Today, my name is Bert Wolters and for that instance, tomorrow my name will be the same. And I hope the same goes for Kirsten. Kirsten, good, well for us it's now good morning still I guess. Yes, Bert, it's good morning. Hi from me to the audience. Let's introduce ourselves. I'm sitting in my caravan, I'm at a customer side and I got free for this learning life event but after that I will install Azure Stack HCI at the customer and go on with it. My name is Kasten Rachfal, I'm a Microsoft MVP like Bert is. I'm a cloud and data center management MVP and also an Azure MVP, so cloud and data center management. It's all on premises, I always say, and Azure is all the cloud, so I should be the perfect hybrid MVP. Bert, what's with you? I think you are in the cloud already or all in the cloud, right? Yes, I am all in the cloud already and one of the reasons why you are such an inspiration to me is because you have the two check marks who are and data center and an Azure MVP and that's double the greatness in my book. My name is Bert Volters, as I already said, I'm an Azure MVP and I've been working with Azure for the last 10 years approximately and I do that from the Netherlands, that small itty-bitty country next to our big brother Germany. Yeah, and I'm from Germany, not the big brother. My heart is still on premises, so I do a lot of installations, Hyper-V, storage bases direct and now we have the great Azure Stack HCI and this learning life is about ARC, so the great Azure ARC possibilities and a bit Azure Stack HCI. So where can the people find us and go with us through the model? So if you can go to HTTPS double slash aka.ms slash learn live dash 2022 0505B, you can interact with us. I also, if you'd like, have a very long URL that's on docs.microsoft.com slash learn that I'll spare you for now. But they can scan the QR code, right? So this will also lead to the website. Karsten, weren't you the on-prem guy, the old world? Yeah, but I have a smartphone now for half a year, so I know what a QR code is. Ah, nice, okay. So if you're not familiar with QR code yet, that's that thingy in the left bottom corner and if you open the camera on your phone and you hold it in front of your screen, I know that kind of looks silly like this. You should be able to scan it and it will take you to wherever we go today. And today we are going in full hybrid mode. I've never seen Karsten in a full hybrid mode, so that will be fun. We are going to talk today about integrating Azure Arc with Azure Stack HCI. And Karsten, you just told us that you're going to install an Azure Stack HCI right after this session. But what the hey is an Azure Stack HCI? If you haven't heard of this yet. Yeah, I give you a small introduction. First, Lauren said that there is also in the chat in the YouTube chat where you were watching is also the link to go through the module. So what is Azure Stack HCI? I had, I think two or three weeks ago, I had another learning session with another MVP Andy from the US. And we talked about the basics of Azure Stack HCI. But imagine you have the goodness of Hyper-V. So the Microsoft Virtualization platform running in a cluster and most of the people who do that still on premises use a sand storage. So the good old way with lands and you present them to the hypervisor. But there is a newer concept. It's called HCI, so hyperconverged infrastructure. In essence, you have a storage cluster. So you build your data is in your Windows server or Azure Stack HCI cluster. And on top of that, you have also your virtual machines. So you have, for example, a phone node cluster with disks, with NVMEs, with SSDs and the VMs are also running in that. And it's not a new offering from Microsoft. Azure Stack HCI is quite new. It the first edition came out in December 2020. But it uses all the great technologies from Windows Server and storage basis direct in Windows Server came out with Windows Server 2016. So the technology is already six years in the operating system. And Microsoft did a, let's say, unquote, a fork of the goodness in Windows Server. Get rid of everything that you don't need for virtualization and clustering and storage basis direct. So we don't have the possibility in an Azure Stack HCI OS to install a domain controller and active director. It's pure the stuff you need for virtualization and edit the hybrid functionality from Azure. So the Azure Stack HCI is installed on hardware that is on-premises. So at the customer, it's not a solution that is running in the Azure data centers of Microsoft. It's a solution for on-premises. For example, I'm at a company in the moment that is a big dairy, so they produce products out of milk. And for that, you need for the production, you need some things that you can't do from Azure. Because in Germany, we have still a latency of over 20 milliseconds. It's not like in the Netherlands where our data center is right around the corner, right? So there are still some scenarios where you must have your hardware on-premises. You can't really do that in Azure. And Azure Stack HCI is the perfect solution for those scenarios. And also for people who have other requirements that can't be fulfilled with Azure, it's also a good solution. So Windows Server is still there. Storage Basis Direct is also still there. But the new offering where Microsoft does great new stuff and who is interested, go back to the other learning live module that's recorded. And we will have some more learning live modules about Azure Stack HCI. So short introduction of Azure Stack HCI. But now back to Arc, and that's your part. What is Arc, Bert? Well, Arc is kind of a one-stop shop where you might say, well, I've got my stuff in all places and I've got it in Microsoft. There are other companies that also say that they offer cloud services, not that I'm aware of any names from that space. But I hear that from customers that other companies might offer similar services. You might have some stuff in your own data center. You might have stuff running at some kind of hosting provider. And Azure Arc tries to bridge the gap in manageability across all of those locations. Yeah, we have some great slides about that. But first, let's introduce our moderator. So you can ask questions in the chat if you have questions. And they will pop up in the live stream and we can answer them. So let's go to the next slide. I think we have two moderators today, but I think only one is in the slide, right? It's only Flora. I only had a blank slide for our moderators because they're so modest. And they always stay in the background. But we have two Microsoft employees helping us with it. We can't really watch on all the channels what the questions are. So let's go to the first model or give them an overview. What we talk about today, Bart? Yeah. So today will be a stepping stone up into the world of Azure Arc, and specifically with HCI. But again, this will be a guided tour. Corset and I will ease you into all of this maybe new material for you. We're going to look at Azure Arc, its components, how is it built up, and a couple of use cases. Now, if you followed along in earlier editions of Learn Live about Azure Arc, you might already know this company called Contoso. I've never visited them, but they seem to be a quite big company. And all of the use cases are presented by likes of the Contoso company. So our first learning objective for today is what is Azure Arc? Next, we're going to look at the principles on how to integrate Azure Arc and Azure Stack HCI. And if you are really lucky today and the demo gods are with us. I hope they will. Yes, I hope for you, Karsten. Karsten will also show us some of the stuff that Azure Arc and Azure Stack HCI can do together. And of course, we will describe for you the benefits of having Azure Arc combined with Azure Stack HCI clusters. What are the things we can do if we would have Azure Stack HCI running in our data center and let that be managed by Azure Arc? And maybe Karsten can also at the end have a look at what kind of stuff do we need to do if, I'm not saying that this will happen, but if Azure Arc will fail. Do we now have a totally unmanageable HCI cluster? No, we will not, Karsten. You're such a spoiler. Yeah, we will see, we will see. This was a great cliffhanger to keep people engaged till the end, because everyone needs to know. I think I show Azure Stack HCI a bit in Arc, and we also will install Arc on a server live. So to give some, to deviate a little bit from the slides, it's a very slight heavy presentation. So I put in two demonstrations, and I hope that went well, because they are really live. Suspense is killing me, too. Okay, let's go to the first module, shall we? And oh, by the way, Karsten, with a live demo, you mean a pre-recorded version, right? No, no, no, no, it's really live. It cannot fail. It can, it can. I will give my best, and we are live. So it will be a fun session, but it won't fail because I know Karsten, and Karsten does everything the German way. Never fails, right? So in this module, we will look at the fundamentals of Azure Arc, how it's used to bring new capabilities over time to management and to monitoring of your Azure Stack HCI plus to the skill, because this is the fun thing, right? Once you have onboarded in this Azure Arc, you might even call it an ecosystem, it just doesn't stop. You might have new features coming your way in terms of manageability of that stack month by month, because once you are onboarded, Microsoft, through what we call extensions, can add more capabilities, more features. So again, this is cloud. This isn't just stopping at the first implementation. This is an ongoing process, and I refuse now to call this a journey because everyone calls cloud a journey. I'm not one of those guys. So looking at this module, I kind of gave it away a bit. We do this by using the name Contoso as a fictional company name, medium-sized financial services company headquartered in London, England. This might now be a compliancy thing with the whole Brexit stuff. Exactly, I was thinking the same. It's not for you anymore, right? Let's not go there. Yes, we know that. And they have options around the world. We can put it in Amsterdam if you want to. Thank you. Well, I know a few big companies just left Amsterdam because of the tax climate. But again, politics, politics, let's not go there. So what is Contoso running? In fact, they are still heavily relying on the Windows Server platform. They are running virtualized workloads on Windows Server. Unfortunately for them, still 2012 R2. They didn't listen to Kerstin that good, I think. But they also have a couple of hyper-v-hosts already running 2016. They're internal IT staff from Contoso. They already know the Windows ecosystem. They're well equipped with Microsoft Knowledge from back in the days. They know their Windows Server. They know their domain controllers. They know their stuff on-prem. Can I add something, Bert? You mentioned Windows Server 2012 R2. And many people, I know, many companies are still with their workloads in Windows Server 2012 R2. And here is a good thing that we have in Azure. It's the extended security update. So if you move your Windows 2012 R2, Windows 2008 R2 to Azure, you get extended security updates. Why do you need that? Because next year, Windows 2012 and Windows 2012 R2 will go out of support and then Microsoft will not offer any security updates anymore. And that's in today's climate with all the security issues ransomware. So it's very important that your operating system still has active security patches. So the best way, of course, would be to get your workloads out of Windows 2012 R2 in a newer operating system. Let's say Windows Server 2022. You get a lot of advantages, but larger companies sometimes have some timing issues to really move all their VMs. I know a customer who has over 1,000 VMs where we're just sitting. And a lot of them are still in Windows Server 2012 R2. So if you move those to Azure, you get those extended security updates. And now the segue to Azure Stack HCI. Azure Stack HCI for Microsoft is Azure. So we get the same extended security updates for Azure Stack HCI. So if you move your virtual machines from Hyper-V with Windows 2012 R2 or even older down to Windows Server 2008, you get these extended security updates for another three years. And this offer is free in Azure and in Azure Stack HCI. Just wanted to mention that because what's described in the Contoso scenario is for me at my customers quite a reality. So it's not something you would say. In Azure, we are most of the time faster, but on-premises, a lot of dependencies are there and you can't move so fast from one operating system to another. Sorry to interrupt you, but... Yeah, no worries. But you're absolutely right because every time I do a workshop at one of my customers about upgrading Windows Server editions or moving away to public Azure, for instance, I always say you could also move your 2008 R2 or later VMs into Azure for extended support. But you don't run them anymore. Do you? Each and every company? Yes, we do. We don't talk about it, but we still have those things. So it's a reality for everyone, I think. Instead of maybe the startups, the hip and shiny people out there who do everything serverless and functions and logic apps, and yeah, until they start to use other software from the past. True. So, again, Contoso is kind of the reality company, a fictional reality company we're using throughout the series to map back to whatever scenario we're kind of looking at. So, first point of business. Characteristics and capabilities of Azure Arc. What is it? What can we do with it? And from the people who produce the show, we get our content and we get great definitions. You know, back in school, when you were learning how the world looks and how the weather goes across the globe and you had to learn all kinds of definitions, wasn't that fun? Maybe for you, not for me. So Azure Arc can be perceived as being the core component where you can integrate non-Azure resources with Azure. So let's say you've got this crazy management team who manage all services and they have to remember how to log into other cloud vendors stuff. The data center, the secondary data center where you keep all of the stuff for your failovers, those tedious applications that run elsewhere, you know, where we have a contract which they will run our stuff for us where we don't really know where it runs. Hmm. This is what glues everything together. Well, if you start and use this. And I already kind of explained why because it is getting more and more complex. Especially if you look at the data space and you want to be able to work with a consistent data set but now you have SaaS applications and the data in those SaaS applications needs to be consistent with your HR database and your HR database needs to be consistent with your identity provider. And how are you going to maintain all of those resources? Well, Azure Arc, there's your answer. It can run on different hardware in different data center locations, in other public clouds, in maybe other private clouds, and of course at the edge. And how does that then look in a schema like this? It is a wrapper but a very big remark to take into consideration as your Arc provides you with management capabilities. Why do I want to emphasize that? Well, I can look at all of those resources from a management perspective in one view. But can I also make sure that I can log in to certain VMs from Azure Arc? Hmm, or is that still something that is defined on a per VM basis? Through an identity provider? No, this works on the management layer. This gives you insights. This will give you possibilities like compliancy insights. Are all of those things compliant to my business standards or not? And if not, then I can of course remediate that. So Azure Arc really works on that management layer. It's all about gluing everything together. So resources in different customer locations can be made insightful by Azure Arc, but still be maintained by local management tools. So let's say your company has been compromised and those evil hackers have gained control of your local management tools. Azure Arc isn't a fixer-upper there. You need to go in and fix the access to the management tools. It's not like the panic button to fix everything. We even have a kind of a limited set of resources to support. So the thing it will give us is a form of uniformity. If you are already accustomed to working with Azure CLI to maintain and manage your stuff running in public Azure, you can also manage and maintain resources in your own data center. If you're accustomed to working, for instance, with Azure Policy, super-duper feature, I really love Azure Policy. For the people who don't know what Azure Policy really, really is, imagine you are off to a bowling party. And I don't mean the drink. I mean, I think it's a sport, right? It's bowling, yeah, it is. It is a sport, right? Yeah, OK. For me, everything with a bowl seems like a sport. Now, you can bowl on a professional level. You've got your bowling lane, and you've got those two gaps on the sides of the bowling alley, where my bowls always kind of tend to go. Or you can put up those safety racks on the side of the bowling alley. That, for me, is Azure Policy. They are my safety racks in Azure. If my company doesn't want me for security or compliance reasons to deploy my stuff in East US, because I'm Dutch. We have a West European region here. I need to always deploy everything in West Europe. I can enforce that using Azure Policy. Even if you are the super-duper admin, even if you're the Kerstin Rachfauw of your company, you can do that. What you can do is remove the policy, do your illegal thing, put back the policy. But then you are logged, my friend. That is audited, and you will receive a cardboard box on your desk, and you may go. That is Azure Policy. Azure Policy is cool. So let's dive a little deeper now. Now we know what Azure Arc can do and see what kind of resources is it supporting. So of course, we start at the basis of every IT environment in the world. Still, Azure Arc enabled servers. We can onboard Linux and Windows virtual machines and provide a sense of management across those virtual machines. And I know lots and lots of companies are saying, we are going to the cloud. We are not using virtual machines. Each and every company I know, I visit, still have a couple of VMs somewhere. Maybe they aren't in the amount of five or 10 years ago, but we still need them. We still love them. We still call them. Yeah. Bert, and you think VM, but we can also put it on physical servers. There may be some customers who have still physical boxes. What's a physical server? Can you maybe explain to them? Well, where the application directly runs on the hardware, we don't have virtualization, but you know that, Bert. Not everything is in VM, most of it. And what I find amazing is that we can do that for Windows. Microsoft is the Windows company, right? But you see there is a word, Linux. Linux, I don't know how you pronounce it correctly. Linux, we call it in Germany, but we can even do that with Linux. And that's for me, it's really amazing. So Azure can also manage not only Windows servers, or but also Linux machines. We love everybody, and especially Linux penguins, yes. Exactly. But that is on the operating system level. Then we have some very specific resources we support. SQL server instances, for instance. So yes, we support the operating system underneath the SQL server, but also we can manage that SQL instance on top of the OS. And then for, if we're just calling out names right now, another hot name right now, Kubernetes. It supports a whole lot of Kubernetes distributions. And I'm not sure, but I think with Kubernetes, we can now do anything. If I understand the meanings in the board rooms correctly, we might be even able to wash our windows soon with Kubernetes. Every technical difficulty we now face, if someone in the meeting says, let's use Kubernetes for that, you'll get an applause. Really? Yeah, Kubernetes is really important for me. So I played around, of course, with Azure Kubernetes services. That's the Microsoft implementation of Kubernetes in the cloud, the managed one. And now we can have that also outside of Azure on Azure Stack HCI and in Hyper-V clusters and storage bases direct. But what surprised me was also not Microsoft Kubernetes. So if we have a Kubernetes implementation, let's say, I think it's OpenShift or something on Red Hat, VMware has its own, or you can install it with Debian. Azure Arc can be installed in those Kubernetes clusters and give you a lot of insights and policies and so on. And I think that's great because I believe, you see my handle, right? My Twitter handle. I have the handle Hyper-V server. I'm a big Hyper-V believer, but I think the next evolution or the next version of virtualization will be containers. Not for everyone, not right now, but I think we are going that way. And Kubernetes is a container cluster, a high available version, a standardized version where we can deploy a lot of containers. We have high availability and everything. So this is a way where the industry will go over the next 20 years, let's say, and Arc is already able to manage those new resources. By the way, we have a question from YouTube does Arc require public endpoints and can it be completely private? Can you answer that or should I? Well, if you would like to. Yeah, of course you can use it with public endpoints, but if you have, for example, an ExpressRoute or a VPN, I think, I'm not quite sure, but I think we can also use private endpoints. Maybe there are some hiccups that not all things will work over private endpoints, but I think Microsoft will fix that because it's still a journey, right, Bert? We have not in the final state of everything, but I think it can. Do you have other information? No, I thought the same, but as you have your doubts, yeah, I do too. So I didn't want to call it out just yet, but I think maybe Flo or Jimmy can give us some information because they are from the Microsoft FastTrack team and I will, if we have time, explain what FastTrack is, it's really a cool solution. If you want to go to Azure or with the resources and Azure Stack HCI is also Azure, Microsoft has a team that can help you with that and speed up your movement to the cloud with POCs, with insights, with sessions and so on. Great people I work with, some of them, I know some of them personally, so they are helping us here with the chat and maybe they can give us a hint if we can use Azure R completely over private endpoints or if there are still some glitches. But so far, public, of course, private, I think some stuff works, but I'm not sure if all works. Cool, so maybe a question for our esteemed audience out there on YouTube. If Carsten's Twitter handle indicates where he's a fan of, where do you think I'm a fan of? Of yourself? Again, spoiler, come on, man. Okay, so let's talk about the other services. Yeah, HCI we're going to dive into in depth in just a moment, right? Physical clusters can report back their status through Azure Arc. I'm already thinking going ahead too far and right now in your sessions. You already discussed the Azure Kubernetes services on Azure Stack HCI, so there you have it. That's supported as well. And Azure Arc enabled data services, so. I'm immediately back, I have to close the window because it's shining in my face. But you look so good in the sun. Yeah, but I couldn't see the screen anymore, so come back. Nice, welcome back, Carsten. So this extends even beyond the SQL server. We also can make it insightful, the SQL Managed Instance Azure Database for Postgres and of course, the Azure Stack Kubernetes service and HCI are mentioned again. Now, a few weeks ago, Microsoft also released another service around data and data management. If you are into data management and you're watching this to see what Azure Arc can bring you, also have a look at Azure Purview. Azure Purview is a service in Azure really meant to give you insights on your data estate. So where is my data residing? How is it doing? Is it healthy, et cetera, et cetera. So yes, Azure Arc can do amazing things with your databases. As we said, Managed Instance, a Postgres SQL server, but we have a more tailor fit service for data management as well. And with, if I say we, I of course mean myself and Bill Gates. No, I mean Microsoft community, et cetera. So these are the types of resources that support Azure Arc at this moment. Right now, if you are watching this webinar in June, July, October, 2022, or maybe even later, check out the documentation. Because as I said earlier, Azure Arc is an Azure service. We, they are adding more and more features over time. So can Azure Arc do anything? Check the current documentation. Now, how to enable this Azure Arc? And I think Kerstin will show this in a future module or is it something you'd like to show right now? How do we enable Azure Arc? Yeah, we can do it live because we talk a lot and maybe we show a live demo if you would like. So now you see my screen and I'm locked in into a demo account in the Azure portal where you see some resources. And we have here very prominent Azure Arc. I have to click on the, not on the slide. I have to click on the other screen. Give me a second. So here we are. A few seconds. Yeah. So if we dive into the Azure Arc session of the Azure portal and of course we can do it with PowerShell, we can add systems with PowerShell, we can maybe use Azure CLI, but I'm used to the portal. I'm a Windows guy, so I love the mouse and the keyboard. So here we have the different resources you talked about. And here's already another one in preview. We haven't on our list. So there's already the VM where we can add VM where a virtualization environments over the vCenter integration. And then we can also manage all the VM where VMs. In addition, of course we can install Arc on every server if it's running on VM where, if it's running in another public cloud, if it's running on Hyper VR wherever, but with the VM where we center add in, we get some more possibilities, of course. So I will go to the server here. And you see, I have already some Arc enabled servers here. Is it big enough? Lauren, I can make it a big... Yeah. Okay. So now, I think now it's better. So we see here, we have some servers, some are offline, some are connected. And connected means not Azure is actively communicating with those servers. The servers are communicating with Azure. So you don't need public IP addresses, of course, for your servers. It's all over an agent and the agent contacts Azure and this is how it's done. So no public IP addresses involved on our side, of course, Azure public endpoint, we were not sure if we can do it over private endpoints but that is how it works. So I want to add another server here. So I go to add and we have different, let's say assistance, what we can do. So we can add a single server. I will do that. We can do if servers, we get also a script for that. And there is also other possibilities. There is add servers from update management in preview and add servers with Azure Migrate. So there are different possibilities how we could add servers to Arc. I use the generate script. So I click on that. And now we have, of course, some informations, what we need. I always call it it's advertisement. Nobody really needs that, but there is useful information there. So we see we have to have HTTPS access over 4432 to the Azure services from our side. We need a local administrator on our machine where we install or where we will run the script and then it will download some additions we need and it installs the software. So we need the sufficient rights. And here we have the connectivity method. And here we see we need a resource group already in Azure where we add our resource. So I click on next. Now we have our details. We have a subscription. I'm so fortunate that I have multiple subscriptions. That's an advantage to be in Azure or a cloud and data center management MVP. Microsoft gives us some resources that we can do all the stuff. And then I take resource group here. I choose this one and in which region. And I prefer also Amsterdam in this example. So the region West Europe. It asked me, should I create a script for Windows or for Linux? I'm a Windows guy. It would be nice me seeing installing it in Linux, but we want to have a success. So we do that. And here, here's an answer for the question. So the connectivity method is either the public endpoints. We can leverage a proxy server if our machine can't directly connect to the internet, but we have a proxy, for example, we can do that. And here is also the possibility to use private endpoint. So this answers I guess the question we had before. But I don't have a VPN or an express route set up from my carrier, no, not from where the machine lives to Azure, so I use the public endpoint. I choose next and now I can give informations. Where is the machine? Because if you imagine Contoso is a mid-sized company, they maybe have some hundred resources in Azure or managed with ARP that are not directly in Azure. And then you want to have some information where the resource is on premise. Is it in this location? Is it maybe in another public cloud? Is it on VMware and so on? And we can do that of course. So I can choose the data centers I have done before. So I give it some information and it's handy that the old information is here. My resources in the moment are only in Germany and here I can add other resources. And if I even want to use some custom tags that are only available to me, I can also add them. So I can create own tags that are not usually used by Azure. These are the ones that are available in Azure, but here I can do more tags that are only that I use, that are meaningful for me, for example. So then I go next and here we get a script. So this is a, yeah, I would say it's a PowerShell script and we can copy it, yeah, we can download it. So here I can copy it, I will download it. And you see it's, I have already done that because I like my demos that there is a chant that they work. So most of the time I do it first to try it. So I open the folder and you see here's my onboarding script and this is fresh created, so I copy that. And now I have to go into the machine, the server that I want to enable an ARC. And for that I have here the good old failover cluster and if you look here, I choose one of the virtual machines. Oh no, I have to connect to that. Let's do it here to it. Then I have to lock in. And this is a fresh installed Windows server that is domain joined. There is, it has some disks and so on. So you see here, I installed in the right corner, you could see it very, very tiny, but it's a Windows server 2022 data center edition. I installed the eval because this is not a production machine. So I just took the liberty to download the eval version. And here I go to the file system. I have a folder and in this folder I paste the PowerShell script. So now I have to start PowerShell, but the important part is we have to start it with the proper rights. So we need a local administrator and of course for security reasons, we don't turn off the URC. So I have to give the information that I'm really an administrator. So I changed to the directory. I hope this is not too small. I can make it a little bit bigger. So I can enlarge the font. So now we see it. I'm here in PowerShell in the directory. Here's my script that I downloaded. So I do an, let Azure find it. And now I just, I just start the installation and you see we will install the Azure Connect machine agent. We downloaded from internet. So we need connection to Azure somehow, but for ARC we need it anyway. So if we want to manage our machines, we need a machine that is online that has the capability to connect to the cloud to Azure. And now we are downloading the package. And I have to authenticate the machine. So I open the device authentication in Azure. It was already open, but I did it again. And then we have a small code here. And of course you can automate that also. So now Azure, it asked me, who are you? I choose that I am custom and now the installation will go through. See here. And now my machine is ARC enabled and after a short time we can see the machine in Azure. We will look into that in the second demo if I remember, of course, that we just look if the machine is there. So back to your screen that you can continue with the presentation. So if you were looking closely, you also saw the name of the agent Microsoft is using to add individual servers to ARC. Maybe switch back to your screen, Karsten. So we can really show it. So if you see the first yellow line, it's the Azure connected machine agent. That's the one we use to connect individual servers to Azure ARC. And as you might know, we have a lot of agents out there. We also have agents out there with extensions, but we'll look at those in module two. I promise we will. Okay. So this was how to enable Azure ARC. Let's continue with our death by PowerPoint and see what the key benefits of Azure ARC are in daily practice. What are you benefiting from? Well, one of the benefits, and again, think about your distributed environment is that you have central overview. Where is what's running? And we can still use Azure management groups to see who can do what using Microsoft's RBAC. And if you're old like me, you see no hair on top. You might have been engaged with the older version of Azure where we had two RBAC roles, administrator and co-administrator in our new Azure environment. And if you're a millennial, the only Azure you know, we can have custom RBAC roles. We can really set permissions on what specific users can and maybe even cannot do. Now, we can also do that on the management layer of those services running in our data center, in your data center, anywhere as long as they're supported by Azure ARC. So it is really that single comprehensive inventory of your organizational assets. And we can use our tools, our friends to manage those. PowerShell, you just saw Karsten run the PowerShell command to onboard, right? We can also use Azure CLI for management purposes. The Azure REST API, and of course, if you, as Karsten likes the mouse click-and-click, you can still use the portal, of course. But there's more to this because we are continuously looking at the management plane, but what about central reporting, central monitoring data? How do you monitor your resources in Azure, for instance? The easy straightforward answer that's on by default is Azure Monitor, of course. So what about having the same data for resources in your data center? So if you want to have metrics from our virtual machine running anywhere, one answer, go to Azure Monitor, because through ARC, those metrics are sent to Azure Monitor. And for our security friends out there, our security boys and girls, what about log analytics? Sending all of your event logs, your SIS logs, your security logs into log analytics, maybe even with a solution like Sentinel on top. And I think Sentinel can be a whole series of learn live events on its own. So we won't get into detail there, but it is amazing how that security system from Microsoft works with that ingested log data. Also enabled by using Azure ARC. Two. Of course, we have slides into the wazoo about what services are enabled where. One of the super cool things I think is the ability to apply Azure VM extensions. What's an Azure VM extension? Well, we talked about the agent, right? So on top of that agent, because we already have that trust relationship between the agent and Azure, we could piggyback other functionality. For instance, I know this doesn't happen at your company, but let's say we've got one guy in this company, or girl, who's really super duper great in PowerShell, and he or she creates scripts that are used by our department that are of course stored in our departmental disk somewhere. No version control, no updates, nothing. What if we would store those in Azure and use the VM extension to run those scripts in our data center? Then we've got version control. We have centralized updates to scripts, centralized managed of all of our resources with the scripts. Very powerful. Very super powerful. Support for Azure policy guest configuration. What's a guest configuration of a policy? Again, looking at those racks next to your bowling alley. I talked a little bit about what it can do for you in your Azure environment. What if one of those policies could set the configuration of a virtual machine? So it needs to adhere to a certain patch level. It needs to have certain update, et cetera, et cetera. Manage it centrally from one place. For SQL Server, we can use advanced data security by using Microsoft Defender for Cloud. Do you have Microsoft Defender for Cloud enabled? I must confess, I don't think so. I want to integrate all my Azure Stack HCI clusters into Azure more because it's growing on me, but for me, Azure Arc is also quite new. So I'm just grasping all the concepts and there's so much good stuff in Azure. Sentinel, for example, I'm very curious about how to use that to increase the security in my environment. But we have a little bit of a timing problem. We thought we had much, much, much too much time, but we are at 55 minutes. So we maybe skip over these slides because they are all in the learning module and go a little bit ahead. I fear we have a little bit stuff to show and I want to do the demo with Azure Stack HCI later. So there is great stuff we can do with every thing or thing. On these slides, we see what are the benefits specific to those resources, right? Yeah, true. And there's more. If you haven't been online since November and you don't know Microsoft Defender for Cloud yet, it is the new name for Azure Security Center. Okay. I just wanted to put it out there. Of course, again, these are all in documentation. All of these services we can enable with Azure Arc and don't forget to follow this additional reading link. Again, as Carson explained in the beginning, that little square and left down a corner, that's a QR code and you can use your new smartphone, Carson, kudos, to enable more content there. All right, now let's see how smart you really are. Did you pay attention? Did you pay enough attention? Did you walk away to close a curtain or maybe get some coffee? You might have missed this, but what component is required in order to establish a logical connection between an Arc-enabled resource and Azure? And we see a lot of agents here. I can imagine your head might be spinning with agents, but is it the log analytics agent? Is it the Microsoft dependency agent? Is it the connected machine agent? I think with Carson, I think Carson, I think you are dependent on Microsoft, right? I'm dependent on Microsoft. Yes, yes, you're a regular dependency agent, yes. Don't confuse our people out there. Give them a tip or not. Let me see. Think back about Carson's demo. What agent did we see in the first yellow text? And indeed, do we have a couple of answers already? I think we have a very smart audience today. We have 100% of the connected machine agent. So kudos to you. Well done. Yeah, next one. What's necessary in order to integrate an Azure Stack HCI cluster with Azure Arc? Is it the connected machine agent on each Azure Stack HCI cluster node? That seems excessive, but maybe it works. Install the Microsoft dependency agent on each Azure Stack HCI cluster node? Or do we just register the Azure Stack HCI cluster with Azure? So to be fair, this was not really covered in the module. So if you see something that you heard of, it's maybe not the right one. It's a small tip. And I hope I'm right. Come on, answer C, that sounds too good to be true. You think? Yeah, it can be that easy, right? Yeah, wrong, it is that easy. It is, it is right. Of course, it's Azure Arc. It's designed to make our life more easy. And that's great. You have to register an Azure Stack HCI cluster in Azure. That's a requirement to really have workloads on the cluster. And when you do that by default, it's also Arc enabled. But you can say, no, I don't want that. I don't know what the reason would be to not want the Azure Stack HCI cluster Arc enabled, but you still can refuse it. But usually when you register an Azure Stack HCI cluster, it's Arc enabled. And I will show an Arc cluster very soon. So let's go to the next module because I think we get a time constraint here. Should I do that or would you like to go on? Oh man, you jump in. Let me see. So I will go to my presentation and when I'm there, Alon can maybe switch the screen. Okay, thanks Alon. So we had that already, sorry. So now I have not too much time to go to the presentation. By the way, Bart, great stuff, very good explanation. I learned also a lot because you have much more insight in Azure than I do. So now we go to the model and manage Azure Stack HCI based virtualization workloads with Azure Arc. And we have already talked about Azure Arc that it expands the scope of the Azure Resource Manager. Azure Resource Manager is the engine in Azure that is really deploying resources, caring about resources and so on. And with Azure Arc, we get an extension of the Azure Resource Manager to other resources, so outside of Azure. And we already talked about Windows servers, Linux servers, Azure Stack HCI, Azure Stack HCI VMs that are running on Azure Stack HCI and all the other good stuff Kubernetes and so on. So what are the capabilities of Azure Arc enabled Azure Stack HCI VMs? We have now there is a new possibility. So we have now the slides are not from today. So I think the last months, there is a new resource called the Arc Bridge in Azure Stack HCI and that helps us even more with automatically enable our VMs that are running in Azure Stack HCI. But in essence Arc enabled Azure Stack HCI VMs we can enable from the portal, you see it here. When we have them enabled, we get a lot of information about the machine. We have, and we don't have the time to really read through all those different things, but we have of course an overview about the VM we see in the Azure Arc portal, an overview which processors are there, how much, how long is it up and so on. We can access the activity log. So what was really done in the Azure resource manager with this resource, we can bear it already talked about access control. So we can really give control to those resources. We can assign tags and you have seen when I enabled a VM, a Windows Server, there are the tags where is it and so on which data center that are the tags that Azure Arc gives us. And then we can even add custom tags. So maybe we have, for example, if you have a lot of VMs, maybe the VM is a VM from the, let's say exchange department. It's an exchange survey, if you still do that, there are still customers out there that don't use Office 365, don't be shock bird, there are some. So maybe you want to build this VM to those people and you need the additional information. This VM is from the exchange department or even maybe a number for accounting that they know when they create a report that we can also do. This VM is, has to be accounted to this accounting number and so on. We have the extensions, you talked about that. There are some Microsoft extension and I think there is a slide and the PowerShell extensions. We have locks, we have policies that we can deploy. We can even integrate our ArcResource, our VM, our servers, the Linux server, our Windows server in Azure updates. That's also a great one, yeah, I know bird. We have the inventory, we see all the stuff that's in the machine. We can change tracking. So if an administrator changes something on the machine, there is, it's visible for us. We can do our, I think, Custo queries to get all these informations we have inside and we have locks. And there is more information, of course, about all those different settings and even in the module. So here is the VM extensions. We want to, this is very special and Bert already talked about that. So if you have people who are very PowerShell savvy, you can do anything on those Arc-enabled resources on the Windows servers and PowerShell even runs on Linux. So if you have your script results and they can script things you want to do on those machines, maybe on all machines in the data center in Hallenberg, you can script that, you have them in a repository in Azure and you can execute those scripts on those machines. And we have also other custom extensions, the lock analytics agent, the Microsoft dependency agent. We can roll these agent through the VM extension out to our Azure servers, HCI cluster, whatever. And maybe there are Azure extensions coming. So this is, I'm not allowed to say journey, but it's a continuous involving process where we get more and more possibilities. So the equivalent of an VM extensions or there are also extensions for Linux. So of course you don't have, there are different extensions. You can use PowerShell, but not many Linux administrators are really using PowerShell. They are more using Bash also another shell and you can script for that too. But I have never done that. So what is the role of Azure policy in managing Arc enabled Azure Stack HCI VMs? And this is something I think Bert knows much more about than I do. But in essence, if you are a Windows guy and you have your active directory, many people use group policies where you can set settings on all your Windows servers. You can enforce firewall rules. You can do install software. You can do everything in a Windows environment with group policies if the machine is in an active directory. So now imagine the same possibilities as far as I understand it. That's the benefit for me and maybe Bert can add something. But now imagine you do that from Azure but not only for your Windows machine so with Azure policies, also with Linux, with Kubernetes, with your data services. So you have your policies where you said, this is possible on this machine. This is not possible. And you can enforce it to Azure Arc. Do you want to add something here, Bert? No, exactly what you're telling me. I do want to touch upon your custom script extension because you just said, if it's running in Arc, you can use your script and do anything with the server. Now for the people who are running around in their office space with their hands in the air in total panic, yes, you need our back permissions for that. It's not that if it's onboarded in Arc that anyone can just run any script on any server in your environment. No, it is in line with the Arc back permissions you've set in Arc. Yeah, true, well, very important, right. If you got this impression, of course, my fault, not every user who can log into Azure can also do those things. You have to give the right permissions to do that. Yeah, right, correct. So what's the role here? We have assigning a specific tag to a resource. Here are examples, what we can do with policies in Arc. Here is Windows. So for example, you can say, is there a Windows Server where Windows Defender exploit guard is disabled? You get that information. Then we have other things are Windows servers in this data center, for example, not Active Directory joined. You get those information and then you can enforce those policies and change that out there. Arc-enabled servers running Windows or Linux without log analytics agents and then you can install it over Arc and for Linux, an example, do we use still on machines, password, user and password and not the much more secure SSH keys for authentication? So these are some examples and there is much, much more you can do. There are built-in policies and you can extend for your own requirements. And here's a link about where you can find more information. Bert already told you that this down in the left is a QR code, take your phone. If you have a smartphone and then you get to the link, you can also of course type in the link. So let's go on with small knowledge tests and let's see what are the questions. Which VM extensions can an administrator, here's the administrator that you mentioned, add to Azure Arc-enabled servers to configure it for lock forwarding to a lock analytics workspace. So all the locks that are on the Windows server and there are plenty, it's not only the system and the application lock and the security locks, there are plenty. I don't know if there are a hundred, but there are a lot. What can we use? So A, we can use a custom script extension to configure that. We can use B, the Microsoft dependency agent and C, the lock analytics extension. So this is a hard one. It's a very dangerous question. Please? It's a very dangerous question because which VM extension can an administrator? Well, if I might know my PowerShell, I might be able to deploy the extension through a custom script extension. But I think there is a better way, right? True, true, but it doesn't pay the question. It doesn't say what is the best way, no? If you are very good in PowerShell, of course you can do that. But I think A is not the right answer. So maybe we go, if you don't know, maybe you look for some similarities and I hope I didn't lean, I didn't do it wrong, but I think the right answer is C. So the lock analytics extension, you can roll that to your machine. You can deploy it through the Arc agent and then it will add your server to lock analytics. So next question, which software component allows an administrator to use Azure policies to audit settings with the operating system of Arc-enabled servers to evaluate their compliance? Is it A, the connected machine agents? B, the Microsoft dependency agent or C, guest configuration? And I think this is a hard one. Oh, didn't you study up before we did? Ha, ha, ha, ha, ha, ha. So, Bart, what do you think is the right answer? Well, I think key here is within the operating system. Yeah, that is. Of an Arc-enabled server. And I think an Arc-enabled server is not the owner, but might be someone less frequently visiting. Yeah. Like a guest. Okay. And you know the Dutch saying, when in doubt, choose answer C. Okay, so the right one is, of course, Bart is correct, is answer C. You're right, we are not talking about Azure Arc, it's an administrator doing an Azure policy or it's an administrator or a guest installing it. So let's skip to the last module. We have 18 minutes left for the last part, monitoring Azure Stack HCI clusters and their virtualized workload with Azure Arc. And you have an awesome demo from Karsten. Thank you, Bert. That's increasing the pressure a bit. Another important advantage of Azure Arc is the ability to centralize and standardize enterprise-wide management and monitoring of technology assets regardless of their location. And as we learned before, an Azure Stack HCI cluster is not in Azure, you have it on premises. It's either in your data center or maybe you co-locate it in another data center but it's not in Azure, yeah? So how can we integrate an Azure Stack HCI with Azure Arc? And this was already answered or was a question already that we answered when you install an Azure Stack HCI cluster and you want to use it, you have to register it in Azure. And it's just a trial. So you want to try out Azure Stack HCI and you can install it in virtual machines, by the way. It has all the functionalities but it's best, of course, on hardware. There was a 30-day trial period. Microsoft increased that to 60 days but when you install your Azure Stack HCI cluster and then you have to register it, then the trial period starts, it's at that time where it's Arc enabled. So this is not completely correct here. So by, when you register a cluster in Azure, it's usually Arc enabled, yeah? So how to leverage Azure Arc to centralized monitor of Azure Stack HCI clusters? We can add, if we haven't, we add our cluster through the registration and there are ways, if you don't do that, you can still do it with PowerShell afterwards. So if you forgot it, or you have an older cluster that is not 21HT because the full Arc enablement is in the last Azure Stack HCI edition. We are now at 21H2 and they are working heavily on 22H2. Who is curious, the 21 is a year and H2 is a calendar, how you call it, the half of the year. So there was an Azure Stack HCI edition, 20H2. So it came out in December 2022, so 20H2 and there was not the full Arc enablement implemented. So if you have an old cluster and you update it, you want to, I hope you want to enable the full Arc experience on those clusters, you can do it afterwards. If you install a new cluster, 21H2, it's done with the registration. Yeah? I have those days as well. Don't you have those that you feel like an old cluster? Yeah, all the time. I'm already over 50, so I feel like an old cluster all the time. Though the purpose is, of course, we have a lot of insight. If an Azure Stack HCI cluster is registered in Arc and I will show you that, we see a lot of insight into the cluster. And even with the Arc Bridge, we can also bridge into the VM. So we don't have to register every single VM. It's done for us with the Arc Bridge. You see here, we have an interface for the monitoring activity, management, access control, we get tags, we get the locks and all the good stuff that Arc gives us in the portal. And I'm pretty sure it's not, what's there is not complete. They will add more and more features over time. So I will now do a demo. So I have to switch the screen. So you see here, my server that I enabled in Arc is now, I refreshed the Azure Arc part where we are in the servers. And you see here, I added the S2D2 node one. The S2D2 node two was my guinea pig. I tested it before I showed it to you. So this is new to Arc. And if we choose it, you see here, we have a lot of possibilities. We have update management. We have the policies, inventory, change tracking. But to be fair, we have also to add some things in Azure. For example, we need this lock analytics workspace where the locks are uploaded. So we need a bit infrastructure that we have to create in Azure first. And then we have for update management, we also have to create an automation role or user and so on. So, but it's all well documented if you click, for example, on policies and if you need to do some things here, it would be explained here. So in the moment we see that's nice, this server is overall 100% compliant, but I think nothing is really checked, right? So what we are at Azure Stack HCI, if we look here at the infrastructure, first let's go to home and I go to the Azure Stack HCI part in Azure. I told you we have to register our cluster in Azure so that we can deploy workloads on it. And this cluster is a pretty new four node Azure Stack HCI cluster. It's hardware, we have 64 cores here. Last time the cluster connected to Azure was four hours ago so it has to connect to Azure at least every 30 days to give Azure the information how many cores are in the system and it is built by the use of the cores. So if there are 64 cores, we pay our monthly fee and then we are done with operating systems. You see here, all the nodes seem to be ARC enabled and that was done when I registered the cluster. It was yesterday, so in preparation to this and I also enabled monitoring. So we have here another tab and we see the monitoring. Lock Analytics, now the Lock Analytics agent is also installed on all nodes in the cluster and we get more information here. We see our drives, the cluster has 24 drives, 24 NVMEs and all are healthy, that's good. So we have those information in Azure and we can now also create some alerts or in monitoring and if one drive wouldn't be healthy we can create an alert, we can create a mail or an SMS that you get on your smartphone we mentioned before. So you are aware that there is a change in the cluster and we will be informed over Azure and you see there are 10 virtual machines in the cluster, six are running, four are not running. We have seven volumes for our VMs, everything. This is the most important part. We have no health alert. So the cluster is smooth running. We see our CPU information, how many gigahertz we have, how many are used, how many memory is used and of course in the background we also have the locks. We can create graphs and see how it went over the time. Then we have other things you see here. We have to enable the capabilities. Lock analytics is configured, monitoring is configured and we can do much more things. If, so here we see the extensions. We could deploy extensions. We see the monitor agent is up and running on all nodes. That's good. So this is a requirement that we can deploy something. We have the configuration, the locks and this is new, quite new. When we have the arc bridge installed in the cluster and you have to deploy it, then we can also do crazy things. So we can, in essence, we can also deploy Azure VMs. So when you create an Azure virtual machine, it's created in an Azure data center. You choose your region. For example, West Europe, that would be Amsterdam or a German region and it would be deployed in an Azure data center in those regions. But if we install the arc bridge, we get like an own region. Region is not the correct word, but it's like an region for Azure. And then we can deploy virtual machines from Azure in our Azure Stack HCI cluster. So you get your virtual machine, you deploy it not in an Azure data center on premises. Of course we have to do some things because imagine I at my home, I have a one gigabit internet connection down but it's not synchronous. I only have a 60 megabit up but I'm fortunate in Germany, we have a lot of people where their sites are only connected with 100 megabit and maybe 10 megabit up. So if I would deploy a very complex, large virtual machine from Azure, maybe with SQL installed or whatever I want and this machine has maybe 100, 200 gigabytes, if you do it to an Azure data center, it's quite fast. But if I would do it from Azure to on premises and I have only 100 megabit download speed that is roughly 10 megabytes per second, you can calculate how long it takes to push a VM that is maybe 100, 200, 300 gigabytes to Azure. So it takes a while. So we have also the possibilities to store VMs locally and from Azure with Azure Arc, we create new VMs that are enabled with all the good stuff like extensions and everything. I can't show it to you because I had problems to install the bridge. So I show it here, I will increase that too. I just show it where it would be. So this is Windows Admin Center and management tool, bird set. We can leverage all the local management. So here I go to my cluster and this is now completely on premises. It will also look into my cluster as everything is okay and it should show us the same stuff than Azure. So we see all the drives, we have no alerts, everything is fine. And if I go to the settings with other settings of my cluster and I go down here, you see the Azure, where is the resource bridge? There, ooh, two up. There's a resource bridge, I called it Arc Bridge but here the name is resource bridge. So if I deploy the resource bridge, then we can do all this great stuff with resources from Azure, with VMs, with disks and so on and deploy it on our machine. So that's a much better integration then we take a VM, install our Arc agent into, we get a much better implementation. I think the picture's up here. So we have to set up the bridge, a lot of questions. It will deploy the bridge on premises. Unfortunately, the VAC module, it's a preview. It has some issues with my environment. So I can't show that to you. Now we have, we are still five minutes to go. So I hope this was a quick overview about some things if you have your Azure Stack HCI cluster Arc enabled. I hope you can imagine what you can do. I will switch back to the presentation. Yeah, Karsten, maybe it's a good idea to switch back to questions to see if we covered everything. So the knowledge check. And Karsten, let's do this. You know everything, right? I hope I know some. So here we go. What is a simple method to identify the manufacturer and model of hardware of cluster nodes, a few Azure Stack HCI clusters in your organization? I know this one, I know this one. I know that one. So A, integrate the Azure Stack HCI cluster with Azure Monitor and run Acousto query. B, use Windows Atten Center to connect to each cluster. C, use the Azure Stack HCI home blade in the Azure portal. No, it's answer D, it's answer D. It's answer D, what is it? Walk to the server cabinet and watch the physical servers. Cool. So this is the same in the question before. I'm quite sure if we have Azure Monitoring, you can create some cluster queries to get those information, yeah? But I think it's not A, it's a way but there's a much easier way and I showed it. So I hope we are done. It's C, yeah? And let's go to the next question. This is the last one and then we are nearly done. What Azure Resource Manager feature should an administrator choose to facilitate consolidated billing of Azure Stack HCI clusters? A, activity lock, B, access control, C, tags. Let's see, without access control, I don't have access to the data. Yeah. Without an activity log, I cannot see what someone has done. But I think to be able to diversify in billing. Yeah. I mean, C, that's quite true. So I think we covered everything. So we described Azure Arc and its component and use cases. We described the principle of integration of Azure Arc and Azure Stack HCI. We showed that. And the last module, we showed a little bit the benefits of Azure Arc-enabled Azure Stack HCI. So let's go back to Laurent and let's promote the next session, right? The next session is introduction. Series. Yeah, of the series to Azure Arc-enabled Kubernetes. And that's something I'm very interested in because it's tonight as you see. So this evening, we see the US Pacific time. So Redmond time in essence in Germany and then in the Netherlands should be at 7 p.m. Central European time. Oh, thank you for that, Carsten. So I hope you've enjoyed this show. A big, big thanks to Jimmy and Flo and Laurent in the background doing their thing, doing studio management, answering all of the questions. I also saw Mr. Maurer coming in, the living legend. Thanks to you, Carsten, for joining me in this session. Yeah, same to you, Bert. It was a pleasure. I thought we had, of course, too much time. It, in the end, it was right on point. Great, I think, great thing. All right, that's it for us for today. Have a great remainder of your day and we hope to have given you some handles in your next journey within the HCI and Azure Arc space. Go and try it out. There's also a lab environment you can spin up in Azure for this specifically. So you can just sandbox this and see what you can do with it and how you can deploy this within your organization. Maybe see you next time. Bye. See you.