1 00:00:01,040 --> 00:00:03,680 [Autogenerated] we're going to start this demo by my teaching you how to 2 00:00:03,680 --> 00:00:08,040 deploy the log analytics agent so that you can unlock Azure automation and 3 00:00:08,040 --> 00:00:12,890 these management solutions and also use cakey well and log analytics workspace 4 00:00:12,890 --> 00:00:15,540 to monitor your hybrid bio infrastructure. 5 00:00:15,540 --> 00:00:19,080 So the easiest way to onboard your Azure virtual machines is at 6 00:00:19,080 --> 00:00:22,530 deployment in your bicep or arm deployment template. 7 00:00:22,530 --> 00:00:27,180 However you also can do so in the context of the workspace if that's your thing, 8 00:00:27,180 --> 00:00:31,010 let me show you if we go into our log analytics workspace and we come 9 00:00:31,010 --> 00:00:34,490 down under workspace data sources virtual machines. 10 00:00:34,490 --> 00:00:36,890 This is going to give you a list of all your machines, 11 00:00:36,890 --> 00:00:40,730 both Windows and Linux that are available across regions. 12 00:00:40,730 --> 00:00:44,420 Note that there's not a region hard limitation like there is with a 13 00:00:44,420 --> 00:00:48,300 virtual network where your Azure VMS have to be in the same region as 14 00:00:48,300 --> 00:00:50,490 the virtual network on which they're placed. 15 00:00:50,490 --> 00:00:55,850 These VMS can cross resource groups locations or even subscriptions. 16 00:00:55,850 --> 00:01:00,260 The requirement is that your log analytics workspace and the VMS need to 17 00:01:00,260 --> 00:01:04,800 be tied to the same Azure AD tenant and in order to deploy the log 18 00:01:04,800 --> 00:01:09,660 analytics agent here we can simply select the machine click connect and 19 00:01:09,660 --> 00:01:14,630 that process will proceed Now with Windows server machines it's possible 20 00:01:14,630 --> 00:01:19,360 to multi home them to where they're sending their logs to multiple log 21 00:01:19,360 --> 00:01:20,690 analytics workspaces. 22 00:01:20,690 --> 00:01:23,380 Check the exercise files because I give you a link on that. 23 00:01:23,380 --> 00:01:25,580 You can't do it from the portal unfortunately. 24 00:01:25,580 --> 00:01:28,780 But that would be useful for instance to have one of your Windows 25 00:01:28,780 --> 00:01:32,130 server machines reporting to your infrastructure log analytics 26 00:01:32,130 --> 00:01:34,200 workspace and then a separate say, 27 00:01:34,200 --> 00:01:37,410 Azure sentinel workspace for security monitoring. 28 00:01:37,410 --> 00:01:39,570 All right now, what about Azure arc? 29 00:01:39,570 --> 00:01:43,830 Let's go to Azure Arc and go over to our Azure arc for servers. 30 00:01:43,830 --> 00:01:45,710 And if we take a look at one of these, 31 00:01:45,710 --> 00:01:49,480 remember from the previous lesson we can deploy or inject 32 00:01:49,480 --> 00:01:53,240 extensions into these machines and if we go to add, 33 00:01:53,240 --> 00:01:56,810 we see that the log analytics agent is one of the options. 34 00:01:56,810 --> 00:02:00,820 That's a convenient way to go for sure if you're interested and desired. 35 00:02:00,820 --> 00:02:02,170 State configuration. 36 00:02:02,170 --> 00:02:06,030 I've given you a configuration file in the exercise files, 37 00:02:06,030 --> 00:02:10,470 I've called it mm agent and basically this is going to automate 38 00:02:10,470 --> 00:02:13,690 the installation of the log analytics agent. 39 00:02:13,690 --> 00:02:17,730 Now this particular dSC configuration is assuming that we're 40 00:02:17,730 --> 00:02:20,570 going to run this in Azure automation. 41 00:02:20,570 --> 00:02:25,110 DsC as opposed to local on prem Dsc but it's pretty 42 00:02:25,110 --> 00:02:27,200 straightforward in its behavior. 43 00:02:27,200 --> 00:02:31,280 We're using the standard issue desired state configuration. 44 00:02:31,280 --> 00:02:36,070 DsC resources and we're making sure that we install the package and we 45 00:02:36,070 --> 00:02:41,080 need to provide any command line parameters to the setup executable down 46 00:02:41,080 --> 00:02:45,150 here and we're also going to need a reference to the log analytics 47 00:02:45,150 --> 00:02:49,020 workspace and one of the api keys and again, 48 00:02:49,020 --> 00:02:53,060 this code here on lines four and five allows us to securely gather 49 00:02:53,060 --> 00:02:56,590 those keys as credentials in your automation account. 50 00:02:56,590 --> 00:03:01,720 You definitely don't want to expose your log analytics api key in plain text. 51 00:03:01,720 --> 00:03:04,460 Let me actually explain that a little bit better if I go 52 00:03:04,460 --> 00:03:06,930 back to the log analytics workspace again. 53 00:03:06,930 --> 00:03:09,930 And if we come down under agents management, 54 00:03:09,930 --> 00:03:14,820 this is where you can manually download the agent for Windows and Linux 55 00:03:14,820 --> 00:03:19,000 and it gives you the raw data here for the workspace idea and you can use 56 00:03:19,000 --> 00:03:21,960 either the primary or the secondary api key. 57 00:03:21,960 --> 00:03:22,550 But again, 58 00:03:22,550 --> 00:03:25,580 those are sensitive and Microsoft recommends that you 59 00:03:25,580 --> 00:03:28,570 periodically regenerate them just to be safe, 60 00:03:28,570 --> 00:03:32,230 ideally you're never going to expose those in plaintext anyway. 61 00:03:32,230 --> 00:03:35,180 And one of the things we can do in the automation account as I 62 00:03:35,180 --> 00:03:37,810 alluded to a moment ago is store credentials. 63 00:03:37,810 --> 00:03:42,280 We can come under shared resources credentials and we can create 64 00:03:42,280 --> 00:03:46,480 the credentials that store the log analytics workspace ID and 65 00:03:46,480 --> 00:03:48,550 either the primary or secondary key. 66 00:03:48,550 --> 00:03:48,930 And again, 67 00:03:48,930 --> 00:03:56,000 the convenience there is that we can tap those credentials easily from within the automation account.