What the Hack: Azure Arc enabled servers
Challenge 2 – Policy for Azure Arc connected servers
Introduction
In the last challenge you deployed a server somewhere other than Azure, and then enabled it as an Azure resource by using Azure Arc. Now that you have a server projected into Azure, we can start to use Azure to manage and govern this server. One of the primary ways we can do this is by using Azure Policy(https://docs.microsoft.com/en-us/azure/governance/policy/overview). By using Policy, we can automatically perform management tasks on Azure resources such as creating tags or connecting to Log Analytics.
Challenge
-
Assign a policy that adds a resource tag to all resources in the resource group where your Azure Arc connected servers are located.
-
Create a suitable Log Analytics workspace to use with your Azure Arc resources. Make sure it is in the same region as your Azure Arc resources to avoid egress charges.
-
Assign a policy that automatically deploys the Log Analytics agent to Azure Arc connected servers if they do not have the agent.
-
Configure the Log Analytics agent to collect performance metrics of the connected machine.
Success Criteria
-
Azure Arc connected servers should have a tag applied by the policy you created in Challenge #1.
-
Azure Arc connected servers should have the Log Analytics agent deployed and working.
-
You can use the Log Analytics workspace to query performance metrics about your Azure Arc connected machine.