How to configure VM update management on Azure Stack Hub

Overview

Tip

Azure Stack Hub has built-in Azure Monitor capabilities; however, they are limited. Therefore, if you are looking for a more feature rich solution, you should use public Azure Monitor.

You can find out more about Azure Stack Hub's built-in Azure Monitor capabilities in the following article Use Azure Monitor on Azure Stack Hub.

Azure Monitor is the platform service that provides a single source for monitoring Azure resources. With Azure Monitor, you can visualise, query, route, archive, and otherwise take action on the metrics and logs coming from resources in Azure.

This article will enable the following solutions for Azure Stack Hub VMs:

Prerequisites

To complete the steps in this article, you must have appropriate access to a subscription in the Azure and Azure Stack Hub portal.

Enabling VM Update & Management

Warning

Before proceeding, check here that your VMs' OS version is supported.

  1. Log in to the public Azure portal.

  2. Create a Log Analytics workspace in your Azure subscription:

    • Click Create a resource

    • In the search bar, search for log analytics

      Log Analytics search

    • Click Log Analytics

    • Click Create

    • Provide the following:

      • A name for the Log Analytics Workspace. Example: DefaultLAWorkspace

      • A Subscription to link the workspace to

      • A Resource group to host the workspace in

      • A Location to host the workspace in

        Note

        Azure Monitor for VMs supports a Log Analytics workspace in the these regions.

      • A Pricing tier to use

        Log Analytics workspace creation

        The example above shows the blade with all items filled out.

      • Click OK once finished. The Log Analytics workspace will now begin deploying. A notification will appear in the top right of the portal.

      • Once deployment is complete, navigate to the resource group you placed the Log Analytics workspace in.

      • Click the newly created workspace. On the new blade, under Settings, select Advanced settings, Connected Sources and then Windows Servers or Linux Servers depending on the VM type you want to add analytics to.

      • Note down the Workspace ID and Primary Key values.

        Log Analytics workspace advanced settings

      • Within Advanced settings, select the Data blade and click Windows Performance Counters or Linux Performance Counters.

      • Ensure all counters are selected, then click Add the selected performance counters.

        Note

        For Linux performance counters, ensure Apply below configuration to my machines is selected.

      • Click Save.

        Performance counters

  3. Create and configure an Automation Account:

    • Click Create a resource

    • Search for automation

    • Select Automation and then click Create

      Automation Account

    • Choose a Name, Subscription, Resource group, Location and ensure Create Azure Run As account is set to Yes

    • Click Create

      Add Automation Account

      Note

      The error "Azure Classic Run As account creation error" may occur. This DOES NOT affect the process.

  4. Once deployed, navigate to the Automation Account. In the new blade, under Configuration Management, select the solution to enable (Inventory or Change Tracking).

    • Select the Log Analytics workspace to link the automation account to

    • Click Enable

    • Wait for the deployment to complete

    • Repeat step 4 for Update Management under Update Management

      Tip

      Leave the public Azure portal open; you will need to use it again later.

  5. Log in to the Azure Stack Hub portal.

  1. Navigate to the VM that you want to enable Azure Monitor on and under Settings, select the Extensions blade.

    Warning

    For any monitoring to work correctly, the VM must have HTTPS (Port 443) enabled in the Network Security Group rules.

  2. Click Add at the top, select the extension Azure Monitor Dependency Agent, click Create and then OK.

    Warning

    Wait for the deployment to finish before continuing.

    • Repeat this step for the Azure Monitor, Update and Configuration Management extension. Providing the extension with the Workspace ID and Primary Key values (noted down previously) when prompted.

      VM enable update management

  1. Once the deployment is finished, head back to the public Azure portal and navigate to the Log Analytics workspace -> Advanced settings -> VM Type Servers.

    • You will see x VM Type COMPUTERS CONNECTED, depending on how many VMs you linked to the workspace.

      Log Analytics workspace computers connected

    • Click x VM Type COMPUTERS CONNECTED. This will bring up the logs for that specific VM type.

    • Change the time range to Last 30 minutes.

  2. Execute the following log query, passing in your VM Type:

    • Heartbeat | where OSType == "VMTYPE" | summarize arg_max(TimeGenerated, *) by SourceComputerId | top 500000 by Computer asc | render table

    • Heartbeat | where OSType == "Linux" | summarize arg_max(TimeGenerated, *) by SourceComputerId | top 500000 by Computer asc | render table

      Log analytics query example

      Note

      If your VM shows in the Results tab, then you have successfully linked your VM from Azure Stack Hub to your Log Analytics workspace (see here for more information).

  3. Navigate to the Automation Account. In the new blade, under Update Management, select Update Management.

    • You will see the following prompt:

      Enable log example

    • Select Click to manage machines.

    • Select Enable on all available and future machines.

      Enable Update and Management

    • Click Enable.

    • Repeat step 10 for Inventory.

    • Everything is now enabled. The API is called every 15 minutes to query for the last update time to determine whether the status has changed. If the status has changed, a compliance scan is initiated.

      Note

      It can take between 30 minutes and 6 hours for the dashboard to display updated data from managed VMs.

  4. Within the Automation Account, the blades Inventory, Change Tracking and Update Management will provide useful analytics.

    Inventory example

    Change Tracking example

    Update and Management compliance example

  5. In public Azure, on the top left, click the hamburger icon and select Monitor.

    Public Azure Hamburger menu

  6. In the new blade under Insights, click Virtual Machines.

  7. You will see three usage analytics tabs (Get Started, Performance and Map) for the VMs you have enabled Azure Monitor for VMs on.

    Caution

    The Get Started tab does not show Azure Stack Hub VMs.

    Public Azure monitor virtual machines

  8. At the top, click the Performance tab, then on the right, move the switch from Azure to Hybrid:

    Public Azure Hybrid switch

  9. A prompt will appear to upgrade the workspace, click Upgrade. In the new blade, click Upgrade again.

  10. Upon refreshing the page, the prompt will disappear and the workspace will begin showing usage analytics for the VMs you have enabled Azure Monitor for VMs on.

    Monitor stats example

    Monitor map example

    Note

    It can take between 30 minutes and 6 hours for the dashboard to display updated data from Azure Monitor enabled VMs.

Feedback

If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.