In this post and accompanying video, we go over Azure Automanage. Automanage is an Azure solution to automate management of IaaS servers within the Cloud Adoption Frameworks best practices. This post gives an overview of the services. The video reviews the service and provides a demonstration of on-boarding a server. After that, we go on to review settings on a server that is part of Azure Automanage.
One of the advantages of cloud computing is that much of the responsibility for managing the underlying platform goes to the cloud provider, leaving more time to manage the service itself. In practice, it’s a little more nuanced than that. The level of management will depend on the type of services deployed. For example, management responsibilities are different for Software as a Services (SaaS) than Infrastructure as a Service (IaaS).
The chart below is the shared responsibility model published by Microsoft (Located HERE). With Infrastructure IaaS, Microsoft takes care of the underlying physical aspects of the service. It is the customer’s responsibility to provision and manage networking, OS maintenance, monitoring, and other supporting services.
IMAGE Shared Responsibility Model
The level of management responsibility has been an obstacle for some organizations to move to Azure. Most organizations have configuration management, logging, monitoring, backups, and update management in their on-premises environment. Extending those services to Azure adds cost and management overhead that can detract from cloud services’ value.
That brings us to Azure Automanage. Automanage simplifies IaaS server management by applying a set of best practices and automating the day-to-day management of IaaS servers. It follows the Azure Cloud Adoption framework to take care of key security and reliability items. The services used with Azure Automanage include:
- Azure Backup
- Azure Security Center
- Azure Monitoring and Log Analytics
- Configuration Management
- Change Tracking and Inventory
- Azure Automation
- Update Management
There are several requirements for Azure Automanage. Automanage only works with a Windows Server OS, it will not work with Linux or Windows 10, including Windows 10 Multi-user. Also, while in preview, Auto manage is only supported in the following regions:
- West Europe
- East US
- West US 2
- Canada Central
- West Central US
- Japan East
The Owner role or Contributor and User Access Admin roles on the subscription are required to enable Automanage for the first VM in the subscription or create a new Automanage Account. Contributor role on the VM’s Resource Group is necessary to add servers with an existing Automanage Account.
Profiles and Preferences
There are a limited number of settings available with Automanage. Profiles are a collection of services available with Automanage. There are two profiles available while in preview, Azure VM Best Practices – Production and Azure VM Best Practices -Dev/Test.
Most organizations won’t need all of the services offered with the Production profile in a Dev/Test environment. The Dev/Test profile is the same as Production, with the exception of Insights Monitoring and Backups service. Those two services are not included in the Dev/Test profile.
Preferences allow us to make adjustments to the default profile settings. These adjustments must be within the upper and lower range of Azure Best practices. We couldn’t, for example, disable Backups on production VM’s. That would be outside the limits of best practices.
The chart below lists the services available with Automanage, the availability of the services in each profile, and if the service supports preferences.
Only two profiles and two services support modifications with preferences. That may seem somewhat limiting. However, Microsoft offers AutoManage to verify IaaS VM’s meet the Cloud Adoption Framework best practices. Automanage also prevents drift from those best practices. Automanage can’t verify compliance if someone decides to disable update management or change tracking. Each service can be added to servers individually outside of Automanage if the options available doesn’t fit an environment.
There is no cost to Automanage while in preview. However, each service, such as Backup, Log Analytics, and Azure Automation, has an associated cost.
Overall, I noticed a lack of central management and monitoring with Automanage. It would be beneficial to have a portal with the service status of each VM, without having to go to each service individually. Alerting when a VM falls outside of compliance would also be helpful.
The documentation for Automanage is thin. I had to review information on each services page instead of within the Automanage documentation. This may be because AutoManage is a wrapper for those other services. It would be nice to have it all in one place.
With that said, I like the idea of what Automanage can do. Providing updates, backups, monitoring, and other best practices by merely on-boarding of VM’s into the service goes a long way to simplifying IaaS management. This service has a lot of potential.
Keep in mind that at the time of writing, Automanage is in Public Preview. Some of the missing items may be added before it goes GA. Don’t let the limitations I mentioned prevent you from trying it out. If you do try it and have a suggestion, send them to the Azure Automanage Feedback page at the link here.