In Azure Autiomation were recently introduced new features, currently in preview, which make it possible to manage the distribution of updates, collect inventory information about the applications installed on the systems and keep track of changes made on the machines. This article will show you how to configure the Azure Automation Account to take advantage of these new features and it will show their main characteristics.
In order to use each of these features it is necessary that the Automation Account is associated with a Log Analytics Wokspace.
If the Automation Account where you want to enable these new features is not linked to any Workspace of Log Analytics is requested, in the process of activation, the binding to an existing Workspace or it propose the creation of a new Workspace:
The capabilities of Change Tracking and Inventory are enabled simultaneously by the Azure portal and at the end of the activation will appear the following notification:
For enabling Update management you will need to perform the same operation.
At the end of these activities in the Log Analytics Workspace will be present the following solution:
After the completion of the activation, the solution begins to show the data of machines already connected to the OMS Workspace associated with the Automation Account. You could also get the onboarding by further machines directly from the relevant sections of the Azure Portal:
This process requires the installation of the OMS agent on systems and can be done either on Windows and Linux. If the machines are on the Azure fabric the OMS agent installation process is integrated and can happen quickly with a simple click from the Azure Portal. Otherwise you can still associate the systems by manually installing the OMS agent, independently from their location (on-premises or others cloud).
For the functionality of Inventory and Change Tracking you can access the settings (common among the two solutions) to customize the registry key information, the files under Windows and Linux that you plan to inventory and monitor:
This feature allows you to retrieve inventory information relating to: installed software, files, Windows Registry keys, Windows Services and Linux Daemons. All this can be accessed easily directly from the Azure portal and it is possible to apply search filters:
The functionality of Change Tracking monitors changes made to systems relatively to Daemons, File, Registry, software and services on Windows . This feature can be very useful to diagnose specific problems and to enable alerts against unexpected changes.
By accessing the Log Analytics console you can also carry out more targeted searches:
Also in the Change Tracking there is the possibility to connect theAzure Activity Log of an Azure subscription to collect also changes you make in Azure side.
The solution of Update Management allows a total visibility on the update compliance for both Windows and Linux systems:
Using the search panel you can quickly identify missing updates:
The solution is not only very useful for consultation, It also allows you to schedule the deployment to install the updates within a specific maintenance window.
Very soon, even the ability to deploy on Linux systems. Among the features offered there is the ability to exclude specific updates from the deployment.
Scheduled deployments and their execution status can be monitored in real time directly from the Azure Portal:
Selecting the deployment completed you will be sent to a well-structured and easy-to-use dashboard that allows you to check the details of the deployment:
Also useful the ability to retrieve logs that are related to deployment for troubleshooting purposes.
These are features that give you the ability to control and manage easily, and efficiently environments composed of few units in the cloud up to contemplate hybrid scenarios with a large number of systems. These features are currently in preview therefore intended to further expand their potential. In particular the functionality of Update Management to manage and orchestrate the updates deployment in complex environments in an efficient and flexible way will have to evolve, but it is definitely in a good point of the develop. For more details of Azure Automation I invite you to consult official documentation.