One of the crucial tasks for managing a hybrid cloud environment entails effective and efficient logging collection. The Microsoft Azure Stack Hub allows the collection of diagnostic logs on demand using a privileged endpoint (PEP). This article will guide examining aspirants for the AZ-600 certification on how to execute this critical operation.
The default system of Azure Stack Hub automatically generates logs. However, in certain scenarios where instantaneous diagnosis is required, on-demand log collection is indispensable. This becomes possible via Azure Stack Hub’s privileged endpoint.
Privileged Endpoint in Azure Stack Hub
The Privileged Endpoint (PEP), also referred to as the admin management console, is essentially a pre-configured remote PowerShell session that allows Azure Stack Hub operators to perform a specific set of management operations.
Access Privileged Endpoint
To access the PEP, first, you must log on to one of the Azure Stack Hub’s infrastructure virtual machines (ERCS VM in pre-2002 versions). Follow this step-by-step process:
PowerShell
Enter-PSSession -ComputerName [IP address of the ERCS / infrastructure VM] -ConfigurationName PrivilegedEndpoint -Credential $CloudAdminCred
In the command above, replace [IP address of the ERCS / infrastructure VM] with your actual VM IP address.
$CloudAdminCred is a variable that holds Azure Stack Hub’s cloud administrator credentials. To create this variable, run the following command:
PowerShell
$CloudAdminCred = Get-Credential
A prompt will appear for you to enter your username and password.
Collect Diagnostic Logs Using Privileged Endpoint (PEP)
After accessing the Azure Stack Hub’s PEP, collection of diagnostic logs becomes feasible. Run the following command:
PowerShell
Invoke-Command –ScriptBlock {Set-AzureStackLogs -OutputPath “C:\AzureStackLogs”}
The logs will be saved in a compressed file in the directory specified by the OutputPath parameter.
Understanding the Logs
In the logs folder, there will be a series of XML, JSON, and text files corresponding to various parts of the Azure Stack Hub. These files can be used to troubleshoot issues or to better understand system performance and configuration.
File Type | Description |
---|---|
.etl | Trace logs providing detailed diagnostic information. |
.blg | Performance Counter logs containing specific performance metrics. |
.xml | Configuration information about Azure Stack Hub components. |
.txt | Log files detailing various operations and transactions. |
To make your task easier while searching for specific events, plan to use log analysis tools such as the Windows Event Viewer.
Final Thoughts
Understanding how to collect diagnostic logs on demand using the privileged endpoint can be of great assistance in managing Azure Stack Hub. It provides immediate, detailed insights to assist in issue diagnosis and resolution – a skill highly valued in the AZ-600 exam. The commands mentioned are instrumental in performing this operation, and recognizing the types of logs generated will only enhance your troubleshooting capabilities.
Knowledge and practical mastery of Azure Stack Hub’s privileged endpoint and diagnostic logs are prerequisites for becoming certified in Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub (AZ-600). This will prove your ability to troubleshoot and manage Azure Stack Hub effectively while optimizing its performance.
Remember, the Interpretation of diagnostics logs offers valuable insights for troubleshooting your Azure Stack Hub environment. So did you master the log collection yet?
Practice Test
True or False: The privileged endpoint (PEP) is a pre-configured remote PowerShell that can be used to debug and troubleshoot your Azure Stack Hub.
- Answer: True
- A. Azure Monitor
- B. Azure Log Analytics
- C. Privileged Endpoint (PEP)
- D. Azure Security Center
- Answer: True
- A. ERCS VM
- B. VPN Gateway
- C. Application Gateways
- D. Virtual Networks
- Answer: False
- A. CSV
- B. JSON
- C. XML
- D. TXT
- Answer: False
- A. One
- B. Two
- C. Three
- D. Four
- Answer: True
- A. Get-HealthUsage
- B. Get-Asset
- C. Get-ResourceUsage
- D. Retrieve-HealthUsage
Explanation: The privileged endpoint is a pre-configured remote PowerShell design used to gather logs and perform a variety of administrative tasks in the Azure Stack Hub environment.
What tool is used to collect diagnostic logs in the Azure Stack Hub?
Answer: C. Privileged Endpoint (PEP)
Explanation: The privileged endpoint is a specially designed tool for debugging and troubleshooting Azure Stack Hub deployments, including the ability to collect diagnostic logs on demand.
True or False: The Privileged Access Workstation (PAW) is the safest method of accessing the privileged endpoint to collect logs.
Explanation: The Privileged Access Workstation (PAW) is a secure, hardened device designed for managing privileged access. It is the most secure method for handling tasks such as using the privileged endpoint to collect logs.
Multiple choice: Which of the following can be accessed via the privileged endpoint in a Azure Stack Hub?
Answer: A. ERCS VM
Explanation: The ERCS (Emergency Recovery Console Service) VMs are accessible via the privileged endpoint and are used for repair operations and troubleshooting.
True or False: You can use the Azure portal to collect diagnostic logs on demand by using privileged endpoint.
Explanation: The Azure portal does not have the capabilities to use the privileged endpoint to collect logs on demand. This can only be accomplished using PowerShell or through the ERCS systems.
In which format does the privileged endpoint collect diagnostic logs?
Answer: B. JSON
Explanation: The privileged endpoint collects diagnostic logs in JSON format, which can then be analyzed or processed as required.
True or False: One can run any arbitrary PowerShell commands or scripts from Privileged Endpoint.
Explanation: Privileged Endpoint only supports a limited set of cmdlets, so one cannot run any arbitrary PowerShell commands or scripts.
Multiple choice: How many types of Privileged Endpoints available in Azure Stack Hub?
Answer: B. Two
Explanation: There are two types of Privileged Endpoints in Azure Stack Hub – User PEP and Admin PEP.
True or False: For security reasons, all operations via Privileged Endpoint are logged in Azure Stack Hub Auditor.
Explanation: For maintaining security, Azure Stack Hub Auditor logs all operations done via Privileged Endpoint.
Which PowerShell cmdlet is used to retrieve the Health Resource usage from the Privileged Endpoint?
Answer: C. Get-ResourceUsage
Explanation: The ‘Get-ResourceUsage’ cmdlet is used to retrieve the Health Resource usage from the Privileged Endpoint.
Interview Questions
What is a privileged endpoint in Azure Stack?
A privileged endpoint (PEP) is a special remote PowerShell console that enables administrators to perform system-level operations in Azure Stack Hub. It is used for specific operations that cannot be executed through the user or admin portals.
How can you connect to the privileged endpoint in Azure Stack?
You can connect to the privileged endpoint using a remote PowerShell session from an Azure Stack operator’s machine. The connection is established over a VPN connection to the Azure Stack infrastructure network.
Why would you want to collect diagnostic logs on demand in Azure Stack?
Diagnostic logs in Azure Stack provide detailed information about operations, errors, and events happening within the system. Collecting these logs on demand can help in troubleshooting performance issues or investigating an abnormal activity in Azure Stack.
What command would you use to collect diagnostic logs from the privileged endpoint?
You would use the command
Get-AzsDiagnostics
, which is accessible from the privileged endpoint PowerShell session.
What type of information can be collected with the
Get-AzsDiagnostics
Get-AzsDiagnostics
command?
The
Get-AzsDiagnostics
command collects all relevant logs and reports from the system for a specified period, including Fabric logs, Resource Provider logs, Azure Stack Hub services logs and others.
How is the
Get-AzsDiagnostics
Get-AzsDiagnostics
command run?
The command
Get-AzsDiagnostics
is run through a PowerShell session connected to the privileged endpoint in Azure Stack.
Where can the collected logs be stored for further investigation?
The collected logs can be stored in a blob storage container for further investigation. A shared access signature (SAS) URL to a blob storage container needs to be provided when running the command to collect the logs.
What is an Azure Stack operator?
An Azure Stack operator is a person or a set of persons who has the responsibility of managing various aspects of the Azure Stack Hub including networking, services, offers, and plans.
Besides diagnostics logs, what other data can be collected using the privileged endpoint?
Besides diagnostic logs, the privileged endpoint can be used to collect specific data related to the health of Azure Stack Hub like Fabric Ring, Storage accounts, Billing/Usage, tenant subscriptions, recovery volumes, deployments, and others.
Who is permitted to connect to the Privileged Endpoint?
Only Azure Stack Hub administrators and specific roles specified by the administrators are allowed to connect to the privileged endpoint.
Where are privileged endpoint commands executed?
Privileged endpoint commands are executed on the host that runs the ERCS role, which is on the Hardware Lifecycle Host (HLH) for multi-node integrated systems.
How is Privileged Endpoint connectivity secured?
The Privileged Endpoint communicates through a restricted and secure network isolated from other Azure Stack Hub networks.
What are ERCS VMs in the context of Azure Stack?
ERCS (Emergency Recovery Console) VMs are special virtual machines that run on the Host (HLH) and serve as hosts for Privileged Endpoint.
Can an Azure Stack operator manage privileged endpoints using Azure Stack portals?
No, Privileged Endpoints management is not available through Azure Stack Portals. They must be managed through a remote PowerShell session.
Is it possible to automate the collection of diagnostic logs using PowerShell scripts?
Yes, it is possible to automate the collection of diagnostic logs by creating and scheduling PowerShell scripts to run at specific times or events.