The Emergency VM Access (EVA) is a vital service used in Microsoft Azure Stack Hub environments. It is especially useful during emergencies when the typical access methods to a Virtual Machine (VM) don’t work as expected.
The EVA follows the Break the Glass process when an emergency occurs that can’t be addressed using regular support and remediation paths. The service provides vital resources for support and recovery in case of system failures, enabling the system to continue operating normally.
When is the Emergency VM Access Necessary?
To provide an understandable picture of the topic, we’ll walk you through the procedures to enable the EVA service, but before that, let’s delve a bit deeper into some scenarios where EVA becomes necessary.
- A VM has Network Interface Card (NIC) Misconfiguration: If a VM experiences a NIC misconfiguration, it may lose Remote Desktop Protocol (RDP) connectivity. The EVA allows administrators to regain access to the VM.
- Issues with Azure Stack Fabric Management: If there’s a malfunction in the Azure Stack Hub management system, an administrator might lose connection to the VMs through the regular channels. The EVA provides a way to access the affected VMs.
- Windows OS Failure: When the Windows OS doesn’t boot correctly, RDP is usually not available. However, the EVA can provide access to the VM to perform problem-solving procedures.
Now, that we have a better understanding of what the EVA does and why it’s so important, let’s walk through the process of enabling the Emergency VM Access Service.
Enabling the EVA service
To enable the EVA service, you’ll need to follow the subsequent steps:
- Navigate to the Azure Stack Hub Administrator Portal.
- Select ‘All Services’ and then ‘Infrastructure Roles’ from the dropdown menu.
- From the available options, find and click on ‘Emergency Recovery Service’ (if not already enabled).
- In the ‘Emergency Recovery Service’ blade, click on the ‘…’ (More) option and select ‘Start’.
Do note that the Break the Glass process should only be carried out by a trained Azure Stack Hub operator.
Enabling the EVA service will allow privileged, emergency access to VMs and storage accounts associated with the selected credentials. In normal operations, the EVA processes are dormant.
Disabling EVA service
Once the service has performed its function or the emergency has been resolved, to disable the EVA service, follow the same steps as above to get to the ‘Emergency Recovery Service’ blade. Then:
- Click on the ‘…’ (More) option and select ‘Stop’.
Disabling the EVA service once it has served its purpose is crucial for maintaining system integrity and reducing any potential risks.
In Summary
The Emergency VM Access Service is a crucial Azure Stack Hub function that allows robust, emergency access to VMs in cases of system failure or connectivity loss. Misconfiguration and other unforeseen problems can be addressed effectively through the Break the Glass process. It should be enabled for dealing with emergencies, but it’s equally important to disable it once the problem has been resolved.
Always remember, that strict adherence to best data and system practices, including training, should be followed when dealing with critical systems such as Azure Stack Hub.
Practice Test
True or False: Emergency VM Access Service (EVA) is designed to give console access to all types of virtual machines irrespective of their state?
- Answer: False
Explanation: EVA is specifically designed to give console access to virtual machines if they become unreachable due to networking misconfiguration, incorrect firewall rules, or other issues.
Which one of the following services is used for getting console access to VMs when they’re unreachable?
- a) Excel
- b) Emergency VM Access Service (EVA)
- c) Sharepoint
- d) Onedrive
Answer: b) Emergency VM Access Service (EVA)
Explanation: The Emergency VM Access Service (EVA) provides a console-based login method when VMs are unreachable via Remote Desktop Protocol (RDP) or Secure Shell (SSH).
True or False: EVA is available for Linux machines?
- Answer: True
Explanation: EVA is available for both Windows and Linux machines.
Which protocol needs to be enabled for EVA to provide access?
- a) SIP
- b) HTTPS
- c) RDP
- d) None
Answer: d) None
Explanation: EVA still provides console-based access to VMs when they become unreachable due to network misconfiguration, so no protocol needs to be enabled for EVA to provide access.
What type of VMs are supported by EVA?
- a) Unmanaged VMs
- b) Managed VMs
- c) Both unmanaged and managed VMs
- d) None of the above
Answer: c) Both unmanaged and managed VMs
Explanation: EVA supports both managed and unmanaged virtual machines.
True or False: EVA can be used to configure disabled network adapters?
- Answer: True
Explanation: EVA provides direct console access to the VMs, enabling you to configure network settings, including disabled network adapters.
In which one of these scenarios you can use EVA?
- a) VMs are responsive and working fine
- b) VMs are unreachable due to network misconfiguration or firewall rules
- c) VMs need software updates
- d) To create new virtual machines
Answer: b) VMs are unreachable due to network misconfiguration or firewall rules
Explanation: EVA is specifically used when VMs become unreachable due to issues like network misconfiguration or inappropriate firewall rules.
True or False: SSH must be enabled for EVA to provide access to Linux machines?
- Answer: False
Explanation: EVA provides console-based access and does not require SSH or RDP to be enabled.
What is NOT a benefit of using EVA?
- a) Ability to change hostname
- b) Start a stopped VM
- c) Recovery of inaccessible VMs
- d) Installation of latest Windows updates
Answer: d) Installation of latest Windows updates
Explanation: EVA is used for gaining console access to VMs that are inaccessible; it is not used for installing Windows updates
True or False: Using EVA can be a potential security risk if not managed properly?
- Answer: True
Explanation: As EVA provides console access to VMs, if not handled correctly, it can indeed pose a security risk. Therefore, it’s crucial to have strict security protocols and controls in place.
Which service is ideal for managing and configuring a misconfigured VM?
- a) Azure Backup
- b) Azure Monitor
- c) Azure EVA
- d) Azure Active Directory
Answer: c) Azure EVA
Explanation: EVA is specifically designed to manage and configure VMs that have become unreachable due to misconfigurations or other issues.
Which one of the following cannot be managed using EVA?
- a) Networking issues
- b) Firewall misconfigurations
- c) Windows Services
- d) VM Scale Set configuration
Answer: d) VM Scale Set configuration
Explanation: EVA is used for direct access to individual VMs. It doesn’t provide management capabilities for VM Scale Sets.
True or False: EVA is replaced by System console and no longer available in new versions of Azure Stack Hub?
- Answer: True
Explanation: Starting from the version 2008, Azure Stack Hub has replaced EVA with a new feature, system console, which provides similar functionality.
Which tool could help if your Linux VMs are located on Azure Stack Hub and general access cannot be established?
- a) Azure Backup
- b) Azure EVA
- c) Azure Advisor
- d) Azure Migrate
Answer: b) Azure EVA
Explanation: Azure EVA helps access Linux VMs when they are inaccessible through standard protocols due to network or firewall misconfigurations, etc.
True or False: EVA is part of Azure Active Directory services.
- Answer: False
Explanation: EVA is not part of Azure Active Directory services; instead, it is a part of Azure Stack Hub intended to provide emergency access to virtual machines.
Interview Questions
What is the purpose of the Emergency VM Access (EVA) feature in Azure Stack Hub?
The EVA service is a feature designed for disaster recovery. It enables administrators to gain access to Windows or Linux VMs when normal access methods are not available.
How is the EVA service implemented in Azure Stack Hub?
The EVA service is implemented as a VM extension.
Can the EVA service be used to gain access to a VM when network connectivity is lost?
Yes, the EVA service is specifically designed to provide access to VMs in cases where normal methods fail, including loss of network connectivity.
Why might I need the EVA service in Azure Stack Hub?
You may need the EVA service if you’re unable to RDP or SSH into your VM, or if your VM’s OS is not responding.
Which types of VMs can you access using the EVA service?
The EVA service allows access to both Windows and Linux VMs.
How can I enable the EVA service on an existing VM?
You can deploy the EVA service to an existing VM through PowerShell by creating a VM extension.
What are the prerequisites for using the EVA service?
In order to use the EVA service, you need to have a subscription to Azure Stack Hub and a Windows or Linux VM to access.
What are the costs associated with using the Emergency VM Access (EVA) service?
The pricing details for the EVA service depend on the Azure Stack Hub pricing model. As such, it would be different for each case.
What are the permissions required to enable the EVA service on a VM?
To enable the EVA service, you must have the Owner or Contributor role for the VM.
Is it possible to enable the EVA service for multiple VMs at the same time?
Yes, the EVA service can be enabled for multiple VMs at the same time using a script.
What happens to the EVA service when the VM is deleted?
When a VM is deleted, any associated EVA service is also deleted.
How can the EVA service be disabled or de-provisioned?
The EVA service can be disabled or de-provisioned using PowerShell.
Can the EVA service be used to access a VM from regions outside of the region where the VM is located?
The EVA service allows access to a VM regardless of the location of the user.
What credentials are required to access a VM via the EVA service?
To access a VM via the EVA service, you need administrative credentials for that VM.
Can the EVA service be used on VMs that are part of an Availability Set or Scale Set?
Yes, the EVA service can be used on VMs regardless of whether they are part of an Availability Set or Scale Set.
extutorials.com