Export (0) Print
Expand All

Azure VM Agent and VM Extensions

Updated: September 24, 2014

The Azure Virtual Machine Agent (VM Agent) is used to install, configure, manage and run Azure Virtual Machine Extensions (VM Extensions). VM Extensions provide dynamic features that Microsoft and other third parties provide. The agent and extensions are added primarily through the Management Portal, but you can also use the Powershell cmdlets or the xplat-cli to add and configure either when you create a VM or with existing VMs. VM Extensions include support for Remote Debugging in Visual Studio, System Center 2012, Windows Azure Diagnostics, and Docker -- just to name a few.

VM extensions can help you:

  • Modify security and identity features, such as resetting account values and using antimalware

  • Start, stop, or configure monitoring and diagnostics

  • Enhance operations and management

  • Reset or install connectivity features, such as RDP and SSH

  • Improve the remote debugging experience

There are many other features as well; new VM Extension features are released regularly.

This article describes:

The Azure Virtual Machines Agent (VM Agent) is a secured, light-weight process that installs, configures, and removes VM extensions on instances of Azure Virtual Machines from the Image Gallery and on custom VM instances if they have the VM Agent installed. The VM Agent acts as the secure local control service for your Azure VM. The extensions that the agent loads provide specific features to increase your productivity using the instance.

There are two Azure VM Agents, one for Windows VMs and one for Linux VMs. By default, the VM Agent is automatically installed when you create a VM from the Image Gallery, but you can also install the VM agent after the instance is created or install it in a custom VM image that you then upload yourself.

ImportantImportant
These VM agents are very light-weight, services that enable secured administration of virtual machine instances. There might be cases in which you do not want the VM Agent. If so, be sure to create VMs that do not have the VM Agent installed. Although the VM Agent can be removed physically, the behavior of any VM Extensions on the instance is undefined. As a result, removing the VM agent once it is installed is not supported at this time.

The VM Agent is enabled in the following situations:

  • When you create an instance of a Virtual Machine by using the Quick Create method in the Management Portal, or by using the Custom Create method in the Management Portal and making sure that the Install the VM Agent checkbox is selected (as shown in the image below). For more information, see How to Quickly Create a Virtual Machine and How to Create a Custom Virtual Machine.



    VM Agent Checkbox
  • When you create an instance of a Virtual Machine by using the New-AzureVM or the New-AzureQuickVM cmdlet. You can create a VM without the VM Agent installed by adding the –DisableGuestAgent parameter to the Add-AzureProvisioningConfig cmdlet.

  • By manually downloading and installing the VM Agent (either the Windows or Linux version) on an existing VM instance and then setting the ProvisionGuestAgent value to true using Powershell or a REST call. (If you do not set this value after manually installing the VM Agent, the addition of the VM Agent is not detected properly.) The following code example shows how to do this using PowerShell where the $svc and $name arguments have already been determined.

    
    $vm = Get-AzureVM –serviceName $svc –Name $name
    $vm.VM.ProvisionGuestAgent = $TRUE
    Update-AzureVM –Name $name –VM $vm.VM –ServiceName $svc
    
  • By creating a VM image that has the VM agent installed prior to uploading it to Azure. For a Windows VM, download the Windows VM Agent .msi file and install the VM Agent. For a Linux VM, you will install it from the located at https://github.com/Azure/WALinuxAgent. For more information on how to install the VM Agent on Linux, see the Azure Linux VM Agent User Guide.

noteNote
In PaaS, the VM agent is called GuestAgent, and is always available on Web and Worker Role VMs. (For more information, see Azure Role Architecture.) The VM agent for Role VMs can now add extensions to the cloud service VMs in the same way that it does for persistent Virtual Machines. The biggest difference between VM Extensions on role VMs and persistent VMs is that with role VMs, extensions are added to the cloud service first and then to the deployments within that cloud service.

Use the Get-AzureServiceAvailableExtension cmdlet to list all available role VM extensions.

VM Extensions implement most of the critical functionality that you want to use with your VMs, including basic functionality like resetting passwords, configuring RDP, and many, many others. Because new extensions are added all the time, the number of possible features your VMs support in Azure continues to increase. By default, several basic VM extensions are installed when you create your VM from the Image Gallery, including IaaSDiagnostics (currently Windows VMs only), VMAccess, and BGInfo (also currently Windows only). However, not all extensions are implemented on both Windows and Linux at any specific time, due to the constant flow of feature updates and new extensions.

The following extensions are critical to enabling, re-enabling, or disabling basic connectivity with your VMs once they are created and running.

 

VM Extension Name Feature Description More Information

VMAccessAgent (Windows)

VMAccessForLinux (Linux)

Create, update, and reset user information and RDP and SSH connection configurations.

Windows

Linux

 

VM Extension Name Feature Description More Information

MSEnterpriseApplication

Implements features for support by Windows System Center.

System Center 2012 R2 Virtual Machine Roles

PuppetEnterpriseAgent

Implements the features of Puppet Enterprise.

Puppet on Azure

 

VM Extension Name Feature Description More Information

CentosChefClient

ChefClient

Creates a Chef client on Windows. (Can also use the DSC extension, below.)

Chef and Microsoft Azure

LinuxChefClient

DockerExtension

Installs the Docker daemon to support remote Docker commands.

How to Use the Docker Virtual Machine Extension

DSC

PowerShell DSC (Desired State Configuration) extension.

Azure PowerShell DSC (Desired State Configuration) extension

IaaSDiagnostics

Enables, disables, and configures Azure Diagnostics, and is also used by the AzureCATExtensionHandler to support SAP monitoring.

Microsoft Azure Virtual Machine Monitoring with Azure Diagnostics Extension

CustomScriptExtension (Windows)

CustomScriptForLinux (Linux)

Invokes custom scripts on the VM.

CustomScript

Linux

AzureCATExtensionHandler

Consumes the diagnostic data collected by IaaSDiagnostics and few other data sources such as Azure Storage Analytics Metrics and transforms it into an aggregated data set appropriate for SAP Host control process to consume

Azure Enhanced Monitoring for SAP

 

VM Extension Name Feature Description More Information

TrendMicroDSA

Enables TrendMicro’s Deep Security platform support to provide intrusion detection and prevention, firewall, anti-malware, web reputation, log inspection, and integrity monitoring.

How to install and configure Trend Micro Deep Security as a Service on an Azure VM

PortalProtectExtension

Guards against threats to your Microsoft SharePoint environment.

PortalProtect Sharepoint Security

IaaSAntimalware

Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software, with configurable alerts when known malicious or unwanted software attempts to install itself or run on your system.

Download antimalware documentation

SymantecEndpointProtection

Symantec Endpoint Protection 12.1.4 enables security and performance across physical and virtual systems.

How to install and configure Symantec Endpoint Protection on an Azure VM

 

VM Extension Name Feature Description More Information

VS14CTPDebugger

Supports remote debugging from VS using the Azure SDK 2.4

Remote Debugging in Visual Studio

VS2013Debugger

Supports remote debugging from VS using the Azure SDK 2.4

VS2012Debugger

Supports remote debugging from VS using the Azure SDK 2.4

RemoteDebugVS14CTP

Supports remote debugging from VS using the Azure SDK 2.3

RemoteDebugVS2013

Supports remote debugging from VS using the Azure SDK 2.3

RemoteDebugVS2012

Supports remote debugging from VS using the Azure SDK 2.3

WebDeployForVSDevTest

Supports Web Deploy from Visual Studio

Remote Debugging on Azure Web Sites

 

VM Extension Name Feature Description More Information

BGInfo

Presents a consolidated picture of useful server information on the desktop when using RDP.

BGInfo

HpcVmDrivers

Installs, configures, and maintains the following network device drivers on a size A8 or A9 virtual machine so that the VM can access the Azure remote direct-memory access (RDMA) network.

HpcVmDrivers

When you add an extension, you must know information about the extension, such as the name, version, and publisher of the extension. For some extensions, you must also know the configuration that is required to run the extension. You can use either Azure PowerShell cmdlets or the Service Management REST APIs to find information about available extensions.

Some extensions have Powershell cmdlets that are specific to them, which may make their configuration from PowerShell easier; but the following cmdlets work for all VM extensions.

You can use the following cmdlets to obtain information about available extensions:

  • For instances of web roles or worker roles, you can use the Get-AzureServiceAvailableExtension cmdlet.

  • For instances of Virtual Machines, you can use the Get-AzureVMAvailableExtension cmdlet.

    For example, the following code example shows how to list the information for the IaaSDiagnostics extension using PowerShell.

    PS C:\PowerShell> Get-AzureVMAvailableExtension -ExtensionName IaaSDiagnostics
    VERBOSE: 5:09:01 PM - Begin Operation: Get-AzureVMAvailableExtension
    VERBOSE: 5:09:06 PM - Completed Operation: Get-AzureVMAvailableExtension
    
    Publisher                   : Microsoft.Azure.Diagnostics
    ExtensionName               : IaaSDiagnostics
    Version                     : 1.2
    Label                       : Microsoft Monitoring Agent Diagnostics
    Description                 : Microsoft Monitoring Agent Extension
    PublicConfigurationSchema   :
    PrivateConfigurationSchema  :
    IsInternalExtension         : False
    SampleConfig                :
    ReplicationCompleted        : True
    Eula                        :
    PrivacyUri                  :
    HomepageUri                 :
    IsJsonExtension             : True
    DisallowMajorVersionUpgrade : False
    SupportedOS                 :
    PublishedDate               :
    CompanyName                 :
    
    

You can use the following REST APIs to obtain information about available extensions:

Extensions can be added when an instance is created or they can be added to a running instance. Extensions can be updated, disabled, or removed. You can perform these actions by using Azure PowerShell cmdlets or by using the Service Management REST API operations. Parameters are required to install and set up some extensions. Public and private parameters are supported for extensions.

Using Azure PowerShell cmdlets is the easiest way to add and update extensions. When you use the extension cmdlets, most of the configuration of the extension is done for you. At times, you may need to programmatically add an extension. When you need to do this, you must provide the configuration of the extension.

You can use the following cmdlets to know whether an extension requires a configuration of public and private parameters:

  • For instances of web roles or worker roles, you can use the Get-AzureServiceAvailableExtension cmdlet.

  • For instances of Virtual Machines, you can use the Get-AzureVMAvailableExtension cmdlet.

When you retrieve a listing of available extensions by using the REST APIs, you receive information about how the extension is to be configured. The information that is returned might show parameter information represented by a public schema and private schema. Public parameter values are returned in queries about the instances. Private parameter values are not returned.

You can use the following REST APIs to know whether an extension requires a configuration of public and private parameters:

  • For instances of web roles or worker roles, the PublicConfigurationSchema and PrivateConfigurationSchema elements contain the information in the response from the List Available Extensions operation.

  • For instances of Virtual Machines, the PublicConfigurationSchema and PrivateConfigurationSchema elements contain the information in the response from the List Resource Extensions operation.

noteNote
Extensions can also use configurations that are defined with JSON. When these types of extensions are used, only the SampleConfig element is used.

Show:
© 2014 Microsoft