Export (0) Print
Expand All

Azure VM Agent and VM Extensions

Updated: May 12, 2014

The Azure Virtual Machine Agent (VM Agent) is used to install, configure, manage and run Azure Virtual Machine Extensions (VM Extensions). VM Extensions provide dynamic features that Microsoft and other third parties provide. The agent and extensions are added primarily through the Management Portal, but you can also use the Powershell cmdlets or the xplat-cli to add and configure either when you create a VM or with existing VMs. VM Extensions include support for Remote Debugging in Visual Studio, System Center 2012, and Docker -- just to name a few.

VM extensions can help you:

  • Modify security and identity features, such as resetting account values and using antimalware

  • Start, stop, or configure monitoring and diagnostics

  • Enhance operations and management

  • Reset or install connectivity features, such as RDP and SSH

  • Improve the remote debugging experience

There are many other features as well; new VM Extension features are released regularly.

This article describes:

The Azure Virtual Machines Agent (VM Agent) is a secured, light-weight process that installs, configures, and removes VM extensions on instances of Azure Virtual Machines from the Image Gallery and on custom VM instances if they have the VM Agent installed. The VM Agent added to the operating system run by the VM and acts as the secure local control service for your Azure VM. The extensions that the agent loads provide specific features to increase your productivity using the instance.

There are two Azure VM Agents, one for Windows VMs and one for Linux VMs. Typically, the VM Agent is installed when you create a VM from an image from the Image Gallery, but if you want to create a VM from your own image by uploading a VHD you can install the agent yourself and then upload the VHD.

ImportantImportant
These VM agents are very light-weight, secure services that enable secured administration of virtual machine instances. There might be cases in which you do not want the VM Agent. If so, be sure to create VMs that do not have the VM Agent installed. Although the VM Agent can be removed physically, the behavior of any VM Extensions on the instance is undefined. Therefore, removing the VM agent once it is installed is not supported at this time.

The VM Agent is enabled in the following situations:

  • When you create an instance of a Virtual Machine by using the Quick Create method in the Management Portal, or by using the Custom Create method in the Management Portal and making sure that the Install the VM Agent checkbox is selected (as shown in the image below). For more information, see How to Quickly Create a Virtual Machine and How to Create a Custom Virtual Machine.



    VM Agent Checkbox
  • When you create an instance of a Virtual Machine by using the New-AzureVM or the New-AzureQuickVM cmdlet. You can create a VM without the VM Agent installed by adding the –DisableGuestAgent parameter to the Add-AzureProvisioningConfig cmdlet.

  • By downloading and installing the VM Agent on an existing VM instance and setting the ProvisionGuestAgent value to true. The following code example shows how to do this using PowerShell where the $svc and $name arguments have already been determined.

    
    $vm = Get-AzureVM –serviceName $svc –Name $name
    $vm.VM.ProvisionGuestAgent = $TRUE
    Update-AzureVM –Name $name –VM $vm.VM –ServiceName $svc
    
  • By creating a VM image that has the VM agent installed prior to uploading it to Azure. For a Windows VM, download the Windows VM Agent .msi file and install the VM Agent. For a Linux VM, you will install it from the located at https://github.com/Azure/WALinuxAgent. For more information on how to install the VM Agent on Linux, see the Azure Linux VM Agent User Guide.

noteNote
In PaaS, the VM agent is called GuestAgent is always available on Web and Worker Role VMs. (For more information, see Azure Role Architecture.) The VM agent for Role VMs can now add extensions to the cloud service VMs in the same way that it does for persistent Virtual Machines. The biggest difference between VM Extensions on role VMs and persistent VMs is that with role VMs, extensions are added to the cloud service first and then to the deployments within that cloud service.

Use the Get-AzureServiceAvailableExtension cmdlet to list all available role VM extensions.

VM Extensions implement most of the critical functionality that you want to use with your VMs, including basic functionality like resetting passwords, configuring RDP, and many, many others.

 

VM Extension Name Feature Description More Information

VMAccessAgent (Windows)

VMAccessForLinux (Linux)

Create, update, and reset user information and RDP and SSH connection configurations.

Windows

Linux

 

VM Extension Name Feature Description More Information

MSEnterpriseApplication

Implements features for support by Windows System Center.

System Center 2012 R2 Virtual Machine Role Authoring Guide - Resource Extension Package

PuppetEnterpriseAgent

Implements the features of Puppet Enterprise.

Puppet on Azure

 

VM Extension Name Feature Description More Information

CentosChefClient

ChefClient

Creates a Chef client on Windows. (Can also use the DSC extension, below.)

Chef and Microsoft Azure

LinuxChefClient

DockerExtension

Installs the Docker daemon to support remote Docker commands.

How to Use the Docker Virtual Machine Extension

DSC

PowerShell DSC (Desired State Configuration) extension.

Azure PowerShell DSC (Desired State Configuration) extension

IaaSDiagnostics

Enables, disables, and configures Azure Diagnostics, and is also used by the AzureCATExtensionHandler to support SAP monitoring.

Microsoft Azure Virtual Machine Monitoring with Azure Diagnostics Extension

CustomScriptExtension (Windows)

CustomScriptForLinux (Linux)

Invokes custom scripts on the VM.

CustomScript

Linux

AzureCATExtensionHandler

Consumes the diagnostic data collected by Windows Azure Diagnostic extension and few other data sources such as Azure Storage Analytics Metrics and transforms it into an aggregated data set appropriate for SAP Host control process to consume

Azure Enhanced Monitoring for SAP

 

VM Extension Name Feature Description More Information

TrendMicroDSA

Enables TrendMicro’s Deep Security platform support to provide intrusion detection and prevention, firewall, anti-malware, web reputation, log inspection, and integrity monitoring.

How to install and configure Trend Micro Deep Security as a Service on an Azure VM

PortalProtectExtension

Guards against threats to your Microsoft SharePoint environment.

PortalProtect Sharepoint Security

IaaSAntimalware

Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software, with configurable alerts when known malicious or unwanted software attempts to install itself or run on your system.

Download antimalware documentation

SymantecEndpointProtection

Symantec Endpoint Protection 12.1.4 enables security and performance across physical and virtual systems.

How to install and configure Symantec Endpoint Protection on an Azure VM

 

VM Extension Name Feature Description More Information

VS14CTPDebugger

Supports remote debugging from VS using the Azure SDK 2.4

Remote Debugging in Visual Studio

VS2013Debugger

Supports remote debugging from VS using the Azure SDK 2.4

VS2012Debugger

Supports remote debugging from VS using the Azure SDK 2.4

RemoteDebugVS14CTP

Supports remote debugging from VS using the Azure SDK 2.3

RemoteDebugVS2013

Supports remote debugging from VS using the Azure SDK 2.3

RemoteDebugVS2012

Supports remote debugging from VS using the Azure SDK 2.3

WebDeployForVSDevTest

Supports Web Deploy from Visual Studio

Remote Debugging on Azure Web Sites

 

VM Extension Name Feature Description More Information

BGInfo

Presents a consolidated picture of useful server information on the desktop when using RDP.

BGInfo

HpcVmDrivers

Installs, configures, and maintains the following network device drivers on a size A8 or A9 virtual machine so that the VM can access the Azure remote direct-memory access (RDMA) network.

HpcVmDrivers

When you add an extension, you must know information about the extension, such as the name, version, and publisher of the extension. For some extensions, you must also know the configuration that is required to run the extension. You can use either Azure PowerShell cmdlets or the Service Management REST APIs to find information about available extensions.

You can use the following cmdlets to obtain information about available extensions:

  • For instances of web roles or worker roles, you can use the Get-AzureServiceAvailableExtension cmdlet.

  • For instances of Virtual Machines, you can use the Get-AzureVMAvailableExtension cmdlet.

You can use the following REST APIs to obtain information about available extensions:

Extensions can be added when an instance is created or they can be added to a running instance. Extensions can be updated, disabled, or removed. You can perform these actions by using Azure PowerShell cmdlets or by using the Service Management REST API operations. Parameters are required to install and set up some extensions. Public and private parameters are supported for extensions.

Using Azure PowerShell cmdlets is the easiest way to add and update extensions. When you use the extension cmdlets, most of the configuration of the extension is done for you. At times, you may need to programmatically add an extension. When you need to do this, you must provide the configuration of the extension.

You can use the following cmdlets to know whether an extension requires a configuration of public and private parameters:

  • For instances of web roles or worker roles, you can use the Get-AzureServiceAvailableExtension cmdlet.

  • For instances of Virtual Machines, you can use the Get-AzureVMAvailableExtension cmdlet.

When you retrieve a listing of available extensions by using the REST APIs, you receive information about how the extension is to be configured. The information that is returned might show parameter information represented by a public schema and private schema. Public parameter values are returned in queries about the instances. Private parameter values are not returned.

You can use the following REST APIs to know whether an extension requires a configuration of public and private parameters:

  • For instances of web roles or worker roles, the PublicConfigurationSchema and PrivateConfigurationSchema elements contain the information in the response from the List Available Extensions operation.

  • For instances of Virtual Machines, the PublicConfigurationSchema and PrivateConfigurationSchema elements contain the information in the response from the List Resource Extensions operation.

noteNote
Extensions can also use configurations that are defined with JSON. When these types of extensions are used, only the SampleConfig element is used.

Show:
© 2014 Microsoft