Step-by-step guide: Configuring Azure Automation Hybrid Worker

Azure Automation is a cloud solution that helps organizations meet their infrastructure and security requirements by automating tasks, providing desired state configuration for your servers, and configuration management. By default, when Azure Automation is created it will allow execution of scripts in Azure. But some organizations want to be able to automate tasks in other clouds and on-premises environments, and the Hybrid Worker tool is the key to deliver such solution.

The Hybrid Runbook Worker Group is a set of one or more VMs configured to act as Hybrid Runbook Worker. Servers configured with this role query the Azure Automation cloud service through port 443 to check if there is any job available. If there is a job, then the Hybrid Worker will execute the runbook.

When using Hybrid Worker, the scripts will be executed on those VMs and we must make sure that future Runbooks have all pieces of software available, including Azure Modules. If we have more than one server, we must make sure that they are configured consistently.

Creating the Azure Automation account

The first step in this article is to create the Azure Automation account, and that account will be responsible to run our script on an interval basis. Logged on to Microsoft Azure Portal, click on Create a resource, type in automation and select Automation. In the new blade click on Create.

Make sure to select Yes in the Create Azure Run As account field. Basically, that will create a Service Principal in your Azure Active Directory.

hybrid worker

Note: If you want to find out the Service Principal name created during this process, after the creation process, click on the Automation Account, and then click on Run as accounts item on the left side of the blade. Click on the desired Run As account. In the new blade the Azure Active Directory Application field will have the name which this account was registered.

The next step is to create a new Log Analytics resource. Basically, we need to define a unique name, resource group, and location.

hybrid worker

After creating the new workspace, open the OMS portal by selecting the Log Analytics item in the Resource Group that you defined during the creation of the resource. In the main page (OMS Workspace), click on OMS Portal, and a new page with OMS main page will be displayed. Click on the Store icon, and then click on Automation & Control, and then click on Configure Workspace.

hybrid worker

In the new page, select the Automation Account that we have just created and click on OK.

Note: To check if any given OMS has an Automation Account, click on Settings, Accounts, and then Automation Account.

hybrid worker

Creating and configuring Hybrid Worker

The Hybrid Worker is a regular Windows Server 2016 VM that we provisioned using Azure Portal using default values, and all Azure Automation scripts that are configured to run on Hybrid Worker mode will be executed on this virtual machine.

After provisioning the server, our first step is to install the script that creates the integration between the VM and the Azure Automation Account. To install it, run the following PowerShell cmdlet. The process will configure the current server to support all the requirements to download and install the desired script.

Install-Script -Name New-OnPremiseHybridWorker

hybrid worker

The next step is to run the PowerShell script below. As you can see, there is some information that we need to provide. Before running the script to install the Hybrid Worker, we should run these following cmdlets to retrieve all required information:

Get-AzureRMOperationalInsightsWorkspace

The above cmdlet provides values for these following parameters: WorkspaceName and OMSResourceGroupName.

Get-AzureRMAutomationAccount

The above cmdlet provides values for AutomationAccountName and AAREsourceGroupName

Get-AzureRMSubscription

The above cmdlet provides the value for the SubscriptionID parameter

Having all those values ready helps when running the cmdlet below. The only parameter missing is the HybridGroupName and we will define it during the execution of the cmdlet. In our article we are going to use HybGroup01. The script will take some time to execute, and it will require authentication. Modules will be installed and loaded, and the Microsoft Monitoring Agent will be installed as well.

New-OnPremiseHybridWorker.ps1 -AutomationAccountName <NameofAutomationAccount> -AAResourceGroupName <NameofResourceGroup> -OMSResourceGroupName <NameofOResourceGroup> -HybridGroupName <NameofHRWGroup> -SubscriptionId <AzureSubscriptionId> -WorkspaceName <NameOfLogAnalyticsWorkspace>

hybrid worker

The result of a successful run will be similar to the image above, where the final step is the registration of the Hybrid Runbook Worker in Microsoft Azure. We can check in the Azure side to see the changes performed by the script. Click on the Automation Account and then click on Hybrid Worker groups, and in the User Hybrid Worker Groups, we will have a new entry as depicted in the image below.

hybrid worker

Executing Runbooks

Now that we have the Hybrid Worker groups in place, we can select where we want to run the desired Runbook. We can select Azure or Hybrid Worker.

Logged on the Azure Portal, select the Automation Account and then click on Runbooks, select a Runbook from the list or create a new one. After having the desired Runbook being listed on the right side, click on Start. In the new blade, select Hybrid Worker and select the group. In our article we have only the one that we have just created.

hybrid worker

These are the basic steps to get the Hybrid Worker configured. In future articles here at TechGenix, we will be exploring more features available in Azure Automation. Stay tuned!

Featured image: Shutterstock

1 thought on “Step-by-step guide: Configuring Azure Automation Hybrid Worker”

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top