3.7. Monitoring.md

Monitoring

Azure Network Watcher

• Inbuilt in Portal (Monitor -> Network)
• Features
  • Topology: e.g. VNETs, subnets, VMs, NICs
  • Variable Packet Capture: Captures TCP packages at NIC level as Wireshark files.
  • IP Flow Verify: Troubleshoots NSG
  • Next hop: Troubleshoots route tables
  • Connection troubleshoot: Why it does not connect?
  • Diagnostics Logging
  • Security Group View
  • NSG Flow Logging
  • VPN Gateway Troubleshooting
  • Network Subscription Limits
  • Role Based Access Control

Network Monitor

• Troubleshooting blade.
• Available for the following network resources:
  • ExpressRoute, VPN Gateway, Application Gateway, Network Security Logs, Routes, DNS, Load Balancer, and Traffic Manager.
• Available through Portal, CLI, PowerShell, Rest API, retrieved using Power BI or third-party logs.
• Events are logged in storage accounts, ready to be sent to Event Hub or Log Analytics.
• Metrics for performance measurements are collected over a period of time.

Azure Security Center

• Unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds.
• Enables you to discover and assess the security of your workloads and to identify and mitigate risk.
  • E.g. • network recommendations • network maps • internet facing endpoints without NSGs.
• Two tiers: Free and Azure Defender

Azure Defender

• Formerly known as Azure Security Center Standard Edition
• Regulatory compliance dashboard and reports
• Threat protection for
  • Azure VMs and non-Azure servers
  • PaaS services
• Microsoft Defender for Endpoint (servers)

Just-in-time (JIT) virtual machine (VM) access

• Can be used to lock down inbound traffic to VMs
• Reduces exposure to attacks while providing easy access to connect to VMs when needed.
• Flow
  1. A user requests access to a VM
  2. Azure Defender checks that the user has Role-Based Access Control (RBAC) permissions that permit them to successfully request access to a VM.
  3. Azure Defender automatically configures the Network Security Groups (NSGs) to allow inbound traffic to the selected ports and requested source IP addresses or ranges, for the amount of time that was specified.
  4. After the time has expired, Azure Defender restores the NSGs to their previous states.
     • Those connections that are already established are not interrupted

Azure Monitor

• Helps you monitor your applications and resources
• All data connected by Azure Monitor fits into two types: Logs, Metrics
• Log Analytics and Application Insights have been combined into Azure Monitor
  • Log analytics was a product before, now just referred as a feature.
• 🤗 In 2018 "Operations Management Suite (OMS)" and its services were rebranded into Azure Monitor and it's no longer available.

Azure Logs

• Allows you to monitor log data
• Log data can be from on-premises or cloud resources
• Helps maintain resource availability and performance.
• It allows you to run queries and list or visualize results
• Reads data from a log analytics workspace

Log Analytics workspace

• Logical storage unit where log data is collected and stored
• Basic management unit of Azure Monitor Logs
• Retention: min 31 days (default), up to 730 days (paid)
• Supports sending custom logs through
  • Log Analytics Agent
  • HTTP Data Collector API (previously known as Log Analytics Data Collector API)

Queries in Log Analytics workspace

• Allows to query logs using KQL (Kusto Query Language)
• Allows you to save save queries
• You can filter, sort, group query results or render charts based on them

Azure Metrics

• Feature of Azure Monitor that collects numeric data
• Save data into a time series database
• Metrics
  • Numerical values that are collected at regular intervals
  • Describe some aspect of a system at a particular time
  • Also called performance counters
• There is no need to set up additional diagnostics for metrics, nor opt-in for the data.
• Frequency of one minute.
• Can be viewed on portal using Azure metrics explorer
• Retention is often 93 days
  • ❗️ But only lets you view 30 days at a time
  • Archive metrics to storage for longer retention
    • Can be configured in the settings for the resource.
• Multi-dimensional metrics
  • Some metrics can also name-value pair attributes (called dimensions)
  • Allows further segmentation
• Use-cases
  • Track the performance of your resource (such as a VM, website, or logic app) by plotting its metrics on a portal chart and pinning that chart to a dashboard.
  • Perform advanced analytics or reporting on performance or usage trends of your resource.
  • Get notified of an issue that impacts the performance of your resource when a metric crosses a certain threshold.
  • Archive the performance or health history of your resource for compliance or auditing purposes.
  • You can choose to stream this information to an event hub.
    • Doing so allows you to route them to Azure Stream Analytics for near-real-time analysis.

Agents

• Used for collecting data from compute resources and sending to Azure
• Helps measuring performance and availability of guest OS

Azure Monitor agent

• Also known as AMA
• Will eventually replace and consolidate Log Analytics Agent and Diagnostic extension
• Sends data to Azure Monitor Metrics or Log Analytics workspace

Log Analytics Agent

• Sends data to log analytics workspace
• Collects custom logs, IIS logs, performance counters, syslog, windows event logs.
• Can be installed on Azure VMs using the Azure Log Analytics VM extension for Windows and Linux
• For machines in a hybrid environment using setup, command line, or with Desired State Configuration (DSC) in Azure Automation.
• Outbound connection over TCP port 443

Log Analytics Gateway

• Formerly known as OMS gateway
• Allows sending logs from computers that are not connected to internet
• Agents sends their data to gateway, gateway forwards it to log analytics workspace
• HTTP forward proxy that supports HTTP tunneling using the HTTP CONNECT command
• 💡 If long sending machines have no connection to internet use Log Analytics Gateway
• ❗️ Computer that has gateway installed required Internet access as Private Link (ExpressRoute cables to Azure) is not supported for it (see supported services)

Azure Diagnostics extension

• Collection of diagnostic data on a deployed application
• Supports
  • Azure cloud service (classic) Web and Worker roles
  • Virtual machines
  • Virtual machine scale sets
  • Service fabric
• Can send data to
  • Azure Monitor Metrics
  • Event hubs (for sending data outside Azure)
  • Azure Blob Storage
  • Application Insights
• Collects: • Performance counter metrics • Application logs • Windows Event logs • .NET EventSource logs • IIS Logs • Manifest based ETW logs • Crash dumps (logs) • Custom error logs • Azure Diagnostic infrastructure logs.
• Data storage
  • The extension stores its data in an Azure Storage account that you specify.
  • You can also send it to Application Insights.
  • Another option is to stream it to Event Hub, which then allows you to send it to non-Azure monitoring services.
  • You also have the choice of sending your data to Azure Monitor metrics time-series database

Application Insights

• Application Performance Management (APM) service for web developers building and managing apps on multiple platforms.
• Use it to monitor your live web application.
• It will automatically detect performance anomalies.
• It integrates with your DevOps process, and has connection points to a variety of development tools.
• It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center and HockeyApp.
• Saves data either in
  • Classic (application insights workspace)
  • Or in log analytics workspace

Azure Advisor

• It analyzes your resource configuration and usage telemetry. It then recommends solutions to help improve the performance, security, and high availability of your resources while looking for opportunities to reduce your overall Azure spend.
• Across subscriptions
• You can apply filters to display recommendations for specific subscriptions and resource types.
• The recommendations are divided into four categories:
  • High Availability : To ensure and improve the continuity of your business-critical applications.
  • Security : To detect threats and vulnerabilities that might lead to security breaches.
  • Performance : To improve the speed of your applications.
  • Cost : To optimize and reduce your overall Azure spending.

Azure Service Health

• Provides personalized guidance and support when issues in Azure services affect you
• Helps you prepare for upcoming planned maintenance.
• Alerts you and your teams via targeted and flexible notifications.
• Service Health tracks three types of health events:
  • Service issues
    • Problems in the Azure services that affects customers right now.
  • Planned maintenance
    • Upcoming maintenance that can affect the availability of services in the future
  • Health advisories
    • Changes in Azure services that require attention
    • E.g. • Azure features are deprecated • You exceed a usage quota
• Data is presented at
  • Azure Portal: Personalized Service Health Dashboard
  • Azure Monitor: Service Health Alerts
  • http://status.azure.com : General Health Overview of All Azure Services

Power BI

• Turn data processing to analytics and reports that provide real-time insights into your business.
• Works with cloud-based or on-premises data.
• Has a multitude of Azure connections available.
• Shape and refine your data to build customized reports.
• Products: • Power BI Desktop • Power BI Pro • Power BI Premium • Power BI Mobile • Power BI Embedded • Power BI Report Server
• You can use data sources from Azure e.g. Azure SQL Database, Azure HDInsight, Azure Blob Storage and many more.