Slides from my presentation at Intelligent Cloud Conf on 29.5.2018 in Copenhagen
Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights.
With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario.
.
4. KARL OTS @ KOMPOZURE
• Co-organizer IglooConf & PolarConf
• Podcast host at Cloud Gossip
• Working on Azure since 2011
• Patented inventor
• Worked with tens of different customers on full-scale Azure projects,
from startups to Fortune 500 enterprises
Managing Consultant
karl.ots@kompozure.com
+358 50 480 1102
@fincooper
5.
6. AZURE MONITORING SCENE
Application
Insights
Azure Monitor Azure Health
ARM Activity
Logs
System Center
Operations
Manager
Operations
Management
Suite
Log Analytics
Network
Watcher
Application
Gateway /
WAF
Secure Devops
Kit for Azure
(AzSK)
Security
Center
@fincooper
7. AZURE MONITORING
• Application Insights
• Web Application Firewalls
• Vulnerability ScannersApplication
• Service Map / Application Map
• Log Analytics
• Azure Security Center
• Secure DevOps kit for Azure (AzSK)
• Network Watcher
Infrastructure
• Activity Logs
• Azure Monitor
• Azure Health
Platform
@fincooper
8. ARM ACTIVITY LOGS
• Monitors Azure Platform level operations
• What operations were taken on the resources in your subscription
o HTTP Operations on your Resource Providers
• Who initiated the operation
o Operations initiated by a backend service do not return a user as the caller
• When did the operation occur
• Status of the operation
• Default retention time is only 90 days!
@fincooper
9.
10. AZURE MONITOR
• Built-In monitoring support for all Azure resources
• Out-of-the-box Resource Metrics, such as:
o Total active connections on Azure DB for MySQL
o Number of throttling errors for IoT hub
• Alert rules to get notified & take automated actions
• Exposed as an API
@fincooper
13. AZURE MONITORING
• Application Insights
• Web Application Firewalls
• Vulnerability ScannersApplication
• Service Map / Application Map
• Log Analytics
• Azure Security Center
• Secure DevOps kit for Azure (AzSK)
• Network Watcher
Infrastructure
• Activity Logs
• Azure Monitor
• Azure Health
Platform
@fincooper
14. LOG ANALYTICS
• Log Analytics covers several infrastructure monitoring capabilities:
o Network Performance Monitoring
o Host security monitoring
o Storage, compute and Microsoft middleware performance monitoring
• With Log Analytics, you can use the Kusto query engine to search trough
your host logs.
o You can ask e.g. for data on all unhealthy network links
o Or status of disk usage and patching for all VMs
• You can also bring all Application Insights telemetry into Log Analytics
workspace!
@fincooper
15.
16.
17. LOG ANALYTICS CONNECTIVITY
• Input
o Application Insights
o Azure Platform
▪ Azure Active Directory Audit logs, Azure Activity Logs, Azure
Security Center Alerts, most Azure Resource Provider's Logs
o Windows or Linux Virtual Machine logs (Microsoft Monitoring Agent)
o System Center logs
o ITSM tools: System Center Service Manager, ServiceNow, Provance, and
Cherwell
• Output
o Event Hubs: Anywhere ☺
@fincooper
20. OMS SERVICE MAP
• Built on the BlueStripe acquisition
• Automatically maps dependencies of your Windows or Linux VMs
o Shows connections between servers, ports and processes
o You need to install a separate agent, along with Microsoft Monitoring
Agent
• Use Service map to gather a holistic view on your IaaS appications
• Drill down to machine level to see performance monitoring data
@fincooper
29. APP INSIGHTS APPLICATION MAP
• Maps your application component dependencies
• Monitoring of load, performance, failures and alerts, at component level
• You can drill down to a speific Azure Monitor or Azure Service diagnostic
view, such as SQL Database Advisor
• Helps you spot the problemmatic component more easily
@fincooper
32. AZURE MONITORING
• Application Insights
• Web Application Firewalls
• Vulnerability ScannersApplication
• Service Map / Application Map
• Log Analytics
• Azure Security Center
• Secure DevOps kit for Azure (AzSK)
• Network Watcher
Infrastructure
• Activity Logs
• Azure Monitor
• Azure Health
Platform
@fincooper
33. Azure Monitor:
consolidated pipeline for all
monitoring data from Azure
services. It gives you access to
performance metrics and events
that describe the operation of
the Azure infrastructure and any
Azure services you are using.
Application Insights:
application performance monitoring
and user analytics. It monitors the
code you've written and applications
you've deployed on Azure or on
premises/other clouds
Log Analytics: ingestion of
log and metric data from Azure
services (via Azure Monitor),
Azure VMs, and on premises or
other cloud infrastructure and
offers flexible log search and
out-of-the box analytics on top
of this data. It
@fincooper
34. RECENT UPDATES
• Azure Monitor ITSM support
o System Center Service Manager, Service Now, Provance, Cherwell
• New Azure Monitor Alert engine
o Near-real time monitoring
• New UI for Application Insights and Azure Monitor
• Application Insights Failure Diagnostics
@fincooper
36. FURTHER READING
• Patterns & Practices article on Monitoring:
o https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/
• Activity Log retention for more than 90 days
o https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-
archive-activity-log
• Logic App that posts a message to a Slack channel when an Azure alert fires:
o https://github.com/Azure/azure-quickstart-templates/tree/master/201-alert-to-slack-
with-logic-app
• Azure Security data export to SIEM
o https://docs.microsoft.com/en-us/azure/security-center/security-center-export-data-
to-siem
• Provision alerts from Secure DevOps kit for Azure:
o https://github.com/azsk/DevOpsKit-docs/blob/master/01-Subscription-
Security/Readme.md#azsk-subscription-activity-alerts-1
@fincooper