Category Archives: Azure Monitor

Azure Stack HCI: how to monitor the environment in a complete and effective way

Azure Stack HCI is the Microsoft solution that allows you to create hyper-converged infrastructures (HCI) for the execution of workloads in an on-premises environment. Azure Stack HCI, in addition to seamlessly integrating into on-premises datacenters, offers an important added value: the ability to connect with Azure services to obtain a hybrid hyper-converged solution. Among these services we find Azure Monitor and this article reports the benefits and features of the solution to monitor the Azure Stack HCI environment in a complete and effective way.

The solutionAzure Stack HCI Insights is able to provide detailed information on integrity, on the performance and usage of Azure Stack HCI clusters. The version of the clusters must be 21H2, must be connected to Azure andregistered for related monitoring. Azure Stack HCI Insights stores your data in a Log Analytics workspace, thus providing the possibility to use powerful filters and aggregations to better analyze the data collected over time.

Benefits of the solution

The main benefits of adopting Azure Stack HCI Insights are:

  • Managed by Azure. The solution is accessible directly from the Azure portal, it is constantly updated and no additional infrastructure components or third-party software are required.
  • Scalability. This is a very scalable solution, able to load more than 400 cluster information set, located on multiple subscriptions, and without limits of domain or physical location.
  • Advanced customization. The user experience is based on Azure Monitor workbooks. Workbooks allow users to change views, the query, set specific thresholds according to your needs and save these customizations. Furthermore, workbook charts can be added to dashboards in the Azure portal.

Activation requirements

In order to use Azure Stack HCI Insights the following steps must be completed:

  • Azure Stack HCI cluster registration with Azure. This step ensures that every server in the cluster is automatically Azure Arc-enabled. This action allows Azure Monitor to retrieve details not only of the cluster, but also of the single nodes that compose it.
  • Enabling Log Analytics, to connect the cluster to a Log Analytics workspace, in which the necessary logs for the monitor will be saved.
  • Enable monitoring, to allow Azure Monitor to begin collecting the necessary events for the monitor.

Figure 1 - Configuration of the Log Analytics Agent extension and monitoring

Environment monitor

After completing the necessary configurations, you have the possibility to view the monitor data of a single cluster directly from the Azure Stack HCI resource page or you can use Azure Monitor to obtain an aggregate view of multiple Azure Stack HCI clusters.

Figure 2 – Aggregated view of multiple Azure Stack HCI clusters

Is offered the ability to monitor the health of the cluster , the status of individual nodes and virtual machines.

Figure 3 - Overview of the status of the cluster nodes

By accessing the specific tabs it is possible to obtain further detailed information regarding virtual machines and storage (health, usage, and performance).

Information regarding the performance of the Azure Stack HCI environment is also reported. The following performance trends can be consulted through the panels integrated into the solution:

  • CPU usage
  • Average latency of storage volumes
  • IOPS of storage volumes
  • Storage volume capacity

Figure 4 - Consultation of performance trends

Costs of the solution

There are no specific costs for the use of Azure Stack HCI Insights, but the cost is calculated based on the amount of data that is entered in the Log Analytics workspace and the related retention settings.

Conclusions

Having an effective monitor system for such environments, that allows to detect and prevent anomalous conditions and performance problems is of fundamental importance. This further possibility, offered through the integration of Azure Stack HCI with the Azure Monitor service, makes the solution more and more complete and integrated. This is a further added value compared to other competitors who propose solutions in this area.

Azure Networking: how to monitor and analyze Azure Firewall logs

In network architectures in Azure where Azure Firewall is present, the firewall-as-a-service solution (FWaaS) which allows to secure the resources present in the Virtual Networks and to govern the related network flows, it becomes strategic to adopt tools to effectively monitor the relevant logs. This article explores how to best interpret logs and how you can do in-depth analysis of Azure Firewall, a component that often plays a fundamental role in network architectures in Azure.

An important aspect to check is that the diagnostic settings are correctly configured in Azure Firewall, to flow log data and metrics to an Azure Monitor Log Analytics workspace.

Figure 1 – Azure Firewall diagnostic settings

To get an overview of the diagnostic logs and metrics available for Azure Firewall, you can consult the specific Microsoft documentation.

One of the most effective ways to view and analyze Azure Firewall logs is to use Workbooks, that allow you to combine text, Log Analytics query, Azure metrics and parameters, thus conseasing interactive and easily searchable reports.

For Azure Firewall there is a specific workbook provided by Microsoft that allows you to obtain detailed information on events, know the applications and network rules activated and view the statistics on firewall activity by URL, ports and addresses.

The import of this workbook can be done via ARM template or Gallery template, following the instructions in this article.

Figure 2 – Azure Firewall Workbook Import

After completing the import process, you can consult the overview an overview of the different events and types of logs present (application, Networks, threat intel, DNS proxy), with the possibility of applying specific filters related to workspaces, time slot and firewalls.

Figure 3 – Azure Firewall Workbook overview

There is a specific section in the workbook for Application rule where are shown sources by IP address, the use of application rules, and FQDNs denied and allowed. Furthermore, you can apply search filters on application rule data.

Figure 4 – Azure Firewall Workbook – Application rule log statistics

Furthermore, in the section Network Rule you can view the information based on the actions of the rules (allow/deny), target ports and DNAT actions.

Figure 5 – Azure Firewall Workbook – Network rule log statistics

If Azure Firewall has been set to work also as DNS Proxy it is possible to view in the tab “Azure Firewall – DNS Proxy” of the Workbook also information regarding the traffic and DNS requests managed.

If it is necessary to carry out further information to obtain more information on the communications of specific resources, you can use the section Investigation going to act on the filters available.

Figure 6 – Azure Firewall Workbook – Investigation

To view and analyze activity logs, you can connect Azure Firewall logs to Azure Sentinel, the service that expands the capabilities of traditional SIEM products (Security Information and Event Management), using the potential of the cloud and artificial intelligence. In this way, through specific workbooks available in Azure Sentinel, you can expand your analytics capabilities and create specific alerts to quickly identify and manage security threats that affect this infrastructure component. To connect Azure Firewall logs to Azure Sentinel you can follow the procedure in this Microsoft's document.

Conclusions

Azure Firewall is a widely used service and is often the centerpiece of your network architecture in Azure, where all network communications transit and are controlled. It therefore becomes important to date yourself with a tool to analyze the metrics and information collected, able to provide valid support in the resolution of any problems and incidents. Thanks to the adoption of these Workbooks you can easily consult the data collected by Azure Firewall, using visually appealing reports, with advanced features that allow you to enrich the analysis experience directly from the Azure portal.

Azure Management services: What's new in June 2020

In June have been announced, by Microsoft, a considerable number of news regarding Azure management services. Our community, through these articles released monthly, want to provide an overview of the main news of the month, in order to stay up to date on these arguments and have the necessary references for further information.

The following diagram shows the different areas related to management, which are covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor

New version of the agent for Linux systems

This month was released a new version of the agent of Log Analytics for Linux systems. In addition to fixing a number of bugs, the following new features have been introduced:

  • Support for Red Hat Enterprise Linux 8 (Note: specific requirements regarding python)
  • Azure Arc support for servers
  • FIPS compliance
  • Extension package signed protected
  • Ingestion rate limiting to avoid service degradation in the event of extremely high data volume by an agent
  • Deprecating 32-bit support (1.12.15-0 is the latest release that supports 32-bit)
  • New component versions auoms and OMI

Azure Monitor for VMs on Arc Enabled servers (preview)

Azure Monitor for VM enables you to have a monitor system that can provide a global view of your systems, providing information about virtual machine performance and various dependencies. This service is available for VMs in Azure, Azure scale sets and on-premises VMs. Azure Monitor can now leverage Azure Arc to reach on-premises workloads. Although today it is possible to monitor non-Azure VMs even without Azure Arc, using this integration automatically detects and manages agents on VMs. Once integrated, Azure Arc-enabled servers will fit perfectly into existing Azure portal views along with virtual machines in Azure and Azure scale sets.

Azure Monitor for Containers for Azure Arc (preview)

Azure Monitor for Containers extended monitor support for Kubernetes clusters hosted on Azure Arc (currently in preview), offering functionality similar to the AKS service monitor (Azure Kubernetes).

Key Vault Monitor Support (preview)

Azure Monitor introduces the ability to monitor Azure Key Vault and have a unified view with performance, requests, errors and latency of this component.

Azure Load Balancer Monitor using Azure Monitor for Networks

Azure Monitor for Networks now allows you to monitor health and perform an analysis of Azure Load Balancer configuration. Inside the solution there are topological maps for all Load Balancer configurations and integrity dashboards for standard Load Balancers, suitably configured for the collection of metrics.
This new feature will extend the capabilities of Azure networking monitors. The solution therefore becomes more complete and allows for rapid troubleshooting.

Configure

Azure Automation

Updated DNS records for Azure Automation

To support new Azure Automation features, such as Azure private links, the related URLs have been updated. Instead of region-specific URLs, now the URLs are account-specific. Old Azure Automation URLs still remain functional to provide time for migration. For more information about this, please refer to this document.

Protect

Azure Backup

Update Rollup Released 1 for Microsoft Azure Backup Server (MABS) v3

For Azure Backup Server v3 has been released the’Update Rollup 3, which introduces the following major news:

  • Offline Backup using Azure Data Box (in private preview): thanks to the integration with Microsoft Azure Data Box, customers using MABS are able to face the challenge of moving tera bytes of backup data from on-premises storage to Azure. The user experience for this feature is consistent with DPM 2019 and the MARS agent.
  • Protection for Azure VMware Solution. Microsoft recently announced the Azure VMware solution (AVS) which allows customers to fully extend or migrate on-premises VMware systems to Azure. With this update, you can use MABS to protect virtual machines deployed with Azure's VMware solution.
  • Faster backups with tiered storage using SSD. MABS v3 UR1 introduces improvements to the backup process, adopting tiered storage, allows you to make faster backups until 50-70%. Using a small percentage (4% overall storage) SSD storage as a tiered volume in combination with HDD disks,you get much better performance.
  • Improved performance in backing up VMware systems. MABS helps protect VMware virtual machines. With this upgrade, all VMWare virtual machine backup jobs, within a single protection group, are now being run in parallel, leading to faster VMs backup up to 25%. Furthermore, this update also offers the ability to exclude a specific VMware VM disk from backups.
  • Support for ReFS Volume Protection. With this update, you can use MABS to protect ReFS volumes (with deduplication enabled) workloads (Windows Server, SQL Server, Exchange and SharePoint) distributed over ReFS volumes.
  • Support for an additional level of authentication in deleting online backups. MABS v3 UR1 prompts you to enter a security PIN when performing protection stop operations with data deletion.
  • Deprecated the protection agent 32 bit. With the release of UR1 for MABS v3, support for protecting workloads to 32 bit is deprecated. After you install UR1, you will not be able to protect any data source to 32 bit. If there is a protection agent to 32 bit, after installing UR1, this is disabled and any scheduled backups will fail.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 46 that solves several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB.

Migrate

Azure Migrate

Evaluate imported servers in Azure Migrate

Azure Migrate introduces the ability to assess imported servers using a CSV file, without the need to deploy an appliance. This system is useful if you want to do a quick pre-evaluation or if you are waiting to deploy the Azure Migrate appliance. You can also perform a performance-based assessment by specifying the system usage values in the CSV file.

Azure Migrate server assessment tool: support for migrating to Azure VMware Solution (Preview)

Azure Migrate has introduced support to manage migration to Azure VMware Solution (Preview), providing an additional option to plan your migration to Azure. Using Azure Migrate server assessment tool, it is possible to analyze on-premises workloads to migrate to Azure's VMware solution, assessing its suitability, planning costs, calculating scaling based on performance and considering application dependencies.

Multiple credential support for physical server discovery (preview)

Azure Migrate included the ability to specify multiple credentials for physical server discovery and assessment. Furthermore, the number of servers that can be found for each individual appliance has been increased by 250 to 1.000. The appliance for physical server can be installed on an existing server and can also be used for the discovery and assessment of virtual machines if you do not have access to the hypervisor, as well as for virtual machines in other cloud environments.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Monitor: how to enable the monitor service for virtual machine through Azure Policy

The service that allows you to monitor virtual machines has been made available in Azure Monitor, called Azure Monitor for VMs. This service allows you to analyze system performance data and makes a map that identifies all dependencies of virtual machines and their processes. The recommended way to enable this solution for different systems is through Azure Policy adoption. This article describes the steps to take to activate it using this method, taking up various concepts related to Azure governance.

Key Features of Azure Monitor for VMs

Azure Monitor for VMscan be used on Windows and Linux virtual machines, regardless of the environment in which they reside (Azure, on-premises or at other cloud providers) and includes the following areas:

  • Performance: shows summary details of performance, from the guest operating system. The solution has powerful data aggregation and filtering capabilities that enable you to meet the challenge of monitoring performance for a very large number of systems. This allows you to easily monitor the resource usage status of all VMs and easily identify those that have performance issues.
  • Maps: generates a map with the interconnections between the various components that reside on different systems. Maps show how VMs and processes interact with each other and can identify dependencies on third-party services. The solution also allows you to check for connection errors, count connections in real time, network bytes sent and received by processes and latencies encountered at the service level.

Enabling through Azure Policy

The Azure Policy allow to apply and force compliance criteria and related remediation actions on a large scale. To enable this feature automatically on virtual machines in your Azure environment and achieve a high level of compliance, it is recommended that you use Azure Policies. Using Azure Policy, you can:

  • Deploy the Log Analytics agent and Dependency agent.
  • Having a report on the status of compliance.
  • Start remediation actions for non-compliant VMs.

One requirement to check before activating is the presence of the solution VMInsights in the Azure Monitor Log Analytics workspace that will be used to store monitor data.

Figure 1 – Configuring the Analytics log workspace

Selecting the desired workspace triggers the installation of the solution VM Insights which allows you to collect performance counters and metrics for all virtual machines connected to that workspace.

To activate Azure Monitor for VMs policy just select the relevant onboarding tile on the main screen of the solution.

Figure 2 – Selecting Azure Policy as a enable method

The following blade will show the coverage status of the service and provide the ability to assign policies for its activation.

Figure 3 – Assigning the Initiative at the Management Group level

The Azure Management Groups, organize different subscriptions into logical containers, on which define, implement and verify government policies needed.

The Initiatives, which are a set of multiple Azure Policy, can be assigned at the Resource Group level, Subscription or Management Group. It is also possible to exclude certain resources from the application of policies.

In this regard, the policies for enabling Azure Monitor for VMs are grouped into a single "initiative", "Enable Azure Monitor for VMs" that includes the following policies:

  • Audit Dependency agent deployment – VM image (OS) unlisted
  • Audit Log Analytics agent deployment – VM image (OS) unlisted
  • Deploy Dependency agent for Linux VMs
  • Deploy Dependency agent for Windows VMs
  • Deploy Log Analytics agent for Linux VMs
  • Deploy Log Analytics agent for Windows VMs

This Initiative is recommended to be assigned at the Management Group level.

Figure 4 – Configuring the association

Among the parameters you are prompted to specify the Log Analytics workspace and optionally you can specify any remediation tasks.

Following the assignment, you can evaluate the State of compliance in detail and if it is necessary apply remediation actions.

Figure 5 – Verification of Initiative compliance status

Once the enable process is complete, you can analyze the system performance data and the maps created to identify all the dependencies of the virtual machines and their processes.

Figure 6 – Performance collected for systems

Figure 7 – Map with the interconnections between various systems

Figure 8 – Map showing connection details

An effective method to make these data easily accessible and to analyze them in a simple way is the use of Workbooks, interactive documents that allow you to better interpret information and do in-depth analysis. In this document of Microsoft you can consult the list of related Workbooks included in Azure Monitor for VMs and how to create your own custom.

Conclusions

This article demonstrates how you can enable the solution Azure Monitor for VMs thanks to the adoption of the Azure Policy in a simple way, fast and effective. The solution provides very useful information that typically needs to be collected on different systems in your environment. Increasing the complexity and amount of services on Azure makes it essential to adopt tools like Azure Policy, to have effective governance policies. Furthermore, with the introduction of Azure Arc it will be possible to extend these Azure management and governance practices to different environments, thus facilitating the implementation of features present in Azure on all infrastructure components.

Azure Management services: What's New in April 2020

Starting from this month, the series of articles released by our community about what's new in Azure management services is renewed. They will be articles, published on a monthly basis, dedicated exclusively to these topics to have a greater level of depth.

Management refers to the tasks and processes required to better maintain business applications and the resources that support them. Azure offers many strongly related services and tools to provide a comprehensive management experience. These services are not exclusively for Azure resources, but they can potentially also be used for on-premises environments or other public clouds.

The following diagram shows the different areas related to management, which will be covered in this series of articles, in order to stay up to date on these topics and to better deploy and maintain applications and resources.

Figure 1 – Management services in Azure overview

Monitor

Azure Monitor for containers: support for monitoring the use of GPUs on AKS GPU-enabled node pools

Azure Monitor for containers has introduced the ability to monitor the use of GPUs in Azure Kubernetes Service environments (AKS) with nodes that take advantage of GPUs. They are currently supported as NVIDIA and AMD vendors.
This monitoring functionality can be useful for:

  • Check the availability of GPUs on the nodes, the use of the GPU memory and the status of GPU requests by pods.
  • View the information collected through the built-in workbook available in the workbook gallery.
  • Generate alerts on pod status

Export of alerts and recommendations to other solutions

Azure Security introduces an interesting feature that allows you to send security information generated by your environment to other solutions. This is done through a continuous export mechanism of alerts and recommendations to Azure Event Hubs or to Azure Monitor Log Analytics workspaces. This feature opens up new integration scenarios for Azure Security Center. The functionality is called Continuos Export and is described in detail in this article.

Workflow automation functionality

Azure Security Center includes the ability to have workflows to respond to security incidents. Such processes may include notifications, the initiation of a change management process and the application of specific remediation operations. The recommendation is to automate as many procedures as possible as automation can improve safety by ensuring that the process steps are performed quickly, consistent and according to predefined requirements. The Azure Security Center has been made available the functionality workflow automation. It can be used to automatically trigger the Logic Apps trigger based on security alerts and recommendations. Furthermore, manual trigger execution is available for security alerts and for recommendations that have the quick fix option available.

Integration with Windows Admin Center

It is now possible to include Windows Server systems residing on-premises directly from the Windows Admin Center in Azure Security Center.

Azure Monitor Application Insights: monitors Java applications codeless

The Java Application Monitor is now made possible without making changes to the code, thanks to Azure Monitor Application Insights. In fact, the new Java codeless agent is available in preview. Among the libraries and frameworks supported by the new Java agent we find:

  • gRPC.
  • Netty/Webflux.
  • JMS.
  • Cassandra.
  • MongoDB.

Retiring the solution for Office 365

For the solution “Azure Monitor Office 365 management (Preview)”, which allows you to send the logs of Office 365 to Azure Monitor Log Analytics is expected to be retired on 30 July 2020. This solution has been replaced by the solution of Office 365 present in Azure Sentinel and the solution “Azure AD reporting and monitoring”. The combination of these two solutions is able to offer a better experience in configuration and in its use.

Azure Monitor for Containers: support for Azure Red Hat OpenShift

Azure Monitor for Containers now also supports in preview the monitor for Kubernetes clusters hosted on Azure Red Hat OpenShift version 4.x & OpenShift versione 4.x.

Azure Monitor Logs: limitations on concurrent queries

To ensure a consistent experience for all users in consulting the Azure Monitor Logs, will be gradually implemented new limits of concurrency. This will help protect yourself from sending too many queries simultaneously, which could potentially overload system resources and compromise responsiveness. These limits are designed to intervene and limit only extreme usage scenarios, but they should not be relevant for the typical use of the solution.

Secure

Azure Security Center

Dynamic compliance packages available

The Azure Security Center regulatory compliance dashboard now includes thedynamic compliance packages to trace further industry and regulatory standards. The dynamic compliance packages can be added at subscription or management group level from the Security Center policy page. After entering a standard or benchmark, this is displayed in the regulatory compliance dashboard with all related data. A summary report will also be available for download for all standards that have been integrated.

Identity recommendations included in Azure Security Center tier free

Security recommendations relating to identity and access have been included in the Azure Security Center tier free. This aspect allows to increase the functionality in the cloud security posture management area for free (CSPM). Before this change, these recommendations were only available in the Azure Security Center Standard tier. Here are some examples of recommendations for identity and access:

  • “Multifactor authentication should be enabled on accounts with owner permissions on your subscription.”
  • “A maximum of three owners should be designated for your subscription.”
  • “Deprecated accounts should be removed from your subscription.”

Protect

Azure Backup

Cross Region Restore (CRR) for Azure virtual machines

Thanks to the introduction of this new feature in Azure Backup, it introduces the ability to start restores at will in a secondary region, making them completely controlled by the customer. To do this, the Recovery Service vault that holds the backups must be set to geographic redundancy; in this way the backup data in the primary region are geographically replicated in the secondary region associated with Azure (paired region).

Figure 1 – New possible scenarios from Cross Region Restore (CRR)

Azure Files share snapshot management

Azure Backup introduces the ability to create Snapshots of Azure Files share, Daily, weekly, Monthly, and keep them until 10 years.

Figure 2 – Azure Files share snapshot management

Support for replacing existing disks for VMs with custom images

Azure Backup introduced support, during the recovery phases, to replace existing disks on virtual machines created with custom images.

SAP HANA backup

In Azure Backup, protection of SAP HANA DBs present in virtual machines is available in all major Azure regions. This functionality allows you to have SAP HANA database protection integrated and without having to provide a specific backup infrastructure. This solution is officially certified by SAP.

Evaluation of Azure

To test for free and evaluate the services provided by Azure you can access this page.

Azure Monitor: consultation of data through Workbooks

Azure Monitor Log Analytics can collect large amounts of data and it is essential to have effective methods to make it easy to access and analyze it in a simple way. Among the various possibilities offered are the Workbooks, interactive documents that allow you to better interpret the data and do in-depth analysis, also designed for collaboration scenarios. This article lists the key features of the Workbooks and the indications to use them at best.

The Workbooks combine text, Log Analytics query, Azure metrics and parameters, this is an interactive report. Interestingly, they can be accessed and editable by anyone who has access to the same Azure resources. This makes them a powerful collaboration tool between members of a team.

Possible usage scenarios

The Workbooks can be used in different scenarios, for example:

  • Guide tool for troubleshooting and post-mortem incidents. Not only can you highlight the impact of an application or virtual machine outage, but it will also be possible to combine data and provide written explanations. This can become a guide tool to discuss the steps needed to prevent future service outages.
  • Explore the use of a particular application or virtual machine when you don't know the metrics of interest in advance. In fact,, unlike other analysis tools, The Workbooks combine multiple types of visualizations and analysis, making them a great tool for freeform exploration.
  • Show your team the performance of a new application feature or the performance of a new virtual machine, giving visibility of key metrics of interest.
  • Sharing the results of experimentation work on an application with other team members. You have the ability to detail the objectives of text experimentation and to show the Log Analytics metrics and queries used to evaluate the items of interest.

Advantages of Workbooks

Among the main advantages of Workbooks it is possible to quote:

  • Support for metrics, logs and Azure Resource Graph data.
  • Parameter support that enables interactive reports, for example, selecting an item in a table will dynamically update the associated charts and visualizations.
  • Document-like flow.
  • Ability to have Workbooks personal or shared.
  • Experience of simple creation and always with a view to collaboration.
  • Ability to tap into a public template gallery on GitHub that contains several ready-to-use Workbooks.

Workbooks Limits

The Workbooks they also have the following limitations which should be taken into consideration:

  • There are no automatic refresh mechanisms.
  • They are not designed to have a denser layout like dashboards and to have a single centralized control panel. In fact, they are designed to gain insights through an interactive path.

Deploy and use Workbooks

The section Workbooks is accessible from the Azure portal from Azure Monitor Log Analytics that from Application Insights and a gallery is available with a series of Workbooks by default.

Figure 1 – Workbooks Gallery from Azure Portal

In this GitHub repository you can view numerous templates of Workbooks. You can of course contribute by adding new ones or by processing existing ones.

The Workbooks can be composed of different sections that show graphs, Tables, text and input controls, all independently editable.

Figure 2 – Adding section to a Workbook

In order to create Workbooks according to your needs it is useful to know which elements are supported, in this regard, references to the official Microsoft documentation are provided:

Figure 3 - Example of Workbook showing the key metrics of the VMs

Figure 4 - Example of Workbook showing the highest CPU usage of VMs by region

To deploy new Workbooks through ARM templates you can refer to Microsoft's official documentation.

Conclusions

Thanks to the adoption of Workbooks it is possible to consult the data collected using visually appealing reports, with advanced features that allow you to greatly enrich the analysis experience from the Azure portal. Interactivity based on user inputs, personalization and sharing are important elements that make very useful to adopt Workbooks in specific scenarios.

Azure management services and System Center: What's New in December 2019

In December have been announced, by Microsoft, a significant number of news regarding Azure management services and System Center. Our community releases this monthly summary that gives you a comprehensive overview of the main news of the month, in order to stay up to date on these news and have the necessary references to conduct further study.

Azure Monitor

Improvements in Azure Monitor for containers

The new Azure Monitor agent for containers, introduces several improvements in resource utilization and data volume optimization, thus helping to reduce costs. This update also changes some tables where data is consolidated and you may need some changes to existing queries if they use these fields: Name and Image in the table ContainerLog.

New features in Azure Monitor Metrics Explorer

For Azure Monitor, the Metrics Explorer component has seen the release of the following new features:

  • More flexibility in chart generation.
  • The resource selector supports the ability to choose multiple resources in scoping.
  • More granular charts such as number of data points.
  • Improved Chart Legends.

For more details you can refer this article.

Azure Backup

Azure Backup: resource group management for virtual machines

Azure Backup introduces the ability to customize the name of the resource group created by the service, acting on the backup policy for protecting virtual machines. Azure Backup creates a specific resource group where restore point collections are placed, hosting the instant recovery points of the managed VMs. Of dafault the naming of this resource group is as follows: AzureBackupRG_Geo_n, but now you get the ability to customize it.

Support for encrypted VMs larger than 4TB

The ability to back up and restore encrypted virtual machines larger than 4 TB has been extended to all Azure regions. In this way, the experience and capabilities provided by Azure Backup to protect these machines is the same, regardless of size.

Microsoft Endpoint Manager

New Update for Microsoft Endpoint Configuration Manager (current branch)

Configuration Manager has officially released the update 1910 that formalizes that Configuration Manager is now part ofMicrosoft Endpoint Manager. The new version also introduces several changes aimed at enriching and improving different features of the solution.

To verify the details about what's new in this update you can see this document.

New release for the Technical Preview Branch

For Configuration Manager was released in the Technical Preview Branch the update 1912 and one of the main innovations allows a device to upload its client logs to the site server. All this is possible by sending a client notification action from the Configuration Manager console.

To check the details of what's included in these updates, you can see this document.

Please note that Releases in the Technical Preview Branch allow you to preview new Configuration Manager features, and it is recommended that you apply these updates only in test environments.

Evaluation of Azure and System Center

To test for free and evaluate the services provided by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure Monitor: the news about network monitoring in Azure

Monitor Azure is a cloud-based solution that can collect different types of telemetry data, analyze them and take certain actions. Among the various features provides the ability to monitor the health of the networking, connectivity to applications and is able to provide detailed information on network performance. All this not only for cloud environments, but even in the presence of hybrid architectures. This article shows important changes that were recently announced by Microsoft to make the solution even more comprehensive.

Before focusing on the new features that have been introduced it is good to specify that Azure Monitor includes different specific solutions to monitor the Azure networking, including Network Performance Monitor (NPM), The suite includes the following features:

In addition to the tools included in the Network Performance Monitor (NPM) you can use Traffic Analytics, allowing you to have an overall visibility on network activities that are undertaken in the cloud environment. How this solution works is based on the principle that in Azure, to allow or deny network communication to Azure Virtual Networks-connected resources (vNet), it uses the Network Security Group (NSG), containing a list of access rules. The NSGs are applied to network interfaces connected to the virtual machines, or directly to the subnet (recommended). The platform uses NSG flow logs to maintain the visibility of inbound and outbound network traffic from the Network Security Group. Traffic Analytics is based on the analysis ofNSG flow logs and after an appropriate aggregation of data, inserting the necessary intelligence concerning security, topology and geographic map, can provide detailed information about the network traffic of your Azure cloud environment. The news that interests Traffic Analytics is that you can now process this data more frequently, at time intervals each time 10 minutes, against the 60 minutes previously possible.

Figure 1 – Traffic Analytics Processing Frequency

Azure Monitor for Networks

For greater visibility into network activities in the cloud Microsoft released Azure Monitor for Networks that introduces a useful visual view on the health of all network resources in your environment, enriched by their metrics. Everything is available without the need to make any specific configuration.

Figure 2 – Overview of Azure Monitor for Networks

In the top pane, you can set up search parameters to quickly identify the resources of interest, while on the right there is a panel showing any critical alerts.

Selecting individual components gives you more detail.

Figure 3 – VPN connection status details

In particular, currently only for Application Gateways, a very useful view of the Dependency, which helps you pinpoint component configuration and track error conditions more quickly. This representation shows the relationships between the front-end IPs, the listeners, the rules and the backend pool of Application Gateway. Colors make it easy to identify problematic health states on resources.

The view also lists key metrics for Application Gateways.

Figure 4 – List of Application Gateways

Figure 5 - Dependency view of a specific Application Gateway

The graph also allows easy access to the various component configurations. In order to identify connectivity issues and start troubleshooting operations, you have the option, right-clicking on the single virtual machine, of access directly to VM Insight and to Connection troubleshoot.

Figure 6 – Access resources to do machine troubleshooting

Conclusions

The new solution Network Insights present in Azure Monitor allows you to have a comprehensive view of network resources in a simple and intuitive way. The solution is particularly useful in the presence of complex environments and the console of Dependency view is a help also to document the implementations of the Application Gateway. It is currently a feature in preview and as such will surely be enriched in the short term with further news, allowing you to have a more complete and intuitive monitor of the network architecture in Azure.

Azure management services and System Center: What's New in March 2019

In March there have been several news announced by Microsoft on the Azure management services and System Center. In this summary, that we report on a monthly basis, there are listed all the main news, accompanied by the necessary references to be able to conduct further studies.

Azure Monitor

Availability in Central Canada and UK South

The new service that allows you to monitor the virtual machines, called Azure Monitor for VMsis also available in Central Canada and UK South.

Azure Log Analytics

Availability in new regions

Azure Log Analytics is now available in the regions of Azure China, Australia East and Central Australia. It is also available in Public Preview in the following regions: France Central, Korea Central and North Europe.

Azure Site Recovery

Support for storage accounts protected with firewall rules

In Azure Site Recovery was introduced support for storage accounts that are configured with firewall rules for the Virtual Networks, in replication scenarios from VMware or physical systems to Azure.

Support for managed disks in replication scenarios with VMWare and physical systems

Azure Site Recovery now supports disaster recovery of VMware virtual machines and physical systems, replicating directly towards the managed disks. This avoids creating and managing different storage accounts target for the replica of these systems. The on-premises data are sended to a cache storage account in the target region and written in managed disk by Site Recovery.

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 35 which it addresses several issues and introduces some improvements. The details and the procedure to follow for the installation can be found in the specific KB 4494485.

Azure Backup

In Azure Backup was officially released the functionality to back up the SQL Server installed in Azure IaaS virtual machines.

Figure 1 – Azure Backup Features for SQL Server in Azure VMs

Among the benefits of this solution there are:

  • Recovery Point Objective (RPO) of 15 minutes
  • Point-in-time restores: to make easy and rapid the recovery operations of the DBs.
  • Long-term retention: ability to keep backups for years.
  • Protection of encrypted databases: chance to make the backup of encrypted SQL databases and safely keep via an encryption at rest integrated into the solution. All backup and restore operations are managed by role-based access control mechanism.
  • Auto-protection: is handled automatically the detection and the protection of new databases.
  • Management and monitoring: allows to carry out a centralized management and monitoring the protection status of the systems.
  • Cost savings: are not required infrastructure costs and allows to easily scale to meet your needs.

System Center

Released System Center 2019

The main novelty regarding System Center is the release in general availability of the major release of System Center 2019. This is the release belonging to the long term servicing channel (LTSC) that will be supported for 10 years and that introduces full support for Windows Server 2019.

Starting from this release, Microsoft has decided to change the System Center product release policies. There will be no more releases in the Semi-Annual Channel (SAC) and new features, before the next release Long-Term Servicing Channel (LTSC), can be obtained via Update Rollup.

System Center 2019 supports upgrade from the two recent Semi-Annual Channel releases (SAC), System Center 1801 and System Center 1807 as well as System Center 2016.

Customers who have a valid license of System Center 2019 can download it from the Volume Licensing Service Center (VLSC).

Among the main features of System Center 2019 we find:

Virtual Machine Manager

  • Integration in VMM with Azure Update Management simplifies patching of virtual machines
  • Dynamic Storage Optimization in VMM enables higher availability of workloads
  • VMM now provides health and operational status of storage disks in Hyper Converged as well as disaggregated deployment
  • New RBAC role in VMM ensures that IT admins can be provided access commensurate with their role and no more
  • Support for latest versions of VMware in VMM (to enable migration to Hyper-V)

Operations Manager

  • SCOM supports integration with Azure services – Dependency Map (Service Map) provides comprehensive visibility of dependencies across servers along with health.
  • Azure Management Pack integrates alerts and performance metrics for Azure resources in SCOM
  • Along with modernized and extensible SCOM web console, subscriptions and notifications are now modernized with support for HTML based email
  • Maintenance schedules in SCOM with SQL server AlwaysOn
  • Update and recommendations for Linux workloads enables discovery of up-to-date MPs for Linux environments
  • Linux monitoring is now resilient to SCOM management server failover
  • All Windows Server Management Packs now support Windows Server 2019

Data Protection Manager

  • Faster backups with DPM with a 75% increase in speed and a monitoring experience for key backup parameters via Log Analytics.
  • DPM further supports backup of VMWare VMs including to tape

More news

  • Orchestrator supports PowerShellv4 +
  • Service Manager has an enhanced AD connector
  • Support for service logon across the System Center suite aligning with security best practices

More information about it can be consulted in the article System Center 2019 is now in general availability.

System Center Configuration Manager

Released version 1902 for the Current Branch

There are many new features in this release designed to enrich and improve different features of the solution. To get the complete list of new features introduced with this build, you can consult this official document. The transition to version 1902 can be done by following the installation checklist, at the end of which it is appropriate to continue with the Checklist post-update.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • System Center Management Pack for Message Queuing version 7.1.10242.0
  • System Center Management Pack for Microsoft Azure Stack version 1.0.3.11
  • System Center Management Pack for SharePoint Server 2019 version 16.0.11426.3000

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.

Azure management services and System Center: What's New in February 2019

The month of February was full of news and there are different updates that affected the Azure management services and System Center. This article summarizes to have a comprehensive overview of the main news of the month, in order to stay up to date on these topics and have the necessary references to conduct further exploration.

Azure Monitor

Multi-resource support for metric alerts

With this new feature, you can configure a single metric alert rule to monitor:

  • A list of virtual machines in an Azure region.
  • All virtual machines in one or more resource groups in an Azure region.
  • All virtual machines of a subscription, present in a given Azure region.

Azure Automation

The runbook Update Azure Modules is open source

Azure Automation allows you to update the Azure PowerShell modules imported into an automation account with the latest versions available in the PowerShell Gallery. This possibility is provided through the actionUpdate Azure Moduleson the page Modules of the Automation Account, and is implemented through a hidden runbook. In order to improve diagnostics and troubleshooting activity and provide the ability to customize the module, this has been made open source.

Support for the Azure PowerShell module Az

Azure Automation introduces support for the PowerShell module Az, thanks to which you can use the updated Azure modules within runbooks, to manage the various Azure services.

Azure Log Analytics

New version of the agent for Linux

This month the new OMS Agent version for Linux systems solves a specific bug during installation. To obtain the updated OMS agent version you can access at the GitHub official page.

Availability in new region of Azure

It is possible to activate a Log Analytics workspace also in the Azure regions of West US 2, Australia East and Central Australia. In this way the data is kept and processed in this regions.

Azure Site Recovery

New Update Rollup

For Azure Site Recovery was released theUpdate Rollup 33 introducing new versions of the following components:

  • Microsoft Azure Site Recovery Unified Setup (version 9.22.5109.1): used for replication scenarios from VMware to Azure.
  • Microsoft Azure Site Recovery Provider (version 5.1.3900.0): used for replication scenarios from Hyper-V to Azure or to a secondary site.
  • Microsoft Azure Recovery Services Agent (version 2.0.9155.0): used for replication scenarios from Hyper-V to Azure.

The installation of this update rollup is possible on all systems running Microsoft Azure Site Recovery Service providers, by including:

  • Microsoft Azure Site Recovery Provider for System Center Virtual Machine Manager (3.3.x. x).
  • Microsoft Azure Site Recovery Hyper-V Provider (4.6.x. x).
  • Microsoft Azure Site Recovery Provider (5.1.3500.0) and later.

The Update Rollup 33 for Microsoft Azure Site Recovery Unified Setup applies to all systems that have installed the version 9.17.4860.1 or later.

For more information on the issues resolved, on improvements from this Update Rollup and to get the procedure for its installation is possible to consult thespecific KB 4489582.

Protection of Storage Space Direct cluster

In Azure Site Recovery (ASR) is introduced, with the Update Rollup 33, also the support for the protection of Storage Space Direct cluster, used to realize Guest Cluster in Azure environment.

Azure Backup

In Azure Backup has been released the feature of Instant Restorefor the virtual machines in Azure, that allows using the stored snapshots for the VMs recovery. Also it is given the option to configure the time of retention for the snapshots in the backup policy (from one to five days, the default is two days). This increases control over the protection of the resources, adapting it to specific requirements and depending on the criticality of the same.

Figure 1 – Retention period of the snapshot

System Center Configuration Manager

Released versions 1902 and 1902.2 for the Technical Preview Branch

Among the main new features of this release is included the ability to manage more effectively the restart notifications on systems managed by Configuration Manager.

For full details of what's new in this release you can consult this document. Please note that the Technical Preview Branch releases help you to evaluate new features of SCCM and it is recommended to apply these updates only in test environments.

System Center Operations Manager

Management Packs

Following, are reported the news about the SCOM Management Packs:

  • Microsoft System Center 2016 Management Pack for Microsoft Azure version 1.6.0.7
  • Microsoft System Center Management Pack for SQL Server 2017+ Reporting Services version 7.0.12.0
  • Log Analytics Management Pack forSCOM 1801 version7.3.13288.0 and SCOM 2016 version7.2.12074.0
  • System Center Management Pack for Windows DNS Server version 10.0.9.3

Evaluation of Azure and System Center

To test and evaluate free of charge the services offered by Azure you can access this page, while to try the various System Center components you must access theEvaluation Center and, after registering, you can start the trial period.