Az 104 session 8 azure monitoring

https://azureezy.com
© 2020 AzureEzy and AzureTalk. All rights reserved!
Session 8
AZ-104: Microsoft Azure
Administrator
1

AzureTalk Core Team
2

Today’s Session Speaker
Niraj Kumar
AzureTalk Founder
Enterprise Architect, MCT
3
Ashish Raj
AzureTalk Core Team
DevOps Architect, MCT
Vipin Jha
AzureTalk Core Team
Consultant, MCT

AZ-104 Skills Measured
• Manage Azure identities and governance (15-20%)
• Deploy and manage Azure compute resources (25-30%)
• Implement and manage storage (10-15%)
• Configure and manage virtual networking (30-35%)
• Monitor and back up Azure resources (10-15%)
4

AZ-104 Prerequisites
5
Understanding of
• Operating systems
• Virtualization
• Network configuration
• Active Directory
• Resilience and disaster recovery

Agenda
6
• Azure Monitor
• Azure Alerts
• Log Analytics
• Network Watcher

Azure Monitor

Azure Monitor
8
Monitoring options available in Azure
• Azure Security Center
• Azure Application Insights
• Azure Sentinel
• Azure Monitor

Azure Security Center
9
• Identify and address risks and threats
• Security of infrastructure from a centralized location
• On-premises or in cloud
• Monitor security of workloads
• Collects security-related data from VM and other resources
• Monitor health of resources and implement
recommendations
• Ease configuration of your security

10
Analyses different components of environment
• Data security
• Network security
• Identity and access
• Application security
• Recommends how to address issues and risks that it has
uncovered

11
Advanced Cloud Defense
• Adaptive application controls
• Just in time(JIT) VM access
• Adaptive network hardening
• File Integrity Monitoring

12
• Respond to threats faster & automated
• Create a playbook by configuring a logic app
• Playbooks are automated procedures run against
alerts

Azure Application Insights
13
• Monitor, manage performance of applications
• Gathers information related to performance, errors
& exceptions in applications
• Diagnose cause of problems that affect application
• Monitor release pipelines for application
• Improve your development lifecycle

Azure Application Insights
14
How It works
• Set up an Application Insights resource in Azure
portal
• Install an instrumentation package in application
• Package will monitor application and send log data
to Log Analytics workspace

Azure Sentinel
15
• Security information event management (SIEM)
• Security orchestration automated response
(SOAR) solution
• Collect data across users, devices, applications,
• On-premises , multiple clouds
• Detect & Investigate threats with artificial
intelligence
• Respond to incidents rapidly

Azure Monitor
16
• Service for collecting, combining, and analyzing data from different
sources
• Detect and diagnose issues across applications and dependencies with
Application Insights
• Correlate infrastructure issues with Azure Monitor for VMs and Azure
Monitor for Containers
• Drill into monitoring data with Log Analytics for Deep diagnostics
• Support alerts and automated actions
• Create visualizations with Azure dashboards and workbooks

Azure Monitor
17
Collects data from a range of components
• Application data
• Operating system data
• Azure resource data
• Azure subscription data
• Azure tenant data

Azure Monitor
18
Reference : Microsoft Docs

Monitor Health Of VM
19
Default Basic Metrics for Azure VMs
• CPU usage
• Network traffic
• OS disk usage
• Boot success

Monitor Health Of VM
20
• To get a Full set of metrics install two tools on VM
• Azure Diagnostics extension
• Log Analytics agent
• Both tools are available for Windows and Linux
• Tools need storage account to save data that they collect

Question 1
In Azure Security Center Which tool allows to automate
responses to alerts?
a) Playbooks
b) Adaptive controls
c) FIM
d) Advanced cloud defense
21
https://q.azureezy.com/1

Question 1
In Azure Security Center Which tool allows to automate
responses to alerts?
a) Playbooks
b) Adaptive controls
c) FIM
d) Advanced cloud defense
22

Azure Alerts

Azure Alerts
24
• Proactively notify when conditions found in
monitoring data
• Identify and address issues before users of system
notice them

Key Attributes Of Alert Rule
25
• Target Resource
• VM, Storage account, Scale Set
• Signal
• Metric, Activity Log, Application Insights
• Criteria (Percentage CPU > 70%)
• Alert Name
• Alert Description
• Severity
• 0 Critical, 1 Error, 2 Warning, 3 Informational, 4 Verbose
• Action

Action Group
26
• Collection of notification preferences defined
• Azure Monitor and Service Health alerts use action
groups to notify users that an alert has been
triggered
• Various alerts may use the same action group or
different action groups depending on the user's
requirements.
• Configure up to 2,000 action groups in a
subscription

Available Actions
27
• Send an email or SMS message
• Create an Azure app push notification
• Make a voice call to a number
• Call an Azure function or Trigger a logic app
• Send a notification to a webhook
• Create an ITSM ticket
• Use a runbook (to restart a VM, or scale a VM up or down)

Question 2
Action group in Azure Alert is a collection of notification
preferences.
a) True
b) False
28

Question 2
Action group in Azure Alert is a collection of notification
preferences.
a) True
b) False
29

Log Analytics

Log Analytics
31
• Collects telemetry from Windows and Linux VM
• From any cloud, on-premises machines, and those monitored
by SCOM
• Sends collected data to Log Analytics workspace in Azure
Monitor
• Supports insights and other services in Azure Monitor
• Azure Monitor for VMs,
• Azure Security Center
• Azure Automation
• No cost for Log Analytics agent, charges for data ingested

Log Analytics Data collected
32
• Windows Event logs
• Syslog Linux event logging system
• Performance Numerical values measuring
performance of different aspects of OS and
workloads
• IIS logs
• Custom logs Events from text files on both
Windows and Linux computers

Log Analytics Agent Installation
33
• Azure VM
• Azure Monitor can enable agents at scale
• Azure Security Center can provision the Log Analytics Agent
• VM extension for Windows or Linux
• Azure portal
• Windows VM on-premises or in another cloud
• Manually from command line
• Azure Automation DSC
• Resource Manager template with Azure Stack
• Linux virtual machine on-premises or in another cloud
• Manually wrapper-script hosted on GitHub
• SCOM

Network Watcher
34

Network Watcher
35
• Central place to diagnose health of Azure Networks
• Two categories:
• Monitoring Tools
• Diagnostic Tools

Network Watcher Monitoring Tools
36
Monitoring Tools:
• Topology
• Connection Monitor
• Network Performance Monitor

Network Watcher Topology
37
Reference : Microsoft Docs

Network Watcher Diagnostic Tools
38
• IP Flow Verify
• Next Hop
• Effective Security Rules
• Packet Capture
• Connection Troubleshoot
• VPN Troubleshoot

IP Flow Verify
39
• Checks if a packet is allowed or denied to or from
a VM
• Based on 5-tuple information
• Specify
• Local and Remote port,
• Protocol (TCP or UDP),
• Local IP, Remote IP,
• VM, and VM’s NIC
• NSG name of rule that denied packet is returned

Next Hop
40
• Provides next hop from target VM to destination IP
address
• How a packet gets from a VM to any destination
• Specify source VM /network adapter/IP address, and
destination IP address
• Tool determines packet's destination
• Diagnose problems caused by incorrect routing
tables

Effective Security Rules
41
• Displays all effective NSG rules applied to a network
interface
• Choose a VM and its network adapter
• Tool displays all NSG rules that apply to that adapter
• Also spot vulnerabilities for VM caused by unnecessary
open ports

Packet Capture
42
• Record all of packets sent to and from a VM
• VM extension through Network Watcher and automatically
with packet capture session
• Limit is 100 packet capture sessions per region
• Overall limit is 10,000
• Limits are for the number of sessions only, not saved
captures
• Save packets captured in Azure Storage or locally on
computer

Connection Troubleshoot
43
• Check TCP connection from a VM to a VM, FQDN, URI, or IPv4 address
• Connection successful information:
• Latency in milliseconds
• Number of probe packets sent
• Number of hops in the complete route to destination
• Connection unsuccessful shows Fault Details:
• Failed because of high CPU utilization
• Failed because of high memory utilization
• GuestFirewall blocked by a firewall outside Azure
• DNSResolution destination IP address couldn't be resolved
• NetworkSecurityRule blocked by an NSG
• UserDefinedRoute incorrect user route in a routing table

VPN Troubleshoot
44
• Diagnoses health of virtual network gateway or
connection
• Multiple gateways or connections can be
troubleshooted simultaneously

Question 3
To check latency issues on the network, which Azure
Network Watcher tool we can use?
a) Connection Troubleshoot
b) IP Flow Verify
c) Next Hop
d) Security Group View
45

Question 3
To check latency issues on the network, which Azure
Network Watcher tool we can use?
a) Connection Troubleshoot
b) IP Flow Verify
c) Next Hop
d) Security Group View
46

Break
47

Demo
1. Create and configure an Azure Log Analytics workspace
and Azure Automation-based solutions
2. Review default monitoring settings of Azure VM
3. Configure Azure VM diagnostic settings
4. Review Azure Monitor functionality
5. Review Azure Log Analytics functionality

50
https://bharatguru.in
Thanks!https://azureezy.com/az-104
https://t.me/AzureTalk
https://youtube.com/c/AzureTalk
https://www.linkedin.com/in/nirajkum/
https://www.linkedin.com/in/vipinkumarjha/
https://www.linkedin.com/in/ashishrajsrivastava
https://azuredevopspro.com
https://youtube.com/c/AshishRajSrivastava
@AshishRajS

Az 104 session 8 azure monitoring

More Related Content

What's hot (20)

Similar to Az 104 session 8 azure monitoring (20)

More from AzureEzy1 (6)

Recently uploaded (20)

Az 104 session 8 azure monitoring