Within Azure there is a tool called Operations Management Suite (OMS) which is a monitoring solution that was developed within the cloud. It offers rich, real time insights into your workloads, potential security threats, to name a few of it's features and it's available for native cloud solutions, on premise workloads and can monitor other cloud environments beside Azure. I'm a huge fan of this product as it's easy to configure and offers a massive amount of rich data that can be used to understand what is going on within your environment. I've utilised it in small environments and large environments. The other bonus about this product is there is a free tier available as well as the paid edition. Admittedly the free tier has some limitations such as only storing data for 7 days and only allowing you to collect 500MB of data a day. You can start on the free tier and get used to the product and later switch to the premium tier without any hassle or lose of data.
In order to collect data from your Windows or Linux servers you need to install at latest one agent. There are two available and I would always recommend installing both where possible as you get the best out of the product by using both.
Operations Management Suite Agent
The OMS Agent helps to collect real time rich data from your servers. This can be installed on both Windows and Linux machines. You can find out which operating systems are currently supported at https://docs.microsoft.com/en-gb/azure/log-analytics/log-analytics-concept-hybrid#windows-operating-system
Operations Management Suite Dependency Agent
The OMS Dependency Agent is the second component that can be installed on your server to collect data. The dependency agent looks at your server for applications that are installed, data going in and out, ports being used etc. This can be helped to understand what is being accessed and by who. Again this agent is both available for Windows and Linux servers.
If you have ever worked with System Center Operations Manager (SCOM) you will be familiar with the term, Management Packs. These management packs were used to help visualise and analyse data that you collected into something meaningful that you could alert against. In the OMS world we have Management Solutions, and they are the equivalent to Management Packs. Within OMS you have management solutions that can help you understand security and compliance within your environment, understand changes that have happened within your environment, amongst other things.
Connect with SCOM
If you have a mix of environments within the cloud and on premise and have SCOM in place you can connect SCOM and OMS together to help understand your data. You can find good documentation on how to do that here - https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-om-agents
Create your OMS workspace
It is a fairly straight forward process to spin up your first OMS workspace. Below are the steps needed:
- Log into the Azure Portal - https://portal.azure.com
- Click on "Create a Resource" in the left hand corner
- Search the marketplace for "Log Analytics"
- Click Create
- Enter a name for your OMS workspace, remember to follow your organisation's naming convention!
- Select the subscription you wish the work space to be held in
- Either create or use an existing resource group, whichever is most appropriate within your environment
- Select a location for your OMS workspace to be deployed. At present their are eight regions where you can deploy OMS, please pick the one that complies with your organisation's policies
- I would recommend selecting the Free Tier to start with, as I mentioned above it does have it's limitations however running on the free tier for a short period while you configure the product and get familiar with it allows best use of your Azure budget/resources. You can always move up to the paid tier once you understand your needs.
- Click OK and your OMS workspace will start to deploy
Now that you have your OMS workspace you can start to deploy management solutions and monitor your environment! Let me know via Twitter how you are using OMS to monitor your environment, @TechieLass