I recently migrated my WordPress blog away from the Amazon Web Services (AWS) platform to Azure. There were a few reasons for this decision, one being flexibility within the hosting platform, and the second being making use of my Azure knowledge. I'm hoping to write more blog posts around the migration and costing of this move within the next few months so please look out for them in the future. Today I want to cover off monitoring with the Operation Management Suite that is available within Azure.
What is Operations Management Suite?
Operations Management Suite (OMS) is a monitoring solution that was developed by Microsoft with the cloud in mind. It can monitor both cloud and on premise environments with the use of agents. And it doesn't just monitor the Azure environment, it can help you manage multiple cloud environments. Some of the things that it can help you monitor are:
- Active Directory configuration
- Active Directory replication
- Anti-malware installation
- Azure Automation
- Security and auditing
- SQL configuration and performance
- The status of Windows Updates
- Office 365 tenant information
There is a free tier and a paid tier available within Azure. The free tier does have some limitations but for small personal environments it's ideal and the one I have chosen to implement.
Within Azure I have deployed a Ubuntu Virtual Machine (VM) that hosts my WordPress installation. I've followed best practices with my installation both at the infrastructure level and the software level, however I wanted to implement some monitoring for visibility of certain things. In order to monitor any Windows or Linux server within OMS you need to install two agents, the Operations Management Suite Agent and the Dependency Agent.
Operations Management Suite Agent
The OMS Agent helps to collect real time rich data from your servers. This can be installed on both Windows and Linux machines. You can find out which operating systems are currently supported at https://docs.microsoft.com/en-gb/azure/log-analytics/log-analytics-concept-hybrid#windows-operating-system
Operations Management Suite Dependency Agent
The OMS Dependency Agent is the second component that can be installed on your server to collect data. The dependency agent looks at your server for applications that are installed, data going in and out, ports being used etc. This can be helped to understand what is being accessed and by who. Again this agent is both available for Windows and Linux servers.
In a previous blog post I took you through the basics of creating an OMS workspace within your Azure subscription, if you haven't completed this step yet please refer to that article - Creating a Operations Management Suite Workspace in Azure Once you have your OMS workspace provisioned in order to install the relevant agents on your Ubuntu box you should follow these steps:
- Ensure that the Linux Audit Daemon framework is installed your system, if not you can use the following command to install it:
sudo apt-get install auditd audispd-plugins
Now that is installed the next thing you need to do is gather your Workspace ID and Primary Key. These are located within your OMS console under Settings and Connected Sources
Now that you have the relevant information from OMS, you can start the installation of the OMS agent. To do this you issue the following command:
sudo wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sudo sh onboard_agent.sh -w <WORKSPACE_ID> -s <PRIMARY_KEY>
You should replace the workspace ID and primary key with your information.
- Once the installation has completed you should see under Settings and Linux Servers that you have 1 Linux Computer Connected
- To install the OMS Dependency Agent you should issue the following commands:
wget https://aka.ms/dependencyagentlinux sudo sh dependencyagentlinux
- For the Dependency Agent install to complete successfully you should restart your server when you can
To make the most of the agent and dependency agent that you have now installed on your server you should enable three key management packs within your OMS workspace. Those are Security and Audit, Service Map and Wire Data.
Security and Audit
The Security and Audit management pack monitors for any potential vulnerabilities and threats within your environment. Using this data you can respond appropriate and quickly. From my Security and Audit dashboard you can see that there was a potential attack from a Botnet to my VM. Having this information allows me to act on any potential attack vectors and look to close them down.
The Service Map management pack helps to show you what processes are running on your server in real time, what other servers or services it is accessing, what other servers or services is accessing, what ports are being used for spending and receiving traffic, versions of software installed, etc. It is a very powerful tool. Within my single server environment the information is limited but if you were to use this within your enterprise environment you'd receive a rich insight into your environment and how it connects together. Below is a picture of what my service map looks like:
The Wire Data management pack allows you to see network traffic within your environment. Again within my standalone server environment the data isn't very detailed but it gives me a small insight into what traffic is flow on which protocols and how much traffic is being transferred.
Operations Management Suite is a powerful tool within Azure and given there is a free tier available it's worth exploring, even if like me you are running a standalone server within Azure. What I'm doing with the tool is only the tip of the iceberg! Get in touch with me at Twitter on @TechieLass and let me know how you are using OMS!!