#Azure monitoring state of the union

One of the questions I often get from my customers when I talk hybrid cloud monitoring is: how can I monitor Azure? Which is the Microsoft story? Which solutions can I use? Is Operations Management Suite (“OMS”) enough? Should I still use System Center Operations Manager (SCOM)? How does Azure Monitor fit in the picture?

Unfortunately we’re crossing a chasm, things are changing rapidly and Microsoft is re-shaping its strategy and products. As of today the story is weak and sparse, but this doesn’t mean you cannot properly monitor workloads running on Azure.

The fact is the current monitoring and alerting story for workloads running on Azure cannot be addressed by a single solution. In terms of generic monitoring for Azure borne resources, Azure Monitor is the starting point, it is basically a free service (or a very low cost one see https://azure.microsoft.com/en-us/pricing/details/monitor/) with billing based on notifications. The idea is all the azure resources in the end will be monitored by this service that will be the “alerting” engine for the platform. Alas we’re not quite there and for IaaS it will never be enough, since it doesn’t know anything about the workloads that are running inside your VMs.


The second solution we can leverage is OMS (ok this is a marketing name) and if we limit the scope to “monitoring and alerting” we must consider Log Analytics. As the name implies it is a machine data ingestion platform where you can find integrations (called “solutions”) for some workloads (SQL, AD, Apache, …). We use a lot Log Analytics with both Microsoft provided and custom solutions, it is really a great machine data ingestion platform, but in my opinion it is currently better targeted at “analysis” (trend, forensic, post mortem, …) than to real time alerting. In reality there’s no “out of the box” monitoring or alerting in Log Analytics. Typically the “solutions” don’t have any alert rule defined per-se, you must define yours and integrate them in Azure Monitor. More over while the linux agent is easy to extend, the Windows agent cannot be extended with custom data sources unless used within a SCOM infrastructure. Licensing is another pain point, Log Analytics is licensed in several ways and only after a proper assessment of the customer needs you can identify the model that best fits. As a brief summary here are the possibilities we have today:


We’re not done yet, if you have control on the source code of your applications, you can leverage Application Insights ($15/month/node https://azure.microsoft.com/en-us/pricing/details/application-insights/) to instrument your applications and integrate the alerting and monitoring with Azure Monitor on one side and your developers to the other.


Typically you’ll need to monitor and alert on security as well, in this case you must add to the picture Azure Security Center, it leverages Log Analytics and integrates with it, it costs 15$/month/node for a complete security monitoring experience. (see https://azure.microsoft.com/en-us/pricing/details/security-center/)


Lastly we have System Center Operations Manager that is still the best in class in terms of monitoring and alerting for specific workloads both in breadth and in depth. It can monitor Azure IaaS and integrates with OMS using some community solutions, it even has some basic Azure monitoring capabilities at large (far from perfect I must say). It can be licensed with the OMS licensing or as a component of System Center (https://www.microsoft.com/en-us/cloud-platform/system-center-pricing). In the latter case every standard license with software assurance covers 2 VMs on Azure and the datacenter edition covers 8 VMs on Azure (see https://azure.microsoft.com/en-us/pricing/licensing-faq/ this has changed a couple of times so you better check with your license reseller).


Please consider all the prices I reported are standard pay as you go prices, so you may benefit of considerable discounts, again you need to check with your license reseller.

In the end we are always having a mixed approach based on the customer needs where we integrate Azure Monitor, OMS, Security Center and System Center to address all the monitoring and alerting requirements. The experience is a little sparse, but until the cloud based solutions (Log Analytics and Azure Monitor in primis) evolve (extensibility, more data sources for Azure Monitor alerting, “alert rules pack”, …) this is what we must live with.

Hope this helps




, , , ,

  1. #1 by Brett on February 27, 2018 - 2:28 am

    In my opinion, the options for multi-tenant monitoring are severely limited. We’re a MSP and we manage multiple customers in OMS. We are running into HUGE issues with the OMS platform that are BUILT in. For instance, OMS has a huge delay in alerting, it makes alerting on basic things such as “heartbeat” unreliable. We’re running into issues with scaling, as if we have 50 servers and we need to create alerts for each individual metric – let’s say 10, we either have to make a generic search based alert that alerts against all computers, or run into scaling issues we can overcome only by using the REST api to create alerts, by not being able to easily set threseholds on alerts per device, we are really limited. We also can’t customize the alerting, which really puts us in an ugly place.

    Have you dealt with any of these scaling issues and can you offer any advise?


    • #2 by Daniele Grandini on February 28, 2018 - 12:11 pm

      Hi Brett, Log analytics is not a viable alerting solution as you found out. We’re are managed services provider as well and as I tried to describe in the article we use SCOM as our central console and leverage LA alerts when needed. We have a separate workspace for every client and we use a MP we developed and made available for the community to integrate those workspaces in SCOM. We’re looking with much interest at the evolution of Azure Monitor that can integrate LA as a data source here you can find answers to alert timings for example, but we’re not quite there, not yet at least. Sorry I don’t have a final solution for you, what I can do is just share our experience.

  2. #3 by jaspervd86 on February 8, 2018 - 11:57 am

    Hey Danieli,

    Nice post! What confuses me regarding the pricing per node is what a node actually entails? What about PAAS and SAAS solutions in Azure, how does that represent a node? For example I have 4 web apps, 4 sql databases and 2 SQL servers (PAAS). How does that work in the node based model?

  1. System Center Şubat 2018 Bülten – Sertac Topal

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: