One of the questions I often get from my customers when I talk hybrid cloud monitoring is: how can I monitor Azure? Which is the Microsoft story? Which solutions can I use? Is Operations Management Suite (“OMS”) enough? Should I still use System Center Operations Manager (SCOM)? How does Azure Monitor fit in the picture?
Unfortunately we’re crossing a chasm, things are changing rapidly and Microsoft is re-shaping its strategy and products. As of today the story is weak and sparse, but this doesn’t mean you cannot properly monitor workloads running on Azure.
The fact is the current monitoring and alerting story for workloads running on Azure cannot be addressed by a single solution. In terms of generic monitoring for Azure borne resources, Azure Monitor is the starting point, it is basically a free service (or a very low cost one see https://azure.microsoft.com/en-us/pricing/details/monitor/) with billing based on notifications. The idea is all the azure resources in the end will be monitored by this service that will be the “alerting” engine for the platform. Alas we’re not quite there and for IaaS it will never be enough, since it doesn’t know anything about the workloads that are running inside your VMs.
The second solution we can leverage is OMS (ok this is a marketing name) and if we limit the scope to “monitoring and alerting” we must consider Log Analytics. As the name implies it is a machine data ingestion platform where you can find integrations (called “solutions”) for some workloads (SQL, AD, Apache, …). We use a lot Log Analytics with both Microsoft provided and custom solutions, it is really a great machine data ingestion platform, but in my opinion it is currently better targeted at “analysis” (trend, forensic, post mortem, …) than to real time alerting. In reality there’s no “out of the box” monitoring or alerting in Log Analytics. Typically the “solutions” don’t have any alert rule defined per-se, you must define yours and integrate them in Azure Monitor. More over while the linux agent is easy to extend, the Windows agent cannot be extended with custom data sources unless used within a SCOM infrastructure. Licensing is another pain point, Log Analytics is licensed in several ways and only after a proper assessment of the customer needs you can identify the model that best fits. As a brief summary here are the possibilities we have today:
- As a component of the OMS licensing (https://www.microsoft.com/en-us/cloud-platform/operations-management-suite)
- For free, limited to 500MB per day and 7 days retention, basically useless in a production environment (https://www.microsoft.com/en-us/cloud-platform/operations-management-suite)
- In Standalone mode, where you pay for the data ingested and the time you keep it, plus based on the solutions you select, you may pay a fee per node (https://www.microsoft.com/en-us/cloud-platform/operations-management-suite)
- Per Node, where you pay a fixed price per node and it includes a fair amount of data ingested with a retention of 1 month. The per node cost starts at $15/month up to 36$/month or 66$/month if add backup (https://download.microsoft.com/download/5/C/…/OMS%20Licensing%20FAQ_FINAL.pdf) obviously in this case the suite licensing is generally more convenient than buying the single components.
We’re not done yet, if you have control on the source code of your applications, you can leverage Application Insights ($15/month/node https://azure.microsoft.com/en-us/pricing/details/application-insights/) to instrument your applications and integrate the alerting and monitoring with Azure Monitor on one side and your developers to the other.
Typically you’ll need to monitor and alert on security as well, in this case you must add to the picture Azure Security Center, it leverages Log Analytics and integrates with it, it costs 15$/month/node for a complete security monitoring experience. (see https://azure.microsoft.com/en-us/pricing/details/security-center/)
Lastly we have System Center Operations Manager that is still the best in class in terms of monitoring and alerting for specific workloads both in breadth and in depth. It can monitor Azure IaaS and integrates with OMS using some community solutions, it even has some basic Azure monitoring capabilities at large (far from perfect I must say). It can be licensed with the OMS licensing or as a component of System Center (https://www.microsoft.com/en-us/cloud-platform/system-center-pricing). In the latter case every standard license with software assurance covers 2 VMs on Azure and the datacenter edition covers 8 VMs on Azure (see https://azure.microsoft.com/en-us/pricing/licensing-faq/ this has changed a couple of times so you better check with your license reseller).
Please consider all the prices I reported are standard pay as you go prices, so you may benefit of considerable discounts, again you need to check with your license reseller.
In the end we are always having a mixed approach based on the customer needs where we integrate Azure Monitor, OMS, Security Center and System Center to address all the monitoring and alerting requirements. The experience is a little sparse, but until the cloud based solutions (Log Analytics and Azure Monitor in primis) evolve (extensibility, more data sources for Azure Monitor alerting, “alert rules pack”, …) this is what we must live with.
Hope this helps