Tag Archives: #Azure

SCOM 2019: Updated Azure Management Pack v1.8.0.1

A new version of the Azure management pack has been released you can get it it here

What’s new

  • Enabled Resource Group filtering for subscription
  • Modified Alert description for all Alert types
  • Enabled multi-resource metric alerts support

What’s Fixed:

  • Fixed health state issue to be in sync with Azure portal
  • Fixed ‘unknown’ state issue for metric alert

Note: Upgrade is supported from v1.6.0.7 and v1.7.0.0. Existing template will be honored.

How to: Parameters with Azure Monitor Workbooks and a quick start template

Adding parameters to a workbook allows you to change values in your queries such as workspace without having to manually edit the query. This makes workbooks much easier to use and widens the potential audience.

Lets look at how to add parameters, some common ones and a little cheat sheet I use to quickly start a new workbook.

Adding Parameters

Parameters can be added into a KQL query by including the parameter name in braces, for example if I have a parameter for Time I can reference it in my KQL query as {Time}

There are currently four different supported parameters:

Text – An editable text box
Drop Down – Choose from a defined set of values
Time Range Picker – Choose from a predefined set of time range values
Resource Picker – Choose from resources selected for the workbook

Example Parameters for our Quick Start Template

Time

Adding a time parameter is relatively straight forward as it is a pre-defined parameter type, click add parameter and give it a name, select Time range picker from the type field and select the times ranges you want to be available. Then click Save

Subscription

Adding a subscription parameter is very useful as it allows your workbook to be able to query across subscriptions easily. After giving the parameter a name, choose Subscription picker from the type. Tick Allow multiple selection and also include the All option below then
you can select from Default Subscriptions and All Subscriptions. Then click save.

Workspace

Workspace is useful for the same reasons Subscription is, this will allow a workbook to easily query across multiple workspaces from a single location.

This one is a little more complex to configure as it you’ll need to reference the workspaces through a KQL query, there are several ways to do this and i’ll share the one I am currently using.

As before name your parameter, this time choose Resource picker, allow multiple selection and All as options and then select Get data from Query, set your source to Azure Resource Graph and Subscription, the query I use is below:

where type =~ ‘microsoft.operationalinsights/workspaces’
| order by name asc
| summarize Selected = makelist(id, 10), All = makelist(id, 1000)
| mvexpand All limit 100
| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)

Servers

Not all Workbooks will require Servers but I use it often enough that I include in my Quick Start Template. This time choose Drop down, as before allow Multiple selection and All. We are going to populate our list from a query and a simple way to get a list of Servers is:

Heartbeat
| distinct Computer

Once you have saved this workbook with your populated parameters it is now a simple matter to reuse this every time we want to create a new workbook with parameters. All you need to do is edit this one and Save As to start a fresh workbook with pre-done parameters.

Json Template

Below is the template to create your own easy quick start workbook, just create a blank one and paste the json code into the Advanced Editor in the Gallery Template section and click apply.

{
“version”: “Notebook/1.0”,
“items”: [
{
“type”: 9,
“content”: {
“version”: “KqlParameterItem/1.0”,
“query”: “”,
“crossComponentResources”: [
“{Subscription}”
],
“parameters”: [
{
“id”: “ff24505c-2099-43a4-a8a3-3456bed78eb5”,
“version”: “KqlParameterItem/1.0”,
“name”: “TimeRange”,
“type”: 4,
“isRequired”: true,
“value”: {
“durationMs”: 604800000
},
“typeSettings”: {
“selectableValues”: [
{
“durationMs”: 3600000
},
{
“durationMs”: 14400000
},
{
“durationMs”: 43200000
},
{
“durationMs”: 86400000
},
{
“durationMs”: 172800000
},
{
“durationMs”: 259200000
},
{
“durationMs”: 604800000
},
{
“durationMs”: 1209600000
},
{
“durationMs”: 2419200000
},
{
“durationMs”: 2592000000
},
{
“durationMs”: 5184000000
},
{
“durationMs”: 7776000000
}
]
}
},
{
“id”: “bfe50469-7469-4c4d-a33e-0edbb43546c4”,
“version”: “KqlParameterItem/1.0”,
“name”: “Subscription”,
“type”: 6,
“isRequired”: true,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“value”: [
“value::all”
],
“typeSettings”: {
“additionalResourceOptions”: [
“value::all”
],
“includeAll”: true
}
},
{
“id”: “fb861784-4609-49f2-9f58-427fcc547677”,
“version”: “KqlParameterItem/1.0”,
“name”: “Workspace”,
“type”: 5,
“isRequired”: true,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“query”: “where type =~ ‘microsoft.operationalinsights/workspaces’\r\n| order by name asc\r\n| summarize Selected = makelist(id, 10), All = makelist(id, 1000)\r\n| mvexpand All limit 10000\r\n| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)”,
“crossComponentResources”: [
“{Subscription}”
],
“value”: [
“value::all”
],
“typeSettings”: {
“resourceTypeFilter”: {
“microsoft.operationalinsights/workspaces”: true
},
“additionalResourceOptions”: [
“value::all”
]
},
“timeContext”: {
“durationMs”: 0
},
“timeContextFromParameter”: “TimeRange”,
“queryType”: 1,
“resourceType”: “microsoft.resourcegraph/resources”
},
{
“id”: “b2627475-cef7-4e91-97b9-b70bf00164e6”,
“version”: “KqlParameterItem/1.0”,
“name”: “Servers”,
“type”: 2,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“query”: “Heartbeat\r\n| distinct Computer”,
“crossComponentResources”: [
“{Workspace}”
],
“value”: [
“value::all”
],
“typeSettings”: {
“additionalResourceOptions”: [
“value::all”
]
},
“timeContext”: {
“durationMs”: 0
},
“timeContextFromParameter”: “TimeRange”,
“queryType”: 0,
“resourceType”: “microsoft.operationalinsights/workspaces”
}
],
“style”: “pills”,
“queryType”: 1,
“resourceType”: “microsoft.resourcegraph/resources”
},
“name”: “parameters – 1”
}
],
“styleSettings”: {},
“$schema”: “https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json”
}

How to: Availability Workbook for Azure Monitor

Azure Monitor workbooks are very powerful and a great addition to the Monitor toolset you can learn more about them in my article here. Today we’ll be using Workbooks to create an availability report for our servers.

First we need our query, below is a fairly stock example of how to use the Heartbeat table to get the number of hours a server has been online and compare that to a set number of hours, in this case the past 7 days (168 hours) and work that out as a percentage.

let starttime=startofday(now()-7d);
let endtime=now();
Heartbeat
| where TimeGenerated >= starttime and TimeGenerated <= endtime
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, starttime), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer
| extend total_number_of_buckets=round((endtime-starttime)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets

As you can see running this query against your Log Analytics workspace will return exactly that, The Computer name, the total number of hours or “buckets”, the number of available hours and the percentage or Availability rate.

Once we have a working query it’s time to create our workbook, this can be done under the Azure Monitor blade of the Azure console, simple click on Workbooks which is still in preview and then click new.

Click add query and configure your workspace as shown below, then click Run Query

So far so good, now we want to be able to select the time range for our availability report. to do this click add Parameters at the bottom of the editor. Conveniently there is a pre-built parameter called Time range picker so we’ll use that. Make sure you tick required to make this mandatory for the Workbook.

Save your new parameter and then click the up arrow to move this section to the top of the page.

Now our query needs a slight adjustment to be able to use the time picker, below you can see I’ve created variables for the time ranges and substituted them into my query in the relevant locations.

let timeRangeStart = {TimeRange:start};
let timeRangeEnd = {TimeRange:end};
Heartbeat
| where TimeGenerated >= timeRangeStart and TimeGenerated <= timeRangeEnd
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, timeRangeStart), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer
| extend total_number_of_buckets=round((timeRangeEnd-timeRangeStart)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets

Lastly we want to add a bit of colour to the report, a nice way to do this is to click on the Column Settings button, select availability rate and configure it to display as a bar. Making the colour palette Red to Green also means that the higher the number the more green the bar becomes allowing servers with poor availability to stand out.

Click save and there you have it a Server Availability Workbook for Azure Monitor. Save this workbook and you can access it from the workbook gallery and also pin it to an existing Azure Dashboard.

Azure Bastion – Securely access your Azure VMs

As part of my Azure feature series lets take a look at Bastion (now in preview)

What is it?

Securing access to public facing cloud based VMs is a potentially risky and costly concern for businesses. Using services like JiT (Just in Time Access) to reduce the attack surface requires that your Security Center Service Plan has been upgraded to Standard as the service is not available on the Basic Service Plan.

Say hello to Azure Bastion

Now with Bastion you can remove the attack surface completely by allowing connections via port 443 for Windows and SSH for Linux integrated into the Azure Portal, thereby removing the risk of port scanning and removing the need for public facing IP addresses for your VMs.

Below are some of the key features currently available at this time:

Top-level Azure Bastion architecture

How to activate the Public Preview

The service is currently in preview, which means you need to activate it with the below steps:

  1. Make sure you are connected to the Azure Preview portal here
  2. Open Azure Shell and run the below three commands:
    (If you have the Az PowerShell module remember to change AzureRM to Az)
    • Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
    • Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
    • Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

Getting started

From the homepage of the Azure Preview Portal click + Create a resource and search for Bastion (Preview), then click create.

Choose your subscription and resource group, it is important to note that you have to create a subnet called AzureBastionSubnet. This value lets Azure know which subnet to deploy the Bastion resources to. It is recommend to use at least a /27 or larger subnet. Create the AzureBastionSubnet without any Network Security Groups, route tables, or delegations. Once done create the Bastion.

Once your Bastion is deployed, from the Azure Portal navigate to the VM you want to connect to and click connect, you will see a new option called BASTION next to the familiar RDP and SSH options. Enter the credentials and click Connect.

And there you have it, your VM is securely accessible through the Azure Portal without needing a public facing IP address.

Conclusion

Bastion is a fantastic and a much needed service which allows secure access to your cloud Windows and Linux VMs without any exposure of public IPs ultimately allowing the removal of the VM attack surface in your Azure environment.

Ding Dong it’s Azure Front Door

As part of my Azure feature series lets take a look at Front Door.

What is it?

Azure Front Door Service provides a scalable and secure entry point for fast delivery of your global web applications.

This essentially means that by placing a Front Door ahead of your application you gain increased performance and security.

Getting started

Setting up is straight forward, if you’d like to test Front door and you don’t have an application to use you can setup a sample web app using my previous article here .

First click New Resource in your Azure Portal and search for Front Door, then click Create

Choose your subscription ,resource group and Azure region. then click Next: Configuration

Now it’s a simple three step process

  1. Add a frontend host
  2. Configure backend pools
  3. Configure routing rules

Adding a Frontend Host

Click the + icon in the corner of the frontend host window and give you frontdoor a name and enable Session Affinity if required.

Adding a Backend Pool

Next click the + icon in the corner of the backend pool window. Give your pool a name, configure your load balancing and then click on add a backend.

Backend hosts can be various types in this example we are using an App Service, you can also use Cloud Service, Storage, Storage(Classic) or Custom host. Select your Subscription and backend host and click add and then add again.

Adding Routing Rules

Next click the + icon in the corner of the routing rules window. Give your rule a name, decide if it must accept HTTP or HTTPS or both and select your frontend host. Next configure the forwarder and enable caching if required, if your app uses lots of static content this will drastically improve load time performance, then click add.

click Review + Create and then Create

You should now be able to access your application using the frontdoor URL available on the top right hand side of the Overview blade.

How much better is it?

Below we have two speed test results one for my webapp API and one for my Frontdoor we can see a 53% improvement from 1.33 seconds to 710 milliseconds.

Webapp Load Test

Frondoor Load Test

The tale of the Bakery that helped me test Azure Application Insights

If you ever need to test Application insights or any of the other Azure features that need an application such as Front Door there is a simple way to create a test application baked into Azure.

In your Azure portal simple click on “New Resource” and search for Bakery and click Create

Now give the App a name, choose your subscription, resource group and an applicable App Service Plan. Remember the more robust the plan the higher the cost, there is a free limited Tier available called F1 Shared. Then click Create.

After a few minutes your application will be deployed and ready for use with Azure Features. select App Services in your Azure Portal and then click on your Bakery Application

You can find the URL for your new site at the top right of the Overview blade.

Browsing the URL you should see the below site.

For an extra tip if you need the site again you can turn it off instead of deleting it to save some costs. Just press stop in the application overview.

Create interactive reports with Azure Monitor workbooks

A new feature in Azure, Workbooks combine text, Analytics queries, Azure Metrics, and parameters into rich interactive reports. 

For those of your familiar with SCOM, think of workbooks as a pre-bundled set of metrics similar to the dashboards you are already familiar with. It offers a simple method to share useful dashboards which can also be copied and exported.

Let’s dive right in.

So how do I find them?

Simply navigate to Monitor in the Azure portal and click on Workbooks, currently in preview at the time of this article.

Whats available currently?

There are several pre-build templates out of the box as well as a GIT available as a repository for additional templates.

VM Metrics Example

Below are several sample outputs of the various workbooks, not only do they look good but they also contain rich useful information on every object in your subscription that is metric enabled.

SCOM CB: Updated Azure Management Pack v1.6.0.0

An update to the Azure management pack has been released get it here:

Changes and fixes:

  • Fixed false errors about required access to DataAccess service when monitor classic alert rules in the Gateway configuration
  • Improved names and descriptions for workflows that responsible for metricalerts presentation in Operations Manager Console
  • Updated section “Azure Alerts in Operations Manager” in Guide
  • Changed alert names for warning alerts created on dynamic monitors
  • Declare compatibility with System Center Operations Manager 1801
  • Implemented validation on “the given key not present in the dictionary” issue
  • It is possible to upgrade from 1.5.30.26 CTP, but user is recommended to re-create Azure MP template in Authoring section to obtain new changes and perform modifications

SCOM 1807: Updated Management Pack for Microsoft Azure v1.5.20.18

The Azure management pack has had an update get it here

This updated contains primarily new features.

Updates and features

  • Added the “Audience URI” field in the Endpoints Configuration for the Azure Subscriptions Wizard
  • Implemented monitoring of Non-classic storage account
  • Implemented monitoring of Application gateway
  • Fixed issue of obtaining data with Azure Data Factory
  • Implemented monitoring of Azure Data Factory
  • Metric collection for Classic storage account is not supported
  • Implemented monitoring of Service Bus in SPN mode
  • Implemented monitoring  support for Gateway Server

SCOM 2016: Updated MP for Microsoft Azure Stack v1.0.1.0

An updated management pack has been released for Microsoft Azure Stack, version 1.0.1.0 is available here.

Azure Stack is an extension of Azure, bringing the agility and fast-paced innovation of cloud computing to on-premises environments. Only Azure Stack lets you deliver Azure services from your organization’s datacenter, while balancing the right amount of flexibility and control—for truly-consistent hybrid cloud deployments.

New in this version:

  • Implemented “Edit Deployment” wizard.
  • Improved the authentication by means of Azure Active Directory (UPN authentication) and Active Directory Federation Services (UPN and AD FS SPN authentication).
  • Implemented UI improvements in “Add Deployment” wizard.
  • Implemented the Capacity Dashboard.
  • Implemented Auto Maintenance Mode Monitoring Rule that checks if any updates are run on Azure Stack regions and switches regions that are being updated to maintenance mode in Operations Manager. Implemented Turn Off Auto Maintenance Mode and Turn On Auto Maintenance Mode tasks to manually disable and enable the Auto Maintenance Mode.
  • Implemented improvements to reflect changes in the API.
  • Updated the display strings.
  • Added a workaround to support Alert names and descriptions to be displayed in the Operations Manager Reports as a plain text.