Sie sind auf Seite 1von 96

Agenda

• DAY 1
Introduction
Insight and Analytics
• DAY 2
Automation and Control
Security and Compliance
Straddling two worlds
Challenges for modern management

Traditional datacenter Cloud model


• Tight coupling between • Developers have a critical
infrastructure and apps business role
• Expensive, vertically integrated • Micro-services and modern apps
create new complexity
hardware
• The server is no longer the center
• Siloed infrastructure and operations point
• Highly customized processes and • Application data is business data
configurations
Modern IT investments
SI
COST POLICY SUBSCRIPTION DEVOPS TOOLING PACKAGING

DETECT PREVENT ORCHESTRATION PATCHING


WINDOWS, LINUX
AZURE, AWS, CONFIG MONITORING

PRIVATE CLOUDS

BACKUP RECOVERY ANALYTICS DISCOVERY ALERTS


Ideologies for shifting investments

Speed Flexibility Simplicity

• Setup within minutes • Connects to existing tools • Easy-to-use dashboards


• Faster troubleshooting • Custom solutions and data • Reduced management infrastructure
• Real-time innovation • Traditional and modern cloud • Cohesive solutions
Evolution of Management Tools

Cloud
Era

Enterprise
Era

LAN
Era
MaaS for Hybrid and Open Systems
Why OMS?
Simplicity Time to Value Easy to Integrate Optimized for
System Center

A single portal for Onboard fast. No Add new servers, Complements


all your content to create. or connect to your System Center
management Connects to your existing investment to
tasks. No on-premises management tools unleash new
infrastructure to
maintain. datacenter. within minutes. management
scenarios
Log analytics Automation Availability Security
Gain visibility across your Orchestrate complex and Increase data protection Help secure your
hybrid enterprise cloud repetitive operations and application workloads, servers, and
availability users
Microsoft hybrid IT management
Simplified guest and workload management, both on-premises and in the cloud

Microsoft
Operations
Management Suite
WINDOWS WINDOWS

WINDOWS WINDOWS

Public cloud Private or hosted third-party cloud,


Azure or AWS Rackspace, etc.

WINDOWS
HYPER-V
WINDOWS

VMWare
WINDOWS

On-premises with System Center


Log analytics
Gain visibility across your hybrid enterprise cloud.

• Deliver unparalleled insights across your datacenters


and public clouds, including Azure and AWS.

• Collect, store, and analyze log data from virtually any


Windows Server and Linux source.
Easy collection, correlation, Insight into physical, virtual, Proactive operational data
and visualization of your and cloud infrastructure analysis
machine data health, capacity, and usage
Log management across physical, Capacity planning and deep visibility Faster investigation and resolution of
virtual, and cloud infrastructure into your datacenter and across operational issues with deep insights
premises
Orchestrate complex and repetitive operations.

• Create, monitor, manage, and deploy resources

• Reduce errors and boosting efficiency


Reduction of time- Quick start of automation Better visibility into
consuming, error-prone tasks using Runbook Gallery automation activities
cloud management tasks

Creation, monitoring, Ready-to-use automation sample, Runbook monitoring with easy-to-read


management, and deployment utility, and scenario runbooks dashboard charts and log records
of resources in hybrid
environments
Ensure data integrity and application availability.

Backup and enable integrated recovery for all your


servers and applications, no matter where they reside..
Affordable in-box business Seamless integration with Best-in-class security and
continuity and disaster existing backup and data encryption
recovery solution recovery investments

Automated virtual machine Integration of on-premises Security-enhanced replication of


replication replication tools with cloud-based application data
recovery
Simple, flexible, and Flexible management of Protection of business-
affordable disaster recovery application uptime and critical data where it resides
resources

Ability to define recovery plans Maximum uptime with resource Unified solution for protecting data
and easy-to-manage recovery health assessment on-premises and in the cloud
points
Help secure your workloads, servers, and users.

Identify missing system updates and malware status.


Collect security-related events and perform forensic,
audit, and breach analysis. Enable cloud-based patch
management for all your environments.
Identification of missing Comprehensive view into Collect security related
system updates across data your organization’s IT events
centers or in a public cloud security posture

Comprehensive updates Detection of breaches and threats Perform forensic, audit and breach
assessment across datacenters and with malware assessment analysis
public clouds
Any cloud

Security Visibility

Microsoft
Key Scenarios
• Insight and Analytics
• Configuration and Automation

Hybrid
• Application Management
• Security
• Backup

Protection Control
Management
• Disaster Recovery

System
Center
Any platform
On-premises
Sign Up for OMS in just 3 Clicks
Go to Microsoft.com/OMS and click the
“Try for Free” button. Sign in with a
Microsoft Account.

Provide a unique “Workspace Name”


such as <CompanyNameProd>. A
workspace is a logical for your data.
Specify an “Email” and the Region
where your data will reside.

You can create a new Azure


Subscription or link and existing one. Or
choose Free Trial.
Sign Up for OMS in Azure Portal
Sign on to https://portal.azure.com.
New | Management > | Log Analytics
(OMS) in the Azure Portal.

Provide a unique “Workspace Name”


such as <CompanyNameProd>. A
Resource Group name, Location and
Pricing tier option. Free, Standard or
Premium.

You can link to an existing OMS


Workspace or create a new one.
Summary in Portal or go to OMS Portal.
Operational excellence
with insights and analytics
Fast
Simple and Gain
troubleshoot
unified immediate
and auto
experience insight
remediate
Simple and unified experience
Challenges

Individual
monitoring
Platform and
Application
monitoring tool

Network
monitoring tool Individual
monitoring

Security
analysis tool

Individual
monitoring
On premises Application data
datacenter
Platform data

Network data

Security data
Individual Hosters
monitoring
Simple and unified experience
Solution

Individual
monitoring
Platform and
Platform and
Application
monitoring tool Application IT
monitoring Operational
Network excellence
monitoring tool Individual
monitoring

Security
analysis tool

Individual
Application data Security Network monitoring

Platform data analysis monitoring


Network data

Security data
Individual Hosters
monitoring
Simple and unified experience UNIFIED
EXPERIENCE
Expand your enterprise management with a consistent experience

Single platform for Leverage existing Access anywhere with a


overall management management platform consistent user experience

• Single pane of control • Integrate with existing systems • Control from anywhere
• Unified experience • Connect with isolated resources • Consistent user interface
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Single platform for


overall management
Single pane of control for log Unified experience to manage your
analytics, automation, back up, resources in public, private cloud as
site recovery and security well as traditional datacenters
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Windows agents
• Log Analytics
SCOM
• Automation
• Site Recovery
Linux / FluentD • Backup

REST Collection API Operations Management Suite

Sample list of log/metrics that


OMS collects:
SaaS services • Custom Application/Infra logs
• Windows event logs
O365
• Window performance counters
• Security Event Logs
Azure Storage / • IIS Logs
• ETW logs
Azure Diagnostics
Event Hub Log Stash • Azure Diagnostics
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Windows agents

Operations Management Suite

Connect to Windows computers in your on-premises infrastructure directly to OMS workspaces by using a
customized version of the Microsoft Monitoring Agent (MMA).

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-windows-agents/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

SCOM

Operations Management Suite

Integrate Operations Manager with your OMS workspace to:


• Continue monitoring the health of your IT services with Operations Manager
• Maintain integration with your ITSM solutions supporting incident and problem management
• Manage the lifecycle of agents deployed to on-premises and public cloud IaaS virtual machines that you monitor
with Operations Manager
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Linux / FluentD

Operations Management Suite

Collect and act on data generated from Linux computers. Adding data collected from Linux to OMS allows you to
manage Linux systems and container solutions like Docker regardless of where your computers are located—virtually
anywhere.

Upload data
(HTTPS)
syslog

Firewall/proxy
Nagios
OMS Service

Zabbix

Providers
Docker
Pull configuration
(https)
Linux Computer
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Linux / FluentD

Operations Management Suite

Supported Linux platform

6.x 32/64-bit 5.x 32/64-bit


7.x 32/64-bit 6.x 32/64-bit
8.x 32/64-bit 7.x 64-bit

5.x 32/64-bit
2013.09 – 2015.09 6.x 32/64-bit
7.x 64-bit
12.x 32/64-bit alpha
14.x 32/64-bit beta
15.x 32/64-bit stable
16.x 32/64-bit
10.x 32/64-bit
5.x 32/64-bit
11.x 32/64-bit
6.x 32/64-bit
12.x 64-bit
7.x 64-bit
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

REST Collection API

Operations Management Suite

Leverage REST collection API to ingest custom data to Operations Management Suite

API
Log Search API
Ensure json is flattened and not nested • Create, manage and run searches

$json = @" Alert API


[{ "slot_ID“ : 12345, • Create and manage alerts
"ID“ : "5cdad72f-c848-4df0-8aaa-ffe033e75d57",
Powershell
"availability_Value": 100,
"measurement_Name“ : "last_one_hour", Log Analytics cmdlets
"duration“ : 3600,
"ExecutionTime“ : "2016-05-12T20:00:00.625Z" Nouns
}, • ComputerGroup
{ … }] • IntelligencePacks (solutions)
"@ • LinkTargets
• SavedSearch
• SavedSearchResults
• StorageInsights
• Workspace
• WorkspaceManagementGroups
• WorkspaceSharedKeys
• WorkspaceUsage
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Leverage existing
management platform
Do not rip and replace by Operations Management Suite
leveraging your management Gateway to connect with isolated
platform such as System Center, environment
Zabbix or Nagios
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Collect alerts from Operations Manager


To collect alerts from
Operations Manager, you will
need to

1. On the Operations
Management Suite
Onboarding Wizard:
associate with your OMS
subscription

2. If you have more than


one workspace, select the
workspace you want to
register with the
Operations Manager
management group from
the drop-down list, and
then click Next.

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-om-agents/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Collect alerts from Nagios and Zabbix

To collect alerts from Nagios and


Zabbix, you will need to

1. Grant the user omsagent read


access to the Nagios log file

2. Modify the
omsagent.confconfiguration file
(/etc/opt/microsoft/omsagent/conf
/omsagent.conf).

3. Restart the omsagent daemon

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-linux-agents/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Access anywhere with a


consistent user experience
Control from anywhere with iOS, Consistent user interface across
Android and Windows Phone. Operations Management Suite and
Azure services
Simple and Gain Fast
unified immediate troubleshoot
experience insight and auto
remediate
Gain immediate insight
Challenges

Business
Platform and owners?
Application
monitoring

Application
owners?

Security Network
analysis monitoring
Infrastructure
owners?
Gain immediate insight
Solution

Business
owners

Application
owners

Infrastructure
owners
Intelligence
Engine
Gain immediate insight UNIFIED

Provide an immediate insight for your hybrid environment based EXPERIENCE

on trusted sources.

Quick data Experienced sources Analyze petabytes of


collection of insight data from the cloud

• Automatic data collection • Single source of truth • Infrastructure free


• Custom log collection • Experienced and trusted insight • Business insight
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Quick data
collection
Automatic end point data selection Custom log collection including
and collection Windows and Linux
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Automatic data selection and collection

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-data-sources/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Custom log collection

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-data-sources-custom-logs/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Experienced
sources of insight
Single source of truth, gathering Correlate and analyze through
data from public cloud, private Knowledge obtained by the trusted
cloud, traditional datacenters source such as product team, support
team, MSIT, Digital Crime Unit
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions
Log Analytics solutions are a collection of logic, visualization and data acquisition rules that provide
metrics pivoted around a particular problem area.

https://azure.microsoft.com/en-us/documentation/articles/log-analytics-add-solutions/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions
Data collection details for OMS features and solutions

SCOM agent data sent


Data type Platform Direct Agent SCOM agent Azure Storage SCOM required? Collection frequency
via management group

AD Assessment Windows 7 days

AD Replication Status Windows 5 days

Alerts (Nagios) Linux on arrival

Alerts (Zabbix) Linux 1 minute

Alerts (Operations
Windows 3 minutes
Manager)

Antimalware Windows hourly

Capacity Management Windows hourly

Change Tracking Windows hourly

Change Tracking Linux hourly

ETW Windows 5 minutes

IIS Logs Windows 5 minutes


UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions
Data collection details for OMS features and solutions
SCOM agent data sent
Data type Platform Direct Agent SCOM agent Azure Storage SCOM required? Collection frequency
via management group

Key Vaults Windows 10 minutes

Network Application
Windows 10 minutes
Gateways
Network Security
Windows 10 minutes
Groups

Office 365 Windows on notification

Performance Counters Windows as scheduled, minimum of 10 seconds

Performance Counters Linux as scheduled, minimum of 10 seconds

Service Fabric Windows 5 minutes

SQL Assessment Windows 7 days

SurfaceHub Windows on arrival

from Azure storage: 10 minutes; from


Syslog Linux
agent: on arrival
at least 2 times per day and 15
System Updates Windows
minutes after installing an update
Windows security for Azure storage: 10 min; for the
Windows
event logs agent: on arrival

Windows firewall logs Windows on arrival

for Azure storage: 1 min; for the


Windows event logs Windows
agent: on arrival
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Gain immediate insight from containers


Containers are lightweight, pared-down virtual machines that can be easily provisioned, developers
have created them sporadically as a solution to support their continuous delivery. As containers are
being used widely in production and are exploding in numbers, demand for container monitoring has
increased. A centralized approach to logging and monitoring is required. OMS Container Solution for
Linux helps with these needs.

https://blogs.technet.microsoft.com/msoms/2016/08/24/announcing-public-preview-oms-container-solution-for-linux/
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Gain immediate insight from containers


With the OMS Container Solution, you’ll be able to:
• Centralize and correlate millions of logs from Docker containers at scale
• See real-time information about Container status, image, and affinity
• Quickly diagnose “noisy neighbor” containers that can cause problems on Container hosts
• Retrieve, visualize, and monitor CPU, memory, storage, and network usage with 10-second real-
time performance metrics
• View detailed and secure audit trail of all Docker actions on Container hosts

Two types of installation methods to support different operating system types, such as CoreOS.
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: VMware Monitoring (Preview)


Aggregate all the ESXi Host logs in any location to a centralized repository for insightful analysis and
monitoring. The solution consolidates and parses logs into a comprehensive dashboard which help
monitor, alert, and quickly analyze the ESXi Host and VM activities.

• Provide Visualization Dashboard


• Monitor Event, Warning, Failure
• Provides deep Log Analysis with
search and trending
VMware • Assist Alerting
ESXi Servers

SCSI/Disk
VM ESXi ESXi
Status and

Activities Events Failure
Error

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-vmware
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: Network Performance Monitor (NPM)


• Network Performance
Monitor (NPM) monitors
connections between office
sites, clouds and
applications.

• NPM offers near real time


monitoring of network
performance parameters like
loss and latency between
two networks.

• NPM helps you to quickly


locate the source of the
problem for easy
troubleshooting.
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

NPM : Monitor Any Connection

On Premises

Multiple Sites
Hybrid Networks
Multiple VNETs
3rd Party Cloud
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Network Custom Alert


Rules
Analytics-Driven
Monitoring
Performance
Monitor (NPM) OMS

Detect Faults

Intelligent Averaging, Auto-


Detected Thresholds to reduce
Auto Detect false Alerts
Subnets & Paths

NPM Service

Active Probes
OMS Agents
Agents can be placed
across DC/Cloud
Determine E2E Loss
& Latency
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Network
Performance
Monitor (NPM):
OMS
How it Works
1. Add the NPM Solution to your
OMS Workspace
2. Download and install OMS
agents. OMS agent downloads
NPM Intelligence Pack (IP)
3. NPM IP: Detect subnets and
upload to OMS
NPM Service 4. NPM IP: Pull peer config
information from OMS
5. Start active probes, periodically
upload data to OMS
6. NPM OMS logic aggregates and
shows comprehensive perf data
OMS Agents OMS Agents Active Probes OMS Agents
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Choose the NPM Protocol : ICMP or TCP


NPM uses synthetic transactions to calculate Network Performance Metrics like Packet Loss and Link
Latency.

• Consider an NPM Agent connected to one end of a network link.


• This NPM Agent sends probe packets to a second NPM Agent.
• The second Agent replies with response packets.
• By measuring the number of replies and time taken to receive each reply, the first NPM Agent
assesses link latency and packet drops.

The Protocol choice affects the accuracy of the results. It also determines whether you must take any
manual steps after you deploy the NPM solution:

• NPM offers you the choice between ICMP and TCP protocols.

• If ICMP, the NPM agents use ICMP ECHO messages to calculate the network latency and packet loss.
• If TCP, the NPM agents send TCP SYN packet over the network.
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Network Performance Monitor Dashboard


UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: Service Map


Service Map automatically discovers application components on Windows and Linux systems and maps
the communication between services for servers on any Cloud Platform as well as on premises

With Service Map as a Solution, you can:

• View your servers as interconnected systems that deliver critical services


• Discover various dependencies across servers, processes and third party services
• Have Migration Assurance to effectively plan, accelerate and validate Azure Migrations
• View Server Summary & Properties
• Perform and manage Change Tracking
• Configure and View Alerts
• View various Performance Metrics
• View Critical Security Issues
• Integrate with Patch Management
• Configure Incident Management
• Computer and Process Inventory in Log Analytics
• Security event correlation
• Historical Queries
• SCOM integration

And many more !!


UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

How Service Map Helps ?


Application or Services Automatically discover all

Service
dependencies for any
Windows or Linux system
Application Email SharePoint Active
Web sites Web sites Directory

View all TCP-connected


processes,
Hypervisor (ESXi / Hyper-v) Public Cloud (Azure / AWS) their bound ports and
connections

Virtual machines Virtual machines


View dynamic maps of
your system topology, live
Infrastructure

and historical

Visualize any alerts or


change events
Database Storage Network Database Service bus Storage Network across all dependencies for
a given machine
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Challenges : Migrate to Cloud


On-premises IT
systems
Public cloud
Challenges:

• Several man-months of effort to


map out pre-migration
environment

• Identifying critical servers and


Any PaaS and
IaaS systems
Datacenter knowing which servers and
applications must be moved
together

• Different management tools to


manage cloud and on-premises
resources

• Maintaining high ROI by


minimizing migration costs

On-premises IT
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Service Map : Assessment for Migration


Discover Assess Move Validate Manage

Identify critical Avoid migration 24x7 monitoring


servers and disasters and Verify proper of applications,
Build application applications minimize migration with workloads, and
and server downtime with Comparison underlying
dependency Identify and fix automatic Reports infrastructure
maps in minutes existing issues dependency
rather than before migration map updates Quickly catch Custom alerting
weeks or any
months Improve Migrate more performance Data export and
Application efficiently by issues in the new third party
No need for Performance moving environment integration
costly manual and save on connected
cataloging of post-migration servers together No need to Manage on-
servers, services, cost by install new tools premises, cloud,
and applications identifying over Immediately find to monitor cloud and hybrid
and under- any failing resources services and
utilized servers transactions applications
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: Service Map


UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: NSG Analytics


NSG Analytics gives you detailed diagnostics and
logs of the NSG rules currently created and
applied

• With the help of NSG Analytics, you can view


the rules which “Blocked” or “Allowed” traffic
• You will have to enable Diagnostics on the
Network Security Groups
• Send the NSG Flow Logs to a Log Analytics
Workspace

Check for the two types of Logs


to be stored:

• NetworkSecurityGroupEvent
• NetworkSecurityGroupRuleCounter
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Solutions: NSG Analytics


After you click the Azure Network Security Group Analytics tile on the Overview, you can view summaries
of your logs and then drill in to details for the following categories:

• Network security group blocked flows


• Network security group rules with blocked flows
• MAC addresses with blocked flows
• Network security group allowed flows
• Network security group rules with allowed flows
• MAC addresses with allowed flows

On the Azure Network Security Group Analytics dashboard, review the summary information in one of
the blades, and then click one to view detailed information on the log search page

On any of the log search pages, you can view results by time, detailed results, and your log search history.
You can also filter by facets to narrow the results
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

OMS Gateway

The OMS Gateway allows data collected on server machines to be pushed to a proxy
machine for upload. This allows Production Servers to stay off the Internet

• If computers that are behind a DMZ, can be configured with the OMS agent to directly
connect to an OMS workspace.
• All computers will instead communicate with the OMS Gateway.
• The gateway transfers data from the agents to OMS directly, it does not analyze any of
the data in transit.

When an Operations Manager Management group is integrated with OMS, the Management
servers can be configured to connect to the OMS Gateway to receive configuration
information and send collected data.

• Operations Manager Agents send some data such as Alerts, Configuration Assessment,
Instance Space, and Capacity Data to the Management Server.
• IIS Logs, Performance, and Security events are sent directly to the OMS Gateway.
• If Operations Manager Gateway server is deployed in a DMZ, it cannot communicate
with an OMS Gateway.
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

OMS Gateway: Manage Offline Servers


• It is recommended that you install the OMS Agent on the computer running OMS Gateway to
monitor the OMS Gateway.
• Additionally, the agent helps the OMS Gateway identify the service end points that it needs to
communicate with.
• Each agent must have network connectivity to its gateway so that agents can automatically transfer
data to and from the gateway.
• Installing the Gateway on a Domain Controller is not recommended.
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

OMS Gateway: Architecture Overview


UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

OMS Gateway: SCOM Attached Agents

Agents attached via SCOM


• Some Data sent via
Management Server
• Some Data (High Volume) sent
directly

OMS Gateway
• Configure SCOM Management
Server Proxy
• Install Microsoft Monitoring
Agent on Proxy
• Install OMS Gateway on Proxy
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Analyze petabytes of
data from the cloud
Infrastructure free, On the fly metrics PowerBI integration
management as a aggregation
service
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

View designer
Create visual tiles based on searches
Assemble tiles on a dashboard

View Designer editing Overview Tile to show custom service’s front-end custom events and performance data
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

View designer
Create visual tiles based on searches
Assemble tiles on a dashboard

Complete with metrics visualized in line charts, distributions of event levels for my service, and the amount of data getting
for both types of events. Each visualization can drill down into OMS Log search.
Simple and Gain Fast
unified immediate troubleshoot
experience insight and auto
remediate
Fast troubleshoot and auto remediate
Challenges

Platform and
Application
monitoring

Security Network
analysis monitoring

Too many Unclear with Manual


alerts remediation process
Fast troubleshoot and auto remediate
Solution

Platform and
Application
monitoring
Filter alerts Professional knowledge

Security Network Specific search alert Community based


analysis monitoring

Automated
Problem
process
solved
Fast troubleshoot and auto remediate UNIFIED
Solve issues as quickly as possible in an automated fashion to improve EXPERIENCE

your SLA

Identify root cause Community based Auto


with powerful search automation remediate

• Powerful search • Leverage PowerShell community for • Leverage automation from


automating via PowerShell based the cloud
• Alert notification
runbooks
• Connect existing alerts to
auto remediate
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Identify root cause


with powerful search
Powerful search Alert notification
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Alert management
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Community based
automation
Leverage PowerShell community for automating via PowerShell based runbooks
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Community based runbooks


Automate your task based on community gallery
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Auto remediate
Leverage automation Connect existing alerts
from the cloud to auto remediate
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Auto remediate based on alerts


Automate your task based on community gallery
UNIFIED EXPERIENCE

COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT

Auto remediate based on alerts


Setup alert rule to trigger automated task
What we’ve learned

Fast
Simple and Gain
troubleshoot
unified immediate
and auto
experience insight
remediate

• Single platform • Quick data collection • Identify root cause


• Leverage existing • Trusted insight • Community based
platforms • Petabytes of data automation
• Access anywhere • Auto remediate
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.