You have deployed some virtual machines into Azure, AWS, Google, Rackspace — or all of the above. Your email and a growing number of applications are being hosted not just in your data center, but also in the cloud. The tools you have been using to monitor and manage these platforms don’t work so well once they’re running in the public cloud. How do you ensure that applications are performing, available and not costing too much money?
The answer may be a monitoring and management platform that can span all of these environments, but also augment what you may already have today. This is what the Operations Management Suite (OMS) does. It’s a cloud-based platform that can consume huge amounts of data, backup and recovery of VM’s and apps, drive automation across all apps, and even offer disaster recovery.
OMS is based on Azure and uses many of the data and app services that customers use to build their massively scalable applications. There are four main components to OMS: Log Analytics, Automation, Backup and Site Recovery. Each one can be used independently or integrated into the OMS dashboard. This post will focus on the Log Analytics portion, which provides all of the monitoring and some management aspects for Windows and Linux based VMs, but also an increasing number of SaaS platforms.
Breaking Down Log Analytics
Log Analytics is based on some simple principles: data is imported, rules are applied and an action or alert is implemented. The data that can be imported into OMS can be both structured and unstructured data. Some examples of structured data are event logs, syslogs and performance data. The unstructured data can be any sort of log file — for example from firewalls, printers, IoT devices, routers, etc. The data can be collected from an agent, which is available for Windows Server and Client as well as several variants of Linux. The agent uses HTTPS to send and receive information from OMS, which is also regionally-based and can be localized to the agent. The data collected can be configured based on different types of event logs and performance counters, which is all customizable from the console (and which is HTML5).
There is also an option to integrate your on-prem System Center Operations Manager Management group with Log Analytics. Operations Manager can forward alerts and performance data to OMS for the dashboarding, log query and archiving abilities. Since Log Analytics uses Azure, performing queries of the logs or perf data is much faster than any on-prem hardware could perform. OMS also extends Operations Manager ability, by offering real-time dashboard capabilities. The recently released OMS View Designer lets you create your own if they aren’t available with the included Intelligence Packs. Since this is cloud-based, there are constant updates to the services and capabilities. Microsoft takes care of all the maintenance of the infrastructure and the Intelligence Packs are automatically updated when new software is released.
Extending OMS’s Reach
OMS is extensible by adding Intelligence Packs, which are available through the online store. All of the current Intelligence Packs are at no cost and include all of the rules, alerts, dashboards and actions to get started monitoring most common applications such as Active Directory, SQL, Software Updates, Security & Auditing, Capacity Planning, Wire Data, Change Tracking, Malware and many more being added frequently.
Getting Started with OMS is easy and for most it is free to get started. The free package will accept up to 500MB of data per day, which is usually sufficient for a Test/Dev or PoC environment. For more servers, there are other pricing tiers that offer unlimited data and extended periods of retention, up to 10 years. This is a good option for industries that require holding security event data for extended periods of time.