- Azure Sentinel—A real-world example - Tue, Oct 12 2021
- Deploying Windows Hello for Business - Wed, Aug 4 2021
- Azure Purview: Data governance for on-premises, multicloud, and SaaS data - Wed, Feb 17 2021
Many vendors, including Microsoft, wax lyrically about the cadence at which software is enhanced when it’s a cloud service. Turns out, this isn’t just marketing hype. Once upon a time, we looked at a cloud service called System Center Advisor (SCA). A few years later, this service had morphed into Azure Operational Insight, which expanded the scope considerably. In less than a year, it’s evolved and changed its name again, this time to Operations Management Suite. There’s method to the naming madness however; Advisor did give you advice on how to fix dubious configurations on your servers, sort of like a Best Practices Analyzer (BPA) in the cloud. Azure Operational Insight added a big focus on log analytics to provide insight into trends and issues.
As is so often the case, however, customers asked for more, and they wanted to be able to take action based on the insight provided; thus was born OMS. It also made sense to drop the “Azure” part, since OMS can be used with resources on-premises, in Azure, and in any other cloud.
In this two-part article, we’ll look at getting started with OMS and offer some configuration tips and tricks and introduce a few of the Solutions to unleash the power of log analysis.
Instead of having a few test virtual machines (VMs) with very little data in their event logs, for this review of the Operations Management Suite, I installed the agent in the production environment at one of my client’s. They have a single Hyper-V host with three VMs (DC, File, and Exchange) and are quite a typical small and medium business (SMB) client.
Get started
Head over to www.microsoft.com/OMS and click the Try for Free link. You have to sign in with your Microsoft account, define the settings for a workspace, and connect your data sources.
Defining your workspace settings includes defining a name, a region (at the time of writing only one in the US and one in Europe were available), and other details.
Creating an Operations Management1 Suite workspace
A workspace is a data container boundary; you can have multiple workspaces for a business, but their data (and subsequent analysis) will not overlap. Optionally, you can also link your OMS workspace to an Azure subscription. This gives you two benefits; first, when you create a new classic VM or if you have running VMs, you can install the OMS agent directly from the old Azure portal into those VMs, and the agent is automatically configured to use your OMS workspace. Note that Azure Resource Manager (ARM) VMs can’t take advantage of this automation today. You either have to create an ARM template that includes provisioning the OMS agent for new VMs or manually install the agent.
The second benefit of linking an Azure account is that you can let the Operations Management Suite analyze logs stored by Azure Diagnostics. This Azure service can gather information from web and worker roles in cloud services (platform as a service [PaaS]) as well as VMs, both Windows and Linux.
Settings Tile
Once you’ve set up the workspace, the next step is connecting your data sources (click the big blue Settings tile); there are three options:
If you have System Center Operations Manager 2012 SP1 UR6/2012 R2 UR2 follow these instructions to enable Operational Insights (the name hasn’t been updated yet) using the SCOM console. You can then add computers or groups; their SCOM agent will collect the data and send it to the management group, which will then send it to OMS. You can also optionally configure SCOM alerts to surface in OMS.
Alternately, you can use the direct agent that installs the Microsoft Monitoring Agent (32- or 64-bit Windows or Linux) on each server. For Windows, this is an ordinary MSI (installer), so you can use your favorite software distribution method to push it to multiple machines. These servers (and clients, OMS is excellent for some workstations, such as cash register computers in retail) will send their data directly to OMS. There’s an option in the agent setup to configure a proxy server, which is different from the system-defined proxy; it’ll only apply to OMS traffic. OMS always uses HTTPS traffic. If you have a firewall filtering outbound traffic, you’ll need to ensure the agent can deliver data to the OMS; click here for ports and addresses.
Connect the agent to Operational Insights (OMS)
The third way to onboard data into the Operations Management Suite is to gather data from an Azure storage account, described above. Amazon Web Service (AWS) storage accounts are coming shortly.
Note that the free trial has no expiry, comes with maximum 500 MB data upload per day and a seven-day retention period. For pricing information beyond what the trial offers see here.
Search & Mobile
The query syntax is intuitive, and you can look at your previous searches using the History button. I’ve found an excellent resource for learning OMS searching on this blog by Ed Wilson.
You can take a saved search and drag it onto your personal dashboard to create a custom tile based on the query.
With the OMS console being HTML 5, it works great on an iPad and in all the browsers I tested. For mobiles, there’s a free Android app, iOS app, and Windows app. It lets you see custom dashboards you have created, see the overview page and access searches, and you can customize a search, and even change the time range for a particular search.
You can export data from OMS to Excel, but be aware that there’s a 5,000-line limit in the exported spreadsheet.
In part 2, we’ll look at the power of Solutions, what else is in the “suite,” and things that are coming in the near future.
