- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
- Understanding Azure service accounts - Fri, Mar 31 2023
Today I'd like to show you how to set up monitoring of Azure Resource Manager (ARM) resources by using Datadog. Please read my product review if you need general Datadog information; today we’ll get right into the Azure goodness. Let's begin.
Install the Datadog Agent in Azure
Datadog and the Azure engineering team worked together to make ARM resources available for Datadog monitoring. Initially, the Datadog Azure agent monitored only Azure virtual machines. The updated integration scope now includes:
Azure App Service: Platform-as-a-Service (PaaS) web applications
SQL Database: Cloud-based SQL Server virtual servers and databases
Virtual Machine: Infrastructure-as-a-Service (IaaS) VMs
Under the hood, Datadog taps into Azure’s native APIs to gather performance metrics, specifically the Azure SQL Database API and Azure Insights API. Of course, the value-adds that Datadog brings to the table are:
You can seamlessly monitor your on-premises servers along your Azure resources.
You can monitor Linux servers and services using the same tools as you do for Windows.
As you can see in the following screenshot, we can add the Datadog agent as a VM extension directly from the ARM portal (https://portal.azure.com).
Adding the Datadog Azure VM extension
To complete this configuration, you'll need to paste your Datadog API key; you can obtain that from your Datadog customer portal.
Before you submit your new VM deployment, make sure that you enable diagnostics monitoring and set a diagnostics storage account. The reason for this is simple: Datadog “piggybacks” on Azure’s own native monitoring capabilities. The Agent adds several additional metrics on top of Azure's, though.
Start monitoring your Azure VM
Next, you need to create a new application for Datadog in your chosen Azure Active Directory (Azure AD) instance. My instructions here are schematic; see this Datadog help article for detailed instructions.
Make a note of your tenant name; it’s the URL section I've placed in boldface below (of course, this is my tenant and is named differently from yours):
https://manage.windowsazure.com/@visioitpro.com#Workspaces/All/dashboard
In the Azure Service Management portal, open your Azure AD tenant page, navigate to Applications, and click Add. In the What do you want to do? dialog box, select Add an application my organization is developing.
Name your application Datadog or something else reasonable, and ensure that Web application and/or Web API is selected.
Specify https://app.datadoghq.com for both the sign-on URL and the app ID URI. Datadog doesn't actually need these URIs, so these are simply placeholders.
As is the case with any Azure AD SaaS app integration, we now need to navigate to the Configure tab for our new Datadog app and specify metadata.
Take note of the Client ID GUID; we'll need that in a moment. Next, set the key duration to either 1 year or 2 years (doesn't matter for our purposes).
Under Permissions to other applications, click Add application, and define an entry for Windows Azure Service Management API. You can see this admittedly convoluted interface in the next screen capture.
Creating an Azure AD application for Datadog monitoring
Save your changes, and before you go back to your Datadog tenant, scroll back up the Datadog app configuration page in the Azure portal and copy the key GUID Azure just created.
Okay. Deep breath. Now log into your Datadog tenant, navigate to the Integrations page, and find the Microsoft Azure integration. To complete the integration, you'll need to paste the following values that you've previously taken note of:
Azure AD tenant name
Client ID
Client secret
Here's a screenshot of my configuration:
Completing the Azure-Datadog integration
Completing the Azure-Datadog integration
Lastly, go back to portal.azure.com, navigate to the subscription you would like to monitor, add a new user to that subscription, find the application you just created, and grant the Datadog user account the Reader role to your Azure subscription. Within a few minutes the Azure VM host should appear in your Datadog infrastructure list and begin sending metrics to Datadog.
When you visit your Datadog tenant’s Integrations page, you'll see separate engines for Azure App Services, Azure SQL DB, and Azure VM as shown here:
New Azure Datadog integrations
Your new Azure Datadog integrations
It's easy to miss the big picture when you're “heads down” with all those tedious setup procedures. Let me recap the integration process from a high level:
We install the Datadog Agent on our Azure VMs and link them to our Datadog account via our personal API key.
We “tell” Azure AD about Datadog and grant the Datadog API access to Azure’s APIs.
We “glue” Azure to our Datadog account by mapping Azure AD app metadata to our Datadog Azure integration.
The previous procedure should be familiar to you if you’ve configured other SaaS apps to integrate with Azure.
Testing the Azure/Datadog integration
From here on, the Datadog monitoring workflow with Azure is no different from monitoring your other systems and services. You’ll have a new dashboard for each Azure integration; check out the Azure VM dashboard:
The Azure VM screenboard
It’s important to note that once you’ve added Azure VMs to Datadog, you can not only monitor the VMs from an “external” viewpoint (that is, how long they have been online, how many resource they’re consuming, and so forth), but you can also monitor the VMs’ own apps and services.
To customize the built-in Azure dashboards, simply clone them and edit away! Installing the Datadog agent on your Azure VMs is advised because the Agent collects VM metric data at a much higher resolution than Azure’s own portal metrics.
Subscribe to 4sysops newsletter!
For more information about Datadog, or their 14-day free trial, visit their website, www.datadoghq.com.
