Enforcing Speed and Control with Resource Graph and Azure Monitor
In my previous posts, I discussed the benefits of utilizing Azure Policy, as well as Management Groups and Azure Blueprints, while giving in-depth instruction on how to best implement these tools. In this post, I will demonstrate how to navigate Resource Graph and Azure Monitor, completing the steps necessary to enforce speed and control with Microsoft Azure.
Prior to the introduction of Azure Resource Graph, a longer, complex process was required to gain resource visibility using queries.
Traditionally, Azure Resource Manager sent data to a cache that exposed some information about resource, including but not limited to:
- the Resource Name
- Resource Group
Typically, these calls for information were made to each resource provider and thus, multiple calls and complex scripts were needed to handle the operation.
It is possible to query resources directly using Azure CLI or PowerShell, but querying using either is much slower than using Resource Graph. Also, they both do not allow for cross-subscription querying.
Azure Resource Graph Overview
Azure Resource Graph is a service in Azure that is designed to extend Azure Resource Management by providing efficient and performant resource exploration, with the ability to query at scale across a given set of subscriptions. It allows you to effectively govern your environment.
The query function provides the ability to query resources with complex filtering capabilities, grouping and sorting by resource properties. It has the ability to iteratively explore resources based on governance requirements. It also gives you the ability to assess the impact of applying policies in a vast, cloud environment.
For example, you can use a query to:
- determine what the impact of your policy will be
- tailor your policy to your environment
Let's say you need to create a policy to limit what VM SKUs are to be deployed in your subscription. Prior to creating that policy, you could create a query that shows you the current breakdown of your VMs by SKU.
The first step to using Azure Resource Graph via the Azure CLI is to install the required extension:
The query below will return the first 5 Azure resources with the Name and Resource Type of each resource.
The following query returns the number of Azure resources that exist in the subscriptions that you have access to. It's also a good query to validate that your shell of choice has the appropriate Azure Resource Graph components installed and in working order.
Azure Monitor maximizes the availability and performance of your applications by;
- delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments
- helping you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on
With Azure Monitor, you can store and analyze all your operational telemetry in a unified, centralized, fully-managed, and scalable data store that's optimized for performance and cost. The data stores include;
- Azure Monitor Logs
- Event Hubs
- Azure Storage (storage accounts)
Azure Monitor is intelligent enough and allows you to test your hypotheses and reveal hidden patterns using an advanced analytic engine, interactive query language, and a built-in machine learning construct.
Azure Monitor enables integration with popular DevOps, issue management, IT service management, and security information and event management (SIEM) tools.
The above image gives a high-level view of Azure Monitor.
- At the center of the diagram are the data stores for metrics and logs, which are the two fundamental types of data used by Azure Monitor.
- On the left are the sources of monitoring data that populate these data stores.
- On the right are the different functions that Azure Monitor performs with this collected data such as analysis, alerting, and streaming to external systems.
All data collected by Azure Monitor fits into one of two fundamental types: Metrics and Logs.
Metrics are numerical values that describe some aspect of a system at a particular point in time. They are lightweight and capable of supporting near real-time scenarios.
Logs contain different kinds of data organized into records with different sets of properties for each type. Telemetry, such as events and traces, are stored as logs, in addition to performance data. As a result, it can all be combined for analysis.
For many Azure resources, you'll see data collected by Azure Monitor right in their Overview page in the Azure portal. Have a look at any virtual machine, for example, and you'll see several charts displaying performance metrics.
Click on any of the graphs to open the data in metrics explorer in the Azure portal. This allows you to chart the values of multiple metrics over time. You can view the charts interactively or pin them to a dashboard to view them with other visualizations.
Log data collected by Azure Monitor can be analyzed with queries to quickly retrieve, consolidate, and analyze collected data. You can create and test queries using Log Analytics in the Azure portal. Then, you can directly analyze the data using these tools or save queries for use with visualizations or alert rules.
Azure Monitor uses a version of the KUSTO query language used by Azure Data Explorer, that is suitable for simple log queries, but also includes advanced functionality such as aggregations, joins, and smart analytics.
Azure Monitor can collect data from a variety of sources. You can think of monitoring data for your applications in tiers, ranging from your application, any operating system, and the services it relies, down to the platform itself.
- Application Monitoring Data: data about the performance and functionality of the code you have written, regardless of its platform.
- Guest OS Monitoring Data: data about the operating system on which your application is running. This could be running in Azure, another cloud, or on-premises.
- Azure Resource Monitoring Data: data about the operation and management of an Azure subscription, as well as data about the health and operation of Azure itself.
- Azure Tenant Monitoring Data: data about the operation of tenant-level Azure services, such as Azure Active Directory.
Azure Monitor can collect log data from any REST client, using the Data Collector API. This allows you to create custom monitoring scenarios and extend monitoring resources that don't expose telemetry through other sources.
Monitoring data is only useful if it can increase your visibility into the operation of your computing environment. Azure Monitor includes several features and tools that provide valuable insights into your applications and other resources they depend on. Monitoring solutions and features, such as Application Insights and Azure Monitor for containers, provide deep insights into different aspects of your application and specific Azure services.
Responding to Critical Situations
In addition to allowing you to interactively analyze monitoring data, an effective monitoring solution must be able to proactively respond to critical conditions identified in the data that it collects. This could be sending a text or email to an administrator responsible for investigating an issue. Or you could launch an automated process that attempts to correct an error condition.
Autoscale allows you to have the right amount of resources running to handle the load on your application. It also allows you to create rules that use metrics, collected by Azure Monitor, to determine when to automatically add resources to handle increases in load, while also saving money by removing resources that are sitting idle. You specify a minimum and maximum number of instances, as well as the logic for when to increase or decrease resources.
Visualizing Monitoring Data
Visualizations, such as charts and tables, are effective tools for summarizing monitoring data and presenting it to different audiences. Azure Monitor has its own features for visualizing monitoring data and leverages other Azure services for publishing it to different audiences. These features include:
Azure Dashboards - they allow you to combine different kinds of data, including both metrics and logs, into a single in the Azure portal
Views - they visually present log data in Azure Monitor. Each view includes a single tile that drills down to a combination of visualizations, such as bar and line charts, in addition to lists summarizing critical data
Power BI - they provide interactive visualizations across a variety of data sources. They're also an effective means of making data available to others within and outside your organization.
Management refers to the tasks and processes required to maintain your business applications and the resources that support them. Azure has multiple services and tools that work together to provide complete management for not only your applications running in Azure, but also in other colds and on-premises. Understanding the different tools available and how they can be used together for a variety of management scenarios, is the first step in designing a complete management environment.
The diagram above illustrates the different areas of management that are required to maintain any application or resource. These different areas can be thought of in terms of a lifecycle where each is required in continuous succession over the lifespan of a resource, This starts with its initial deployment, through its continued operation, and finally, when it's retired.
Governance provides mechanisms and processes to maintain speed and control over your applications and resources in Azure. It involves planning your initiatives and setting strategic priorities. Once the initiatives are in place, subscriptions can be described under management groups and initiatives can be used to enforce compliance of resources in these management groups. Azure Blueprints can then be used to repeatedly deploy new compliant environments, while Azure Resource Graph could be used to inventory all deployed resources and their state. Finally, Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments, while helping you understand how your applications are performing, and proactively identifying issues affecting them and the resources they depend on.
Learn more about Azure with Mbong Ekwoge's course on Cloud Application Architecture