Design and implement network monitoring

Question 1

What is Azure Monitor?

Answer 1

Azure Monitor delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

• Helps you understand how your applications are performing and proactively identify issues affecting them and the resources they depend on.

Features
* Use Application Insights to detect and diagnose issues across applications.
* Correlate infrastructure issues with VM insights and Container insights.
* Use Log Analytics to explore troubleshooting and diagnostics your monitoring data.
* Support operations at scale with smart alerts and automated actions.
* Create visualizations with Azure dashboards and workbooks.
* Collect data from monitored resources using Azure Monitor Metrics.

Question 2

Monitor data types in Azure Monitor

Answer 2

1. Metrics. Azure Monitor Metrics is a feature that collects numeric data from monitored resources into a time series database. Metrics are numerical values that are collected at regular intervals and describe some aspect of a system at a particular time.

2. Logs. Logs contain different kinds of data organized into records with different sets of properties for each type. Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis.

Question 3

Metric Sources in Azure Monitor

Answer 3

1. Azure resources. Azure resources create platform metrics that give you visibility into the resources health and performance.

2. Applications. Application Insights shows metrics for your monitored applications and helps you detect performance issues and track trends.

3. Virtual machine agents. Metrics are collected from the guest operating system of a virtual machine.

4. Custom metrics. You can define custom metrics in your application that is monitored with Application Insights or create custom metrics for an Azure service using the custom metrics API.

Question 4

Azure Monitor - Metric Tasks

Answer 4

• Analyze: Use metrics explorer to analyze collected metrics on a chart and compare metrics from different resources.
• Alert: Configure a metric alert rule that sends a notification or takes automated action when the metric value crosses a threshold.
• Visualize: Pin a chart from Metrics Explorer to an Azure dashboard. Create a workbook to combine with multiple sets of data in an interactive report.
• Automate: Use Autoscale to increase or decrease resources based on a metric value crossing a threshold.
• Retrieve: Access metric values from the command line or REST API.
• Export: Route Metrics to Logs to analyze data. Stream Metrics to an event hub to route them to external systems.
• Archive: Archive the performance or health history of your resource for compliance, auditing, or offline reporting purposes.

Question 5

Monitor network resources with Azure Monitor Network Insights

Answer 5

You can use the Insights > Networks section in Azure Monitor for a high-level view of network resources health and metrics. Azure Insights provides access to network monitoring features such as Connection Monitor, flow logging for network security groups (NSG) flow logs, and Traffic Analytics.

1. Network health and metrics. Offers a simple method for visualizing an inventory of your networking resources, together with resource health and alerts.
2. Connectivity. Provides an easy way to visualize Connection Monitor tests.
3. Traffic. Provides access to NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by location.
4. Diagnostic Toolkit. Provides access to all the diagnostic features available for troubleshooting your networks and their components. Most of these tools use Network Watcher.
* Capture packets - help to diagnose network anomalies, both reactively, and proactively.
* Troubleshoot VPN - diagnoses the health of a virtual network gateway or connection.
* Troubleshoot connectivity - checks TCP connections. Connections can include the fully qualified domain name (FQDN), URI, or IPv4 address.
* Identify next hops - obtains the next hop type and IP address of a packet from a specific VM and NIC.

Question 6

Azure Network Watcher

Answer 6

Azure Network Watcher is a regional service that enables you to monitor and diagnose network conditions. Monitoring enables you to diagnose problems at an end-to-end network level view.

Tools

1. Network Topology – Generates a visual map of resources in a virtual network and their relationships.
2. Verify IP Flow – Diagnoses connectivity issues by checking if security rules block or allow traffic.
3. Next Hop – Shows the next routing destination, helping verify correct network routing.
4. Effective Security Rules – Displays applied NSG rules at subnet or NIC level, useful for identifying open ports.
5. VPN Diagnostics – Troubleshoots VPN issues with connection stats, errors, and performance data.
6. Packet Capture – Captures network traffic for troubleshooting, intrusion detection, and debugging.
7. Connection Troubleshoot – Tests connectivity and provides network performance data.
8. NSG Flow Logs – Logs IP traffic through NSGs, useful for monitoring and analysis.

Question 7

Connection Monitor

Answer 7

Connection Monitor provides unified end-to-end connection monitoring in Azure Network Watcher. The Connection Monitor feature supports hybrid and Azure cloud deployments.

• Unified, intuitive experience for Azure and hybrid monitoring needs.
• Cross-region, cross-workspace connectivity monitoring.
• Higher probing frequencies and better visibility into network performance.
• Faster alerting for your hybrid deployments.
• Support for connectivity checks that are based on HTTP, TCP, and ICMP.
• Metrics and Log Analytics support for both Azure and non-Azure test setups.

Question 8

Connection Monitor - Components

Answer 8

**1. Connection monitor resource – **A region-specific Azure resource.
2- Endpoint – A source or destination that participates in connectivity checks.
3- Test configuration – A protocol-specific configuration for a test.
4- Test group – The group that contains source endpoints, destination endpoints, and test configurations.
5- Test – The combination of a source endpoint, destination endpoint, and test configuration. A test is the most granular level at which monitoring data is available.

Question 9

Traffic Analytics

Answer 9

Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic Analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud and provide rich visualizations of data written to NSG flow logs.

With Traffic Analytics, you can:

• Visualize network activity across your Azure subscriptions and identify hot spots.
• Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
• Determine traffic flow patterns across Azure regions and the internet.
• Pinpoint network misconfigurations leading to failed connections in your network.

How Traffic Analytics works
Traffic analytics examines the raw NSG flow logs. The raw logs are aggregated and then enhanced. Enhancements include geography, security, and topology information. The information is then stored in a Log Analytics workspace and is available for analysis.