AZ-303 Microsoft Azure Architect Technologies – Monitor Azure Infrastructure Part 4

10. Application Insights

Application Insights are a set of tools for specifically monitoring application level events and statistics. In order to use them, you must install an instrumentation package within your application. App Insights can be used in many different platforms, including Net, Node, JS, and Java, and it can be used to monitor both cloud and on premise applications. With App Insights, you get a full end to end view of your application from front end services, middle tier services, and back end databases and storage. It allows you to continually monitor performance and diagnose problems, and even investigate client statistics such as source location, browser and OS type, and more.

You can also output your own custom logs directly from within your application code and consume all this information either via the built in Azure Dashboard or other data analysis tools such as Power Bi. Some of the ways we can explore data in the Azure Portal include smart detection and manual alerts, so you can set up automatic alerts that adapt your application’s normal patterns of telemetry and trigger when there’s something outside of that unusual pattern. The application map allows you to explore the components of your app with key metrics and alerts.

The usage analysis shows user segmentation and retention. You can explore, filter and segment aggregated data such as rates, requests, failures and exceptions, response times, and page load times. There’s a live metric stream when you deploy a new build. You can watch near realtime performance indicators to make sure everything is working as expected. And then finally, you can query all the data in the Azure Log Analytics tooling and create your own custom dashboards and workbooks.

11. Application Insights Walkthrough

So far we’ve looked at standard Azure monitoring and analyzing those logs using log analytics. There is another element of monitoring within the Azure platform called Application Insights. So Application Insights are aimed more at applications themselves, the health of those applications, and also metrics about how those as applications are used. There are actually three ways Application Insights can be added to applications. The first is when an application is created, there is often an option to enable Application Insights. So for example, when we created our web app earlier on, one of the options was a tick box for Application Insights, which we chose not to tick. The second way we can have Application Insights is from Visual Studio itself.

When developing an application in the GitHub project for this course, there is a sample net application. It’s a simple application with a SQL backend database and if you open it up in Visual Studio, if you then right click on the application itself and go to Add. There is an option for adding Application Insights telemetry. When we do that, we get a screen up that allows us to go through and start the process of connecting to our account and then creating and registering an Application Insights instance from there. That’s useful when you’re developing the applications yourself and you want full control of the application. It also allows you to install the tooling that allows you to emit your own logs directly to the Application Insights. Third way we can enable Application Insights is through the Web app itself.

So here I’ve opened up the Cloud Guru Web app earlier, which was basically just this event grid viewer. And what I can do here is I can go down to the Application Insights tab and click turn on Application Insights. This point we’re given the option to create or select an existing resource because we’ve not created one before. I’m going to give it the names you choose your instrumentation. So this application itself was written in Net Core.

So I’m just going to choose Net Core, and then I’m going to click apply. Once that’s finished, we then get a link to our application resource or alternatively, we can access it through here. I’m just going to go and click that link directly. And through here we can start seeing basic telemetry information. So at the moment, nothing’s happening. So I’m going to just go back to our website and I’m just going to refresh the page a few times. That’s basically just to force some traffic through the website.

If I now go back here, we’ve got these different options down the left hand side that we can use to start examining our application. The first thing I want to look at is this Live Metrics option. As you can see, the Live Metrics option gives you an up to second view of what’s happening on your website at any moment in time. If we’re going in, hit refresh a few more times we’ll see as we start to get requests coming in and going through. The performance tab is similarly very useful for showing us actual up to limit performance metrics. And through here we get to see the operations that have been occurring on the website and perhaps more importantly, how long each operation is taking.

And we can start to drill down on the actual calls that are making being made to the application and get detailed metrics of how long requests are actually taking. So this is extremely useful for helping you troubleshoot bottlenecks on poor performing applications. Another useful option is the users. So Users is a great view to show users of your actual website and when we click more Insights, not only do we see the number of sessions and users that are hitting our website, we actually start to drill down into more metrics. So for example, we can see the country they’re coming from, the OS and browser they are using and so on. As we saw in Log Analytics we also have this workbooks option which are again a number of predefined workbooks that have a number of metrics that we can go in and have a look at. So for example, we could go and have a look at active Users, which again is just a collection of useful tools that we think we can use. And as the workbooks in Log Analytics we can go in and edit that and start creating our own dashboards accordingly.

Finally, if we go back to the overview page, whenever you create an application Insights, it creates you an application dashboard. So if we click on this here, this takes us to a built in dashboard that gets created, that gives us a great overview of how our application is performing, any areas we might be receiving and so on. Again, as we view the dashboards, we can easily edit, add and remove components of this as we require.

Monitoring Log Analytics and App Insights are extremely large subjects all in their own right. The important thing for the 303 exam is to understand which is used for which scenarios. So for example, App Insights is for application monitoring, Log Analytics is for analyzing existing logs and Monitoring is for UpToDate metrics of your Azure components and also how you enable each of them and tie them all together.

12. Update Management Walkthrough

An important part of maintaining a secure infrastructure is update management, especially when talking about virtual machines. This lecture should really be under the infrastructure section of the course under Update management. However, you cannot implement update management without a log analytics account, which is why I’ve left it until the monitoring section. But basically the update management option for virtual machines within Azure is the ability to manage the updates and patches that get applied to virtual machines. In an on premise world, this will be done using other tools such as Sccm. However, in Azure we have this native options called update management. The first thing you’ll need to do is connect to virtual machine to use the update management service and we’ll do that now. Go to a virtual machine and on the operations options click the blade for update management so it will automatically use the log analytics workspace that we created earlier and connected the virtual machine too. However, the other thing we need to do is create an automation account.

Now we can either have this done automatically for us by choosing that option, or we can manually go and create the automation account. I’m just going to let this do it automatically for me now. So I’m just going to click enable. So as we can see from the screen here, the actual update management can take around 15 minutes and then when it has enabled, it can then take around about an hour for it to actually scan the virtual machine and see what updates are missing or required. So once you’ve done that one, have a break and come back in about an hour’s time. Once the agent is installed and it’s had time to perform a scan, you’ll start to get information through about security updates and more importantly, which security updates are missing and what the classification needs.

So for example, the security updates and so on. So the first thing we need to do is set up a schedule to actually update these. So if we go to the schedule update deployment, we can go ahead and create update deployments. Now we have an option how we do these and one of them is the schedule setting. So we’ll just skip down here for 1 second and we can see we can either perform one off deployments or we can perform recurring deployments. So for example, a common deployment routine would be patch Tuesday. So you would say every seven days or every one week or however often you want to do it, say every Tuesday, run this patching, I’m just going to set this to once for now.

Then what we’ll do, we’ll go back up here and give it a name. So we’ll call it one off. You can tell it which packs to install. So critical and security are obviously the most important.

They’re the ones that would always be recommended. But you can then optionally install other things such as service packs, feature packs and so on. You have to be more careful with these, especially if you’re doing them on an automated, weekly or bimonthly basis because you don’t necessarily want to always roll out the latest service pack, whereas critical and security updates you would want to. So I’m just going to uncheck all these and just tell it to do critical insecurity. You can then go in and specifically exclude certain patches and you would do that by searching for the Kbid of the patch you want to exclude. I’m not going to do that just now. I’m going to go back to the schedule and just set it to once. You can then tell it to run pre and post scripts. These are quite useful if you want to run a PowerShell script to perform certain actions such as maybe gracefully close down some service or send some response. We can set a maintenance window and then we can tell it whether to reboot if required or not. Now this is important because sometimes you might not want this to reboot all the time, sometimes you might want to always reboot.

So you need to make sure that you set the best reboot option according to your requirements. Once ready, go ahead and click Create. That will go on ahead and create a deployment. And again, you’ll need to give it a bit of time to kick off while waiting for those to install. I’ll just show you another view because at the moment this is all the update management for this one virtual machine. In reality, you’ll want to manage updates for all virtual machines.

So if you go to our menu and go to our all resources, what we actually want to do is go to the automation account that was set up to run this. Through the automation account, we have our update management option through this pane. Again we get a better overview of all servers across Ireland state, which gives us a synopsis of what updates they are missing. And again, through here we can schedule an update deployment. In this way, an update deployment can be configured to go across groups of servers. So for example, we could say on Patch Tuesday Windows, we can create a group.

So we would go in, select our subscription, our resource group, so we could say this one is just for Windows service. We can filter it by location, we then click Add and click Preview. It will show us which virtual machines is selected and then configure the rest of the settings that we did before. So obviously that’s a much better way of managing updates across an entire estate and gives you a lot of control because you can create multiple updates deployments based on groups of servers, operating systems, locations and so on.