Skip to content
adatum
  •  SCOM Web API
  • About adatum
Azure Lighthouse

Azure Advent Calendar #4: Azure Lighthouse

  • 04/12/201925/11/2019
  • by Martin Ehrnst

Door #4

Behind door number four of the Azure Advent Calendar 2019, we find Azure Lighthouse. Lighthouse provides simplified resource management in Azure cross tenants.
This makes it very interesting for larger enterprises, who often separate their user directory from the services. And for managed service providers, who deliver services to multiple customers, seeking the utopia of single-pane management.

You can find my video here, and all other contributions on the YouTube channel.

Azure Lighthouse resources

If you want to read more about Azure Lighthouse and it’s capabilities, I recommend the official documentation and the official GitHub repository
For more community-related content, I suggest you check Wesley Haakmans blog.

Azure Advent Calendar is such a great initiative from Gregor Suttie and Richard Hooper. I really dig how the Azure community put together all this content- thank you.
I am sure it will be a great success and hopefully continue in the years to come.

Thank you for having me on.

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

Microsoft Ignite 2019 announcements and news

  • 04/11/201913/11/2019
  • by Martin Ehrnst

It is Monday morning and Ignite announcements are coming in fast. The releases itself aren’t that groundbreaking as previous years, but looking at them from 10.000 feet they represent something very interesting in my opinion.

At Microsoft Ignite in 2015, we were pitched that everyone should run in the public cloud only.
Over the years, Microsoft has invested heavily in the hybrid scenario, introducing Azure stack and other services. With the announcements from Ignite 2019, I feel like we are completing the circle. Azure Arc lets us manage on-premises as we do with Azure, using ARM. Azure Functions are getting more hybrid/local benefits, and the same goes for many of the other services.

Below you can find what I find particularly interesting. Expect this list to evolve and change throughout the week.

For all announcements from Ignite 2019 read the Microsoft Ignite Book of news

Azure Arc

If you think Microsoft all over your infrastructure already. Azure Arc extends Azure management to any cloud and on-premises. I am really looking forward to testing this out! ARM templates on-premises?

Azure Monitor

Azure monitor itself doesn’t get any new features. But all other services get better integration with Azure Monitor. Prometheus support is GA, and hybrid monitoring for containers (kubernetes) is announced as a preview.

Azure Functions

As with the announcement of Azure Arc. Support for multi-cloud and hybrid cloud continues to evolve with Azure Functions. Premium support is now GA, as well as PowerShell. With Powershell support in functions, and Premium plan with hybrid support. I am keen to hear about the future of Azure Monitor.

Azure Cost Management for CSP

Finally. If you know the struggle you are probably as excited as I am, that Azure Cost Management now is available for CSP subscriptions. This means that we can provide cost management seamlessly across all subscription models, and leverage the same APIs

Tags for subscriptions

A long-awaited feature. The ability to add tags to subscriptions is finally available.

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

Ignite 2019 session tips

  • 04/11/201904/11/2019
  • by Martin Ehrnst

Ignite 2019 is just around the corner, and we have a lot to look forward to. According to the session builder, there are almost 2000 sessions to choose from. Even Monday has 321!

In this post, I will share what I think you should look out for and what sessions to attend.

Keynotes

First things first. Monday is packed with keynotes. Satya Nadella’s vision keynote will tell us how Microsoft sees the future and sets the mood for the coming week. We can also expect a few announcements coming as well.

After the vision keynote, each product team has their own technology keynote. These are usually really good and packed with demos.
For Ignite 2019 I am not sure which I will attend. But it will be one of these two:

  • Invent with purpose on Azure
  • Microsoft’s roadmap for security, compliance, and identity

Breakout sessions

One hot tip that I have, is the ability to chose a learning path. This lets you add all breakout sessions within the learning path, and with that have consistency in your sessions. If you’re going à la carte, I think these sessions look interesting.

  • Building the foundation for modern ops: Monitoring
  • Deployment practices for greater reliability
  • Top ten best security practices for Azure today
  • Enhancing web applications with cloud intelligence
  • Lessons learned: An MSP’s journey from System Center Operations Manager to Azure Monitor
  • Advanced monitoring: Azure Monitor best practices you should know
  • Top 10 best practices in Azure governance and adoption
  • AI behind call center analytics: Using Azure Cognitive Services to improve customer experiences

Hallway sessions

Ignite 2019 have a great option called Expert Connect. Here you can schedule to meet subject matter experts and discuss your real-world challenges.

Personally, I have cut down on the number of sessions that I attend each day. And instead, I am prioritizing side meetings and the occasional “hallway session”.
Most of the breakout sessions are available on-demand when you get home.
If you want to meet, let me know!

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure

Azure Lighthouse why is it so important

  • 15/08/201930/09/2019
  • by Martin Ehrnst

Working for a Managed Service Provider (MSP) I have many times faced the challenges of managing multiple separate customers from one single pane. Weather it is multi tenant active directory, single AD or a vanilla Azure tenant. An MSP is only good when they can build tools to manage all customers in a streamlined fashion.

In the Microsoft sphere, partners and large enterprises have faced many of the same challenges. If you are a large enterprise, you might be eligible for an Enterprise Agreement.
As a partner you can apply to become a (tier 1) Cloud Solution Provider (CSP). The tools provided are are far from good enough. The challenge is that you are still bound to the tenant isolation. If you wanted to have a view of all alerts in Azure Monitor for all your customers. You need to create a tool that authenticate against each individual tenant and retrieve this information. Similar to what I did with SCOM.

Project Towboat

Last year I attended a side meeting for MSPs at Ignite. We discussed at scale management in the Azure Portal. We where promised that something called Project Towboat was planned. Since then it have been dead silent.
Out of the blue, Microsoft announced Azure Lighthouse. Promising simplified cross tenant resource management. So what makes this so great?

Delegated resource access

Azure Lighthouse uses delegated resource access. In essence, the customer establish a trust with your (managemen/master) tenant. This allows for the users in the management directory (tenant) to mange resources on behalf of their customers. Many uses Azure AD B2b to manage resources cross multiple tenants. With Azure Lighthouse, you can do that without changing the context of the user.

In my opinion. Here’s some of the features that make Azure Lighthouse so important to MSPs, and others managing multiple tenants.

Cross tenant monitoring in Azure

Azure Monitor is now multi tenant. As long as the resource group or subscription is available for the person using Azure Monitor. Application and infrastructure monitoring is available.

Multi tenant Log Analytics

Log Analytics is a part of Azure Monitor, and is called Azure Monitor Logs. The engine behind is Log Analytics. With Azure Lighthouse, Log Analytics have multi-tenancy capabilities, as it’s already able to query cross subscriptions. For example, activity logs can be connected directly, as if it was your own subscription.
The same applies to Azure storage accounts and virtual machines.

Azure security center for all customers

The beauty with delegated resource management just continues. Another great thing for your security team, apart from Log Analytics is Azure Security center is available in Azure Lighthouse. This means that the team (or that one person) can look at one single dashboard, or write the integration against one tenant.

Summary

With Azure Lighthouse greatly simplifies at scale and cross tenant management. Being tightly integrated with Azure Resource Manager for deployment, as well as Azure Monitor and Security Center for monitoring infrastructure and security.

I am really looking forward to create solutions and working more with Azure Lighthouse. It is a long awaited product, and with this launch, Microsoft is way ahead of it’s competitors.
Expect more dedicated posts on how to manage and automate using lighthouse in the future.

You can read more and find examples on the official Azure Lighthouse documentation and Azure Lighthouse github examples

Share this:

  • LinkedIn
  • Twitter
  • Email
Azure Monitor

Metric alerts for Azure monitor logs

  • 12/06/201912/06/2019
  • by Martin Ehrnst

A common thing for traditional companies is to have one team responsible for monitoring. A few years ago, this team where close friends with the team provisioning infrastructure. Now, more and more companies are shifting to the “DevOps” world. Even Microsoft have killed SCOM and are only using Azure Monitor. Meaning that the one deployed the code (and the infrastructure) should be responsible for monitoring.  In essence, this is great. But this transition takes time, and one should not underestimate the knowledge of the team who have been responsible for monitoring your entire infrastructure for decades.

If you are familiar with SCOM, you know that rules and monitors is targeted against a class of objects. IE, Windows 2016 operating system. When we move our workloads to Azure, we want to use Azure Monitor to monitor our workloads and VMs.

Enter Log alerts

Log Alerts has been around for quite some time and is commonly used to alert on actual log data. IE custom application logs, Windows event log and so on. But Log alerts has a “hidden” feature, especially for your monitoring teams, not wanting to manage hundreds of duplicate rules.

By using Log alerts with metric measurements you can almost replicate the what discoveries in SCOM does- find resources of a specific type, and attach some kind of monitoring to them. For example, you can create a search query for all your IaaS VMs and alert on their CPU counter.

This will let your monitoring team recreate all their logic, and have control over the entire infrastructure, almost as they had on-permises. At the same time you can leverage more DevOps practices and at the end have every team responsible for their own work.

Kusto examlpe

Below is a simple example that will list all VMs and their processor time. You can create an alert straight from Azure Monitor logs (former Log Analytics) or start from a new alert.

Perf | where ObjectName == "Processor" and CounterName == "% Processor Time" | summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 5m), Computer

Summary

You have the option to monitor multiple VMs using one Alert Rule in Azure Monitor already. But one limitation is that this solution will not add new VMs to the alert rule. And for the time being, it only supports virtual machines
Log alerts are dependent on your query. So as long as your data is available, you can alert on it. Whether it is a web app, a SQL server or a custom log.

With Log Alerts, the transition to a public cloud-based infrastructure might be easier. Your operations teams can use their knowledge and re-create their on-premises monitoring logic as searches.
Application alerts could still be handled by the developers, and you can provision those using ARM templates or similar.

PS: I was going to write a longer post on how to manage and programmatically create log alerts, but with these great examples in Microsoft docs, there’s no need to re-invent the wheel.

Share this:

  • LinkedIn
  • Twitter
  • Email

Posts navigation

1 2 3 … 15

Top Posts & Pages

  • Azure Advent Calendar #4: Azure Lighthouse
  • Azure AD authentication in Azure Functions
  • Creating Azure AD Application using Powershell
  • Using Azure pipelines to deploy ARM templates
  • SCOM Alerts to Microsoft Teams and Mattermost
  • Script to add SCOM agent management group
  • Web API for System Center Operations Manager
  • Azure Lighthouse why is it so important
  • Update: SCOM web API

Tags

#Ignite #Serverless #Azure # speaking agent api authoring Automation Azure AzureAD AzureCloudShell AzureFunctions AzureMonitor AzureRM Community CSP database EventGrid ExpertsLive ExpertsLiveEU Integrations LogAnalytics management pack monitoring MSBuild2018 MSIgnite MSIgnite2017 MSOMS MSP nicconf OperationsManager OpsMgr Powershell ProjectHonolulu QUickPublish rest SCDPM SCOM SCOM2016 scu2016 SCVMM Serverless SquaredUP SysCtr system center Webasto WindowsAdminCenter

Follow Martin Ehrnst

  • Twitter
  • LinkedIn

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Microsoft Azure MVP

Martin Ehrnst Microsoft Azure MVP
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress
adatum
Proudly powered by WordPress Theme: Shapely.
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.