Sunday, October 1, 2017

[AZURE 70-534 - Cheat Sheet and Exam Notes Part-6] Design a management, monitoring, and business continuity strategy

Series Index 
  1. Azure ARM , networking and GLOBAL Infrastructure (2017-10-01)
  2. Securing Resources and Azure Security (2017-10-01)
  3. Design an application storage and data access strategy (2017-10-01) 
  4. Design advanced applications (2017-10-01)
  5. Design Azure Web and Mobile Apps (2017-10-01)
  6. Design a management, monitoring, and business continuity strategy (2017-10-01)
  7. Architect an Azure Compute infrastructure (2017-10-01)
Azure Monitoring Solutions 

There is a range of tools for monitoring Azure applications and services. Some of their features overlap. Diagnostic tasks may include performance measurement, troubleshooting and debugging, capacity planning, traffic analysis, billing and auditing. 

Key Monitoring Solution Across Azure are listed below 
  1. Azure Monitor is basic tool for monitoring services running on Azure. It gives you infrastructure-level data about the throughput of a service and the surrounding environment. If you are managing your apps all in Azure, deciding whether to scale up or down resources, then Azure Monitor gives you what you use to start.
  2. Application Insights can be used for development and as a production monitoring solution. It works by installing a package into your app, and so gives you a more internal view of what’s going on. Its data includes response times of dependencies, exception traces, debugging snapshots, execution profiles. It provides powerful smart tools for analyzing all this telemetry both to help you debug an app and to help you understand what users are doing with it.
  3. Log Analytics is for those who need to tune performance and plan maintenance on applications running in production. It is based in Azure. It collects and aggregates data from many sources, though with a delay of 10 to 15 minutes. It provides a holistic IT management solution for Azure, on-premises, and third-party cloud-based infrastructure (such as Amazon Web Services). It provides richer tools to analyze data across more sources, allows complex queries across all logs, and can proactively alert on specified conditions. You can even collect custom data into its central repository so can query and visualize it.
  4. System Center Operations Manager (SCOM) is for managing and monitoring large cloud installations. You might be already familiar with it as a management tool for on-premises Windows Sever and Hyper-V based-clouds, but it can also integrate with and manage Azure apps. Among other things, it can install Application Insights on existing live apps. If an app goes down, it tells you in seconds. Note that Log Analytics does not replace SCOM. It works well in conjunction with it. 
Key Notes about Azure Monitoring
  1. Azure management services to manage alerts or view operational logs. Create alerts based on metrics and thresholds (and average to smooth out spikes) and send email to service admins and co-admins or to a specific address.
  2.  Azure has two type of monitoring , \
    1. Point Of time and Long term 
  3. Basic Monitoring is via console 
  4. For IAAS VM monitoring Agent must be installed 
  5. Global Service Monitoring Test Application Availability based on geography 
  6. OMS - Log Analytics Tool 
  7. Operational logs are service requests – operation, timestamped, by whom.
  8. Visual Studio 2013 has Azure SDK for managing Azure services. Some limitations: with remote debugging cannot have more than 25 role instances in a cloud service.
  9. Azure Redis cache monitoring allows diagnostic data stored in storage account – enable desired chart from Redis cache blade to display the metric blade for that chart.
  10. System Center 2012 R2 can also monitor, provision, configure, automate, protect and self-service Azure and on-premises.
  11. Third party tools like New Relic and AppDynamics.
  12. For websites there are application diagnostic logs and site diagnostic logs (3 types: web server logging; detailed error messages; failed request tracing) – access via Visual Studio, PowerShell or portal. Kudu dashboard at
  13. View streaming log files (i.e. just see the end): Get-AzureWebsiteLog -Name "sitename" -Tail -Path http
  14. View only the error logs: Get-AzureWebsiteLog -Name "sitename" -Tail -Message Error
  15. Options include -ListPath (to list log paths) -Message <string> -Name <string> -Path (defaults to root) -Slot <string> -Tail (to stream instead of downloading entire log)
  16. Can also turn on diagnostics on storage accounts.

Operations Management Suite (OMS)

  1. Operations Management Suite (also known as OMS) is a collection of management services that were designed in the cloud from the start. 
  2. OMS components are entirely hosted in Azure. Configuration is minimal, and you can be up and running literally in a matter of minutes.
  3. OMS can effectively manage your on-premises environment. Put an agent on any Windows or Linux computer in your data center.
  4. Existing installation of System Center can integrate these components with OMS services 
  5. The core functionality of OMS is provided by a set of services that run in Azure. Each service provides a specific management function, and you can combine services to achieve different management scenarios.
    1. Azure Log Analytics Monitor and analyze the availability and performance of different resources including physical and virtual machines.
    2. Azure Automation Automate manual processes and enforce configurations for physical and virtual machines.
    3. Azure Backup Backup and restore critical data.
    4. Azure Site Recovery Provide high availability for critical applications.

Azure Automation Solutions 

Azure offer multiple automation options and each has it`s own use cases and scope. List belwo provide a summarized view of available option  
  1. VM Automation 
    1. Powershell Workflow 
      1. Suitable for long running jobs with support for restart and resume 
      2. Support Sequence 
    2. Custom Script Extension
      1. It can be used for configuration and installation post VM deployment
    3. Operation Management Suite (OMS)
      1. TBD
  2. Configuration Automation
    1. Choice of configuration is depends on what organisation is currently using 
    2. Virtual machine extension need to be added during deployment in VM to support configuration managers 
    3. Configuration Management (Automation) Tools
      1. Chef 
        1. Cross Platform Support
        2. 10K VMs per Server 
        3.  Cloud or On Prem Deployment 
      2. Puppet 
        1. Cross Platform Support 
        2. Large number of Pre built options available 
        3. Limited Support for azure artifact 
      3. Azure Automation 
        1. Full Support of Azure and On Prem system 
        2. Work on concept of Run Book that are four types
          1. Graphical 
          2. Graphical power shell workflow 
          3. Powershell
          4. Powershell Workflow 
    4. Desired State Configuration (DSC)
      1.  New Evolving technology that can be used variety of lo Level Tasks such as add/remove roles , env variables etc.Script and automate the application lifecycle; simplify cloud management; automate manual, long-running and frequently-repeated tasks (save time and increase reliability).
  3. Automation account is a container for Azure Automation resources.
  4. Create runbooks – set of tasks that perform an automated process – PowerShell workflow.
  5. Scheduler to start run-books daily/hourly/at a defined point in time.
  6. Pricing based on minutes/triggers:
    1. Free = 500 minutes
    2. Basic tier
    3. Standard tier
  7. Automation is an enabler for DevOps:
    1. Dev team loves changes.
    2. Ops Team loves stability.
    3. Agile used for development between business-dev.
    4. DevOps fills gap between dev and ops.
    5. Infrastructure as code; configuration automation; automation testing.
  8. Continuous integration – pipeline to delivery and deployment – cycle of integrating solution with various phases:
    1. Delivery team check-in to Version Control, triggers Build and Unit Tests (with Feedback). When Build and Unit tests are clean, triggers Automated Acceptance tests (with feedback). When approval gained, move to User Acceptance Tests, and then on FInal Approval move to release.
  9. Continuous Delivery – push-button deployment of any version of software to any environment, on demand – similar to CI but can feed business logic tests.
    1. Need automated testing to achieve CD.
  10. Continuous Deployment – natural extension to CD; every check-in ends up in a production release.
Azure continuity/disaster recovery (BC/DR) capabilities

Azure Business Continuity Option 

Theses are the tools that can be used for disaster recovery

  1. Hyper-V Replica 
  2. Hyper-v Fail Over
  3. Azure Site Recovery
  4. Recovery Service Vault 
  5. Azure Backup Agent 
  6. Azure Data Protection Manager 
  7. Azure Backup Server 

Azure Business continuity (BC) 

  1. Scenarios: recover from local failures; loss of a region; on-premises to Azure
  2. For Azure failures:
    1. HA in PaaS (per region), just make sure web and worker roles 2 or more roles each – then will automatically be spread across fault domains.
    2. For region failure need to plan across regions – more elaborate (make sure code and config is available in a second region).
  3. HA in IaaS needs management of VMs in availability sets (need to define define manually).
  4. At region level, also think about load balancing (VIP), storage (LRS, ZRS, GRS of RA-GRS), Azure SQL replication.
  5. Recover from loss of region:
    1. Redeploy on disaster (cold DR) – replicate data ready to run (not high RTO/RPO)
    2. Warm spare (active/passive) – infrastructure in DR region but not fully available (e.g. SQL replication with secondary copy not accessed, not routing traffic to passive).
    3. Hot spare (active/active) – two regions at the same time (e.g. SQL on IaaS and replicating itself).
  6. Cross regional strategies for DR:
    1. VNet – export settings, import in secondary region.
    2. Cloud Services – create a separate cloud service in target region; publish to secondary region if primary files; use Traffic Manager to route traffic.
    3. VM – use blob copy API to duplicate VM disks; geo-replicated VM images.
    4. Storage – use GRS or RA-GRS (replicated in minutes, so tight RPOs cannot rely on this – need to write own algorithm).
    5. Azure SQL:
      1. Geo-restore (1 hour RPO/<12 hours RTO).
      2. Standard geo-replication (5 secs RPO/30 mins RTO) – no access to secondary.
      3. Active geo-replication (5 secs RPO/30 mins RTO) – read access to secondary.
      4. Manually export to Azure Storage (blob) with Azure SQL database import/export service.

Azure Backup

  1. Backup service targeted at replacing tape backup.
  2. Can work with on-premises workloads or Azure workloads.
  3. On-premises backup – pick region and create a vault; download vault credential files; download and install Azure backup agent; can seed through Azure Import/Export Service; select backup policy (start time of backup (retention policies (weekly/monthly/yearly)) – backups are incremental.
  4. Azure VM Backup – install agent if not already installed, register VMs with Azure Backup Service (installs backup agent in extensions); select backup policy.
  5. Azure backup is to backup data on VM. Priced per protected instance and storage consumed (price for protected instance goes up at 50GB, then 500GB, then each additional 500GB.

Azure Site Recovery

  1. Orchestrates failover and recovery of a VM.
  2. On-premises machine replicated to vault in Azure, or to another datacentre – not Azure to Azure.
  3. Protect AD and DNS, SQL Server, SharePoint, Dynamics AX, RDS, Exchange, SAP.
  4. Can also perform a test failover, starting resources in Azure but not routing the traffic.
  5. Use to protect VMware ESX or Hyper-V VMs or physical servers and can be used to migrate 

System Center and Hybrid with Azure

Can be used for Azure only and Hybrid deployment There are lot of system center components that can be leveraged for this purpose. First consideration we need to make is Hybrid Deployment Consideration
    1. Connectivity - VPN Vs Express Route 
    2. Gateway Server 
    3. Domain Joined VM or Not
      1. Domain Authentication 
      2. Non Domain Authentication using certificates
    4. Bandwidth Requirements 
    5. Azure only charge for Data OUT not Data IN 
  1. Core Components of System Centers  
    1. Data Protection Manager 
      1. It is Enterprise level backup and recovery system 
      2. Can use azure as storage and replacement of local disk and tapes 
      3. Support local backup (Offsite Storage)
    2. Operation Manager
      1. Support Both On Prem and Azure 
      2. Azure is supported via Azure Management Pack
    3. Virtual Machine Manager (VVM )
      1. Now Azure Machine Subscription is supported in basic mood (connect , restart etc)
    4. App Controller 
      1. Tool for deployment and management of VMs by VMM and Azure 
      2. Can Copy VMs in between VMM and Azure (Offline Migration )
      3.  Azure Site Recovery is a similar and advance product to online migration 
    5. Configuration Manager 
      1. Support cloud based distribution point in cloud 
    6. System Center EndPoint Protection 
      1. Integrated with Configuration manager 
      2. Works like windows defenders 
      3. Extensive Reporting 
      4. Support Firewalls of IAAS VMs
    7. Orchestrator 

Azure Update and Patching Strategy 

  1. Windows Servers Update Service 
    1. Support Updated for MS product 
    2. Support Azure IAAS VMs 
    3. VM Can be separate in to groups 
  2. Configuration Manager With Azure
    1. Mainly designed for On Prem 
    2. Support MS and Third party 
    3. Required WSUS and sits on top of it 
    4. Rich Reporting 
  3. Linux VM Updateds 
    1. OS patching Extension available
    2. Requires MS Linux Version 2.0.6 and Cross platform CLI 

No comments:

Post a Comment