← Back to Dashboard

Design 10: Basic Monitoring (Log Analytics)

Summary

This design establishes the Centralized Monitoring strategy.

Topology: A single Log Analytics Workspace in the Hub VNet (logically) collects logs from all Spokes.

1. Key Design Decisions (ADR)

ADR-01: Centralization

  • Decision: Single Workspace.
  • Rationale: Correlate logs across Hub and Spokes.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  Spoke VM    |           |        HUB VNet          |           |  Admin       |
|  (Agent)     |           |      (Monitoring)        |           |  (Email)     |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Private Link)                 |
+------+-------+                        v                                v
|  Azure       |           +------------+-------------+           +------+-------+
|  Monitor     |---------->| Log Analytics            |---------->|  Action      |
|  Agent       |           | Workspace                |           |  Group       |
+--------------+           +--------------------------+           +------+-------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | Log Analytics Wrkspc  |                                           |
|   | (AMPLS Scope)         |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-app-spoke (10.1.0.0/16)                              |
|   +-----------------------+                                           |
|   | VM                    |                                           |
|   | [AMA Extension]       |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR STRATEGY                                                           |
|   +-----------------------+                                           |
|   | Workspace (DR)        |                                           |
|   | (Separate)            |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • AMPLS: Azure Monitor Private Link Scope. Keeps monitoring traffic on the backbone.

5. Strategy: High Availability (HA)

  • Service: Azure Monitor is global/regional HA.

6. Strategy: Disaster Recovery (DR)

  • Logs: Logs stay in region. Create new Workspace in West US for West US resources.

7. Strategy: Backup

  • Archive: Export logs to Storage (Archive Tier).

8. Strategy: Security

  • RBAC: Reader role for devs.

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: High.
  • Cost Optimization: Good.
  • Operational Excellence: Excellent.
  • Performance Efficiency: High.

10. Detailed Traffic Flow

1. Collect: AMA on VM collects log.

2. Send: Sends to Workspace via Private Link.

3. Alert: Query runs.

4. Notify: Action Group sends email.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Resource Group

1. Create Resource Group: rg-design10-monitor. Region: East US.

Phase 2: Create Log Analytics Workspace

1. Search: "Log Analytics workspaces" -> + Create.

2. Resource Group: rg-design10-monitor.

3. Name: law-hub-corp.

4. Region: East US.

5. Create.

Phase 3: Connect a VM (Enable Monitoring)

1. Go to law-hub-corp.

2. Workspace Data Sources (left menu) -> Virtual machines.

3. Select a VM (e.g., vm-hr-01 from Design 2).

4. Click Connect.

5. *Note: This installs the agent and connects it to this workspace.*

Phase 4: Create Action Group (Who to notify)

1. Search: "Monitor" -> Alerts -> Action groups -> + Create.

2. Resource Group: rg-design10-monitor.

3. Name: ag-admins. Display name: Admins.

4. Notifications:

* Type: Email/SMS/Push/Voice.

* Name: EmailAdmins.

* Email: Enter your email.

5. Create.

Phase 5: Create Alert Rule

1. Go to Monitor -> Alerts -> + Create -> Alert rule.

2. Scope: Select law-hub-corp (or a specific VM).

3. Condition:

* Signal name: Heartbeat.

* Logic: Count < 1 (VM is down/not sending heartbeat).

* Period: Last 5 minutes.

4. Actions:

* Select action group: ag-admins.

5. Details:

* Severity: Sev 1.

* Alert rule name: VM-Heartbeat-Missing.

6. Review + create -> Create.

Phase 6: Verify

1. Stop the VM.

2. Wait 5-10 minutes.

3. Check email for alert.