By Shiji Sujai, IOD Expert
When I began my first job as a system admin, my work day started with the inevitable infrastructure daily checks.
I, along with a bunch of other fresh recruits at the bottom of system admin food chain, had to take on one area of the daily checks and send reports to upper management folks. We did the server health checks, AD replication health, network status checks, and the works daily, without fail.
If you are in infrastructure management, or as we say in modern times, cloud management, I am sure you can relate to this. And now, with cloud sprawl happening at a very fast pace, your organization’s critical applications could be running anywhere — in the public cloud, private cloud, or still on your good old on-premise servers.
So, how to handle all these applications from a single pane without having to navigate through multiple management tools and losing your sanity in the process? Operations Management Suite offered by Microsoft Azure can help you here by providing truly hybrid Management-as-a-service.
What is OMS?
Operations Management Suite is a bundle of services offered by Microsoft Azure that helps in managing and monitoring multi-cloud and hybrid environments without the hassle of installation and configuration of tools for the same. The services are completely hosted in Azure and it is easy to get started by creating an OMS workspace in an Azure portal. The OMS service bundle consists of four main components:
Azure Automation is a cloud-based automation and orchestration service. The service can be used for automating day-to-day operational activities in Azure, as well as for advanced tasks like configuration management, process automation, and update management for heterogeneous workloads
Log analytics collects and consolidates monitoring data and logs from various sources. It also provides a powerful query engine to analyze the data and extract intelligence out of it.
This cloud-based backup-as-a-service can be used to protect workloads and VMs hosted both on premise as well as in the cloud. The configuration required for backup is minimal and can be used to provide a secure backup and restore mechanism for your business-critical workloads
Azure Site Recovery
This BC/DR solution from Microsoft Azure could prove to be a life saver for organizations as it provides real time replication and protection of workloads. Depending on the selected architecture, either Azure or an on-premise data center can act as the secondary DR site for failover in the event of a disaster.
Now, let us explore the services included in OMS in little more detail to see how it could suit the needs of your enterprise.
Automate Routine Work with Azure Automation
As the saying goes, if you’ve got to do it twice, automate it! This is especially true in a large-scale hybrid cloud deployment where running daily management tasks manually can be a real waste of precious administrator hours. Runbooks used for automation is centrally stored in an Azure automation account and can be executed against the Azure platform or even your servers hosted on-premise or other cloud platforms such as AWS.
However, to give credit where it’s due, I want to point out that Azure Automation offers much more than just every day automation. Azure Automation DSC service enables configuration management by leveraging PowerShell DSC. That means instead of logging in to every server to configure DSC and apply baseline configurations, you can do so centrally from the Azure Automation panel. You can monitor the compliance status and apply changes, as well.
For machines that are on-boarded to log analytics, availability of critical updates will be listed in the automation accounts. You can also schedule the deployment of updates directly from the Azure automation panel. The beauty of the solution is that you can do all of this in your VMs or physical servers no matter where they are hosted.
Get Insights with Log Analytics
It is of no use to collect monitoring data and logs from various sources unless you can derive intelligence and insights out of it. Log analytics service in Azure brings both these capabilities to the table. It facilitates log collection from multiple sources, be it Azure virtual machines, virtual or physical servers hosted on-premise or with a different cloud service provider, hypervisors, network devices etc. The query language can be used to retrieve useful information from the collected data. This information is then used as inputs to create dashboards in Azure Power BI for visualization. The results of analysis can also be used to auto remediation of incidents in your infrastructure by triggering Azure Automation runbooks. Log analytics includes management solutions that cater to specific use cases or products.
The logic for analysis of data is prebuilt into these management packs and includes graphical representation of the results. There are management packs available for many cloud and infra managements tasks like AD assessment, AD replication status, Malware assessment, update management, security ,and audit. Several Azure-specific management packs are also available that help to get insights into the status and health of resources in your Azure environments. For example, management packs are available for NSG, Azure SQL, web apps, key vaults, and service fabric. If you are already using other monitoring and management tools like system center operations manager, Nagios, or Zabbix the information and alerts from these tools can be forwarded to OMS. Therefore, you get a single pane of monitoring without having to navigate through multiple tools.
Protect Your Workload Using Azure Backup
Maintaining usable backups of your files and applications is an important aspect of any organizations DR strategy. Azure Backup enables backup and restore of your Azure IaaS VMs, Hyper-V and VMware VMs, file and folders, system state and major applications like exchange, SharePoint, and SQL server. While traditional backup solutions require upfront payment of license fees, the advantage of Azure backup is the pay-as-you-go approach. You pay only for the systems that you protect in addition to the storage charges incurred for the Azure storage used for the backup data. You could create a backup policy as per your organization’s requirement and at any given time can have up to 9999 recovery points per protected instance. Media management is often the biggest hassle when it comes to storage of long term data. Since Azure backup uses Azure cloud storage, this requirement is automatically taken care. If due to any specific security or compliance related reason an organization would like to store the Data on-premise, you could use the Azure Backup Server which comes with a configuration option of storing data in on-premise disks without sending it to cloud storage. All backup data is encrypted using a key that only customer has access to. This ensures that the data cannot be intercepted or used by unauthorized sources.
Azure Site Recovery for BC/DR
Azure Site Recovery (ASR) is a DRaaS solution from Microsoft Azure that can accommodate DR requirements of diverse hosting environments. If you have an existing investment in a secondary or DR site, ASR can be used for orchestration of the failover process. The service can seamlessly integrate with your existing storage replication technologies for replication of data between DR sites while the orchestration is managed centrally by ASR. Another option available with ASR is to use Azure as your secondary data center. The source could be your on-premise data center comprising of physical servers or VMs hosted in VMware/Hyper-V or VMs hosted in Azure. This is the most economical DR solution that organizations may adopt as it enables DR functionality without any additional infrastructure investments on a pay-as-you-go basis.
The best way to check the effectiveness of a DR plan is to test it periodically. However, it is not always practically possible to bring down production systems for a DR test window. ASR addresses this challenge by providing an option for test failover in an on-premise to on-premise or On-Premise/Azure to Azure DR architecture. Organizations could easily test their DR plan and be rest assured that the plan works in real world as well. Both Azure Backup and Site Recovery uses Azure storage in the backend and are resilient by default. Azure Storage will keep a minimum three copies of your data safely in any given region using LRS. Additional resiliency can be added by using Geo Redundant Storage (GRS) which creates three more copies of the data in a paired geographical region. Any data being transferred in and Out of Azure for Backup and Site Recovery uses encrypted channels to ensure security
When it comes to cloud monitoring and management tools for hybrid cloud deployments, it is always important to look at the big picture. Instead of getting lost in the daily grind of managing small things, we should take a step back to analyze the available options and wisely invest in tools that get things done faster, quicker and from a single control pane. OMS solutions offer this flexibility where the components talk to each other and to resources across multiple platforms to retrieve and analyze information. There is no denying that information is wealth and the sooner you have it the better. While log analytics gets the information to you in time, automation can be plugged in to take necessary action without any manual intervention. Azure Backup and Site Recovery on the other hand ensures business continuity and safe recovery of your data should any disaster happen. OMS solutions can be used to stitch a management fabric for your environments with minimal configurations overhead.
Though my days of daily checks are over, I can always relate to the struggles of modern day cloud administrators to keep their deployments spic and span. If this struggle is yours, OMS is something that you should definitely try!