Better Observability With Azure Monitor Agent (AMA)
In this post I would like to cover the story of the new agent. What it brings to us and expose the why and how things have changed so that we can plan and execute a succesful transition to the new experience.
Azure Monitor Agent (AMA) is Generally Available since Jun 2021, hoping to replace the legacy agent (Microsoft Monitoring Agent (SCOM Agent) / Log Analytics Agent) on Windows Servers.
The Legacy agent will not be supported after August 2024.
Before diving into new features, deployment and configuration options of Azure Monitor Agent I would like to talk about the story of the Legacy Agent first. This will help us to better digest which path to choose while deploying or migrating.
The Legacy agent (Log Analytics Agent) is actually built on top of the beloved SCOM agent (Microsoft Monitoring Agent) which has been used by many enterprises since 2007!
This agent served well for sending data to Log Analytics Worksapces but things evolved, change is continuous and there was a need for a new agent. There are many reasons but below are the main ones.
- Too many agents
- Configuration was not centralized
- Filtering Event log on the agent side was not available. We had to collect all or some but not be specific..
- Better deployment methods needed to align with DevOps pipelines using ARM. Collection settings was requiring to much effort to automate.
- Multi-home support limitations
- Performance (Event Per Second) improvements.
The new Agent - Azure Monitor Agent - AMA
This new agent is actually an extension to Azure VM or to Arc For Servers which makes Arc For Servers a prerequisite for on prem scenarios. Yes! if you have on-prem servers you need to Deploy Connected Machine Agent first…
Data Collection Rules - DCR
Data collection has changed and this maybe the most important new feature of the new Agent.
We are not collecting data any more with solutions or the agent management tab on log analytics workspaces but with *Data Collection Rules which are actually resources that can be manageable using arm!
You can access these data collection rules in Monitor blade in the portal and add/remove/set using the portal.
What about solutions ?
We have our solutions that we loved, enabled them and forgot about data collection for many scenarios like VMInsights.
This (Deploying solutions to Workspaces) method is legacy now! This method behind the scenes use the management pack framework of the old agent (SCOM/MMA/Log Analytics Agent) which is no more the case.
Since the data collection is done by DCRs, the solutions needs to be re-engineered to support to use DCRs. Dont worry again, most of them are Public Preview and soon to be parity with the elder ones.
Important: As the date of the post Not all solutions support the new DCR meaning the new agent… But many are in Public Preview.
Below is the current status of the solutions for the new agent.
| Azure Monitor Feature | Current Support |
|---|---|
| VM insights | Public Preview |
| Container Insights | Public Preview |
| Microsoft Defender For Cloud | Public Preview |
| Sentinel | Public Preview |
| Change Tracking | Private Preview |
| Update Managemenetv2 | Public Preview |
Note: the above information is valid as of the date of the post. Please check the paity using this link
Prerequisites
- On-Premise servers require that the server to be provision to Arc For Servers.
- Permissions:
- Azure VM: Member of
Virtual Machine ContributorRole - Azure Arc-Enabled Servers: Member of
Azure Connected Machine Resource AdministratorRole - Arm Deployments: Any role that includes the action
Microsoft.Resources/deployments/*on Subscription and/or Resource Groups
- Azure VM: Member of
- Firewall requirements: please review the requirements
- if possible use Servicetags (both AzureMonitor and AzureResourceManager) where possible.
- Proxy: Azure Monitor agent supports proxy even though not in the documentation my personal experience is to disable the ssl inpsection on proxies as I had issues in the past.
- Identity:
- Azure VM: It is required the Azure VM to have identiy assigned. Both System-assigned or User-Assigned identities can be used.
- Azure Arc For Servers: For Azure Servers connectued using Arc, system-assigned identity is the only option is already handled by the connected machine agent installation.
Deployment Options
- Use DCRs to Deploy the Extension: Once you target a DCR to a resource (vm or arc) the extension is deployed automatically.
- Deploy Extension using ARM (json/bicep): Declarative/template method to deploy the extension.
- PowerShell or Azure CLI: The imperative way to deploy the extension.
I have a repository which has deployment samples / demos I used in eaarlier events which you can access here.
Scenarios to Consider
Now we have a new agent but what to do? How to install or migrate ? There are several different scenarios which we will cover each in individual posts.
- Azure VMs
- Azure VMs with no monitoring enabled earlier. Lucky you!!! :)
- Azure VMs with Legacy agent installed and configured to send data to Azure Monitor only.
- On-Prem Servers
- On-Prem Server with Legacy agent installed and congfigured to send data to both Azure Monitor and SCOM
- On-Prem Server with Legacy agent installed and configured to send data to Azure Monitor (No SCOM in-place)