Application Monitoring and Alerting
Operation Automation
1m 59s
Start course

In this lesson, you will learn how to track the interactions between all those Azure resources at the network level. We will introduce you to Azure Network Watcher to accomplish this tracking. We will also revisit Azure Log Analytics as it plays a role here, too.

We will start with Network Watcher, a network topology monitoring and analytics solution. We will cover several features:
- Topology: application that provides a network-level view of the various interconnections between network resources.
- Variable Packet Capture: captures packets flowing in and out of VMs. Useful tool for analyzing very low-level network events.
- Next Hop: identifies unexpected behavior. Great for identifying problems with user-defined routes.

You will see several other tools in the Network Watcher:
- NSG Flow Logging
- Security Group View
- IP Flow Verify

We will discuss additional features from Azure Log Analytics:
- DNS Analytics
- Traffic Analytics
- Network Performance Monitor
- Application Gateway
- Network Performance Monitor


We have spent a good deal of time covering how to monitor the physical infrastructure of our system. We have covered application level monitoring and Azure resources from the smallest levels up to the entire set of Azure datacenters. Our priority now is to fill in the gaps - to track what happens in between all of those resources at the network level. Our main tool to accomplish this will be the Azure Network Watcher service. We will also revisit Azure Log Analytics as it plays a role here too.


Network Watcher is a comprehensive network topology monitoring and analytics solution. It is comprised of several features. A full list is presented here in the slides. I will not dive deeply into every single one so it is a good idea to pause the lesson and read through each description. I will cover three of the more important Network Watcher tools so that you know how to handle basic network level monitoring.


It starts with the Topology app. This gives you a network level view showing the various interconnections between network resources within a given resource group. This will be your go-to tool when you need to get a clear picture of your network infrastructure.


Next up is the Variable Packet Capture tool. This lets you capture packets flowing in and out of virtual machines, much as you might do with tcpdump or wireshark. You can filter the capture tool to set size and time constraints and then store the packets in the Azure blob store or on the VM disk. This is a really useful surgical tool for analyzing very low level network events.


Thirdly there is the Next Hop tool. This is a personal favorite because it can identify unexpected behavior. Basically it just determines the next hop for packets routed in the Azure Network Fabric. It is great for identifying problems with user-defined routes.


There are eight other great tools to look at in Network Watcher. It’s worth giving a quick mention to the NSG Flow Logging, Security Group View, and IP Flow Verify tools, all of which are really great for identifying where exactly packets are permitted to go and not go. Again, be sure to take a deeper look at the documentation to learn about the other Network Watcher tools.


Azure Log Analytics adds a few useful supplemental feature  to your overall network monitoring system. They are activated through the Log Analytics UI and so need to be addressed separately. Most are just additional levels of instrumentation. For example there are the DNS Analytics and Traffic Analytics components. The former is for DNS administrators and aggregates DNS logs. The latter is for aggregating and visualizing public internet traffic against Azure systems.


Two larger pieces of the Log Analytics network monitoring feature set, are the Network Performance Monitor and the Application Gateway analytics solution. We’ll start with the Network Performance Monitor. At a high level, all it is meant to do is track performance between various parts of your infrastructure. The power comes from the versatility and the web interface. Network Performance Monitor can track loss and latency across  various subnets and set alerts. It can track connectivity between user locations, multiple data centers, on-premise locations, and other endpoints, all while visualizing everything in an intuitive UI.


The Application Gateway analytics solution will provide you with an additional level of network logging, specifically firewall logs, performance logs, and access logs for application gateways. It is quick to set up too. Simply enable the Azure Application Gateway analytics solution from Azure Marketplace and then enable diagnostics logging for the desired application gateways.


Whew! So this was pretty thorough. As you can see, Azure gives you A LOT of tools for monitoring your network infrastructure. If you are the type that likes to be able to audit every single packet, then Azure is going to be a lot of fun for you.


Our final priority in this section is going to be security. We have covered in depth how to track everything that happens in our system both in transit and at rest, so now we need to think about how to harden the system from threats. We’ll dive in in the next lesson. See you there space cowboy!

About the Author

Jonathan Bethune is a senior technical consultant working with several companies including TopTal, BCG, and Instaclustr. He is an experienced devops specialist, data engineer, and software developer. Jonathan has spent years mastering the art of system automation with a variety of different cloud providers and tools. Before he became an engineer, Jonathan was a musician and teacher in New York City. Jonathan is based in Tokyo where he continues to work in technology and write for various publications in his free time.