1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. SAP on Azure - Monitoring and Optimization

Monitoring Networks Demo

Start course

SAP landscapes are substantial and complex deployments that require constant monitoring to ensure optimal and efficient operation. It's not practical to manually keep an "eye" on virtual machines and network resources to ensure they aren't overwhelmed by spikes in workload or sitting idle or underutilized, consequently wasting money. Azure provides several services and tools that assist in monitoring infrastructure use in near real-time with automated alerts and resource scaling. Azure provides built-in integration with SAP database and application logs, providing a complete picture of overall system performance. This course explores these Azure services and how you can use them to monitor and optimize your SAP workloads.

Learning Objectives

  • Get a foundational understanding of Azure Monitor and Network Insights
  • Learn how to set up basic networking monitoring
  • Understand what Azure Site Recovery is and how to set to implement it through the Azure portal
  • Learn about SAP Hardware and Cloud measurement Tools as well as SAP Application Performance Standard
  • Get an overview of Azure Advisor and how how to optimize Azure ExpressRoute

Intended Audience

  • Anyone who wants to learn how to monitor and optimize their SAP landscapes using Azure services
  • Those studying for Microsoft's AZ-120 exam


To get the most out of this course, you should understand how to operate SAP workloads on Azure. If are new to this, we recommend you take the following courses first:


Let's set up monitoring through the Azure portal using a trivial private network of two virtual machines behind an internal load balancer. 

I first need to install the network watcher agent extension on the two virtual machines. I'll do that through PowerShell using the Set-AzVMExtension command. The command has a name parameter, which you supply. The publisher is Microsoft.Azure.NetworkWatcher and the type is NetworkWatcherAgentWindows. For a Linux box, you'd use NetworkWatcherAgentLinux. Currently, the TypeHandlerVersion is 1.4, and we supply values for the VMName, ResourceGroupName, and Location parameters. I'll install the extension on both machines.

Next, we need to go into Network Watcher and create a new Connection Monitor. Search for Network Watcher if it isn't already on your home page. If it isn't already there, use the add button to add a network watcher for your network's region. Adding allows you to select the region of interest from a drop-down list. Click connection monitor from the menu blade on the left and then click the create button. Give the connection monitor a name, select the subscription you want to use if you have more than one, and select the Azure region to monitor network connections.  Click Next: Test Groups to set up the network tests. We set up tests within a test group. I'll give the test group a name and set the source endpoint as the sapserver1 VM in the backend subnet. Click Add endpoints to add the VM. The test configuration is just TCP on port 80, polled every 30 seconds. I'm saying that if the tests fail more than 5% of the time, or the round-trip time is greater than 10ms, then there's a problem. Don't forget to configure the firewall rules on your virtual machines corresponding to your test if you want to try this out. The percentage threshold equates to packet loss. After setting the test parameters, click Add test configuration. Finally, I'll add the destination, sapserver2, in the backend subnet and then create the test. So that's Add endpoints to add the destination endpoint, followed by Add Test Group, then Review and create, and finally Create.

As you'd expect, this simple test is successful, so let's head over to Azure Monitor. In monitor click on networks, where we can see a similar, if not greatly simplified view as in previous slides. I'll filter the results by resource group and then select the load balancer. There's nothing to see there as there's no load to balance, but by selecting network interfaces, we can see bytes and packets sent and received. Clicking on any of these thumbnail graphs allows us to drill down into greater detail. 

In connectivity, we can see the sap-connection-monitor with the two VMs as source and destination. Clicking on the reachable column takes us to a very simple network topology map with graphs for the two metrics the test is monitoring. 

Under traffic, the flow logs haven't been configured for the one network security group in the westus2 region, so let's set that up. Back in Network Watcher, click on NSG flow logs under Logs in the left-hand menu and click create NSG flow log. Select your subscription and the network security group you want to monitor, followed by the storage account where you want the logs stored and the number of days to retain the logs. I'll stick with version 2 logs and enable traffic analytics to be processed every 10 minutes. Once that has been deployed, we can go back to the traffic tab and see that flow logs are now being saved to the storage account.

About the Author
Hallam Webber
Software Architect
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.