Task: Monitor Networks

Video: Monitor Azure Virtual Networks

Estimated time: 60 minutes

Goal

The goal of this task is to configure and use Azure network monitoring. This includes monitoring network activity in multiple networks. This task uses virtual machines and servers configured as follows:

Pre-requisites

1. A non-production Azure subscription
2. Two virtual networks with established peering relationships
3. Two virtual machines

Requirements

1. Requirement 1: Provision a log analytics workspace
2. Requirement 2: Register servers
3. Requirement 3: Add the network monitoring solution
4. Requirement 4: Monitor the network

Pre-requisite setup

This task requires several Azure resources. To deploy the resources required for this task, run the following from a bash cloud shell:

curl https://inedemoassets.blob.core.windows.net/taskfiles/azure_admin/deploy-3510T060-pre.sh | sh

This script provisions the following resources: |Resource|Name| |---:|---| |Virtual Networks|| ||hub-vnet| ||internal-vnet| |Virtual machines|| ||hub-vm| ||internal-vm| |Bastion hosts|| ||hub-bastion| ||internal-bastion|

Support resources are not shown.

Important: Record the password output. You will need it for requirement 2.

Requirement 1: Provision a log analytics workspace

For the first requirement you will provision a log analytics workspace with the following settings:

Requirement 2: Register servers

Next you will configure two virtual machines as network monitors. You will register the hub-vm and internal-vm virtual machines with your workspace. You will also configure the firewall rules for each virtual machine to allow TCP monitoring. To complete this requirement:

• Register both virtual machines with the workspace using the Azure portal.
• open TCP ports on the hub-vm virtual machine:
• Establish an RDP connection to the hub-vm using the bastion host.
• Disable enhanced IE security through the local server view of the Server Manager applet.
• Download a PowerShell script from https://gallery.technet.microsoft.com/OMS-Network-Performance-7ec93b2f.
• Execute the PowerShell script to set the firewall rules necessary for network monitor. Be sure to open PowerShell or PowerShell ISE in administrator mode.
• Exit the connection.
• Repeat for the internal-vm virtual machine.

Requirement 3: Add the network monitoring solution

For this requirement you will add the network monitoring solution to your workspace. You will then configure it. To add and configure the solution:

• Add network performance monitoring for your workspace using the monitor blade in the Azure portal.
• Configure the network performance monitoring solution as follows:
• Create a network named production.
• Add the two subnets (10.0.0.0/24 and 10.1.0.0/24) to the production network.
• Add a rule with the following settings: |Setting|Value| |---:|---| |Name|Production| |Network|production| |Subnet|All subnets| |Protocol|TCP|

Note: It may take several minutes for the changes that you have made to take effect. Return to the log analytics summary page and refresh the browser page until the network monitoring solution *View summary** link shows network health.*

Requirement 4: Monitor the network

Finally, you will explore monitoring through the log analytics network monitoring solution and through the Azure monitor blade. To complete this requirement:

• Click the View summary link on the network monitor solution in the log analytics workspace summary.
• Click the network monitoring summary.
• Drill down into the subnet and network performance tiles. Observe which links have errors.
• Navigate to the Network watcher view of the monitor blade.
• Add a connection monitor with the following settings: |Setting|Value| |---:|---| |Name|internal2hub| |Source virtual machine|internal-vm| |Destination virtual machine|hub-vm| |Port|3389|
• Once the connection is added, confirm that it is reachable.

Cleanup

Once you have completed this task, delete the task-netmon-rg resource group. Also delete the internal2hub connection from network watcher.