1 00:00:01,340 --> 00:00:05,320 In order to onboard our Windows Servers into Log Analytics, 2 00:00:05,320 --> 00:00:07,260 you're probably thinking, well, 3 00:00:07,260 --> 00:00:11,830 do we need in a hybrid cloud a site‑to‑site VPN or an ExpressRoute circuit? 4 00:00:11,830 --> 00:00:13,540 The answer to that is no. 5 00:00:13,540 --> 00:00:14,410 You might be thinking, 6 00:00:14,410 --> 00:00:17,560 what if we have air gapped virtual LANs that can't get 7 00:00:17,560 --> 00:00:19,310 out onto the internet by policy? 8 00:00:19,310 --> 00:00:21,560 Does that mean we cannot use Log Analytics? 9 00:00:21,560 --> 00:00:23,110 Again, the answer is no. 10 00:00:23,110 --> 00:00:24,940 There's a solution for that. 11 00:00:24,940 --> 00:00:29,140 First though, let's take a look at naming confusion and let me sort that out. 12 00:00:29,140 --> 00:00:33,130 Originally Log Analytics and these cloud‑based management solutions were a 13 00:00:33,130 --> 00:00:37,090 separate product family called Operations Management Suite, 14 00:00:37,090 --> 00:00:37,640 or OMS. 15 00:00:37,640 --> 00:00:41,440 Microsoft has done a good job over the last years to bring all of 16 00:00:41,440 --> 00:00:44,850 those services into Azure natively; however, 17 00:00:44,850 --> 00:00:49,250 you will occasionally see OMS in the user interface. 18 00:00:49,250 --> 00:00:50,630 Don't be shocked or surprised, 19 00:00:50,630 --> 00:00:54,690 that's just a remnant from the original days of the product. 20 00:00:54,690 --> 00:00:56,240 You can just ignore it. 21 00:00:56,240 --> 00:01:01,040 The Log Analytics agent sometimes, as you saw a couple slides ago, 22 00:01:01,040 --> 00:01:04,050 is referred to as the Microsoft Monitoring Agent, 23 00:01:04,050 --> 00:01:07,830 or MMA, more recently the Log Analytics agent. 24 00:01:07,830 --> 00:01:11,540 And at least as of this recording in summer 2022, 25 00:01:11,540 --> 00:01:13,870 the agent is called Azure Monitor agent, 26 00:01:13,870 --> 00:01:14,900 or AMA. 27 00:01:14,900 --> 00:01:16,110 Yes, it's confusing. 28 00:01:16,110 --> 00:01:18,840 The story has been kind of messy with this. 29 00:01:18,840 --> 00:01:22,690 The best I understand, from my friends at Microsoft, 30 00:01:22,690 --> 00:01:27,070 is that Microsoft plans to standardize on Azure Monitor agent, 31 00:01:27,070 --> 00:01:30,800 and I've heard stories that Microsoft is making tweaks to the 32 00:01:30,800 --> 00:01:34,990 software to where it will include some of that guest monitoring 33 00:01:34,990 --> 00:01:37,460 capability that we talked about earlier. 34 00:01:37,460 --> 00:01:38,140 So, 35 00:01:38,140 --> 00:01:41,790 I imagine we can eventually see the Azure VM diagnostics 36 00:01:41,790 --> 00:01:45,950 extension going away and having just one agent to rule them 37 00:01:45,950 --> 00:01:50,640 all for hybrid cloud monitoring, AMA, Azure Monitor agent. 38 00:01:50,640 --> 00:01:54,400 Now what does this mean on your AZ‑801 certification exam? 39 00:01:54,400 --> 00:01:56,720 I'm not sure which of these terms you'll see, 40 00:01:56,720 --> 00:02:00,600 but as long as you see them here now and you understand that they're synonymous, 41 00:02:00,600 --> 00:02:02,300 you're good to go, all right? 42 00:02:02,300 --> 00:02:05,940 Now, what is our reach, or scope, with Log Analytics? 43 00:02:05,940 --> 00:02:11,090 You can absolutely and easily onboard Windows and Linux Azure VMs, 44 00:02:11,090 --> 00:02:17,440 you can onboard VMs in other clouds like EC2 instances from AWS, 45 00:02:17,440 --> 00:02:19,870 and you can also onboard physical and virtual 46 00:02:19,870 --> 00:02:22,170 machines from your local data centers. 47 00:02:22,170 --> 00:02:23,740 How do we do that deployment? 48 00:02:23,740 --> 00:02:26,620 Well, you can use the Azure portal for Azure VMs. 49 00:02:26,620 --> 00:02:27,910 That's super easy to do. 50 00:02:27,910 --> 00:02:30,010 If you're going to do deployments at scale, 51 00:02:30,010 --> 00:02:34,430 I would suggest that you use ARM JSON, or Bicep deployment templates. 52 00:02:34,430 --> 00:02:39,130 You just simply include a reference to the Log Analytics agent 53 00:02:39,130 --> 00:02:41,990 to onboard the machine at deployment time. 54 00:02:41,990 --> 00:02:44,800 That way, you can manually install the agent. 55 00:02:44,800 --> 00:02:48,110 I'll show you how to get the MSI or the Linux installer. 56 00:02:48,110 --> 00:02:51,550 If you're using System Center Configuration Manager or 57 00:02:51,550 --> 00:02:54,020 another configuration manager solution, 58 00:02:54,020 --> 00:02:58,140 it's pretty easy because the Log Analytics agent for Windows is 59 00:02:58,140 --> 00:03:01,440 a standard Windows Installer MSI package. 60 00:03:01,440 --> 00:03:05,180 Azure policy has been gaining great ground over the last 61 00:03:05,180 --> 00:03:09,530 years in terms of being a universal compliance and 62 00:03:09,530 --> 00:03:11,620 configuration management platform. 63 00:03:11,620 --> 00:03:12,620 It's really impressive. 64 00:03:12,620 --> 00:03:16,530 We can absolutely check whether a monitored machine has 65 00:03:16,530 --> 00:03:19,350 the Log Analytics agent installed, and if not, 66 00:03:19,350 --> 00:03:22,240 Azure policy can automate that for us. 67 00:03:22,240 --> 00:03:25,040 And lastly, in a hybrid cloud, multi‑cloud environment, 68 00:03:25,040 --> 00:03:29,460 you may want to have a more formal relationship between that remote 69 00:03:29,460 --> 00:03:32,250 machine and Azure Resource Manager in your subscription. 70 00:03:32,250 --> 00:03:35,240 This is what's called an Arc‑enabled server. 71 00:03:35,240 --> 00:03:36,100 So as you can see, 72 00:03:36,100 --> 00:03:39,750 there's plenty of options for on boarding your Windows Server machines, 73 00:03:39,750 --> 00:03:42,220 no matter where they are, into Log Analytics. 74 00:03:42,220 --> 00:03:54,000 And because Log Analytics is using TCP 443 HTTPS and TLS encryption, we're not concerned about firewall ports and protocols.