1
00:00:01,540 --> 00:00:04,910
File synced and byte synced, these are metric values,

2
00:00:04,910 --> 00:00:07,210
again, time series, timestamped,

3
00:00:07,210 --> 00:00:11,030
numeric measurements that are just here to help you in terms of a

4
00:00:11,030 --> 00:00:14,150
quick eyeball of how the sync group is behaving.

5
00:00:14,150 --> 00:00:17,120
Now, in terms of monitoring, I've mentioned that several times,

6
00:00:17,120 --> 00:00:21,590
let's head on over to my Log Analytics workspace because this

7
00:00:21,590 --> 00:00:25,110
is really where you should be focusing the majority of your

8
00:00:25,110 --> 00:00:27,970
work with infrastructure monitoring, and what you'll want to do,

9
00:00:27,970 --> 00:00:29,510
if you haven't already done so,

10
00:00:29,510 --> 00:00:32,620
is make sure that your on‑premises registered servers are

11
00:00:32,620 --> 00:00:35,100
reporting to the Log Analytics workspace,

12
00:00:35,100 --> 00:00:37,200
and the way that you can do that is, well,

13
00:00:37,200 --> 00:00:38,830
you could make them Arc‑enabled,

14
00:00:38,830 --> 00:00:41,540
and you can sign them in via the extension model,

15
00:00:41,540 --> 00:00:44,730
but if you want to install the Log Analytics agent manually,

16
00:00:44,730 --> 00:00:48,180
you can come to Agents management, download the agent,

17
00:00:48,180 --> 00:00:52,230
and then install providing the workspace ID and either the primary

18
00:00:52,230 --> 00:00:54,890
or the secondary key to get into that machine.

19
00:00:54,890 --> 00:00:58,450
As a matter of fact, the machine I'm teaching on has that agent installed.

20
00:00:58,450 --> 00:01:03,020
If you open up Control Panel after you've installed the Log Analytics agent,

21
00:01:03,020 --> 00:01:06,440
you can customize its behavior by going to the Microsoft

22
00:01:06,440 --> 00:01:09,060
Monitoring Agent Control Panel as you can see here,

23
00:01:09,060 --> 00:01:11,690
and if we go to the Azure Log Analytics page,

24
00:01:11,690 --> 00:01:16,580
this is where you can configure the agent to report to one or more workspaces.

25
00:01:16,580 --> 00:01:19,180
I think I mentioned earlier in the training that you can

26
00:01:19,180 --> 00:01:22,610
multi‑home a Windows Server virtual machine to have it

27
00:01:22,610 --> 00:01:24,370
report to multiple workspaces.

28
00:01:24,370 --> 00:01:26,910
I'm concerned with the second one in the list.

29
00:01:26,910 --> 00:01:29,180
I've evidently got a problem with my first one.

30
00:01:29,180 --> 00:01:31,760
I'm going to remove it from the list and just leave my

31
00:01:31,760 --> 00:01:34,060
production workspace ID right here.

32
00:01:34,060 --> 00:01:35,060
You click Add,

33
00:01:35,060 --> 00:01:38,620
this is where you can provide again the workspace ID and one of

34
00:01:38,620 --> 00:01:41,870
those two keys for that Log Analytics workspace.

35
00:01:41,870 --> 00:01:43,950
Let me stop, and restart that service.

36
00:01:43,950 --> 00:01:47,800
And if we come back to Log Analytics, we can then go to Agents configuration,

37
00:01:47,800 --> 00:01:50,340
and this is where you can customize data collection,

38
00:01:50,340 --> 00:01:53,290
and what I've done here is I've clicked Add windows event log,

39
00:01:53,290 --> 00:01:57,470
and I've added in just a few representative file sync agent logs.

40
00:01:57,470 --> 00:02:00,190
Now there is a whole bunch of them, there is at least eight or nine,

41
00:02:00,190 --> 00:02:02,760
and I've just brought in Diagnostic, Operational,

42
00:02:02,760 --> 00:02:05,650
TieringResults, and I don't want too much telemetry,

43
00:02:05,650 --> 00:02:08,420
so I'm just filtering that to error and warning.

44
00:02:08,420 --> 00:02:11,220
So this is going to ensure that I have file sync

45
00:02:11,220 --> 00:02:13,630
agent data coming into the service.

46
00:02:13,630 --> 00:02:15,290
If I go over to Monitor,

47
00:02:15,290 --> 00:02:20,040
let me show you how we can look at metrics for the Azure File Server service,

48
00:02:20,040 --> 00:02:21,580
the AFS service in the cloud.

49
00:02:21,580 --> 00:02:25,500
If we go to Metrics, Azure Monitor asks us to select a scope.

50
00:02:25,500 --> 00:02:29,390
My sync service is in my contoso‑rg resource group,

51
00:02:29,390 --> 00:02:32,180
so let me scroll down and select it in the list,

52
00:02:32,180 --> 00:02:35,920
click Apply, and this is going to surface available metrics,

53
00:02:35,920 --> 00:02:39,280
and as you can see, Files not syncing, Files Synced,

54
00:02:39,280 --> 00:02:42,450
etc, Server Online Status, this kind of stuff.

55
00:02:42,450 --> 00:02:43,900
Let me select File Sync,

56
00:02:43,900 --> 00:02:47,540
and then we can change the time grain here up at the top to some

57
00:02:47,540 --> 00:02:50,450
other range and granularity if we need to.

58
00:02:50,450 --> 00:02:54,140
This can be a good way to get a quick check on behavior,

59
00:02:54,140 --> 00:02:58,110
but we also can do some pretty useful work here in terms of creating

60
00:02:58,110 --> 00:03:01,980
Azure alert rules based on some of these metrics.

61
00:03:01,980 --> 00:03:06,850
For example, if the server online status is less than one,

62
00:03:06,850 --> 00:03:08,680
raise an alert, you see what I mean.

63
00:03:08,680 --> 00:03:10,760
So we could go to New alert rule,

64
00:03:10,760 --> 00:03:14,430
and this would start off the process of defining an alert,

65
00:03:14,430 --> 00:03:16,880
and it adds the condition in automatically,

66
00:03:16,880 --> 00:03:19,140
and we can customize that if we want to.

67
00:03:19,140 --> 00:03:23,710
And normally, an alert rule that's based on a metric or a query,

68
00:03:23,710 --> 00:03:25,580
you specify the grain here.

69
00:03:25,580 --> 00:03:29,810
So we're going to say, if the operator is less than one,

70
00:03:29,810 --> 00:03:33,340
which as you can see would have fired an alert earlier today,

71
00:03:33,340 --> 00:03:36,510
then that would satisfy the conditions of the alert,

72
00:03:36,510 --> 00:03:39,170
and then when you create an alert rule in Azure,

73
00:03:39,170 --> 00:03:42,700
you create or link to an existing action group,

74
00:03:42,700 --> 00:03:46,690
and an action group is simply a collection of notifications that

75
00:03:46,690 --> 00:03:49,590
you can make either to Azure role holders,

76
00:03:49,590 --> 00:03:52,720
or you could just do direct email, text message,

77
00:03:52,720 --> 00:03:54,610
push, voice notifications.

78
00:03:54,610 --> 00:03:56,890
The reason why these are called action groups is

79
00:03:56,890 --> 00:03:58,730
that in addition to notifications,

80
00:03:58,730 --> 00:04:03,340
you can run code in a variety of different hosted contexts as you can see here.

81
00:04:03,340 --> 00:04:05,360
So that's a powerful engine for sure.

82
00:04:05,360 --> 00:04:07,810
Let me go back to Monitor, and let me go to Logs because

83
00:04:07,810 --> 00:04:11,440
I had mentioned Kusto a few times, the Kusto query language,

84
00:04:11,440 --> 00:04:16,470
this is the query language Microsoft designed for this kind of analytical work.

85
00:04:16,470 --> 00:04:20,550
Let me select my contoso‑rg resource group as our scope,

86
00:04:20,550 --> 00:04:25,500
and then we have a number of virtual tables based on the diagnostic

87
00:04:25,500 --> 00:04:28,910
settings and logs that we're onboarding into this service,

88
00:04:28,910 --> 00:04:29,290
you see.

89
00:04:29,290 --> 00:04:33,150
You can lookup sample queries here by going to the Queries button,

90
00:04:33,150 --> 00:04:36,920
and we could look up by resource type or by category,

91
00:04:36,920 --> 00:04:41,730
by topic, and we can find potentially useful queries that we can run.

92
00:04:41,730 --> 00:04:44,020
I have one actually on my other monitor.

93
00:04:44,020 --> 00:04:47,390
If we're looking at AFS client issues,

94
00:04:47,390 --> 00:04:51,420
we might want to define a query on each of our registered servers.

95
00:04:51,420 --> 00:04:55,480
Remember, if we onboard our registered servers into Log Analytics,

96
00:04:55,480 --> 00:04:58,520
and we customize the event logs that are coming in,

97
00:04:58,520 --> 00:05:01,810
we then can surface that data here in Log Analytics,

98
00:05:01,810 --> 00:05:06,440
and I doubt you'd see a Kusto query on your AZ‑800 or 801 exam,

99
00:05:06,440 --> 00:05:10,350
but just in case you do, the way they work is you have your virtual table,

100
00:05:10,350 --> 00:05:13,810
so that's going to be step one getting familiar with finding which

101
00:05:13,810 --> 00:05:16,520
virtual table or tables is the one that you want.

102
00:05:16,520 --> 00:05:20,310
Event is the virtual table that categorizes and collects all

103
00:05:20,310 --> 00:05:23,590
of your Windows event logs for any Windows machines that are

104
00:05:23,590 --> 00:05:25,160
reporting to the workspace.

105
00:05:25,160 --> 00:05:26,960
And then after the virtual table,

106
00:05:26,960 --> 00:05:29,450
we separate our clauses with the pipe character.

107
00:05:29,450 --> 00:05:32,430
This editor in the portal is very nice in terms of it

108
00:05:32,430 --> 00:05:34,800
has fast IntelliSense as you can see,

109
00:05:34,800 --> 00:05:37,730
so it can bring up all of the various keywords where you

110
00:05:37,730 --> 00:05:40,360
can constrain and format your results.

111
00:05:40,360 --> 00:05:41,540
What's this one saying?

112
00:05:41,540 --> 00:05:45,810
This one says look in the event logs on all connected Windows machines

113
00:05:45,810 --> 00:05:51,080
where the source is Microsoft‑FileSync‑Agent or FileSync‑Management where

114
00:05:51,080 --> 00:05:53,860
the event level name does not equal informational,

115
00:05:53,860 --> 00:05:56,530
so we want to see warning and error messages.

116
00:05:56,530 --> 00:05:58,990
Again, we can adjust the time grain here.

117
00:05:58,990 --> 00:06:02,050
I'm not sure if we'll get any results back here at this point.

118
00:06:02,050 --> 00:06:03,110
Oh we do, good.

119
00:06:03,110 --> 00:06:04,820
And then you might be thinking, geez,

120
00:06:04,820 --> 00:06:07,260
there is a lot of feedback here in terms of columns.

121
00:06:07,260 --> 00:06:10,810
You can customize the computers that you're seeing here by just

122
00:06:10,810 --> 00:06:14,070
selecting the appropriate data ManagementGroupName,

123
00:06:14,070 --> 00:06:18,340
Message, Parameter, I'm trying to reduce noise a little bit in this query,

124
00:06:18,340 --> 00:06:19,570
TimeGenerated type.

125
00:06:19,570 --> 00:06:20,920
So you see the idea.

126
00:06:20,920 --> 00:06:21,120
Now,

127
00:06:21,120 --> 00:06:23,850
another thing you can do here that's kind of cool is that

128
00:06:23,850 --> 00:06:25,850
you can dynamically generate charts,

129
00:06:25,850 --> 00:06:28,420
that's not going to work necessarily for this view,

130
00:06:28,420 --> 00:06:31,530
but one of the benefits of log analytics is being able

131
00:06:31,530 --> 00:06:33,640
to do that kind of granular work.

132
00:06:33,640 --> 00:06:35,620
So let me see here, EventLevel,

133
00:06:35,620 --> 00:06:39,230
let me expand one of these rows to see if there is anything interesting.

134
00:06:39,230 --> 00:06:42,250
So it looks like, in this case, on my localdc1,

135
00:06:42,250 --> 00:06:45,100
we've got a warning, and then we've got EventData,

136
00:06:45,100 --> 00:06:48,300
File Sync service failed to update a particular item.

137
00:06:48,300 --> 00:06:53,250
So you can begin to scope the query using project as an

138
00:06:53,250 --> 00:06:55,550
alternative to using this switcher here,

139
00:06:55,550 --> 00:06:57,640
and you can just select certain columns,

140
00:06:57,640 --> 00:06:59,420
and you can add additional clauses,

141
00:06:59,420 --> 00:07:04,760
so we might want to look only for a particular type of FileSync‑Agent error,

142
00:07:04,760 --> 00:07:09,410
and ideally when we run this query, we want it to return 0 rows.

143
00:07:09,410 --> 00:07:15,290
Again to tie in with monitoring, we can create an alert rule based on that query,

144
00:07:15,290 --> 00:07:18,380
this is called a log search query or a log query,

145
00:07:18,380 --> 00:07:20,340
and the idea, for example,

146
00:07:20,340 --> 00:07:26,800
is that our condition can be whenever this query returns more than say one row,

147
00:07:26,800 --> 00:07:30,610
so if we have greater than 0 rows returned,

148
00:07:30,610 --> 00:07:32,650
then that would fire the alert.

149
00:07:32,650 --> 00:07:33,490
You see what I mean?

150
00:07:33,490 --> 00:07:37,710
Microsoft or Azure will run this query basically on a loop,

151
00:07:37,710 --> 00:07:40,820
that's one of the benefits of the log query so kind

152
00:07:40,820 --> 00:07:43,040
of a custom query architecture.

153
00:07:43,040 --> 00:07:47,830
Lastly about DFS, I have a DFS‑R topology set up here,

154
00:07:47,830 --> 00:07:49,080
it may be a little bit small.

155
00:07:49,080 --> 00:07:51,690
I wish there was a way I could increase the font here.

156
00:07:51,690 --> 00:07:56,060
But anyway, under Namespaces, I've created a single namespace,

157
00:07:56,060 --> 00:07:59,140
\\contosolocal\corpfiles.

158
00:07:59,140 --> 00:08:02,890
I've just got one target here, a shared folder called scripts,

159
00:08:02,890 --> 00:08:06,700
and I'm replicating that scripts folder to another host,

160
00:08:06,700 --> 00:08:08,050
so I have two hosts.

161
00:08:08,050 --> 00:08:10,740
The main host is this one that I'm on right now.

162
00:08:10,740 --> 00:08:12,690
So following Microsoft's guidance,

163
00:08:12,690 --> 00:08:15,950
you would create a sync group that matches your topology and

164
00:08:15,950 --> 00:08:20,280
begin to plug in those shared folders on your primary

165
00:08:20,280 --> 00:08:22,840
registered server into sync groups.

166
00:08:22,840 --> 00:08:25,940
And then you can do the same thing with your secondary servers.

167
00:08:25,940 --> 00:08:26,420
Alright.

168
00:08:26,420 --> 00:08:28,700
And again, just to come back to the interface,

169
00:08:28,700 --> 00:08:30,970
let's come back to our storage sync service,

170
00:08:30,970 --> 00:08:33,680
let me select my dfs‑root sync group.

171
00:08:33,680 --> 00:08:36,330
Although you can have only one cloud endpoint,

172
00:08:36,330 --> 00:08:40,240
you can have multiple server endpoints feeding into that

173
00:08:40,240 --> 00:08:42,530
single bowed endpoint destination.

174
00:08:42,530 --> 00:08:43,390
So either way,

175
00:08:43,390 --> 00:08:47,490
you're going to probably have to refactor your DFS architecture in your

176
00:08:47,490 --> 00:08:51,010
migration and think about how you want to surface it in Azure,

177
00:08:51,010 --> 00:08:57,000
but you do have that flexibility given the limitations that I've outlined thus far.