We recently had to demonstrate Azure OMS as a possible alternate (or extension) to on-prem System Center for a large, US based enterprise customer. We took OMS suite for a spin and came out impressed. What follows is an overview.
OMS is IT management as service, extending system center into the cloud. OMS complements the investment that was already made on system center on premise and deliver full hybrid management capabilities. OMS can work as standalone product even without existing system center. OMS is easy to setup and always up to date, because it is SaaS and it helps with analyzing logs, automation, security and compliance etc.
What can you do with OMS?
Azure OMS is like the popular ELK stack (ElasticSearch, Logstash, Kibana) on drugs. Add a bit of Nessus, and a pinch of Nagios and a healthy dose of system center. That’s OMS for you!
The major features of OMS are below:
- Log Analytics - All about logs. Collect logs, search, visualize in powerful dishoards. You can run an agent to collect logs from both windows and Linux machines and gain insights from the logs, thanks to great search features and analytics.
- IT Automation - Orchestrate and automate complex and repetitive operations. You can author graphical runbooks (kind of like SSIS packages or Azure ML studio) for frequent administrative tasks. Want to shutdown all resources in dev resource group at 10 PM and start them again at 9 AM? runbooks are the way to go. It seems that you can enable configuration management too, but I haven’t tested that feature yet. The automation part if currently only possible on Azure resources and not on-premise.
- Backups and Disaster Recovery - Backup and Disaster Recovery helps you protect and extend your datacenter and quickly implement a hybrid cloud. Backup and recovery solutions are powered by Azure Site Recovery and Azure Backup.
- Security and Compliance - Security and Compliance helps you identify, assess, and mitigate security risks to your infrastructure. During my tests, OMS showed me a bunch of IP addresses as potentially being malicious analyzing traffic on an IIS web server, which was pretty cool.
Types of Subscriptions
There are three subscription models for Azure OMS. The below table has the details.
How do you use OMS?
There are two ways to Use Azure OMS.
1. Standalone and Agent based- OMS can be used as a standalone product. OMS has agents that can be installed on IaaS VMs, On-prem VMs. There are installers available for Windows servers, Linux Servers. The Linux installer has been recently announced and is in preview at the moment. I have tested Linux agent as well and it works well.
2. Extend System Center - The on-premise System Center can be extended to Azure using OMS. System Center 2012 Service Pack1 is required.
Soutions Available on OMS
OMS has a solutions gallery. These are like readymade modules you can add and start using. I see the gallery improving at rapid pace with addition new modules. As of this writing, following are the available solutions from the gallery.
App Dependency Monitor: This is in development. It lets you track all application dependencies in a visual manner, real time.
Backup: Provides details about Azure IaaS VM backups and Windows servers. Using a backup agent, we can backup on-prem VMs to Azure and those statistics and data usage show up here.
Containers: Microsoft is betting big on containers with their Nano server releases. This solution tracks Docker container metrics and performance.
SQL Assessment: The agent, when installed on a server where SQL Server is running, collects information from SQL Server error logs, and other metrics and shows them here. I was excited about this feature but unfortunately the plugin didn't work as expected. They will hopefully fix it in future.
AD Assessment: The agent continuously performs an assessment of active directory, collects logs and visualizes them. An example dashboard would look like this
One can drill through the reports and get details about recommendations, potential threats etc. Example below:
Malware Assessment: The agents collect data about malware threats in both Windows and Linux servers and visualize threats. An example would look like this.
Change Tracking: This is self explanatory. Tracks all changes and reports them.
Security and Audit: This module helps tracking all active computers and all security related events. The failed login attempts are highlighted along with attempts to reset passwords etc. It also gives details about distinct suspicious IP addresses.
Once you drill through, it will let you save and export details to Excel.
Azure Networking Analysis: This is still in development and once available, will be a very useful tool to visualize the network utilization in an Azure subscription.
Capacity Planning: For capacity planning.
Azure Site Recovery: If Azure site recovery is enabled, information about the replication process etc are shown here.
System Update Assessment: This solution shows missing updates
You can drill down and find the details about missing updates
Alert Management: configure and manage alerts etc.
Automation: OMS lets you author complex runbooks to automate things on Azure environment.
Configuration Assessment: For assessing configuration of the servers
Wire Data: Agents capture the network traffic and visualize it by protocol, IP address, subnets etc.
Custom Dashboards The place where OMS really shines is the way Microsoft has applied their machine learning prowess to OMS. It lets you create custom dashboards with your own custom queries. All events and logs can be queried and visualized. Example below: