Hybrid Cloud Management and Security - Introduction and Analytics

Agenda
• DAY 1
Introduction
Insight and Analytics
• DAY 2
Automation and Control
Security and Compliance
Straddling two worlds
Challenges for modern management
Traditional datacenter Cloud model

• Tight coupling between • Developers have a critical
infrastructure and apps business role
• Expensive, vertically integrated • Micro-services and modern apps
create new complexity
hardware
• The server is no longer the center
• Siloed infrastructure and operations point
• Highly customized processes and • Application data is business data
configurations
Modern IT investments
SI
COST POLICY SUBSCRIPTION DEVOPS TOOLING PACKAGING
DETECT PREVENT ORCHESTRATION PATCHING

WINDOWS, LINUX
AZURE, AWS, CONFIG MONITORING
PRIVATE CLOUDS
BACKUP RECOVERY ANALYTICS DISCOVERY ALERTS

Ideologies for shifting investments
Speed Flexibility Simplicity
• Setup within minutes • Connects to existing tools • Easy-to-use dashboards

• Faster troubleshooting • Custom solutions and data • Reduced management infrastructure
• Real-time innovation • Traditional and modern cloud • Cohesive solutions
Evolution of Management Tools
Cloud
Era
Enterprise
Era
LAN
Era
MaaS for Hybrid and Open Systems
Why OMS?
Simplicity Time to Value Easy to Integrate Optimized for
System Center
A single portal for Onboard fast. No Add new servers, Complements

all your content to create. or connect to your System Center
management Connects to your existing investment to
tasks. No on-premises management tools unleash new
infrastructure to
maintain. datacenter. within minutes. management
scenarios
Log analytics Automation Availability Security
Gain visibility across your Orchestrate complex and Increase data protection Help secure your
hybrid enterprise cloud repetitive operations and application workloads, servers, and
availability users
Microsoft hybrid IT management
Simplified guest and workload management, both on-premises and in the cloud
Microsoft
Operations
Management Suite
WINDOWS WINDOWS
WINDOWS WINDOWS
Public cloud Private or hosted third-party cloud,

Azure or AWS Rackspace, etc.
WINDOWS
HYPER-V
WINDOWS
VMWare
WINDOWS
On-premises with System Center

Log analytics
Gain visibility across your hybrid enterprise cloud.
• Deliver unparalleled insights across your datacenters

and public clouds, including Azure and AWS.
• Collect, store, and analyze log data from virtually any

Windows Server and Linux source.
Easy collection, correlation, Insight into physical, virtual, Proactive operational data
and visualization of your and cloud infrastructure analysis
machine data health, capacity, and usage
Log management across physical, Capacity planning and deep visibility Faster investigation and resolution of
virtual, and cloud infrastructure into your datacenter and across operational issues with deep insights
premises
Orchestrate complex and repetitive operations.
• Create, monitor, manage, and deploy resources
• Reduce errors and boosting efficiency

Reduction of time- Quick start of automation Better visibility into
consuming, error-prone tasks using Runbook Gallery automation activities
cloud management tasks
Creation, monitoring, Ready-to-use automation sample, Runbook monitoring with easy-to-read

management, and deployment utility, and scenario runbooks dashboard charts and log records
of resources in hybrid
environments
Ensure data integrity and application availability.
Backup and enable integrated recovery for all your

servers and applications, no matter where they reside..
Affordable in-box business Seamless integration with Best-in-class security and
continuity and disaster existing backup and data encryption
recovery solution recovery investments
Automated virtual machine Integration of on-premises Security-enhanced replication of

replication replication tools with cloud-based application data
recovery
Simple, flexible, and Flexible management of Protection of business-
affordable disaster recovery application uptime and critical data where it resides
resources
Ability to define recovery plans Maximum uptime with resource Unified solution for protecting data
and easy-to-manage recovery health assessment on-premises and in the cloud
points
Help secure your workloads, servers, and users.
Identify missing system updates and malware status.

Collect security-related events and perform forensic,
audit, and breach analysis. Enable cloud-based patch
management for all your environments.
Identification of missing Comprehensive view into Collect security related
system updates across data your organization’s IT events
centers or in a public cloud security posture
Comprehensive updates Detection of breaches and threats Perform forensic, audit and breach
assessment across datacenters and with malware assessment analysis
public clouds
Any cloud
Security Visibility
Microsoft
Key Scenarios
• Insight and Analytics
• Configuration and Automation
Hybrid
• Application Management
• Security
• Backup
Protection Control
Management
• Disaster Recovery
System
Center
Any platform
On-premises
Sign Up for OMS in just 3 Clicks
Go to Microsoft.com/OMS and click the
“Try for Free” button. Sign in with a
Microsoft Account.
Provide a unique “Workspace Name”

such as <CompanyNameProd>. A
workspace is a logical for your data.
Specify an “Email” and the Region
where your data will reside.
You can create a new Azure

Subscription or link and existing one. Or
choose Free Trial.
Sign Up for OMS in Azure Portal
Sign on to https://portal.azure.com.
New | Management > | Log Analytics
(OMS) in the Azure Portal.
Provide a unique “Workspace Name”

such as <CompanyNameProd>. A
Resource Group name, Location and
Pricing tier option. Free, Standard or
Premium.
You can link to an existing OMS

Workspace or create a new one.
Summary in Portal or go to OMS Portal.
Operational excellence
with insights and analytics
Fast
Simple and Gain
troubleshoot
unified immediate
and auto
experience insight
remediate
Simple and unified experience
Challenges
Individual
monitoring
Platform and
Application
monitoring tool
Network
monitoring tool Individual
monitoring
Security
analysis tool
Individual
monitoring
On premises Application data
datacenter
Platform data
Network data
Security data
Individual Hosters
monitoring
Simple and unified experience
Solution
Individual
monitoring
Platform and
Platform and
Application
monitoring tool Application IT
monitoring Operational
Network excellence
monitoring tool Individual
monitoring
Security
analysis tool
Individual
Application data Security Network monitoring
Platform data analysis monitoring

Network data
Security data
Individual Hosters
monitoring
Simple and unified experience UNIFIED
EXPERIENCE
Expand your enterprise management with a consistent experience
Single platform for Leverage existing Access anywhere with a

overall management management platform consistent user experience
• Single pane of control • Integrate with existing systems • Control from anywhere
• Unified experience • Connect with isolated resources • Consistent user interface
UNIFIED EXPERIENCE
COLLECT AND INDEX DATA SEARCH AND INVESTIGATE CORRELATE AND ANALYZE VISUALIZE AND REPORT MONITOR AND ALERT
Single platform for

overall management
Single pane of control for log Unified experience to manage your
analytics, automation, back up, resources in public, private cloud as
site recovery and security well as traditional datacenters
UNIFIED EXPERIENCE
Windows agents
• Log Analytics
SCOM
• Automation
• Site Recovery
Linux / FluentD • Backup
REST Collection API Operations Management Suite
Sample list of log/metrics that

OMS collects:
SaaS services • Custom Application/Infra logs
• Windows event logs
O365
• Window performance counters
• Security Event Logs
Azure Storage / • IIS Logs
• ETW logs
Azure Diagnostics
Event Hub Log Stash • Azure Diagnostics
UNIFIED EXPERIENCE
Windows agents
Operations Management Suite
Connect to Windows computers in your on-premises infrastructure directly to OMS workspaces by using a
customized version of the Microsoft Monitoring Agent (MMA).
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-windows-agents/
UNIFIED EXPERIENCE
SCOM
Integrate Operations Manager with your OMS workspace to:

• Continue monitoring the health of your IT services with Operations Manager
• Maintain integration with your ITSM solutions supporting incident and problem management
• Manage the lifecycle of agents deployed to on-premises and public cloud IaaS virtual machines that you monitor
with Operations Manager
UNIFIED EXPERIENCE
Linux / FluentD
Collect and act on data generated from Linux computers. Adding data collected from Linux to OMS allows you to
manage Linux systems and container solutions like Docker regardless of where your computers are located—virtually
anywhere.
Upload data
(HTTPS)
syslog
Firewall/proxy
Nagios
OMS Service
Zabbix
Providers
Docker
Pull configuration
(https)
Linux Computer
UNIFIED EXPERIENCE
Linux / FluentD
Supported Linux platform
6.x 32/64-bit 5.x 32/64-bit

7.x 32/64-bit 6.x 32/64-bit
8.x 32/64-bit 7.x 64-bit
5.x 32/64-bit
2013.09 – 2015.09 6.x 32/64-bit
7.x 64-bit
12.x 32/64-bit alpha
14.x 32/64-bit beta
15.x 32/64-bit stable
16.x 32/64-bit
10.x 32/64-bit
5.x 32/64-bit
11.x 32/64-bit
6.x 32/64-bit
12.x 64-bit
7.x 64-bit
UNIFIED EXPERIENCE
REST Collection API
Leverage REST collection API to ingest custom data to Operations Management Suite
API
Log Search API
Ensure json is flattened and not nested • Create, manage and run searches
$json = @" Alert API

[{ "slot_ID“ : 12345, • Create and manage alerts
"ID“ : "5cdad72f-c848-4df0-8aaa-ffe033e75d57",
Powershell
"availability_Value": 100,
"measurement_Name“ : "last_one_hour", Log Analytics cmdlets
"duration“ : 3600,
"ExecutionTime“ : "2016-05-12T20:00:00.625Z" Nouns
}, • ComputerGroup
{ … }] • IntelligencePacks (solutions)
"@ • LinkTargets
• SavedSearch
• SavedSearchResults
• StorageInsights
• Workspace
• WorkspaceManagementGroups
• WorkspaceSharedKeys
• WorkspaceUsage
UNIFIED EXPERIENCE
Leverage existing
management platform
Do not rip and replace by Operations Management Suite
leveraging your management Gateway to connect with isolated
platform such as System Center, environment
Zabbix or Nagios
UNIFIED EXPERIENCE
Collect alerts from Operations Manager

To collect alerts from
Operations Manager, you will
need to
1. On the Operations
Management Suite
Onboarding Wizard:
associate with your OMS
subscription
2. If you have more than

one workspace, select the
workspace you want to
register with the
Operations Manager
management group from
the drop-down list, and
then click Next.
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-om-agents/
UNIFIED EXPERIENCE
Collect alerts from Nagios and Zabbix
To collect alerts from Nagios and

Zabbix, you will need to
1. Grant the user omsagent read

access to the Nagios log file
2. Modify the
omsagent.confconfiguration file
(/etc/opt/microsoft/omsagent/conf
/omsagent.conf).
3. Restart the omsagent daemon
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-linux-agents/
UNIFIED EXPERIENCE
Access anywhere with a

consistent user experience
Control from anywhere with iOS, Consistent user interface across
Android and Windows Phone. Operations Management Suite and
Azure services
Simple and Gain Fast
unified immediate troubleshoot
experience insight and auto
remediate
Gain immediate insight
Challenges
Business
Platform and owners?
Application
monitoring
Application
owners?
Security Network
analysis monitoring
Infrastructure
owners?
Gain immediate insight
Solution
Business
owners
Application
owners
Infrastructure
owners
Intelligence
Engine
Gain immediate insight UNIFIED
Provide an immediate insight for your hybrid environment based EXPERIENCE
on trusted sources.
Quick data Experienced sources Analyze petabytes of

collection of insight data from the cloud
• Automatic data collection • Single source of truth • Infrastructure free

• Custom log collection • Experienced and trusted insight • Business insight
UNIFIED EXPERIENCE
Quick data
collection
Automatic end point data selection Custom log collection including
and collection Windows and Linux
UNIFIED EXPERIENCE
Automatic data selection and collection
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-data-sources/
UNIFIED EXPERIENCE
Custom log collection
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-data-sources-custom-logs/
UNIFIED EXPERIENCE
Experienced
sources of insight
Single source of truth, gathering Correlate and analyze through
data from public cloud, private Knowledge obtained by the trusted
cloud, traditional datacenters source such as product team, support
team, MSIT, Digital Crime Unit
UNIFIED EXPERIENCE
Solutions
Log Analytics solutions are a collection of logic, visualization and data acquisition rules that provide
metrics pivoted around a particular problem area.
https://azure.microsoft.com/en-us/documentation/articles/log-analytics-add-solutions/
UNIFIED EXPERIENCE
Solutions
Data collection details for OMS features and solutions
SCOM agent data sent

Data type Platform Direct Agent SCOM agent Azure Storage SCOM required? Collection frequency
via management group
AD Assessment Windows 7 days
AD Replication Status Windows 5 days
Alerts (Nagios) Linux on arrival
Alerts (Zabbix) Linux 1 minute
Alerts (Operations
Windows 3 minutes
Manager)
Antimalware Windows hourly
Capacity Management Windows hourly
Change Tracking Windows hourly
Change Tracking Linux hourly
ETW Windows 5 minutes
IIS Logs Windows 5 minutes

UNIFIED EXPERIENCE
Solutions
Data collection details for OMS features and solutions
SCOM agent data sent
Data type Platform Direct Agent SCOM agent Azure Storage SCOM required? Collection frequency
via management group
Key Vaults Windows 10 minutes
Network Application
Windows 10 minutes
Gateways
Network Security
Windows 10 minutes
Groups
Office 365 Windows on notification
Performance Counters Windows as scheduled, minimum of 10 seconds
Performance Counters Linux as scheduled, minimum of 10 seconds
Service Fabric Windows 5 minutes
SQL Assessment Windows 7 days
SurfaceHub Windows on arrival
from Azure storage: 10 minutes; from

Syslog Linux
agent: on arrival
at least 2 times per day and 15
System Updates Windows
minutes after installing an update
Windows security for Azure storage: 10 min; for the
Windows
event logs agent: on arrival
Windows firewall logs Windows on arrival
for Azure storage: 1 min; for the

Windows event logs Windows
agent: on arrival
UNIFIED EXPERIENCE
Gain immediate insight from containers

Containers are lightweight, pared-down virtual machines that can be easily provisioned, developers
have created them sporadically as a solution to support their continuous delivery. As containers are
being used widely in production and are exploding in numbers, demand for container monitoring has
increased. A centralized approach to logging and monitoring is required. OMS Container Solution for
Linux helps with these needs.
https://blogs.technet.microsoft.com/msoms/2016/08/24/announcing-public-preview-oms-container-solution-for-linux/
UNIFIED EXPERIENCE
Gain immediate insight from containers

With the OMS Container Solution, you’ll be able to:
• Centralize and correlate millions of logs from Docker containers at scale
• See real-time information about Container status, image, and affinity
• Quickly diagnose “noisy neighbor” containers that can cause problems on Container hosts
• Retrieve, visualize, and monitor CPU, memory, storage, and network usage with 10-second real-
time performance metrics
• View detailed and secure audit trail of all Docker actions on Container hosts
Two types of installation methods to support different operating system types, such as CoreOS.
UNIFIED EXPERIENCE
Solutions: VMware Monitoring (Preview)

Aggregate all the ESXi Host logs in any location to a centralized repository for insightful analysis and
monitoring. The solution consolidates and parses logs into a comprehensive dashboard which help
monitor, alert, and quickly analyze the ESXi Host and VM activities.
• Provide Visualization Dashboard

• Monitor Event, Warning, Failure
• Provides deep Log Analysis with
search and trending
VMware • Assist Alerting
ESXi Servers
SCSI/Disk
VM ESXi ESXi
Status and
…
Activities Events Failure
Error
https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-vmware
UNIFIED EXPERIENCE
Solutions: Network Performance Monitor (NPM)

• Network Performance
Monitor (NPM) monitors
connections between office
sites, clouds and
applications.
• NPM offers near real time

monitoring of network
performance parameters like
loss and latency between
two networks.
• NPM helps you to quickly

locate the source of the
problem for easy
troubleshooting.
UNIFIED EXPERIENCE
NPM : Monitor Any Connection
On Premises
Multiple Sites
Hybrid Networks
Multiple VNETs
3rd Party Cloud
UNIFIED EXPERIENCE
Network Custom Alert

Rules
Analytics-Driven
Monitoring
Performance
Monitor (NPM) OMS
Detect Faults
Intelligent Averaging, Auto-

Detected Thresholds to reduce
Auto Detect false Alerts
Subnets & Paths
NPM Service
Active Probes
OMS Agents
Agents can be placed
across DC/Cloud
Determine E2E Loss
& Latency
UNIFIED EXPERIENCE
Network
Performance
Monitor (NPM):
OMS
How it Works
1. Add the NPM Solution to your
OMS Workspace
2. Download and install OMS
agents. OMS agent downloads
NPM Intelligence Pack (IP)
3. NPM IP: Detect subnets and
upload to OMS
NPM Service 4. NPM IP: Pull peer config
information from OMS
5. Start active probes, periodically
upload data to OMS
6. NPM OMS logic aggregates and
shows comprehensive perf data
OMS Agents OMS Agents Active Probes OMS Agents
UNIFIED EXPERIENCE
Choose the NPM Protocol : ICMP or TCP

NPM uses synthetic transactions to calculate Network Performance Metrics like Packet Loss and Link
Latency.
• Consider an NPM Agent connected to one end of a network link.

• This NPM Agent sends probe packets to a second NPM Agent.
• The second Agent replies with response packets.
• By measuring the number of replies and time taken to receive each reply, the first NPM Agent
assesses link latency and packet drops.
The Protocol choice affects the accuracy of the results. It also determines whether you must take any
manual steps after you deploy the NPM solution:
• NPM offers you the choice between ICMP and TCP protocols.
• If ICMP, the NPM agents use ICMP ECHO messages to calculate the network latency and packet loss.
• If TCP, the NPM agents send TCP SYN packet over the network.
UNIFIED EXPERIENCE
Network Performance Monitor Dashboard

UNIFIED EXPERIENCE
Solutions: Service Map

Service Map automatically discovers application components on Windows and Linux systems and maps
the communication between services for servers on any Cloud Platform as well as on premises
With Service Map as a Solution, you can:
• View your servers as interconnected systems that deliver critical services

• Discover various dependencies across servers, processes and third party services
• Have Migration Assurance to effectively plan, accelerate and validate Azure Migrations
• View Server Summary & Properties
• Perform and manage Change Tracking
• Configure and View Alerts
• View various Performance Metrics
• View Critical Security Issues
• Integrate with Patch Management
• Configure Incident Management
• Computer and Process Inventory in Log Analytics
• Security event correlation
• Historical Queries
• SCOM integration
And many more !!

UNIFIED EXPERIENCE
How Service Map Helps ?

Application or Services Automatically discover all
Service
dependencies for any
Windows or Linux system
Application Email SharePoint Active
Web sites Web sites Directory
View all TCP-connected

processes,
Hypervisor (ESXi / Hyper-v) Public Cloud (Azure / AWS) their bound ports and
connections
Virtual machines Virtual machines

View dynamic maps of
your system topology, live
Infrastructure
and historical
Visualize any alerts or

change events
Database Storage Network Database Service bus Storage Network across all dependencies for
a given machine
UNIFIED EXPERIENCE
Challenges : Migrate to Cloud

On-premises IT
systems
Public cloud
Challenges:
• Several man-months of effort to

map out pre-migration
environment
• Identifying critical servers and

Any PaaS and
IaaS systems
Datacenter knowing which servers and
applications must be moved
together
• Different management tools to

manage cloud and on-premises
resources
• Maintaining high ROI by

minimizing migration costs
On-premises IT
UNIFIED EXPERIENCE
Service Map : Assessment for Migration

Discover Assess Move Validate Manage
Identify critical Avoid migration 24x7 monitoring

servers and disasters and Verify proper of applications,
Build application applications minimize migration with workloads, and
and server downtime with Comparison underlying
dependency Identify and fix automatic Reports infrastructure
maps in minutes existing issues dependency
rather than before migration map updates Quickly catch Custom alerting
weeks or any
months Improve Migrate more performance Data export and
Application efficiently by issues in the new third party
No need for Performance moving environment integration
costly manual and save on connected
cataloging of post-migration servers together No need to Manage on-
servers, services, cost by install new tools premises, cloud,
and applications identifying over Immediately find to monitor cloud and hybrid
and under- any failing resources services and
utilized servers transactions applications
UNIFIED EXPERIENCE
Solutions: Service Map

UNIFIED EXPERIENCE
Solutions: NSG Analytics

NSG Analytics gives you detailed diagnostics and
logs of the NSG rules currently created and
applied
• With the help of NSG Analytics, you can view

the rules which “Blocked” or “Allowed” traffic
• You will have to enable Diagnostics on the
Network Security Groups
• Send the NSG Flow Logs to a Log Analytics
Workspace
Check for the two types of Logs

to be stored:
• NetworkSecurityGroupEvent
• NetworkSecurityGroupRuleCounter
UNIFIED EXPERIENCE
Solutions: NSG Analytics

After you click the Azure Network Security Group Analytics tile on the Overview, you can view summaries
of your logs and then drill in to details for the following categories:
• Network security group blocked flows

• Network security group rules with blocked flows
• MAC addresses with blocked flows
• Network security group allowed flows
• Network security group rules with allowed flows
• MAC addresses with allowed flows
On the Azure Network Security Group Analytics dashboard, review the summary information in one of
the blades, and then click one to view detailed information on the log search page
On any of the log search pages, you can view results by time, detailed results, and your log search history.
You can also filter by facets to narrow the results
UNIFIED EXPERIENCE
UNIFIED EXPERIENCE
OMS Gateway
The OMS Gateway allows data collected on server machines to be pushed to a proxy
machine for upload. This allows Production Servers to stay off the Internet
• If computers that are behind a DMZ, can be configured with the OMS agent to directly
connect to an OMS workspace.
• All computers will instead communicate with the OMS Gateway.
• The gateway transfers data from the agents to OMS directly, it does not analyze any of
the data in transit.
When an Operations Manager Management group is integrated with OMS, the Management
servers can be configured to connect to the OMS Gateway to receive configuration
information and send collected data.
• Operations Manager Agents send some data such as Alerts, Configuration Assessment,
Instance Space, and Capacity Data to the Management Server.
• IIS Logs, Performance, and Security events are sent directly to the OMS Gateway.
• If Operations Manager Gateway server is deployed in a DMZ, it cannot communicate
with an OMS Gateway.
UNIFIED EXPERIENCE
OMS Gateway: Manage Offline Servers

• It is recommended that you install the OMS Agent on the computer running OMS Gateway to
monitor the OMS Gateway.
• Additionally, the agent helps the OMS Gateway identify the service end points that it needs to
communicate with.
• Each agent must have network connectivity to its gateway so that agents can automatically transfer
data to and from the gateway.
• Installing the Gateway on a Domain Controller is not recommended.
UNIFIED EXPERIENCE
OMS Gateway: Architecture Overview

UNIFIED EXPERIENCE
OMS Gateway: SCOM Attached Agents
Agents attached via SCOM

• Some Data sent via
Management Server
• Some Data (High Volume) sent
directly
OMS Gateway
• Configure SCOM Management
Server Proxy
• Install Microsoft Monitoring
Agent on Proxy
• Install OMS Gateway on Proxy
UNIFIED EXPERIENCE
Analyze petabytes of
data from the cloud
Infrastructure free, On the fly metrics PowerBI integration
management as a aggregation
service
UNIFIED EXPERIENCE
View designer
Create visual tiles based on searches
Assemble tiles on a dashboard
View Designer editing Overview Tile to show custom service’s front-end custom events and performance data
UNIFIED EXPERIENCE
View designer
Create visual tiles based on searches
Assemble tiles on a dashboard
Complete with metrics visualized in line charts, distributions of event levels for my service, and the amount of data getting
for both types of events. Each visualization can drill down into OMS Log search.
Simple and Gain Fast
unified immediate troubleshoot
experience insight and auto
remediate
Fast troubleshoot and auto remediate
Challenges
Platform and
Application
monitoring
Security Network
analysis monitoring
Too many Unclear with Manual

alerts remediation process
Fast troubleshoot and auto remediate
Solution
Platform and
Application
monitoring
Filter alerts Professional knowledge
Security Network Specific search alert Community based

analysis monitoring
Automated
Problem
process
solved
Fast troubleshoot and auto remediate UNIFIED
Solve issues as quickly as possible in an automated fashion to improve EXPERIENCE
your SLA
Identify root cause Community based Auto

with powerful search automation remediate
• Powerful search • Leverage PowerShell community for • Leverage automation from

automating via PowerShell based the cloud
• Alert notification
runbooks
• Connect existing alerts to
auto remediate
UNIFIED EXPERIENCE
Identify root cause

with powerful search
Powerful search Alert notification
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Alert management
UNIFIED EXPERIENCE
Community based
automation
Leverage PowerShell community for automating via PowerShell based runbooks
UNIFIED EXPERIENCE
Community based runbooks

Automate your task based on community gallery
UNIFIED EXPERIENCE
Auto remediate
Leverage automation Connect existing alerts
from the cloud to auto remediate
UNIFIED EXPERIENCE
Auto remediate based on alerts

Automate your task based on community gallery
UNIFIED EXPERIENCE
Auto remediate based on alerts

Setup alert rule to trigger automated task
What we’ve learned
Fast
Simple and Gain
troubleshoot
unified immediate
and auto
experience insight
remediate
• Single platform • Quick data collection • Identify root cause

• Leverage existing • Trusted insight • Community based
platforms • Petabytes of data automation
• Access anywhere • Auto remediate
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid Cloud Management and Security - Introduction and Analytics

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Hybrid Cloud Management and Security - Introduction and Analytics

Enviado por

Direitos autorais:

Formatos disponíveis

Agenda

Traditional datacenter Cloud model

DETECT PREVENT ORCHESTRATION PATCHING

BACKUP RECOVERY ANALYTICS DISCOVERY ALERTS

Speed Flexibility Simplicity

• Setup within minutes • Connects to existing tools • Easy-to-use dashboards

A single portal for Onboard fast. No Add new servers, Complements

Public cloud Private or hosted third-party cloud,

On-premises with System Center

• Deliver unparalleled insights across your datacenters

• Collect, store, and analyze log data from virtually any

• Create, monitor, manage, and deploy resources

• Reduce errors and boosting efficiency

Creation, monitoring, Ready-to-use automation sample, Runbook monitoring with easy-to-read

Backup and enable integrated recovery for all your

Automated virtual machine Integration of on-premises Security-enhanced replication of

Identify missing system updates and malware status.

Provide a unique “Workspace Name”

You can create a new Azure

Provide a unique “Workspace Name”

You can link to an existing OMS

Platform data analysis monitoring

Single platform for Leverage existing Access anywhere with a

Single platform for

REST Collection API Operations Management Suite

Sample list of log/metrics that

Operations Management Suite

Operations Management Suite

Integrate Operations Manager with your OMS workspace to:

Operations Management Suite

Operations Management Suite

Supported Linux platform

6.x 32/64-bit 5.x 32/64-bit

REST Collection API

Operations Management Suite

$json = @" Alert API

Collect alerts from Operations Manager

2. If you have more than

Collect alerts from Nagios and Zabbix

To collect alerts from Nagios and

1. Grant the user omsagent read

3. Restart the omsagent daemon

Access anywhere with a

Provide an immediate insight for your hybrid environment based EXPERIENCE

Quick data Experienced sources Analyze petabytes of

• Automatic data collection • Single source of truth • Infrastructure free

Automatic data selection and collection

Custom log collection

SCOM agent data sent

AD Assessment Windows 7 days

AD Replication Status Windows 5 days

Alerts (Nagios) Linux on arrival

Alerts (Zabbix) Linux 1 minute

Antimalware Windows hourly

Capacity Management Windows hourly

Change Tracking Windows hourly

Change Tracking Linux hourly

ETW Windows 5 minutes

IIS Logs Windows 5 minutes

Key Vaults Windows 10 minutes

Office 365 Windows on notification

Performance Counters Windows as scheduled, minimum of 10 seconds

Performance Counters Linux as scheduled, minimum of 10 seconds

Service Fabric Windows 5 minutes