Azure updates explained: Unified Connection Monitor in Network Watcher

Version 20.12.15

Azure expert Xander Oortgiesen (@vworlddotnl) brings you up to speed on the latest and greatest updates for Microsoft Azure. On the docket in this blog: Unified Connection Monitor in Network Watcher, Azure Resource Manager template for Azure file share support, and Azure Monitor support for Windows Virtual Desktop.

Hello! Since the release of the last article in this series, version 20.12.01, Microsoft announced several more improvements! Let’s dive in!

Unified Connection Monitor in Azure Network Watcher is now generally available

Azure’s Connection Monitor provides unified end-to-end connection monitoring capabilities for hybrid and Azure deployments. Here are some of the new capabilities:

• Enhanced support for VNETs, subnets, custom on-premises networks, URL and IP-based monitoring
• Support for multiple subscription and cross-region monitoring
• Centralized workspace support for your monitoring data
• Enhanced monitoring support for HTTP, TCP, and ICMP
• Express Route connectivity monitoring between on-premises and Azure
• Enhanced topology to bring together Azure, non-Azure, and internet hops
• Full support for automation through PowerShell, CLI, and Terraform
• Monitor endpoints within and across Azure regions, on-premises sites, and global service locations
• Faster time to detect and diagnose issues in Azure and hybrid networks
• Access to historical monitoring data retained in Log Analytics.
• Metrics and Log Analytics support for both Azure and non-Azure test setups

You can find the Connection Monitor in the Azure Network Watcher pane. The old Connection Monitor is rebranded as Classic:

I think that these latest changes make Connection Monitor more usable, and I definitely think you should take a look at it.

For example, when you have a front-end web server that communicates with a database server, you may want to check network connectivity between them. Or, if you have resources deployed in different regions—for example West Europe and East US—and you want to compare cross-region network latencies. You’ve got a hybrid environment and you want to check connectivity and performance between them? Connection Monitor has your back!

I use it for monitoring my personal blog site and checking latency from different regions all over the world.

All this data is stored in the Log Analytics Workspace so you can keep track over a period of time:

And, of course, all this information can easily be combined into a dashboard:

How to configure Azure Connection Monitor

I’m planning to write an in-depth blog post about this topic, but I couldn’t resist showing you how easy it is to configure Connection Monitor here!

Step 1: Go to the Network Watcher and choose Create Connection Monitor.

Step 2: Configure the test group.

The test group consists of three parts:

• The source you wish to test from
• The test you wish to perform
• The destination you wish to test

Step 3: Specify your source. You can select any subscription, resource group, VM, etc. with the Network Watcher extension enabled.

Step 4: Specify your test configuration. Choose which protocol you want to use, the testing frequency, and the testing thresholds.

Step 5: Select or manually add your destination. You can choose to monitor network infrastructure components, Microsoft 365 components, custom URLs, and much more.

Why this Azure update matters

With these latest improvements, I really don’t think there’s a good reason not to use Connection Monitor in Network Watcher. It’s intuitive and easy to use, and it provides everything you need for monitoring Azure and hybrid environments. In my opinion this should be in your default Azure Landing Zone deployment.

If you’re going to use Connection Monitor, I highly recommend that you keep track of your performance and connectivity (and keep data stored to identify abnormalities), then put all this data in a dashboard so you have a nice overview!

To put my money where my mouth is… I’m going to write an extensive blog about network monitoring, the best practices, dos, and don’ts. All this presented in a step-by-step format so you can easily test it in your environment!

If you’re interested, you can read Microsoft’s pricing details for Connection Monitor.

Azure Resource Manager template for Azure file share

Starting in April 2020, Microsoft provided the option to backup Azure file shares using Azure Backup. But until now, there was no support for automating this task using Azure Resource Manager (ARM). This made automation very difficult, and you had to enable the back-up manually using the Azure admin portal.

ARM provides a powerful way to manage your infrastructure through declarative templates. Just like deploying Azure file shares using templates, Azure Backup now supports configuring backup for existing Azure file shares using ARM templates. Enable backup for your existing file shares by specifying the vault and backup policy details in a JSON file, which can be deployed using Azure CLI, Powershell, DevOps, or even the Azure Portal!

How to set up ARM templates for Azure file share

Step 1: Deploy a storage account with Azure File Share for demo purposes.

I’ve created a demo ARM template for deploying a file share within an Azure storage account. After deploying this template you’ll see your storage account and file share:

Step 2: Enable Azure Backup for the file share you’ve just created.

I’ve also created a demo ARM template for enabling Azure Backup for this (or another!) file share. After deploying, you’ll notice that your Azure file share is protected by Azure Backup:

When you look at the ARM template, you’ll see that you have several options to choose from. Here’s a list of just some of the customizations you can make:

• Resource group you wish to deploy the Recovery Services vault into
• Name of the file share you wish to backup
• Backup location
• Recovery Services Vault Name (Create new or use existing)
• Policy Name (Create new or use existing)
• Days of the week for back-up schedule
• Months of the year

Why this Azure update matters

This one is a no-brainer. When deploying Azure resources, you definitely need the option to automate this and integrate it in your Infrastructure as Code (IaC) environment. No more manual tasks in the Azure portal, and no more forgetting to backup your valuable data!

Azure Monitor support for Windows Virtual Desktop

Azure Monitor for Windows Virtual Desktop is a dashboard built on Azure Monitor Workbooks that helps IT professionals understand their Windows Virtual Desktop environments.

For now, Windows Virtual Desktop only supports one subscription, resource group, and host pool at a time—but expect support for multiple subscriptions, resource groups, and host pools in the future.

Using Azure Monitor for Windows Virtual Desktop gives you direct access to the following information:

• Alerts: Active Azure Monitors alerts you’ve configured
• Available sessions: The number of available sessions in the host pool
• Connection success: True or false, is it possible to make a connection
• Daily active users (DAU): The total number of users that have started a session in the last 24 hours
• Daily alerts: Number of severity 1 alerts in the last 24 hours
• Daily connections and reconnections: Number of connections and reconnections started or completed within the last 24 hours
• Daily connected hours: The total number of hours spent connected to a session across users in the last 24 hours
• Diagnostics and errors: Information, warnings, and errors from multiple sources like RDBroker, RDGateway, etc.
• Input delay: The input delay per process for each session. This is ranked from good (<150ms), to acceptable (150-500ms), poor (500-2000 ms), and bad (above 2 seconds)
• Monthly active users (MAU): The total number of users that have started a session in the last 28 days
• Performance counters: Windows performance counters
• Potential connectivity issues: Potentials issues including attempts, resources, hosts, and clients
• Round-trip time (RTT): The estimate of the connection’s round-trip time between the user and the Azure region where the Windows Virtual Desktop pool resides
• Session history: Status of all sessions, connected and disconnected
• Severity 1 alerts: High priority and urgent items that you need to take care of right away
• Time to connect: Time between starting a session and signing in
• Top users: Top Windows Virtual Desktop users by usage
• User report: View specific users’ connection history and diagnostic information
• Users per core: The number of users in each virtual machine core.
• Windows events: Windows Event logs collected by Log Analytics agents on Windows VMs

Why this Azure update matters

Although in public preview (and, for now, not recommended in your production environment), Azure Monitor support for Windows Virtual Desktop provides great insight into your Windows Virtual Desktop environment. This means you no longer have to rely on third-party vendors to get this kind of data about your environments.

When using Windows Virtual Desktop, this is definitely something you should take a look into.

Thanks so much for reading this edition of Azure updates explained! Tune in in the new year for even more info on the Azure updates you should know about along with tips on how to use them. Happy holidays!