What is Azure Network Watcher?
Most of us are starting to deploy more and more cloud assets. When you think about how you deploy some assets in Azure, you basically build out a virtual network and you can set that up so it ties in with your on premises network through express route or VPN or you can run it independently in the cloud and have your virtual network set. The question is, how do you monitor and manage that virtual network, like some of the components and how the virtual machines interact? Here’s where Azure Network Watcher comes in.
Azure Network Watcher allows you to monitor, diagnose and gain insight into your network performance between various points in your network infrastructure.
Here’s a breakdown of some of the elements:
1. The Monitoring Element – You can monitor from oneendpoint to another with connection monitor to ensure connectivitybetween 2 points, like a web application and a database for instance.You’ll be alerted with potential issues such as a disconnect betweenthose two services.
It also monitors latency times for evaluation. When you look at thoselatency times over a period, you’ll know what the average latency isand the max and min. Then you can think about you possibly gettingbetter service in a different Azure region.
2. The Network Performance Monitor – Allowsmonitoring between Azure and on-premises resources for hybrid scenariosusing VPN or express route. It also has some advanced detection totraffic blackholing and routing errors – in other words, some advancedintelligence when it comes to these network issues.
Best of all, as you add more endpoints it will develop a visualdiagram of your network with a topology tool which will look like avisio-diagram, showing IP addresses, host names, etc.
3. Diagnostic Tools – From a diagnostic standpointthere are several diagnostic tools that give you better insight intoyour virtual network by diagnosing possible causes of traffic issues.
IP Flow – Tells you which security ruleallowed or denied traffic to or from a virtual machine in your virtualnetwork for further inspection or remediation.
Another tool tests communication for routing rules by letting us add asource and destination IP, then shows the results of that route, againto investigate further or remediate.
The Connection Troubleshooting Tool –Enables you to test a connection between two VMs, FQDN, URI or IDP4addresses and returns info like the Connection Monitor but only aboutthat point and time latency, not over a span of time.
The Packet Capture Tool – Allows traffic tobe captured to and from a virtual machine with some fine-grainedfiltering to be stored inn Azure storage and further analyzing withnetwork encapture tools like Wire Shark, for instance.
4. Metrics Tools – There are some limitations as tohow many resources you can deploy within an Azure network which can bebased on subscriptions or regions. The Metric Tool gives you thevisibility that you need to understand exactly where you are inside ofthose limitations. It shows you how many of those resources you’vedeployed and how many are still available that you can deploy – so ithelps you set up planning for the future as you deploy more and moreresources.
5. Logging – We’ve done some interesting things withlog analytics. Log analytics provides the ability to capture data abouta bunch of Azure networking components, like network security groups,public IP addresses, load balances, virtual networking and applicationgateways, to name a few.
All these logs can be captured and stored in Azure storage andfurther analyzed. Many can be fed into Operations Management Studio(OMS). This gives you a single pane of glass experience when you want tolook at your environment at that “50,000-foot level”.
So, as you begin to deploy more and more assets into your Azureenvironment, this is a helpful service to monitor and manage yourvirtual network. You get a high-level overview of what that networklooks like.