Azure Monitor Baseline Alerts for Platform Observability - Part 1
Stephen Tulp
December 17, 2024
3 minutes to read
Overview
Azure Monitor Baseline Alerts (AMBA) is a framework designed to help monitor and manage your Azure resources. AMBA uses a central repository that combines product group and field experience driven alert definitions that allow customers and partners to improve their observability experience through the adoption of Azure Monitor.
Key capabilities of AMBA include:
- Expert Recommendations: Access a comprehensive list of alert recommendations and expert guidance for Azure resources.
- Stay Alert: Get near real-time notifications to pinpoint issues and visualise alerts from Azure through dashboards.
- Automation Policies: Deploy alert policies consistently with Azure Policy templates.
- Guided Documentation: Find detailed guidance to establish a solid alerting foundation.
- Enhanced Resiliency: Automate Service Health alerts deployment to tackle common resiliency challenges.
The framework focuses on two (2) main sections:
- Azure Services: This section provides guidance for individual Azure services. For each service, there is a list of key alert metrics and the recommended thresholds.
- Patterns / Scenarios: This section provides guidance for common patterns / scenarios (like Azure Landing Zones), as well as policy definition and initiatives for deploying the alerts in your environment.
Platform & Workload Monitoring
AMBA addresses both Platform and Workload monitoring
Platform Monitoring**
- Focus: Underlying infrastructure (e.g. virtual machines, storage, network and platform services)
- Importance: Ensures the foundational layers are healthy and performant.
- Tools: Azure Monitor, Azure Log Analytics.
- Patterns: Azure Landing Zones for AMBA.
Workload Monitoring**
- Focus: Specific applications and services running on the platform.
- Importance: Helps in understanding the behavior and performance of deployed applications.
- Tools: Azure Application Insights, Azure Monitor.
- Patterns: Azure Monitor Packs, Specialised Workload Patterns (AVD, AVS, SAP, etc.)
AMBA ALZ Pattern
The Azure Monitor Baseline Alerts (AMBA) for Azure Landing Zones (ALZ) is a best practice collection of alerts for resources commonly deployed in Azure landing zones. The pattern supports both ALZ aligned and unaligned environments in either a greenfield or brownfield environment, this means that the associated Alerts that leverage Azure Policies can be applied at the relevant Management Group.
The diagram shows where the Azure Policies are applied in a ALZ aligned environment.
Alert Types
There are five (5) types of alerts for the ALZ pattern, these include:
- Metric Alerts: Alerts set on metrics emitted by a certain resource type.
- Log Alerts: Kusto based query alerts against Log Analytics workspace or Azure Resource Graph. Scoped at the subscription, resource group or resource level.
- Activity Log: Alerts based on operations/events logged into the activity log.
- Service Health: Alerts based on service health event. Service Issue, Planned Maintenance, Security Advisory and Health Advisory.
- Resource Health: Alerts based on a health event raised by individual resources.
Alert Flow
The diagram represents the Alert flow across Azure Service Health, Activity Log Alerts and Resource Alerts within a Landing Zone.
Conclusion
In part one of this series we have explored how the Azure Monitor Baseline Alerts (AMBA) framework can provide a cloud native, IaC driven Platform Observability solution for your Azure estate. By leveraging the Azure Landing Zone Pattern and Azure Policy we can apply Policy Initiatives to the relevant Management Groups to automatically create alerts when new resources get provisioned. In part two tomorrow we will deploy this solution into an Azure environment using both the Azure Portal Accelerator and IaC deployment.