Deploy the Azure Monitor Agent (AMA) on Azure Arc-enabled servers

The following Jumpstart scenario will guide you on how to deploy the Azure Monitor Agent (AMA) as an extension on your Azure Arc-enabled servers, both Linux and Windows systems.

The Azure Monitor agent (AMA) collects monitoring data from the guest operating system of supported infrastructure and delivers it to Azure Monitor.

NOTE: This scenario assumes you already deployed VMs or servers that are running on-premises or other clouds and you have connected them to Azure Arc. If you haven’t, this repository offers you a way to do so in an automated fashion:

Please review the Azure Monitor Agent (AMA) supported OS documentation and ensure that the VMs you will use for this exercise are supported. For Linux VMs, check both the Linux distribution and kernel to ensure you are using a supported configuration.

Prerequisites

  • As mentioned, this scenario starts at the point where you already deployed and connected VMs or servers to Azure Arc. In the screenshots below, you can see a Windows and a Linux server that have been connected with Azure Arc and are visible as resources in Azure.

    Screenshot Azure Arc-enabled servers on resource group

    Screenshot Linux Azure Arc-enabled server connected status

    Screenshot Windows Azure Arc-enabled server connected status

  • Install or update Azure CLI. Azure CLI should be running version 2.14 or later. Use az --version to check your current installed version.

  • To complete this scenario, the user or service principal running the automation need these minimum RBAC permissions: Azure Connected Machine Resource Administrator on your Azure Arc-enabled servers. Monitoring Contributor and Microsoft.Resources/deployments/* on the resource group where you will deploy this scenario.

Deployment Options and Automation Flow

This Jumpstart scenario provides multiple paths for deploying and configuring resources. Deployment options include:

  • Azure portal
  • ARM template via Azure CLI

The steps below will help you get familiar with the automation and deployment flow.

  1. User provides the ARM template parameter values, either via the portal or editing the parameters file. These parameter values are being used throughout the deployment.

  2. User deploys the ARM template at the resource group level.

  3. User is verifying the successful extension deployment and data collection rules creation.

Deployment Option 1: Azure portal

  • For Windows VMs, click the button and enter values for the the ARM template parameters.

    Screenshot showing Azure portal deployment

    Screenshot showing Azure portal deployment

  • For Linux VMs, click the button and enter values for the the ARM template parameters:

    Screenshot showing Azure portal deployment

    Screenshot showing Azure portal deployment

  • To match your configuration you will need to provide:

    • The subscription, resource group, Computer name and location where you registered the Azure Arc-enabled server:

      Screenshot Azure Arc-enabled server location

    • The Log Analytics workspace name that will be created.

Deployment Option 2: ARM template with Azure CLI

As mentioned, this deployment will leverage ARM templates.

  • Clone the Azure Arc Jumpstart repository

    git clone https://github.com/microsoft/azure_arc.git
    
  • Edit the parameters file providing the values that match your configuration as described above.

    Screenshot ARM template parameters file

  • Choose the ARM template that matches your operating system, for Windows and Linux, deploy the template by running the following command:

    az deployment group create --resource-group <Name of the Azure resource group> \
    --template-file <The ama-*-template.json template file location> \
    --parameters <The ama-template.parameters.json template file location>
    
  • Once the template has completed its run, you should see an output as follows:

    Screenshot ARM template execution output

  • You will have the Azure Monitor Agent (AMA) deployed on your Windows or Linux system and reporting to the Log Analytics workspace that has been created. You can verify by going back to your Azure Arc-enabled server, Extensions section:

    Screenshot AMA extension on Windows

    Screenshot AMA extension on Linux

  • Moreover, a Data Collection Rule (DCR) is created to send logs from the Azure Arc-enabled servers to the new Log Analytics workspace.

    Screenshot Data Collection Rules and Log Analytics workspace

  • If you click on any of the Data Collection Rules (DCR), you will see the Resources attached to it and the collected Data Sources.

    • For Windows, the following Data Collection Rule (DCR) is created. On the Resources blade, you will see your Windows Azure Arc-enabled server:

      Screenshot Windows Data Collection Rules - Resources

    • On the Data Sources blade, you will see two Data Sources, Performance Counters and Windows event logs:

      Screenshot Windows Data Collection Rules - Perf Counters

    • If you click on any of them, you will see the Data source that is collected and the Destination, which is the Log Analytics workspace created as part of this scenario:

      Screenshot Windows Data Collection Rules - Perf Counters - Data Source

      Screenshot Windows Data Collection Rules - Perf Counters - Destination

      Screenshot Windows Data Collection Rules - Windows Event Logs

      Screenshot Windows Data Collection Rules - Windows Event Logs - Data Source

      Screenshot Windows Data Collection Rules - Windows Event Logs - Destination

    • For Linux, this is the Data Collection Rule (DCR) created as part of this scenario. On the Resources blade, you will see your Linux Azure Arc-enabled server:

      Screenshot Linux Data Collection Rules - Resources

    • On the Data Sources blade, you will see two Data Sources, Performance Counters and Linux syslog:

      Screenshot Linux Data Collection Rules - Perf Counters

    • If you click on any of them, you will see the Data source that is collected and the Destination, which is the Log Analytics workspace created as part of this scenario:

      Screenshot Linux Data Collection Rules - Perf Counters - Data Source

      Screenshot Linux Data Collection Rules - Perf Counters - Destination

      Screenshot Linux Data Collection Rules - Syslog - Destination

      Screenshot Linux Data Collection Rules - Syslog - Data Source

      Screenshot Linux Data Collection Rules - Syslog - Destination

  • Go back to your resource group and click on the Log Analytics Workspace:

    Screenshot Log Analytics workspace

  • Click on Logs:

    Screenshot Log Analytics workspace - Logs

  • Run the following query. It will show you the data types collected by the Azure Monitor Agent (AMA) on each machine by using the Data Collection Rules (DCR):

    search * 
    | distinct Computer, Type
    | where Type != "Heartbeat" and Type != "Usage"
    | sort by Computer asc
    

    Screenshot Log Analytics workspace - Query

Clean up environment

Complete the following steps to clean up your environment: