Jumpstart ArcBox for IT Pros - Azure Monitor Workbook

ArcBox for IT Pros is a special “flavor” of ArcBox that is intended for users who want to experience Azure Arc-enabled servers capabilities in a sandbox environment. This document provides specific guidance on the included ArcBox Azure Monitor Workbook. Please refer to the main ArcBox documentation for information on deploying and using ArcBox.

As part of ArcBox for IT Pros, an Azure Monitor workbook is deployed to provide a single pane of glass for monitoring and reporting on ArcBox resources. Using Azure’s management and operations tools in hybrid, multi-cloud and edge deployments provides the consistency needed to manage each environment through a common set of governance and operations management practices. The Azure Monitor workbook acts as a flexible canvas for data analysis and visualization in the Azure portal, gathering information from several data sources from across ArcBox and combining them into an integrated interactive experience.

Note: Due to the number of Azure resources included in a single ArcBox deployment and the data ingestion and analysis required, it is expected that metrics and telemetry for the workbook can take several hours to be fully available.

Access the ArcBox for IT Pros workbook

The Jumpstart ArcBox workbook is automatically deployed for you as part of ArcBox’s advanced automation. To access the Jumpstart ArcBox workbook use the Azure portal to follow the next steps.

  • From the ArcBox resource group, select the Azure Workbook, then click “Open Workbook”

    Workbook Gallery

    Workbook Gallery

  • The Jumpstart ArcBox for IT Pros Workbook will be displayed.

    Arcbox for IT Pros workbook overview

ArcBox for IT Pros Workbook capabilities

The ArcBox for IT Pros Workbook is a single report that combines data from different sources and services, providing a unified view across resources, enabling richer data and insights for unified operations.

The Workbook is organized into several tabs that provide easier navigation and separation of concerns.

Tab Menu

Inventory

By using Azure Arc, your on-premises and multi-cloud resources become visible through Azure Resource Manager. Therefore, you can use tools such as Azure Resource Graph as a way to explore your inventory at scale. Your Azure Resource Graph queries can now include Azure Arc-enabled resources with filtering, using tags, or tracking changes.

The “Inventory” tab in the ArcBox for IT Pros Workbook has three sections:

  • parameters - use the drop-down menu to select your subscription and resource group, you also get the option to filter the report by resource type.

    Inventory Parameters

  • Resource Count by Type - this visualization shows the number of resources by type within a resource group, these grouping will be automatically refreshed if the parameters section is changed.

    Inventory Resource by type

  • Resource List - this table shows a list of resources in the resource group provided in the parameters section. This is an interactive list, therefore you can click on any resource or tag for additional information.

    Inventory Resource List

Monitoring

Enabling a resource in Azure Arc gives you the ability to perform configuration management and monitoring tasks on those services as if they were first-class citizens in Azure. You are able to monitor your connected machine guest operating system performance at the scope of the resource with VM insights. In ArcBox for IT Pros the Azure Arc-enabled servers have been onboarded onto Azure Monitor.

The “Monitoring” tab of the Jumpstart Workbook shows metrics and alerts for ArcBox for IT Pros resources organized in three sections:

  • Alert Summary - Shows an overview of alerts organized by severity and status. You can use the drop-down menus to apply filters to the report. The following filters are available:

    • Subscription: select one or multiple subscriptions in your environment to show available alerts.
    • Resource Group: select one or more resource groups in your environment to show available alerts.
    • Resource Type: select one or multiple resource types to show its alerts.
    • Resources: select individual resources by name to visualize their alerts.
    • Time Range: provide a time range in which the alert has been created.
    • State: choose the alert type between New, Acknowledged, or Closed.

    Monitoring Alert Summary

  • Azure Arc-enabled servers - Shows metrics for CPU and memory usage on the Azure Arc-enabled servers. Use the parameters section to select the Azure Arc-enabled server as well as a time range to visualize the data.

    Monitoring Azure Arc enabled server Metrics

Microsoft Defender for Cloud

Microsoft Defender for Cloud can monitor the security posture of your hybrid and multi-cloud deployments that have been onboarded onto Azure Arc. Once those deployments are registered in Azure, you can take care of the security baseline and audit, apply, or automate requirements from recommended security controls as well as identify and provide mitigation guidance for security-related business risks.

The “Security” tab of the Jumpstart Workbook shows insights from Microsoft Defender for Cloud assessments. To be able to use this report, you will need to configure “continuous export” capability to export Microsoft Defender for Cloud’s data to ArcBox’s Log Analytics workspace:

  • From Microsoft Defender for Cloud’s sidebar, select Environment Settings.

    Microsoft Defender for Cloud Configuration

  • Select the specific subscription for which you want to configure the data export.

    Microsoft Defender for Cloud Configuration

  • From the sidebar of the settings page for that subscription, select Continuous Export, set the export target to the Log Analytics workspace, and set the data types to Security recommendations and Secure Score (Preview) and leave the export frequency at the default values.

    Microsoft Defender for Cloud Configuration

  • Make sure to select ArcBox’s subscription, resource group, and Log Analytics workspace as the export target. Select Save.

    Microsoft Defender for Cloud Configuration

Once configured, the report will provide an overview of the secure score, you can filter information by using the parameters section:

  • Workspace - Select one or multiple Log Analytics workspaces.

  • Time Range - Filter the data of the report to one of the predefined time ranges.

    Security parameters

    With this report you will get several visualizations:

    • Current score trends per subscription

      Security workbook trends

    • Aggregated score for selected subscriptions over time

      Security workbook aggregated score

    • Top recommendations with the recent increase in unhealthy resources

      Security tab top recommendations

    • Security controls scores over time (weekly)

      Security controls scores overtime

    • Resources changed over time - To view changes over time on a specific recommendation, please select any from the list above.

      Resources changed overtime

      Resources changed overtime selected resources

This part of the workbook also includes a section dedicated to agent monitoring. For Azure Defender to be able to monitor an Azure Arc enabled-servers certain configurations have to be in place and the workbook will help visualize machines that may not be properly reporting to the Log Analytics workspace.

In the parameters section select the Log Analytics workspace used by ArcBox.

Agent Management

From within the Agent Monitoring section you will get several tabs:

  • Overview - with three visualizations:

    • Log Analytics Agent installation status shows the Log Analytics Agent installation status as reported by Microsoft Defender for Cloud.

      Log Analytics Agent installation status

    • Log Analytics Agent reporting status shows the current Log Analytics Agent reporting status of the Azure Arc-enabled servers. Machines that are sending current heartbeat information within the last 15 minutes are considered as currently reporting.

      Log Analytics Agent reporting status

    • Azure Defender coverage shows the status of Azure Defender for Servers across all servers that are protected by Microsoft Defender for Cloud.

      Azure Defender coverage

  • Machines not reporting to Log Analytics workspace - this has four lists of machines that are not sending heartbeats to the Log Analytics workspace in different periods of time: 15 minutes, 24 hours, 48 hours and 7 days. Please not that there are no machines listed on the image as all of them are properly sending heartbeats to the workspace.

    Machines not reporting

  • Security status - has a full report of Azure VMs and Azure Arc enabled-servers security configurations including its Log Analytics workspace and the agent status.

    Security Status

Change Tracking

Change Tracking in Azure Automation keeps track of the changes in virtual machines hosted in Azure, on-premises, and other cloud environments to help you pinpoint operational and environmental issues with software managed by the Distribution Package Manager.

In Jumpstart ArcBox for IT Pros all of the Azure Arc-enabled servers are onboarded onto Change Tracking and Inventory. The “Change Tracking” tab of the Jumpstart Workbook shows insights from Azure Automation. To use this report you need to provide ArcBox’s subscription and Log Analytics workspace in the parameters section along with a time range.

Change Tracking Parameters

The tab has two different sections:

  • Software Inventory - This section provides a distinct count of publishers and applications for the servers selected. You can filter data by computer, publisher, or application.

    Change Tracking Software Inventory

  • Windows Services - This section shows a table of Windows services with their state, account, and path.

    Change Tracking Windows Services

Update Management

Azure Automation provides Update Management to take care of the operating system updates for Windows and Linux Azure VMs or Azure Arc-enabled servers.

The solution assesses the status of available updates and manages the process of installing required updates for your machines reporting to Update Management. In ArcBox for IT Pros, all of the Azure Arc-enabled servers are onboarded onto Update Management with the “Update Management” tab of the Jumpstart Workbook shows insights from Azure Automation.

To use this report you need to provide ArcBox’s subscription, resource group, and Log Analytics workspace in the parameters section along with a time range.

Update Management parameters

The tab has two different sections, one for Windows and one for Linux machines:

  • Windows VM Updates - This section provides several reports:

    • Types of Windows Updates - This donut chart shows the number of Windows Updates grouped by type.

    Update Windows Updates

    • Top Windows VMs with Updates - Shows the top Windows machines with updates available and the number of updates per machine.

     Update Windows Top

    • Update Summary - Shows a table with the updates available for each of the Windows machines and its severity. By selecting one of the names of the resources, you will get additional information on the available updates.

     Update Windows Summary

  • Linux VM Updates - This section provides several reports:

    Note: Please note there are no updates available for the Azure Arc-enabled servers in Arcbox for IT Pros in this instance.

    • Types of Linux Updates - This donut chart shows the number of Windows Updates grouped by type.

    Update Linux Updates

    • Top Linux VMs with Updates - Shows the top Linux machines with updates available and the number of updates per machine.

     Update Linux Top

    • Update Summary - Shows a table with the updates available for each of the Linux machines and its severity. By selecting one of the names of the resources, you will get additional information on the available updates.

     Update Linux Summary

SQL Healthcheck

The Azure Monitor SQL Health Check solution assesses the risk and health of your Windows-based SQL Server instance that is connected to Azure Arc. The solution provides a prioritized list of recommendations specific to your deployed server infrastructure. Each recommendation provides guidance based on best practices and how to implement the suggested changes.

ArcBox for IT Pros has one Windows VM running SQL Server that is onboarded as Azure Arc-enabled SQL server (as well as an Azure Arc-enabled server) where the SQL Assessment has been run. To use the “SQL Healthcheck” tab of the ArcBox for ITPros workbook you need to provide ArcBox’s subscription, resource group, and Log Analytics workspace as parameters.

SQL Healthcheck parameters

The report will display the results of the assessment in four sections:

  • Security and compliance - This section has three different reports for all security and compliance recommendations. The first one shows the results for all the checks grouped by status: passed, failed, or inconclusive. The second report shows a donut chart with the recommendations grouped by priority low, medium, or high. Finally, there is a list with all of the security and compliance recommendations.

    SQL Healthcheck security and compliance status

    SQL Healthcheck security and compliance priority

    SQL Healthcheck security and compliance status recommendations

  • High availability and business continuity - This section has three different reports for all high availability and business continuity recommendations. The first one shows the results for all the checks grouped by status: passed, failed, or inconclusive. The second report shows a donut chart with the recommendations grouped by priority low, medium, or high. Finally, there is a list with all of the high availability and business continuity recommendations.

    SQL Healthcheck HA status

    SQL Healthcheck HA priority

    SQL Healthcheck HA status recommendations

  • Performance and scalability - This section has three different reports for all performance and scalability recommendations. The first one shows the results for all the checks grouped by status: passed, failed, or inconclusive. The second report shows a donut chart with the recommendations grouped by priority low, medium, or high. Finally, there is a list with all of the performance and scalability recommendations.

    SQL Healthcheck performance status

    SQL Healthcheck performance priority

    SQL Healthcheck performance status recommendations

  • Upgrade, migration, and deployment - This section has three different reports for all upgrade, migration, and deployment recommendations. The first one shows the results for all the checks grouped by status: passed, failed, or inconclusive. The second report shows a donut chart with the recommendations grouped by priority low, medium, or high. Finally, there is a list with all of the upgrade, migration, and deployment recommendations.

    SQL Healthcheck upgrade status

    SQL Healthcheck upgrade priority

    SQL Healthcheck upgrade recommendations