Is it really possible to enable diagnostic for entire Azure subscrition using powershell cmdlet? or diagnostics should be enabled case by case(monitoring azure application,monitoring vm and storage account)?
in the operations manager console,we added our azure subscription,imported azure management pack but the Operations manager does not discover the azure cloud service,vm or storage account under that subscrption...we hope that enabling diagnostic for the azure subscription will solve the problem.
There is no such thing as
Enabling diagnostics for the azure subscription
Even more, there is no diagnostics for VM (Azure VM) or Azure Storage. The only diagnostics you can enable is for a Cloud Service. You can read more here.
For your Windows Azure Virtual Machines (not a cloud service) you have to manage diagnostics/monitoring the way you do on-premises. There is nothing specific to Azure, nor there is a special azure diagnostics for Virtual Machines.
Storage accounts can only be monitored via Storage Analytics which again are configured on per-storage-account basis and not on subscription level.
Related
How can I fetch the VM backup policy details for VM running in Azure cloud using Azure python SDK?
Also, Is there any way we can fetch VM start/stop schedule?
In Azure portal, I can see backup policy detail inside VM operations section.
I am reading files on an Azure Blob Storage account (gen 2) from an Azure Databricks Notebook. Both services are in the same region (West Europe). Everything works fine, except when I add a firewall in front of the storage account. I have opted to allow "trusted Microsoft services":
However, running the notebook now ends up with an access denied error:
com.microsoft.azure.storage.StorageException: This request is not authorized to perform this operation.
I tried to access the storage directly from Spark and by mounting it with dbutils, but same thing.
I would have assumed that Azure Databricks counts as a trusted Microsoft service? Furthermore I couldn't find solid information on IP ranges for Databricks regions that could be added to the firewall rules.
Yes, the Azure Databricks does not count as a trusted Microsoft service, you could see the supported trusted Microsoft services with the storage account firewall.
From networking, Here are two suggestions:
Find the Azure datacenter IP address (Original deprecated URL) and scope a region where your Azure Databricks located. Whitelist the IP list in the storage account firewall.
Deploy Azure Databricks in your Azure Virtual Network (Preview) then whitelist the VNet address range in the firewall of the storage account. You could refer to configure Azure Storage firewalls and virtual networks. Also, you have NSG to restrict inbound and outbound traffics from this Azure VNet. Note: you need to deploy Azure Databricks to your own VNet.
Hope this helps.
The described scenario only works if you deploy Azure Databricks in your own Azure Virtual Network (vnet). With this you are able to use Service Endpoints, so could add your Databricks vnet to the Blob Storage. With the default deployment this is not supported and not possible.
See the following Documentation for more details and a description how to get the vnet-injection feature enabled.
Enabling the mentioned exception does not work, as Azure Databricks is not in the list of trusted Services for Blob Storage. See the following Documentation which services still can access the storage account with the exception enabled.
My setup: Existing WCF service project modified to run as Azure Application Service (PaaS).
Originally I used log4net for my info/error logging, but it is rather cumbersome to look at those logs via FTP or SCM console. After some research I came to a conclusion that Microsoft.WindowsAzure.Diagnostics is the recommended way to handle logging in Azure apps.
Question/problem: I can't find a guide, for my scenario, on how to enable WindowsAzure Diagnostics for Application Service that is NOT created as Web/Worker Role.
The closest I got is Set-AzureServiceDiagnosticsExtension cmdlet, but it requires Role as parameter...
Question/problem: I can't find a guide, for my scenario, on how to
enable WindowsAzure Diagnostics for Application Service that is NOT
created as Web/Worker Role.
You can't use Azure Diagnostics for your Azure Application Service. It is meant for Azure Cloud Service (Web/Worker Role) and Azure Virtual Machines.
For App Services diagnostics, please see this link: https://azure.microsoft.com/en-in/documentation/articles/web-sites-enable-diagnostic-log/.
I would like to reuse libraries written for Azure PAAS solution (WebRoles and WorkerRoles) in a specific service running in Azure VM (IAAS). It would be beneficial if I could use the same trace listener (DiagnosticMonitorTraceListener) and let the Azure diagnostics to deliver logs to Azure Storage. Is it possible to install the diagnostics services into Azure VM?
I found basically the same question here on SO but it is quite old now. Perhaps there was some progress?
Yes, it's now possible to use the Azure Diagnostics extension with Azure IaaS virtual machines as well as PaaS cloud services, see the Virtual Machine Monitoring with Azure Diagnostics Extension documentation for more info.
My Web Role is on StorageAccount1 and my Azure Storage Table on StorageAccountB.
My Web Role performs operations (inserts, updates, queries) on the Storage Table.
Both of these Storage Accounts are in the SAME Affinity Group.
Will performance be better if my Web Role and Storage Table are in the same Storage Account?
You are probably confused by the "Publish" window in Visual Studio. The "Publish" window allows you to choose some info on how your application is deployed, like the Cloud Service but also the Storage Account. When you choose a storage account it doesn't mean your application will be stored in that storage account, it only means that the service package (the package which contains your application) will be uploaded there. Once the package is uploaded the Fabric Controller will take it and deploy it to your Cloud Service.
Besides that it's still a good idea to deploy your Cloud Service (Web Role) in the same affinity group as your Storage Account. By choosing the same affinity group Windows Azure will try to physically group your Cloud Services and Storage Accounts to minimize the network overhead.