Azure Monitor Architecture

Question

Hello Team,

I hope you're doing fine,

I have a global question, i wanted to know what is the most used monitoring Architecture in Azure (using Azure Monitor), for Virtual machines? (For several VMs (arround 50 VMs: SQL,web,application VMs...)

I was thinking to apply the following architecture on my workload :

Creating a mutual data collection Rule for all VMs in Azure monitor with basic metrics and event logs : CPU,memory,disk,network
warning and critical event logs

Creating an additional data collection Rule but this one only for critical/Application VMs that need monitoring of Services, or triggering of some particular events

Both DCRs will write to the same log analytic workspace.

Then i will create Alerts (Metric and event based alerts)
Create a dashboard (Data will be taken from the log analytic workspace)

My Questions :

What do you think about this architecture?
When working with VM insight can be more interesting than working with DCRs?
Is there a way to create an alerte rule based on memory percentage (When i'm checking the Alert signals, i found only memory available...not memory percentage)

If you have some Ideas i will be thankful, i'm new to Azure

Answer 1

Hi Mohamed,
I'm sure you'll be happy with such an architecture, and it won't be hard to evolve it over time as you learn more tricks.
I personally like to take things like VM Insights and use them whenever possible - if someone put such hard work into a feature it must have some value :).
Same with Power BI - I've seen some great stuff done with that.
Don't forget you have KQL and watchlists - so if you want to monitor memory usage you could set up watchlist tables for each server and calculate the max memory yourself - eg. server A has 64GB ram (from a watchlist) and 40 is being used.
I also use Sentinel to monitor threats/risks from the same workspace.
And finally I hope you're able to use Defender for cloud for hundreds of checks/insights to your server/resource configurations.

Good luck!