What is Azure Log Analytics (OMS)?
This article will introduce you to a fast growing feature in Azure called OMS that you can use to manage server deployments in Azure, but also on-premises, in Amazon Web Services (AWS), and pretty much anywhere.
What is OMS?
It’s fair to say that understanding what Log Analytics (OMS) is has been made difficult by Microsoft marketing. Let’s go back in time to the origins of this service and start there.
Many moons ago, when the term System Center was still new, Microsoft had started talking about creating new ways to manage servers and services. Traditional monitoring solutions that were pretty much limited to ping and 80% CPU or RAM utilization had long proven how useless they were. The business valued services, and service health & performance weren’t necessarily tied to that of a single server, especially not just a couple of uninformative metrics. System Center was born and we all know that story. A lesser known story is that Microsoft created an online service called System Center Advisor (SCA), which had an ever-changing route to market. SCA was interesting because it was operated using the monitoring-as-a-service concept. Microsoft managed the tool and the knowledge/expertise, and we deployed the agents and used the information. SCA didn’t do classic monitoring – that was the role of System Center Operations Manager (SCOM). Instead, SCA did best practices analysis and supplemental service monitoring. For example, it would monitor SQL and use current expertise to advise you on configurations and performance. The same sort of offering was there for Active Directory. Microsoft promised much for SCA but it went little further.
Then one day Microsoft announced that SCA would be renamed. To be honest, the service dropped off my radar then, but Microsoft did say in their announcement that SCA would be reborn as a larger service that could do more.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Over the last 12-18 months I started to hear about something called OMS. But the messaging was confusing. In Azure, I found Log Analytics, the eventual successor to SCA, but it appeared back then that Microsoft had done little to add functionality to the service – it seemed to me that all it offered was a new way to get alerts from SCOM, some AD and SQL configuration advice, and a summary of patch deployment that I could get from WSUS or System Center Configuration Manager (SCCM). Meanwhile, Microsoft started to market something called OMS Add-On for System Center, which was limited to Enterprise Agreement (EA) customers that had purchased System Center. It seemed to me that OMS was limited to those customers too, which would have been a pretty dumb idea when you consider that small/medium enterprises are over 90% of all businesses (99% in the EU and 99% in the USA).
It’s only after some rebranding within the Azure Portal that things finally became clear to me. Log Analytics is OMS – it’s actually listed as Log Analytics (OMS) in the Azure Portal.
What Does Log Analytics (OMS) Do?
At this time, Azure Log Analytics (OMS) is not a replacement for classic server monitoring. Microsoft has a very large business in selling System Center to large enterprises, and a key selling point of the suite is SCOM, Microsoft’s server & service monitoring solution that is deployed on-premises.
At this time, Log Analytics (OMS) is still a supplemental monitoring solution. As you can see above, the solution offers quite a lot of functionality. The deployment at my employer monitors:
- Active Directory configuration
- Active Directory replication
- Anti-malware on our servers
- Azure Automation
- Azure Backup
- Change tracking
- Security and auditing
- SQL configuration and performance
- The status of Windows Updates
- Our Office 365 tenant
OMS works by gathering information and analyzing it using systems that Microsoft manages. Sources of data can include:
- Azure virtual machines
- An OMS agent that you can deploy on any Windows server, including on-premises, AWS, and anywhere else
- Storage accounts
- Various services inside Azure and other Microsoft cloud services
You might think that OMS seems limited. Sure; it’s not a replacement for classic server monitoring … yet. The rate of change in OMS is staggering. I was told in a conversation with one of the program managers that OMS had over 250 committed changes in one month last year. This is evident in the solutions gallery, the location where you select which Microsoft-provided monitoring solutions that you want to add. Here you’ll see what’s generally available now, in preview, and what’s coming soon. Interesting packs include Upgrade Analytics to help you with the increased pace of upgrades, Wire Data, and Network Performance Monitor to start understanding what’s going on in your networks (using agents on your servers).
That means that OMS could potentially be aggregating a lot of data about your systems. That data might be useful, and OMS lets you query that data using a query language.
How Much Does It Cost?
Microsoft runs OMS using the freemium model. For small deployments, adding OMS is going to be very affordable because there is a free price plan. This plan limits you to 500 MB of data per day. Note that we have connected just 8 servers so far, and that’s bursting up to 743 MB per day at the highest point, with the vast majority of that data being security & auditing related.
The Standard plan doesn’t limit your ingestion of data, but it does charge $2.30 per GB per month. We are storing 17.4 GB of data per month, with 17.1 GB of that coming from security auditing. This plan will keep up to one month of data. Switching to this plan would cost us $40.25 per month, which is pretty affordable.
Finally, the Premium plan will retain up to 12 months of data, giving you an excellent baseline ability, but it comes in at a higher cost of $3.50 per GB per month.
The Future of OMS?
So Azure doesn’t do the classic “my CPU is hammered” monitoring … yet. I stress “yet” because I think it’s just a matter of time until OMS adds that functionality. For several years, I’ve been hearing the same story about enterprise monitoring solutions, including System Center:
“We didn’t sign up to manage management systems. They’re too complex and time consuming for us to get value from them. We want a SaaS alternative that we can just use!”
The addition of solutions such as network performance monitoring suggests to me that Microsoft is going to add more and more to OMS, until it can eventually replace SCOM. This must make sense to Microsoft, because many businesses are seeking to move their computer rooms and data centers to the cloud, losing Microsoft lucrative System Center customers, and it would make sense to retain systems/service management business with OMS, no matter which cloud the customers move to.
Until then, you might not be able to replace classic server/service monitoring with Log Analytics (OMS), but I still think that the solution can add value using types of monitoring that you probably don’t already have, especially if you use the alerting functionality to feed data into your existing management systems & processes.