-
Notifications
You must be signed in to change notification settings - Fork 269
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' of https://github.com/bzabber/azure-monitor-basel…
…ine-alerts into bryanzab/US31386
- Loading branch information
Showing
71 changed files
with
5,670 additions
and
145 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| --- | ||
| title: Bring Your Own Notifications (BYON) | ||
| geekdocCollapseSection: true | ||
| weight: 61 | ||
| --- | ||
|
|
||
| # Overview | ||
|
|
||
| The ***Bring Your Own Notifications*** (BYON) feature, available with release [2024-04-12](../Whats-New#2024-04-12), allows brownfield customers to use their existing Action Groups (also known as AGs) and Alert Processing Rule (also known as APR) not forcing the use of notification assets deployed by both the [Notification Assets](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json) initiative and the [Deploy Service Health Action Group](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/services/Resources/subscriptions/Deploy-ServiceHealth-ActionGroups.json) policy definition present in the ALZ pattern. It also allows Brownfield customer who deployed the ALZ pattern when this feature wasn't available, to switch to it. | ||
|
|
||
| # How this feature works | ||
|
|
||
| The BYON feature works by setting the necessary parameter values before running the ALZ pattern deployment. Customers have the choice to either specify one or more existing AGs and one APR or to enter target values so the AG and the APR will be created using the actions specified in the parameter file (including the option to not specify any value and creating an empty AG). | ||
|
|
||
| Should Brownfield customers decide to use their own notification assets, it will be sufficient to enter the _AG resource IDs_ (separated by comma) and the _APR resource ID_ values in the parameter section called ***policyAssignmentParametersBYON***, leaving the ***policyAssignmentParametersNotificationAssets*** <ins>***with no values***</ins>: | ||
|
|
||
|  | ||
|
|
||
| Differently if they decide to use the assets provided by AMBA or if they're Greenfield customers, they'll just leave the policyAssignmentParametersBYON section with no values and populate the section called ***policyAssignmentParametersNotificationAssets***: | ||
|
|
||
|  | ||
|
|
||
| ## Conditional deployment behavior | ||
|
|
||
| When running the deployment, the deployment code has conditions that control the deployment behavior according to the following three possible cases: | ||
|
|
||
| A. ***Use your own AGs with the AMBA APR***. In this scenario, the deployment we will: | ||
|
|
||
| - Not deploy the AMBA SH AG | ||
| - Deploy the AMBA APR with customer's AGs in it | ||
| - Deploy SH alerts pointing to customer's AGs | ||
|
|
||
| Here's an example of the parameter file with the relevant sections populated for this scenario: | ||
|
|
||
|  | ||
|
|
||
| B. ***Use your own AGs and APR***. In this scenario, the deployment we will: | ||
|
|
||
| - Not deploy any AMBA notification AG or ARP (since it's not physically linked to any alert) assets or AMBA SH AG | ||
| - Deploy SH alerts pointing to customer's AGs | ||
|
|
||
| Here's an example of the parameter file with the relevant sections populated for this scenario: | ||
|
|
||
|  | ||
|
|
||
| C. ***Use AMBA notification assets***. In this scenario, the deployment will: | ||
|
|
||
| - Deploy notification assets for SH alerts and wide notifications. | ||
|
|
||
| Here's an example of the parameter file with the relevant sections populated for this scenario: | ||
|
|
||
|  | ||
|
|
||
| ## Switching between BYON and Notification Assets | ||
|
|
||
| The [conditional deployment behavior](../../alz/Bring-your-own-Notifications#conditional-deployment-behavior) discussed earlier, allows brownfield customers to switch from the initial notification assets scenario (the only one available until release [2024-03-01](../../alz/Whats-New#2024-03-01)) to the new BYON after deployment and viceversa. | ||
| Should customers decide to switch, it will be enough to: | ||
|
|
||
| - change the values in the parameter file to match one of the three cases previously discussed | ||
| - redeploy the ALZ pattern | ||
| - run the remediation for both [Notification Assets](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-Notification-Assets.json) and [Alerting-ServiceHealth](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json) policy initiatives | ||
| - remove notification assets deployed by ALZ patterns using the [**Remove-AMBANotificationAssets.ps1**](https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/scripts/Remove-AMBANotificationAssets.ps1) script (_<b>***</b> only if moving from ALZ notification assets to BYON_) | ||
|
|
||
| The code will reconfigure the Service Health alerts to use either the customer's action groups to the ALZ pattern notification assets according to the selected case. |
47 changes: 47 additions & 0 deletions
47
docs/content/patterns/alz/UpdateToNewReleases/Update_from_release_2024-03-01.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| --- | ||
| title: Updating from release 2024-03-01 | ||
| geekdocCollapseSection: true | ||
| weight: 99 | ||
| --- | ||
| {{< hint type=Important >}} | ||
| <ins>***No post update action required***</ins> for Greenfield customers or for Brownfield customers that prefer to continue using notification assets deployed by the ALZ pattern code. | ||
| {{< /hint >}} | ||
|
|
||
| # Post update actions | ||
|
|
||
| Updating from release [2024-03-01](../../Whats-New#2024-03-01) might require running a post update script to remove the notification assets deployed by ALZ pattern <ins>***if and only if***</ins> customer decided to use existing action groups and alert processing rule. In this case, the Service Health alerts will be reconfigured to use the customer' action groups as per the _**B**ring **Y**our **O**wn **N**otifications_ (BYON) feature. | ||
|
|
||
| To run the script, complete the following step: | ||
|
|
||
| 1. Open PowerShell | ||
| 2. Install the **Az.ResourceGraph** module: `Install-Module Az.ResourceGraph` (if not present) | ||
| 3. Change directories to the location of the **Remove-AMBANotificationAssets.ps1** script | ||
| 4. Configure the ***$pseudoRootManagementGroup*** variable using the command below: | ||
|
|
||
| ```powershell | ||
| $pseudoRootManagementGroup = "The pseudo root management group id parenting the identity, management and connectivity management groups" | ||
| ``` | ||
|
|
||
| 1. Sign in to the Azure with the `Connect-AzAccount` command. The account you sign in as needs to have permissions to remove Policy Assignments, Policy Definitions, and resources at the desired Management Group scope. | ||
|
|
||
| 2. Execute the script using one of the options below: | ||
|
|
||
| {{% include "PowerShell-ExecutionPolicy.md" %}} | ||
|
|
||
| **Generate a list of the resource IDs which would be deleted by this script:** | ||
|
|
||
| ```powershell | ||
| ./Remove-AMBANotificationAssets.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -ReportOnly | ||
| ``` | ||
|
|
||
| **Show output of what would happen if deletes executed:** | ||
|
|
||
| ```powershell | ||
| ./Remove-AMBANotificationAssets.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -WhatIf | ||
| ``` | ||
|
|
||
| **Delete notification asset resources deployed by the ALZ pattern without prompting for confirmation:** | ||
|
|
||
| ```powershell | ||
| ./Remove-AMBANotificationAssets.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -Force | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| --- | ||
| title: ADDS | ||
| geekdocCollapseSection: true | ||
| weight: 50 | ||
| --- | ||
| [Performance Counters](#performance-counters) | ||
|
|
||
| ## Performance Counters | ||
|
|
||
| |Performance Counter| | ||
| |---| | ||
| |\Memory()\Available Bytes| | ||
| |\Memory()\Committed Bytes| | ||
| |\DirectoryServices(NTDS)\DS Search sub-operations/sec| | ||
| |\Security System-Wide Statistics()\KDC AS Requests| | ||
| |\Security System-Wide Statistics()\KDC TGS Requests| | ||
| |\Security System-Wide Statistics()\Kerberos Authentications| | ||
| |\DirectoryServices(NTDS)\LDAP Client Sessions| | ||
| |\DirectoryServices(NTDS)\LDAP Searches/sec| | ||
| |\DirectoryServices(NTDS)\LDAP UDP operations/sec| | ||
| |\DirectoryServices(NTDS)\LDAP Writes/sec| | ||
| |\Process(LSASS)\Handle Count| | ||
| |\Process(LSASS)\Private Bytes| | ||
| |\Process(LSASS)\% Processor Time| | ||
| |\Security System-Wide Statistics()\NTLM Authentications| | ||
| |\Memory()\Pages/sec| | ||
| |\Processor(_Total)\% Processor Time| | ||
| |\Server()\Server Sessions| | ||
| |\System()\System Up Time| | ||
| |\TCPv4()\Connections Established| | ||
| |\TCPv6()\Connections Established| | ||
| |\DirectoryServices(NTDS)\DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Inbound Bytes Not Compressed (Within Site)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Inbound Bytes Total/sec| | ||
| |\DirectoryServices(NTDS)\DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Outbound Bytes Not Compressed (Within Site)/sec| | ||
| |\DirectoryServices(NTDS)\DRA Outbound Bytes Total/sec| | ||
| |\Process(dns)\% Processor Time| | ||
| |\DNS()\Total Query Received/sec| | ||
| |\Process(dns)\Private Bytes| | ||
| |\DirectoryServices(NTDS)\ATQ Outstanding Queued Requests| | ||
| |\DirectoryServices(NTDS)\ATQ Request Latency| | ||
| |\DirectoryServices(NTDS)\ATQ Threads Other| | ||
| |\DirectoryServices(NTDS)\ATQ Threads LDAP| | ||
| |\DirectoryServices(NTDS)\ATQ Threads Total| | ||
|
|
||
| ## Augmented Metrics | ||
|
|
||
| These metrics are added to log analytics to the custom adds table. | ||
|
|
||
| |Metric|Description|Unit|Type| | ||
| |---|---|---|---| | ||
| |ADLogFileDriveDiskSpacePctUsed|AD Log File Drive Disk Space Percentage Used|Percentage|Gauge| | ||
| |ADDSADDBDrivePctFree|ADDS AD DB Drive Percentage Free|Percentage|Gauge| | ||
| |ADDitFileSize|AD Dit File Size|Bytes|Gauge| | ||
| |ADDSLFObjCount|AD DS Lost and Found Object Count|Count|Gauge| |
Oops, something went wrong.