Monitoring Microsoft Azure

The Azure Agent collects data from Azure APIs to monitor services managed by Azure.

Monitored Services

Installation

Note: This documentation covers installing the Azure Agent, which allows you to collect data from Azure APIs to monitor services managed by Azure. If you want to monitor an Azure Virtual Machine or a Kubernetes cluster running on Azure Kubernetes Service (AKS), refer to the Install the Instana Host Agent documentation.

The Azure Agent must be installed on a host inside or outside your Azure environment. Each Azure agent can monitor remote services of one subscription, so you will need multiple Azure agents to monitor multiple Azure subscriptions.

  1. Create a service-principal account with read-access to your resources in Azure Portal.
  2. Enable the Azure sensor in the agent's configuration.yaml file; a minimal sensor configuration looks like the following:

    com.instana.plugin.azure:
     enabled: true
     subscription: "[Your-Subscription-Id]"
     tenant: "[Your-Tenant-Id]"
     principals:
       - id: "[Your-Service-Principal-Account-Id]"
         secret: "[Your-Service-Principal-Secret]"

    Note: Make sure that Service Principal Secret is Base64 Encoded. When you create one via Azure Portal, the secret is already encoded and can be easily copy pasted directly to our configuration file without the need of reencoding it.

The host agent needs to be restarted for the new configuration to be applied, after which the agent will automatically discover supported remote-services on the specified subscription.

Configuration

Filtering and Tagging

The Azure Agent supports filtering of Azure services. The filtering of services and their instances is based on tags and the resource groups; refer to the Use tags to organize your Azure resources and management hierarchy documentation for more information on how to apply tags to Azure resources and to the What is Azure Resource Manager? documentation for defining resource groups in Azure. The filtering is applied by modifying the agent configuration file /opt/instana/agent/etc/instana/configuration.yaml of the Azure Agent as follows:

com.instana.plugin.azure:
  # Comma separated list of tags in key:value format
  include_tags:
  # Comma separated list of tags in key:value format
  exclude_tags:
  # Comma separated list of resource groups
  include_resource_groups:
  # Comma separated list of resource groups
  exclude_resource_groups:

Filtering can also be applied at the level of the specific service; for more information, refer to the documentation of the specific services, which is linked from the Monitored Services section.

Multiple Service Principals

Azure Monitoring API comes with a limitation of 12000 requests per Service principal, which limits the number of services one Azure Agent can monitor. To overcome this limitation, you can create multiple service principals. For information on how to create service principles, refer to the How to: Use Azure PowerShell to create a service principal with a certificate documentation.

Once the service principals have been created, update the /opt/instana/agent/etc/instana/configuration.yaml file on the Azure agent host to look like the following:

com.instana.plugin.azure:
  enabled: true
  subscription: "[Your-Subscription-Id]"
  tenant: "[Your-Tenant-Id]"
  principals:
    - id: "[Your-Service-Principal-Account-Id-1]"
      secret: "[Your-Base64-encoded-Service-Principal-Secret-1]"
    - id: "[Your-Service-Principal-Account-Id-2]"
      secret: "[Your-Base64-encoded-Service-Principal-Secret-2]"

Note: Changes to the principal configuration listed above will be hot-reloaded by the Azure Agent, meaning that they will take effect without needed to restart the Azure Agent.