In my previous post, I have put some food for thoughts around how you plan your observability journey from the perspective of 5W2H.
I want to dedicate this post to How and How much elements of the planning. Before I start, I’d like to point out that while patterns described can be adopted and extended to any workloads, examples and concepts is Azure centric in this post.
How Much?
Cost and effort is not something we can neglect when delivering any value. Let’s look at the categories where you need to spend money and time to:
- License cost (if you’ve decided at the end that you need external Application Performance Management (APM) solution). See below under Monitoring section for a comparison between Azure out-of-box APM solution vs external APM solution
- Storage cost (store and retain telemetry data)
How?
Key outcomes:
- Monitoring: Availability (Is it up?), performance (Is it responsive), errors/exceptions (Is my service not producing outcome for all client?),
- Logging: Application logs, Infra logs, activity logs
- Dashboarding: Single pane of glasses for different audiences
- Alerting: Right people get notified at the right time with right information
- Security: Security Operation Center Integration
Monitoring
APM plays a big role in monitoring. The good thing is you have a shortcut to take for your Azure workloads in terms of APM selection as there is off-the-shelf offering from Microsoft, Application Insight, which is a quite compelling option. And as always, it doesn’t come without its limits and constraints. See my other post for a comparison between Application Insight and an external APM solution.
Logging & Dashboarding
See my post dedicated for this topic.
Alerting
Alerts generated needs to reach right teams and be captured in service management platform like ServiceNow for incident management workflows and wider visibility. See below for one example on how this can be done.
Security
Security is a big topic. Again, Azure offers complete off-the-shelf capabilities in this space with those offerings:
- Azure Security Center
- Azure Defender
- Azure Sentinel
There is a good resource expanding on those offerings which will save you a bit of time going through Azure documentation.
There are lot of benefits to opt in for out-of-box features. And at times, your organisation already invested in a Security Operation Center and SIEM platform and processes around them, you can leverage Diagnostic Settings described in https://medium.com/@eliot.chen.au/observability-series-logging-3b9dd662cd2e to ingest logs from different Azure services to your existing platform.
