Best practices for monitoring virtual machines in Azure Monitor

This article provides architectural best practices for monitoring virtual machines and their client workloads using Azure Monitor. The guidance is based on the five pillars of architecture excellence described in Azure Well-Architected Framework.

Cost optimization

Cost optimization refers to ways to reduce unnecessary expenses and improve operational efficiencies. You can significantly reduce your cost for Azure Monitor by understanding your different configuration options and opportunities to reduce the amount of data that it collects. See Azure Monitor cost and usage to understand the different ways that Azure Monitor charges and how to view your monthly bill.

Note

See Optimize costs in Azure Monitor for cost optimization recommendations across all features of Azure Monitor.

Design checklist

  • Migrate from Log Analytics agent to Azure Monitor agent for granular data filtering.
  • Filter data that you don't require from agents.
  • Determine whether you'll use VM insights and what data to collect.
  • Reduce polling frequency of performance counters.
  • Ensure that VMs aren't sending duplicate data.
  • Use Log Analytics workspace insights to analyze billable costs and identify cost saving opportunities.

Configuration recommendations

Recommendation Description
Migrate from Log Analytics agent to Azure Monitor agent for granular data filtering. If you still have VMs with the Log Analytics agent, migrate them to Azure Monitor agent so you can take advantage of better data filtering and use unique configurations with different sets of VMs. Configuration for data collection by the Log Analytics agent is done on the workspace, so all agents receive the same configuration. Data collection rules used by Azure Monitor agent can be tuned to the specific monitoring requirements of different sets of VMs. The Azure Monitor agent also allows you to use transformations to filter data being collected.
Filter data that you don't require from agents. Reduce your data ingestion costs by filtering data that you don't use for alerting or analysis.
Reduce polling frequency of performance counters. If you're using a data collection rule to send performance data to your Log Analytics workspace, you can reduce their polling frequency to reduce the amount of data collected.
Ensure that VMs aren't sending duplicate data. If you multi-home agents or you create similar data collection rules, make sure you're sending unique data to each workspace. See Analyze usage in Log Analytics workspace for guidance on analyzing your collected data to make sure you aren't collecting duplicate data. If you're migrating between agents, continue to use the Log Analytics agent until you migrate to the Azure Monitor agent rather than using both together unless you can ensure that each is collecting unique data.
Use Log Analytics workspace insights to analyze billable costs and identify cost saving opportunities. Log Analytics workspace insights shows you the billable data collected in each table and from each VM. Use this information to identify your top machines and tables since they represent your best opportunity to reduce costs by filtering data. Use this insight and log queries in Analyze usage in Log Analytics workspace to further analyze the effects of configuration changes.

Operational excellence

Operational excellence refers to operations processes required keep a service running reliably in production. Use the following information to minimize the operational requirements for monitoring of your virtual machines.

Design checklist

  • Migrate from legacy agents to Azure Monitor agent.
  • Use Azure Arc to monitor your VMs outside of Azure.
  • Use Azure Policy to deploy agents and assign data collection rules.
  • Establish a strategy for structure of data collection rules.

Configuration recommendations

Recommendation Description
Migrate from legacy agents to Azure Monitor agent. The Azure Monitor agent is simpler to manage than the legacy Log Analytics agent and allows more flexibility in your Log Analytics workspace design. Both the Windows and Linux agents allow multihoming, which means they can connect to multiple workspaces. Data collection rules allow you to manage your data collection settings at scale and define unique, scoped configurations for subsets of machines. See Migrate to Azure Monitor Agent from Log Analytics agent for considerations and migration methods.
Use Azure Arc to monitor your VMs outside of Azure. Azure Arc for servers allows you to manage physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. With the Azure Connected machine agent in place, you can deploy the Azure Monitor agent to these VMs using the same method that you do for your Azure VMs and then monitor your entire collection of VMs using the same Azure Monitor tools.
Use Azure Policy to deploy agents and assign data collection rules. Azure Policy allows you to have agents automatically deployed to sets of existing VMs and any new VMs that are created. This ensures that all VMs are monitored with minimal intervention by administrators. If you want to manage Azure Monitor agent without VM insights, see Enable Azure Monitor Agent by using Azure Policy. See Manually create a DCR for a template to create a data collection rule association.
Establish a strategy for structure of data collection rules. Data collection rules define data to collect from virtual machines with the Azure Monitor agent and where to send that data. Each DCR can include multiple collection scenarios and be associated with any number of VMs. Establish a strategy for configuring DCRs to collect only required data for different groups of VMs while minimizing the number of DCRs that you need to manage.