面向服务提供商的 Azure Monitor 日志Azure Monitor Logs for Service Providers

Azure Monitor 中的 Log Analytics 工作区可以帮助托管服务提供商 (MSP)、大型企业、独立软件供应商 (ISV) 和主机托管服务提供商管理和监视客户本地或云基础结构中的服务器。Log Analytics workspaces in Azure Monitor can help managed service providers (MSPs), large enterprises, independent software vendors (ISVs), and hosting service providers manage and monitor servers in customer's on-premises or cloud infrastructure.

大型企业与服务提供商有许多相似之处,特别是当有一个集中式 IT 团队负责管理许多不同业务部门的 IT 时。Large enterprises share many similarities with service providers, particularly when there is a centralized IT team that is responsible for managing IT for many different business units. 为了简单起见,本文档使用术语服务提供商,但同样的功能也可用于企业和其他客户。For simplicity, this document uses the term service provider but the same functionality is also available for enterprises and other customers.

对于加入云解决方案提供商 (CSP) 计划的合作伙伴和服务提供商,Azure Monitor 中的 Log Analytics 是 Azure CSP 订阅中可用的 Azure 服务之一。For partners and service providers who are part of the Cloud Solution Provider (CSP) program, Log Analytics in Azure Monitor is one of the Azure services available in Azure CSP subscriptions.

适用于服务提供商的体系结构Architectures for Service Providers

借助 Log Analytics 工作区,管理员可控制日志数据的流动和隔离,并创建满足其特定业务需求的体系结构。Log Analytics workspaces provide a method for the administrator to control the flow and isolation of log data and create an architecture that addresses its specific business needs. 此文介绍了工作区的设计、部署和迁移注意事项,管理访问权限一文讨论了如何应用和管理日志数据的权限。This article explains the design, deployment, and migration considerations for a workspace, and the manage access article discusses how to apply and manage permissions to log data. 服务提供商有其他注意事项。Service providers have additional considerations.

对于 Log Analytics 工作区,有三种可能的体系结构适用于服务提供商:There are three possible architectures for service providers regarding Log Analytics workspaces:

1.分布式:日志存储在位于客户租户中的工作区内1. Distributed - Logs are stored in workspaces located in the customer's tenant

在此体系结构中,工作区部署在客户的租户中,此租户用于该客户的所有日志。In this architecture, a workspace is deployed in the customer's tenant that is used for all the logs of that customer.

服务提供商管理员可通过两种方式访问客户租户中的 Log Analytics 工作区:There are two ways that service provider administrators can gain access to a Log Analytics workspace in a customer tenant:

  • 客户可将服务提供商的个人用户添加为 Azure Active Directory 来宾用户 (B2B)A customer can add individual users from the service provider as Azure Active Directory guest users (B2B). 服务提供商管理员必须在 Azure 门户中登录到每个客户的目录才能访问这些工作区。The service provider administrators will have to sign in to each customer's directory in the Azure portal to be able to access these workspaces. 这还需要客户管理每个服务提供商管理员的个人访问权限。This also requires the customers to manage individual access for each service provider administrator.

分布式体系结构的优势是:The advantages of the distributed architecture are:

  • 客户可以使用自己的 Azure 基于角色的访问控制 (Azure RBAC) 来管理对日志的访问。The customer can manage access to the logs using their own Azure role-based access control (Azure RBAC).
  • 可从所有类型的资源中收集日志,而不仅仅是从基于代理的 VM 数据收集。Logs can be collected from all types of resources, not just agent-based VM data. 例如,Azure 审核日志。For example, Azure Audit Logs.
  • 每个客户都可以为其工作区设置不同的设置,例如保留期和数据上限。Each customer can have different settings for their workspace such as retention and data capping.
  • 在客户之间进行隔离以遵守监管和合规要求。Isolation between customers for regulatory and compliancy.
  • 每个工作区的费用将计入客户的订阅中。The charge for each workspace will be rolled into the customer's subscription.

分布式体系结构的劣势是:The disadvantages of the distributed architecture are:

  • 使用 Azure Monitor Workbooks 之类的工具集中可视化和分析客户租户中的数据可能会导致体验变慢,尤其是分析 50 个以上的工作区的数据时。Centrally visualizing and analyzing data across customer tenants with tools such as Azure Monitor Workbooks can result in slower experiences , especially when analyzing data across more than 50+ workspaces.
  • 如果未为客户完成 Azure 委托资源管理的加入,则必须在客户目录中预配服务提供商管理员,而服务提供商难以同时管理大量的客户租户。If customers are not onboarded for Azure delegated resource management, service provider administrators must be provisioned in the customer directory, and it is harder for the service provider to manage a large number of customer tenants at once.

2.集中式 - 日志存储在位于服务提供商租户中的工作区内2. Central - Logs are stored in a workspace located in the service provider tenant

在此体系结构中,日志不会存储在客户的租户中,而是仅存储在服务提供商的某个订阅内的中心位置。In this architecture, the logs are not stored in the customer's tenants but only in a central location within one of the service provider's subscriptions. 客户 VM 上安装的代理配置为使用工作区 ID 和密钥将其日志发送到此工作区。The agents that are installed on the customer's VMs are configured to send their logs to this workspace using the workspace ID and secret key.

集中式体系结构的优势是:The advantages of the centralized architecture are:

  • 可轻松管理大量客户并将其集成到各种后端系统。It is easy to manage a large number of customers and integrate them to various backend systems.
  • 服务提供商对日志和各种项目(例如函数和保存的查询)拥有完全所有权。The service provider has full ownership over the logs and the various artifacts such as functions and saved queries.
  • 服务提供商可以对其所有客户执行分析。The service provider can perform analytics across all of its customers.

集中式体系结构的劣势是:The disadvantages of the centralized architecture are:

  • 此体系结构仅适用于基于代理的 VM 数据,不涵盖 PaaS、SaaS 和 Azure 结构数据源。This architecture is applicable only for agent-based VM data, it will not cover PaaS, SaaS and Azure fabric data sources.
  • 将客户合并到单个工作区时,可能很难分隔客户之间的数据。It might be hard to separate the data between the customers when they are merged into a single workspace. 唯一效果不错的方法是使用计算机的完全限定域名 (FQDN) 或通过 Azure 订阅 ID 进行分隔。The only good method to do so is to use the computer's fully qualified domain name (FQDN) or via the Azure subscription ID.
  • 来自所有客户的全部数据都将存储在具有单独帐单和相同保留期及配置设置的同一区域中。All data from all customers will be stored in the same region with a single bill and same retention and configuration settings.
  • Azure 结构及 Azure 诊断和 Azure 审核日志等 PaaS 服务要求工作区与资源位于同一租户中,因此它们无法将日志发送到中心工作区。Azure fabric and PaaS services such as Azure Diagnostics and Azure Audit Logs requires the workspace to be in the same tenant as the resource, thus they cannot send the logs to the central workspace.
  • 来自所有客户的全部 VM 代理都将使用相同的工作区 ID 和密钥对中心工作区进行身份验证。All VM agents from all customers will be authenticated to the central workspace using the same workspace ID and key. 无法在不干扰其他客户的情况下阻止来自特定客户的日志。There is no method to block logs from a specific customer without interrupting other customers.

3.混合式:日志存储在位于客户租户中的工作区内,且其中一部分日志会被提取到中心位置。3. Hybrid - Logs are stored in workspace located in the customer's tenant and some of them are pulled to a central location.

第三种体系结构混合使用两个选项。The third architecture mix between the two options. 它以第一种分布式体系结构为基础,其中日志对于每个客户而言位于本地,但通过某种机制创建了日志的中心存储库。It is based on the first distributed architecture where the logs are local to each customer but using some mechanism to create a central repository of logs. 一部分日志被提取到中心位置用于报告和分析。A portion of the logs is pulled into a central location for reporting and analytics. 此部分可以是少量数据类型,也可以是每日统计数据等活动摘要。This portion could be small number of data types or a summary of the activity such as daily statistics.

在中心位置实现日志有两种选择:There are two options to implement logs in a central location:

  1. 中心工作区:服务提供商可以在其租户中创建工作区,并使用利用查询 API数据收集 API 的脚本将来自各个工作区的数据提取到此中心位置。Central workspace: The service provider can create a workspace in its tenant and use a script that utilizes the Query API with the Data Collection API to bring the data from the various workspaces to this central location. 脚本之外的另一种选择是使用 Azure 逻辑应用Another option, other than a script, is to use Azure Logic Apps.

  2. 使用 Power BI 作为中心位置:当各个工作区利用 Log Analytics 工作区和 Power BI 之间的集成将数据导出到 Power BI 时,Power BI 可以充当中心位置。Power BI as a central location: Power BI can act as the central location when the various workspaces export data to it using the integration between the Log Analytics workspace and Power BI.

后续步骤Next steps