How Can I Configure Monitoring in Nerdio Manager?
Nerdio Manager uses Azure Monitor Application Insights for monitoring. You enable monitoring at your customer tenant level, in the Azure Portal, as well as at an account and a host pool levels in Nerdio Manager.
About Monitoring in Nerdio Manager
Companion Video
Overview of Monitoring in Nerdio Manager
Nerdio Manager uses Microsoft Log Analytics Workspace (LAW) to collect the monitoring data. When adding an account in Nerdio Manager, a LAW is created in your customer tenant within the resource group you specify.
The monitoring data comes from two sources:
AVD Management Service: Provides the diagnostics data about the AVD objects, such as the service-level and connection errors, host registration, and health statuses.
VMs (server and host VMs): The VMs are automatically configured to stream the VM data, such as CPU utilization, back to the LAW via Azure Monitor Agent (AMA). AMA collects monitoring data from the guest operating system of Azure and hybrid VMs, and delivers it to Azure Monitor for use by features, insights, and other services. For details about AMA, see Azure Monitor Agent overview.
Note:
AMA is installed on the newly created VMs automatically.
A LAW is created in the customer tenant for all the existing and new accounts.
For more details about Azure Monitor and Log Analytics, see:
Once the LAW is created in your customer tenant, and the monitoring data starts being collected, you can configure an external access to your customer tenant to enable someone from your team (other than Global Admin or Owner) to monitor Azure Application Insights.
Tenant Level: Configure External Access to Azure Application Insights
Nerdio Manager automates deployment and initial configuration of Azure Application Insights within your customer tenant. However, the Nerdio Manager app exists in your MSP tenant, and users within your MSP tenant, having external identity, cannot access resources deployed within your customer subscription. This means they have no access to the Nerdio Manager application insights in your customer tenant.
You can enable external access to Azure Application Insights within your customer tenant by completing the following steps:
Companion Video
Step 1: Configure guest user access to your customer tenant
As an Azure Global Administrator or Owner, you can configure external access to your customer tenant using a guest account in the Azure Portal.
To invite a guest user:
In the Azure Portal home page, select Microsoft Entra ID, and then navigate to the Users blade.
Next to New user, select the down arrow, and then select Invite external user.
On the Invite external user page, on the Basics tab, enter the following details:
Identity:
Email: Your email with which you will be accessing your customer tenant.
Display name: Your name to display.
Invitation message:
Send invite message: Select this option, and then add a message that will be sent in the invitation email.
Cc recipient: If necessary, add CC recipients.
Select Review + invite.
Review the details you entered and select Invite.
The invitation email is sent to the address you specified.
On the Users blade, verify that your guest user account is created.
Step 2: Assign Reader permission to the guest user
Once the guest user access to your customer tenant is configured, and the invitation is sent to the recipient, you need to assign that guest user the Reader permission in the customer subscription.
To assign the Reader permission to the guest user:
In the Azure Portal, navigate to the All services blade.
Scroll down to the General section, and then select Subscriptions.
On the Subscriptions page, select the applicable subscription.
On the subscription overview page, navigate to Access control (IAM).
Select + Add > Add role assignment, and then define the following:
On the Role tab, select Reader, and then select Next.
On the Members tab, ensure that in the Assign access to field, the Users, group, or service principal option is selected.
In the Members field, select + Select members, and then on the right side of the screen, search for and select the guest user you previously invited. Click Select.
Select Next, and then on the Review + assign tab, select Review + assign.
The guest user is granted the Reader role. Verify the role assignment on the Access control (IAM) > Role assignments tab.
Step 3: Accept the invitation and access your customer tenant as a guest
Once the Global Administrator or Owner creates a guest account in the Azure Portal, you as a guest user receive an invitation email and must accept the invitation to access your customer directory and subscription.
To accept the invitation:
Go to the incoming invitation email and select Accept invitation.
You are redirected to the permissions page.
Review the requested permissions and select Accept.
You are redirected to the authentication page, and can now sign in to your guest user account.
When using your guest user access, you may not be able to see your customer subscription and resources within your current directory. To gain access to your customer directory and subscription, you need to change directories in the Azure Portal.
To access your customer directory and subscription:
In the Azure Portal, in the upper-right corner, select the name of the currently signed-in user (guest user), and then select Switch directory.
Select your customer directory.
Note: Switching directories will reload the Azure Portal. The subscription, resource group, and region filters that are available in the portal will update according to the selected directory.
Once you switch directories, you can now access the LAW in your customer tenant, and review the monitoring data collected there.
Account and Host Pool Levels: Disable Azure Monitor Insights in Nerdio Manager
In Nerdio Manager, Azure Monitor Insights are enabled by default.
If you don't want to use Azure Monitor Insights to monitor your deployments, you can disable this feature in Nerdio Manager either for the entire account or for an individual host pool.
To disable the Azure Monitor Insights for an account:
At the Account level, go to Settings > Integrations.
In the Azure Monitor Insights tile, next to Current Status, select Enabled.
In the new dialog box, turn the Use Azure Monitor Insights option Off.
Select OK.
Note:
Disabling Azure Monitor Insights does not delete the LAW, and does not uninstall the Azure Monitoring Agent from the existing session host VMs, where it is currently installed. After the integration with Azure Monitor Insights is disabled, the monitoring agent will not be automatically installed on the newly created and re-imaged session host VMs.
To stop incurring Azure costs for Log Analytics storage, delete the LAW, and then re-image the existing session hosts.
When a new host VM is created, AMA is automatically added to the host. For some hosts pools, you may want to disable it.
To disable the Azure Monitor Insights for a host pool:
At the Account level, go to AVD > Host pools.
Next to the host pool where you want to disable the Azure Monitor Insights, from the Manage Hosts action menu, select Properties.
In the <Host pool name> Properties dialog box, navigate to Azure Monitor, and then turn the Use Azure Monitor Insights option Off.
Note: Disabling the Azure Monitor Insights for an individual host pool will apply to any newly-created or re-imaged hosts within that pool. To disable the Azure Monitor Insights for existing hosts as well, select Apply to existing hosts, and then specify the additional options.
Select Save & close.
Comments (0 comments)