AVD Management Activity Test

Azure can be managed using the Azure Resource Manager or ARM API. The resources that the ARM API manages are objects in Azure such as network cards, virtual machines, hosted databases, host pools etc. Using the ARM API, you can deploy several resources together in a single unit. These deployments are idempotent, in that the user declares the type of resource, what name to use and which properties it should have; the ARM API will then either create a new object that matches those details or change an existing object which has the same name and type to have the same properties.

One can also manage Azure using the Powershell module. It is a command line tool that uses Powershell scripts or cmdlets to perform tasks such as creating and managing storage accounts, virtual machines, host pools, or any other Azure service.

If administrators fail to pay attention to API- or Powershell- initiated cloud configuration changes, it can sometimes add to their management woes! Unauthorized users may gain entry into the AVD ecosystem and create many unwanted objects, delete key objects, and even update objects with changes that can have an adverse impact on the AVD service. To avoid this, administrators should periodically run the AVD Management Activity test and audit management activities performed on the AVD service. This test tracks the configuration changes - i.e., object creations, deletions, updates, fetches - that were successfully effected on each AVD host pool, using the Azure API/Powershell. Detailed diagnosis, if enabled, reveals when each change occurred, who initiated it, and how many objects were impacted. Using this information, administrators can quickly determine whether/not the changes are valid, and can also confirm if such changes were performed by authorized personnel only.

Note:

Typically, to consolidate log entries, correlate log data, and perform complex analysis, a host pool's logs are often sent to one/more Log Analytics Workspaces. This test reports valid metrics by reading data from these Log Analytics Workspaces only. If the host pool's logs are not sent to any Log Analytics Workspace, then this test will only report the value 0 for most of its measures. To avoid this, before configuring this test, make sure that the host pool's logs are configured to be sent to at least one Log Analytics Workspace. Follow the steps discussed in Configuring the Host Pool Logs to be Sent to a Log Analytics Workspace to achieve this.

Target of the Test: A Microsoft AVD Broker

Agent deploying the test: A remote agent

Output of the test: One set of results for each AVD host pool managed by the target AVD broker, in each resource group of the configured subscription

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Subscription ID

Specify the GUID which uniquely identifies the Microsoft Azure Subscription to be monitored. To know the ID that maps to the target subscription, do the following:

  1. Login to the Microsoft Azure Portal.

  2. When the portal opens, click on the Subscriptions option (as indicated by Figure 1).

    Figure 1 : Clicking on the Subscriptions option

  3. Figure 2 that appears next will list all the subscriptions that have been configured for the target Azure AD tenant. Locate the subscription that is being monitored in the list, and check the value displayed for that subscription in the Subscription ID column.

    Figure 2 : Determining the Subscription ID

  4. Copy the Subscription ID in Figure 2 to the text box corresponding to the SUBSCRIPTION ID parameter in the test configuration page.

Tenant ID

Specify the Directory ID of the Azure AD tenant to which the target subscription belongs. To know how to determine the Directory ID, refer to Configuring the eG Agent to Monitor the Microsoft Azure App Service

Client ID and Client Password

The eG agent communicates with the target Microsoft Azure Subscription using Java API calls. To collect the required metrics, the eG agent requires an Access token in the form of an Application ID and the client secret value. To know how to determine the Application ID and the key, refer to Configuring the eG Agent to Monitor the Microsoft Azure App Service. Specify the Application ID of the created Application in the Client ID text box and the client secret value in the Client Password text box.

Proxy Host

In some environments, all communication with the Azure cloud be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the Proxy Host and Proxy Port parameters. By default, these parameters are set to none, indicating that the eG agent is not configured to communicate via a proxy, by default.

Proxy Username, Proxy Password and Confirm Password

If the proxy server requires authentication, then, specify a valid proxy user name and password in the Proxy Username and Proxy Password parameters, respectively. Then, confirm the password by retyping it in the Confirm Password text box.

Log Analytics Workspace Name

Typically, to consolidate log entries, correlate log data, and perform complex analysis, a host pool's logs are often sent to one/more Log Analytics Workspaces.

By default, the Log Analytics Workspace Name parameter is set to All. This indicates that the test reads log data from all Log Analytics Workspaces configured for the target subscription, by default. However, if you want the test to use only those Log Analytics Workspaces to which a host pool's logs are sent, then provide the names of these workspaces here as a comma-separated list. To determine the names of the workspaces, do the following:

  1. Login to the Microsoft Azure Portal, and click on Host Pools to view the configured host pools.

  2. Select any of the host pools displayed therein by clicking on it.

  3. Next, keep scrolling down the left panel of the page that then appears, until the Diagnostic Settings option (under Monitoring) become visible.  Click on Diagnostic Settings to proceed.

  1. The diagnostic settings that pre-exist (if any) for the chosen host pool will then appear. If any of the existing diagnostic settings have already been configured with Log Analytics Workspaces, then the Log Analytics workspace column of that list will display these workspace names. You can configure the LOG ANALYTICS WORKSPACE NAME parameter of this test with any of these workspace names. If required, you can even configure this parameter with two/more workspaces displayed here, as a comma-separated list

  1. However, If the Log Analytics workspace column is blank for all the existing diagnostic settings, it is a clear indication that the host pool's logs are yet to be configured to be sent to any Log Analytics Workspace. In this case therefore, you should create a new diagnostic setting for the target host pool where a Log Analytics Workspace is configured as the destination for the logs. To achieve this, follow the procedure detailed in Configuring the Host Pool Logs to be Sent to a Log Analytics Workspace.

Show Object Fetched DD

By default, this test does not report detailed diagnostics for the Objects fetched measure. Accordingly, this parameter is set to No by default.

Typically, in large AVD roll-outs, this measure can report numerous records as part of detailed diagnostics. In such environments therefore, the detailed statistics for this measure can consume excessive space in the eG database. This default setting conserves valuable database space by ensuring that the test does not collect detailed metrics for the Objects fetchedmeasure.

However, If you have a well-sized and well-tuned eG database, you can configure the test to capture detailed metrics for this measure. To achieve this, set this flag to Yes.

Show Object Created DD

By default, this test does not report detailed diagnostics for the Objects created measure. Accordingly, this parameter is set to No by default.

Typically, in large AVD roll-outs, this measure can report numerous records as part of detailed diagnostics. In such environments therefore, the detailed statistics for this measure can consume excessive space in the eG database. This default setting conserves valuable database space by ensuring that the test does not collect detailed metrics for the Objects createdmeasure.

However, If you have a well-sized and well-tuned eG database, you can configure the test to capture detailed metrics for this measure. To achieve this, set this flag to Yes.

Show Object Updated DD

By default, this test does not report detailed diagnostics for the Objects updated measure. Accordingly, this parameter is set to No by default.

Typically, in large AVD roll-outs, this measure can report numerous records as part of detailed diagnostics. In such environments therefore, the detailed statistics for this measure can consume excessive space in the eG database. This default setting conserves valuable database space by ensuring that the test does not collect detailed metrics for the Objects updatedmeasure.

However, If you have a well-sized and well-tuned eG database, you can configure the test to capture detailed metrics for this measure. To achieve this, set this flag to Yes.

Show Object Deleted DD

By default, this test does not report detailed diagnostics for the Objects deleted measure. Accordingly, this parameter is set to No by default.

Typically, in large AVD roll-outs, this measure can report numerous records as part of detailed diagnostics. In such environments therefore, the detailed statistics for this measure can consume excessive space in the eG database. This default setting conserves valuable database space by ensuring that the test does not collect detailed metrics for the Objects deletedmeasure.

However, If you have a well-sized and well-tuned eG database, you can configure the test to capture detailed metrics for this measure. To achieve this, set this flag to Yes.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measures made by the test:
Measurement Description Measurement Unit Interpretation

Objects fetched

Indicates the number of objects in this AVD host pool that were fetched during the last measurement period.

Number

Use the detailed diagnosis of this measure to when objects were fetched, who initiated the fetch, from which client, and how many objects were fetched.

Objects created

Indicates the number of objects that were created in this AVD host pool during the last measurement period.

Number

Use the detailed diagnosis of this measure to when objects were created, who initiated the creation, from which client, and how many objects were created.

Objects updated

Indicates the number of objects that were updated in this AVD host pool during the last measurement period.

Number

Use the detailed diagnosis of this measure to when objects were updated, who initiated the update, from which client, and how many objects were updated.

Objects deleted

Indicates the number of objects that were deleted from this AVD host pool during the last measurement period.

Number

Use the detailed diagnosis of this measure to when objects were deleted, who initiated the deletion, from which client, and how many objects were deleted.