Azure Monitor Agent, Microsoft Monitor Agent and Data Collection Rules

In case you haven’t heard there’s a new agent in town. Its called the Azure Monitor Agent (AMA), this agent is brand new, re-written from the ground up and is going to replace the Microsoft Monitoring Agent (MMA) currently used by Log Analytics. This post will serve as both informational and opinion about the new agent. The new AMA is Generally Available, which means it is supported by Microsoft. Does that mean you should migrate to it? This first thing we need to talk about before getting into migration is Data Collection Rules.

 

Data Collection Rules

DCRs for short, represent a wholesale change in how our agents do data collection. Where Performance and Event logs were Log Analytics workspace wide with MMA, DCRs are super granular with the new Azure Monitor Agent. Have a single special Event Log on a specific server you want to collect? We can do that now without collecting it from any other servers. Want to collect Event Logs for all production Hyper-V hosts, we can do that with a DCR now. Want to only collect CPU performance metrics for 5 servers? Again relatively easy with a DCR. This will help save on some costs in your data collection, if done correctly. As you will no longer be collecting Performance Metrics and Event Logs workspace wide. You can of course do that if you want, as well. However, this does represent a change that you will have to spend some time investigating how to incorporate into your monitoring scenario.

 

Azure Monitor Agent

The new agent will replace the MMA, as well as the Azure Diagnostic Extension and Telegraf agent, for both Windows and Linux servers. This is very good news as there were a ton of options and agents around and was very confusing as to when to use which one for what purpose. The list of supported OS’s can be found here, basically Windows Server 2008R2 SP1 and above are supported. As well as a smattering of Linux OS’s across distributions. The AMA still has the same Dependency Agent we had with the Microsoft Monitoring Agent. So we’re not down to one agent to rule them all just yet.

On-Prem and Other Clouds

Whereas you could install the MMA anywhere you wanted on your own. The new Azure Monitor Agent requires Azure ARC to install the AMA extension on your on-prem or multi-cloud workloads.

Azure Policy

You can of course use Azure Policy to deploy the new agent to both Azure VMs or Azure ARC machines.

SCOM

The new AMA does not support SCOM at this time. With the MMA we could multi-home SCOM and Log Analytics, that is not the case with the Azure Monitor agent.

Solutions and Features

At this time there are a few services in private preview for the AMA, like Security Center, Sentinel, VM Insights and SQL Insights. Unfortunately Change Tracking, which was one of my favorite solutions is not available. I sincerely hope that we can get service monitoring for Windows and Linux ported over to the new agent. Service/Deamon monitoring is usually a high request for my customers. I have seen some use process monitoring to accomplish the same task, however that uses Perf data and is far more expensive than what the Service tracking offered.

Migration

So I have covered what the new agent is, what its supposed to replace and the features it supports. Should you migrate? Thats a tough question. First, you have until August of 2024 to migrate from MMA. That said if you are only using Perf and Event log currently, I would say its safe to move your production workloads, once you get a handle on how to do DCRs. Once we move beyond that, if you need Security Center, Sentinel, or VM Insights, these are all private preview. As such migrating your production workloads to those is a risk, support SLAs are vastly different for private preview than they are for GA.

Right now I would definitely say check out the new agent and DCRs in your non prod environments. This will let you get a handle on the new agent and how to use DCRs.

You can have both the MMA and AMA on a computer at the same time. However you will get double billed for data collection if say you create a DCR for the same counters you’re already collecting with the MMA. You’ll also get two heartbeats one from each agent.

Leave a Comment