Monitoring Strategy for Global Digital Cloud Transformation

The Global Digital Cloud Transformation, or GDCT, is designed to lay down the foundation, governance, automation, support, testing, monitoring, and self-service cloud necessary to quickly advance the use of cloud services and technologies.

This strategy discusses the basics of the monitoring that will happen in the cloud. It is broken down by category that can be easily translated to the various cloud providers.

Cloud Providers

  • Microsoft Azure

  • Google Cloud Platform

  • Oracle Cloud Infrastructure

  • Salesforce Veeva

This document follows the monitoring model created in LucidChart found here.

Figure 1: Monitoring Strategy

Technical Implementation of Services

  1. Subscription (Global)

A subscription refers to a logical entity that provides entitlement to deploy and consumer Azure resources. Think of the Azure subscription as a SIM card in your device. It activates the use of the device and can have credits or not. There are 2 types of subscriptions, pay-as-you-go and free trial. Seagen uses Pay-as-you-go and does prepay on some services.

In this instance the subscription is monitored by the Application Insights and Monitor tools by default.

Here are the limits that come with the subscriptions in Azure.

Figure 2: Subscription Limits and be found here

  1. Blueprints (Global)

Blueprints are constructs that allow Seagen to create and group policies, resources, and standard features together and deploy them into subscriptions, management groups, etc.

We are using Blueprints to group our base policies which govern the Azure cloud. These blueprints help us consolidate the work we do.

  1. Network Watcher (Subscription)

The Network Watcher simply scans network traffic looking for errors, anomalies, etc.

  1. Activity Log (Global)

This services logs all activity on the org or tenant. The log contains access controls, UI interaction, changes to the configuration, etc.

  1. Diagnostic Settings (Global)

Used to identify root/cause analysis. The diagnostic settings also provide predictive insights to how a particular service or resource is running in a subscription and resource group.

  1. Monitor (Global)

A general purpose tool that provides visibility into resources commonly used across Azure. This tool is invaluable when evaluating databases and clusters. There are many things it can monitor with more being added every release.

  • Applications

  • Virtual Machines

  • Storage Accounts

  • Containers

  • Networks

  • SQL

  • Azure Cosmos DB

  • Key Vaults

  • Azure Cache for Redis

  • Azure Data Explorer Clusters

  • Log Analytics Workspaces

  • Azure STack HCI

  • Service Bus

  1. Application Insights (Subscription)

Application Insights is used to actually track the telemetry of the resources being deployed and run in the cloud. This resource is turned on by default and there will be one Application Insights instance per subscription. That will reduce the number of instances and provide greater insights into environments.

  1. Log Analytics Workspaces (Subscription Level)

The Log Analytics Workspaces provide a way to create a scoped workspace that has all of the services used in an application. As you know, the application can have many resources within it. The workspace allows you to create a dashboard or a series of dashboards related to that scope.

Workspaces can also be departmental level but this is not effective.

  1. Policies (Management Group Level)

Policies provide us with some governance that allows or prohibits things from happening in the cloud. Currently we have activated the following policies.

  • There should be more than 1 owner on a subscription

  • Audit machines with insecure password security settings

  • Enable monitoring in Azure Security Center

  • Allow locations

  • Allow locations for Resource Groups

  • Resource Types that we don’t want in the environment

  • Tags for Resource Groups

  • Tags inherited for Resources in a Resource Group

  1. Applications and Resources (Resource Level)

These resources make up applications or are stand alone. Every resource deployed through automation, will have application insights turned on by default.

The scope of this document also applies to these resources and/or applications.

  1. Advisor (Global)

Advisor is used to help us keep the environment clean, secure, and in good condition. It proactively evaluates the entire ecosystem and advises on what practices, resources, configurations, and tools need to be used to optimize the operationality of the resources.

  1. Cost Management + Billing

Cost Management + Billing advises on the overall spend and trends happening within the cloud. It also provides visibility to the estimates and budgets of the organization.