<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

The swift tide of progress in the tech industry necessitates continual adaptability and evolution. One domain witnessing this relentless pace of change is the collection of security monitoring data .

Microsoft’s Microsoft Monitoring Agent (MMA) and Operations Management Suite (OMS) Agent were the mainstays of Microsoft data collection for many years. However, they are now facing a difficult challenge due to software constraints arising from the life cycles of different operating systems..

Ubuntu 18.04 LTS, CentOS 7, and Red Hat Enterprise Linux Service 6, 6.7+, and 7 are widely used and are either nearing or at their end-of-life (EOL), highlighting the immediate need for upgrades.

Linux vendors tend to provide extended support for 10 years. CentOS 7 and RHEL 7 are expected to reach their End of Life (EOL) date by June 30, 2024. Oracle Linux 6 will also meet its extended support EOL on July 1, 2024. Ubuntu 18.04 LTS has already reached EOL.

MMA or OMS are unable to work with the software inside the new operating systems; this is where the Azure Monitoring Agent (AMA) can show its utility.

Another crucial point for all organizations currently leveraging the Log Analytics agent is that the retirement date for these legacy agents (MMA and OMS) is set for August 31, 2024. After this date, Microsoft will no longer support the Log Analytics agent, leaving businesses with the risk of encountering unsupported challenges.

This guide introduces you to AMA and its advantages over legacy agents. It highlights unique features, simplified deployment methods, a seamless migration process, and future enhancements.

 

Legacy Agents vs AMA: Why Switching AMA to Beneficial

 

Features

Legacy Agents

Azure Monitoring Agent (AMA)

Data Collection

  • Multiple agents needed
    Separate installation for different OSs
  • Unified solution
  • Simultaneous data collection from different OSs

Performance

  • Can lead to system bottlenecks and missed events
  • High events per second (EPS) rate

Extension Management

  • Compatibility issues, software updates, and troubleshooting
  • Improved, transparent method for handling extensions

Deployment & Configuration

  • Cumbersome and time-consuming
  • Streamlined deployment process and simplified configuration

Management

  • Difficult to manage multiple legacy agents
  • Central management and monitoring via DCRs

Future Compatibility

  • Unable to work with new operating systems
  • Future-ready design with upcoming enhancements

Support

  • Support to be discontinued soon
  • Continued and evolving support

 

The Drawbacks of Multiple Legacy Agents

Managing multiple legacy agents is akin to conducting an orchestra where each musician plays by their own rules. This discordance can lead to unoptimized resource allocation, system bottlenecks, and even missed security events due to incoherent data flow. The management and maintenance of each agent can become a huge task.

For instance, the Log Analytics agent needs to be separately installed and configured for different OSs. This process becomes cumbersome and time-consuming, especially in large-scale environments. Separate agents, such as the Diagnostic Extension and Telegraf agents, present management challenges. These include system compatibility issues, software updates, and troubleshooting.

Azure Monitoring Agent (AMA) is Microsoft's unified agent answer. It offers a more streamlined solution than other options. This reduces overhead and ensures efficient data management.

 

Advantages of Azure Monitoring Agent

Navigating the realm of diverse and multiple agents can be a challenging task. The Azure Monitoring Agent (AMA) significantly alleviates this complexity, offering a range of advantages that streamline processes, boost efficiency, and enhance data management capabilities.

1. Central Management and Monitoring via Data Collection Rules (DCRs):

Managing data collection can be tedious with multiple legacy agents. AMA changes the game by providing centralized and granular collection setup options. This means you can customize your data collection to the minutest detail, optimizing resource use and reducing costs. This feature alone can save hours of configuration time and streamline data collection.

2. Improved Extension Management:

AMA introduces a transparent, controllable method for handling extensions. With legacy agents, managing extensions often feels like trying to catch a fish with your bare hands—elusive and frustrating.

AMA changes this with a more advanced approach, efficiently deploying, updating, and removing extensions.

3. Linux and Windows Multi-Homing:

With AMA, you can simultaneously send data from Linux and Windows machines to multiple workspaces, increasing data management flexibility. It resembles having numerous TV screens showing various channels on one remote control. This functionality allows for better data sharing and distribution, especially in complex environments.

4. Deployment and Monitoring of Code Changes:

AMA's design, auto-upgrade capabilities, and  standard installation simplify deployment. It integrates with Azure Resource Manager (ARM) templates and Azure policies for centralized change management. This means less troubleshooting and more time using your data to make informed decisions.

5. Enhanced Performance:

With an increased events per second (EPS) rate, AMA ensures no critical security event data falls through the cracks. AMA provides a consistent, high-performance experience whether operating in Azure or non-Azure environments.

Microsoft Azure Monitoring Agent Multi-Homing Functionality

 

AMA Deployment Methods and Requirements

Deploying the Azure Monitoring Agent (AMA) requires careful attention to particular prerequisites and environmental factors.

AMA is versatile, It supports many resource types, such as virtual machines, virtual machine scale sets (VMSS), and on-premise servers. This wide-ranging support makes it a universally applicable tool, able to function in virtually any environment you're working in.

Azure Arc

When planning the deployment of Azure Monitoring Agent (AMA), it's crucial to be aware of a few technical specifics, especially depending on the location of the server.

In the event that your operations span across various environments, such as other cloud providers or on-premises resources, Azure Arc enrollment should be performed first. This Microsoft service extends Azure's management capabilities to these machines, allowing for integration with the necessary Data Collection Rules. Integrating AMA with Azure Arc gives you a comprehensive overview of your resources, paving the way for efficient data collection and management.

Before moving forward with Azure Arc integration, it's important to verify that your environment aligns with Azure Arc's prerequisites. This may include compatibility with specific operating system versions, appropriate network configurations, and sufficient privileges.

 

Efficiently Automating AMA Deployment with Azure Policy:

When deploying the Azure Monitoring Agent (AMA) across your IT landscape, Azure Policy is an essential time-saving facilitator. At its core, Azure Policy provides a platform for crafting 'policy definitions', essentially the guiding rules for your cloud environment.

These policy definitions act like active gatekeepers. Each time a new virtual machine (VM) or virtual machine scale set (VMSS) comes to life within your environment, these gatekeepers ensure the AMA extension is automatically installed. This process guarantees an automatic and consistent integration of AMA with every new resource, streamlining your deployment process. It also ensures that data collection across all resources adheres to your organization's defined standards, maintaining a professional and organized IT operation. 

Enhancing Virtual Machine Functionality with Azure Extensions:

AMA can be deployed as a Virtual Machine extension, allowing it to be automatically added whenever a new VM is created. This way, you can ensure AMA is part of every VM's base build, making it an inherent part of your VM's lifecycle.

 

The Future of AMA

Azure Monitoring Agent (AMA) is designed for present-day data management needs with a clear vision for the future. AMA is not only about what it can do today. It is also preparing for the advanced capabilities needed to meet the changing needs of businesses in the future.

AMA's capability to collect custom logs signifies its commitment to this forward-thinking approach. This feature allows organizations to gather data that aligns precisely with their unique business requirements, facilitating more targeted and insightful monitoring. As businesses grow and their data needs become more complex, this capacity for customized logging becomes increasingly crucial.

Future enhancements of AMA include the introduction of new destinations for data storage. Currently, AMA data is housed in a Log Analytics workspace. However, plans are in the pipeline to broaden storage options to accommodate other destinations. This flexible storage strategy ensures that as an organization's data management needs diversify, AMA can adapt accordingly.

In addition, AMA is being positioned to serve as the control plane for other Azure Monitor data collection components. AMA is set to play a central role in managing data across an organization's Azure environment.

In other words, AMA is essential for data collection. This paves the way for more consistent, high-performing, and simplified data management processes.

Beyond these enhancements, the development team behind AMA is firmly committed to continuous improvement. There's an ongoing drive to refine and expand AMA's capabilities, taking into account user feedback and industry trends.

 

Conclusion

In conclusion, adopting Azure Monitoring Agent (AMA) paves the way for a future of efficient and effective data upload to Microsoft Azure services, such as Log Analytics Workspaces or Microsoft Sentinel. What was previously a preference of monitoring agent due to functionality is quickly becoming a requirement to migrate to AMA. For further inquiries or assistance, please feel free to contact us through our convenient contact form. We are here to support your journey towards robust data protection and monitoring.