In the world of IT operations and support, when something’s not working right, suspicion usually lands on the network. This happens for a variety of reasons. Application owners are often not technically informed about the network infrastructure layer, or the specifics of the communication requirements their application has. In many cases, they feel that because it worked as expected in their sandbox, there’s no reason it shouldn’t work in production, and it must be network.
In on-premises environments, the network blame game can be tough to address. Add a hybrid data center environment that’s using Microsoft Azure for one or more components, and the mysteries of cloud networking and communication increase the complexity.
IT pros have had access to tools that help them troubleshoot and diagnose problems by performing packet captures with network monitoring tools, troubleshooting communication flow with router/switch/firewall management interfaces, verifying network access rules by analyzing firewall logs, and a variety of other methods to inspect communications.
With Azure, customers and partners won’t have access to the underlying fabric to directly apply these tools as they do on-premises.
To address this need, Microsoft released Azure Network Watcher, a service that monitors, diagnoses, and provides insights to a network’s performance and health. On the next Azure Partners call on June 8, we’ll be joined by the Azure Networking Global Black Belt team to discuss Network Watcher and demonstrate its capabilities.
Azure Network Watcher features and capabilities
Provides a network level view showing the various interconnections and associations between network resources in a resource group.
Variable packet capture
Captures packet data in and out of a virtual machine. Advanced filtering options and fine-tuned controls such as being able to set time and size limitations provide versatility. The packet data can be stored in a blob store or on the local disk in .cap format.
IP flow verify
Checks if a packet is allowed or denied based on these flow information packet parameters: Destination IP, Source IP, Destination Port, Source Port, and Protocol. If the packet is denied by a security group, the rule and group that denied the packet is returned.
Determines the next hop for packets being routed in the Azure Network Fabric, enabling you to diagnose any misconfigured user-defined routes.
Security group view
Gets the effective and applied security rules that are applied on a virtual machine.
Network Security Group flow logging
Flow logs for Network Security Groups enable you to capture logs related to traffic that are allowed or denied by the security rules in the group. The flow is defined by a 5-tuple information – Source IP, Destination IP, Source Port, Destination Port, and Protocol.
Virtual Network gateway and Connection troubleshooting
Provides the ability to troubleshoot Virtual Network gateways and Connections.
Network subscription limits
Enables you to view network resource usage against limits.
Configuring diagnostics log
Provides a single pane to enable or disable diagnostics logs for network resources in a resource group.
The partner opportunity
The networking aspects of Microsoft Azure are certain to play a role in delivering your solutions. Use the resources below to become knowledgeable about Network Watcher so you can address the complexities of hybrid cloud infrastructure and network operations and respond to customer concerns. Explaining the insights that Network Watcher provides will help you reassure your customer that have you visibility and transparency into Azure networking, and increase their confidence in using Azure for their line-of-business applications – regardless of complexity.