├── .gitignore ├── Deploy ├── README.md ├── ServiceProvider │ ├── ARM Template │ │ ├── deploy.ps1 │ │ ├── parameters.json │ │ └── template.json │ ├── PS-Ops-CleanupDaily.ps1 │ └── PowerBI Dashboards │ │ └── zMonitor-Sample.pbix └── Tenant │ ├── RB-Ops-Daily.ps1 │ ├── RB-Ops-Hourly.ps1 │ ├── RB-ProcessLogs.ps1 │ ├── oms-all-deploy │ ├── README.md │ ├── azuredeploy.json │ ├── azuredeploy.parameters.json │ ├── images │ │ ├── agents.png │ │ ├── hvpolicy.png │ │ ├── hvsite.png │ │ ├── la.png │ │ ├── resourcegroup.png │ │ ├── runbook.png │ │ ├── searches.png │ │ ├── security.png │ │ ├── updates.png │ │ └── vmwarepolicy.png │ ├── metadata.json │ ├── nestedtemplates │ │ ├── omsAutomation.json │ │ ├── omsRecoveryServices.json │ │ └── omsWorkspace.json │ └── scripts │ │ └── Automated-IaaS-Backup.ps1 │ └── zMonitorDeploy.ps1 ├── Documentation ├── Contributing.md ├── Cost-Estimate.md ├── Deploy-ServiceProvider.md ├── Deploy-Tenant.md ├── Log-Reports.md ├── Writing-Reports.md └── images │ ├── centralStreamAnalytics.png │ ├── central_automation.png │ ├── central_cosmos_create.png │ ├── central_cosmos_ttl.png │ ├── central_cosmoscollection_create.png │ ├── central_storage_create.png │ ├── central_storagecontainer_create.png │ ├── central_streamanalytics_create.png │ ├── central_streamanalytics_input.png │ ├── central_streamanalytics_output.png │ ├── central_streamanalytics_query.png │ ├── loganalytics.png │ ├── tenantCreateRunAsAccount.png │ ├── tenantImportRunbooks.png │ ├── tenantScheduleDailyRunbook.png │ ├── tenantUpdateModules.png │ ├── zMonitorCentral.png │ └── zMonitorOverview.png ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.suo 8 | *.user 9 | *.userosscache 10 | *.sln.docstates 11 | 12 | # User-specific files (MonoDevelop/Xamarin Studio) 13 | *.userprefs 14 | 15 | # Build results 16 | [Dd]ebug/ 17 | [Dd]ebugPublic/ 18 | [Rr]elease/ 19 | [Rr]eleases/ 20 | x64/ 21 | x86/ 22 | bld/ 23 | [Bb]in/ 24 | [Oo]bj/ 25 | [Ll]og/ 26 | 27 | # Visual Studio 2015 cache/options directory 28 | .vs/ 29 | # Uncomment if you have tasks that create the project's static files in wwwroot 30 | #wwwroot/ 31 | 32 | # MSTest test Results 33 | [Tt]est[Rr]esult*/ 34 | [Bb]uild[Ll]og.* 35 | 36 | # NUNIT 37 | *.VisualState.xml 38 | TestResult.xml 39 | 40 | # Build Results of an ATL Project 41 | [Dd]ebugPS/ 42 | [Rr]eleasePS/ 43 | dlldata.c 44 | 45 | # .NET Core 46 | project.lock.json 47 | project.fragment.lock.json 48 | artifacts/ 49 | **/Properties/launchSettings.json 50 | 51 | *_i.c 52 | *_p.c 53 | *_i.h 54 | *.ilk 55 | *.meta 56 | *.obj 57 | *.pch 58 | *.pdb 59 | *.pgc 60 | *.pgd 61 | *.rsp 62 | *.sbr 63 | *.tlb 64 | *.tli 65 | *.tlh 66 | *.tmp 67 | *.tmp_proj 68 | *.log 69 | *.vspscc 70 | *.vssscc 71 | .builds 72 | *.pidb 73 | *.svclog 74 | *.scc 75 | 76 | # Chutzpah Test files 77 | _Chutzpah* 78 | 79 | # Visual C++ cache files 80 | ipch/ 81 | *.aps 82 | *.ncb 83 | *.opendb 84 | *.opensdf 85 | *.sdf 86 | *.cachefile 87 | *.VC.db 88 | *.VC.VC.opendb 89 | 90 | # Visual Studio profiler 91 | *.psess 92 | *.vsp 93 | *.vspx 94 | *.sap 95 | 96 | # TFS 2012 Local Workspace 97 | $tf/ 98 | 99 | # Guidance Automation Toolkit 100 | *.gpState 101 | 102 | # ReSharper is a .NET coding add-in 103 | _ReSharper*/ 104 | *.[Rr]e[Ss]harper 105 | *.DotSettings.user 106 | 107 | # JustCode is a .NET coding add-in 108 | .JustCode 109 | 110 | # TeamCity is a build add-in 111 | _TeamCity* 112 | 113 | # DotCover is a Code Coverage Tool 114 | *.dotCover 115 | 116 | # Visual Studio code coverage results 117 | *.coverage 118 | *.coveragexml 119 | 120 | # NCrunch 121 | _NCrunch_* 122 | .*crunch*.local.xml 123 | nCrunchTemp_* 124 | 125 | # MightyMoose 126 | *.mm.* 127 | AutoTest.Net/ 128 | 129 | # Web workbench (sass) 130 | .sass-cache/ 131 | 132 | # Installshield output folder 133 | [Ee]xpress/ 134 | 135 | # DocProject is a documentation generator add-in 136 | DocProject/buildhelp/ 137 | DocProject/Help/*.HxT 138 | DocProject/Help/*.HxC 139 | DocProject/Help/*.hhc 140 | DocProject/Help/*.hhk 141 | DocProject/Help/*.hhp 142 | DocProject/Help/Html2 143 | DocProject/Help/html 144 | 145 | # Click-Once directory 146 | publish/ 147 | 148 | # Publish Web Output 149 | *.[Pp]ublish.xml 150 | *.azurePubxml 151 | # TODO: Comment the next line if you want to checkin your web deploy settings 152 | # but database connection strings (with potential passwords) will be unencrypted 153 | *.pubxml 154 | *.publishproj 155 | 156 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 157 | # checkin your Azure Web App publish settings, but sensitive information contained 158 | # in these scripts will be unencrypted 159 | PublishScripts/ 160 | 161 | # NuGet Packages 162 | *.nupkg 163 | # The packages folder can be ignored because of Package Restore 164 | **/packages/* 165 | # except build/, which is used as an MSBuild target. 166 | !**/packages/build/ 167 | # Uncomment if necessary however generally it will be regenerated when needed 168 | #!**/packages/repositories.config 169 | # NuGet v3's project.json files produces more ignorable files 170 | *.nuget.props 171 | *.nuget.targets 172 | 173 | # Microsoft Azure Build Output 174 | csx/ 175 | *.build.csdef 176 | 177 | # Microsoft Azure Emulator 178 | ecf/ 179 | rcf/ 180 | 181 | # Windows Store app package directories and files 182 | AppPackages/ 183 | BundleArtifacts/ 184 | Package.StoreAssociation.xml 185 | _pkginfo.txt 186 | 187 | # Visual Studio cache files 188 | # files ending in .cache can be ignored 189 | *.[Cc]ache 190 | # but keep track of directories ending in .cache 191 | !*.[Cc]ache/ 192 | 193 | # Others 194 | ClientBin/ 195 | ~$* 196 | *~ 197 | *.dbmdl 198 | *.dbproj.schemaview 199 | *.jfm 200 | *.pfx 201 | *.publishsettings 202 | orleans.codegen.cs 203 | 204 | # Since there are multiple workflows, uncomment next line to ignore bower_components 205 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 206 | #bower_components/ 207 | 208 | # RIA/Silverlight projects 209 | Generated_Code/ 210 | 211 | # Backup & report files from converting an old project file 212 | # to a newer Visual Studio version. Backup files are not needed, 213 | # because we have git ;-) 214 | _UpgradeReport_Files/ 215 | Backup*/ 216 | UpgradeLog*.XML 217 | UpgradeLog*.htm 218 | 219 | # SQL Server files 220 | *.mdf 221 | *.ldf 222 | *.ndf 223 | 224 | # Business Intelligence projects 225 | *.rdl.data 226 | *.bim.layout 227 | *.bim_*.settings 228 | 229 | # Microsoft Fakes 230 | FakesAssemblies/ 231 | 232 | # GhostDoc plugin setting file 233 | *.GhostDoc.xml 234 | 235 | # Node.js Tools for Visual Studio 236 | .ntvs_analysis.dat 237 | node_modules/ 238 | 239 | # Typescript v1 declaration files 240 | typings/ 241 | 242 | # Visual Studio 6 build log 243 | *.plg 244 | 245 | # Visual Studio 6 workspace options file 246 | *.opt 247 | 248 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 249 | *.vbw 250 | 251 | # Visual Studio LightSwitch build output 252 | **/*.HTMLClient/GeneratedArtifacts 253 | **/*.DesktopClient/GeneratedArtifacts 254 | **/*.DesktopClient/ModelManifest.xml 255 | **/*.Server/GeneratedArtifacts 256 | **/*.Server/ModelManifest.xml 257 | _Pvt_Extensions 258 | 259 | # Paket dependency manager 260 | .paket/paket.exe 261 | paket-files/ 262 | 263 | # FAKE - F# Make 264 | .fake/ 265 | 266 | # JetBrains Rider 267 | .idea/ 268 | *.sln.iml 269 | 270 | # CodeRush 271 | .cr/ 272 | 273 | # Python Tools for Visual Studio (PTVS) 274 | __pycache__/ 275 | *.pyc 276 | 277 | # Cake - Uncomment if you are using it 278 | # tools/** 279 | # !tools/packages.config 280 | 281 | # Telerik's JustMock configuration file 282 | *.jmconfig 283 | 284 | # BizTalk build output 285 | *.btp.cs 286 | *.btm.cs 287 | *.odx.cs 288 | *.xsd.cs 289 | -------------------------------------------------------------------------------- /Deploy/README.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | Please refer to the [documentation](../README.md) for deployment instructions. -------------------------------------------------------------------------------- /Deploy/ServiceProvider/ARM Template/deploy.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | Deploys a template to Azure 4 | 5 | .DESCRIPTION 6 | Deploys an Azure Resource Manager template 7 | 8 | .PARAMETER subscriptionId 9 | The subscription id where the template will be deployed. 10 | 11 | .PARAMETER resourceGroupName 12 | The resource group where the template will be deployed. Can be the name of an existing or a new resource group. 13 | 14 | .PARAMETER resourceGroupLocation 15 | Optional, a resource group location. If specified, will try to create a new resource group in this location. If not specified, assumes resource group is existing. 16 | 17 | .PARAMETER deploymentName 18 | The deployment name. 19 | 20 | .PARAMETER templateFilePath 21 | Optional, path to the template file. Defaults to template.json. 22 | 23 | .PARAMETER parametersFilePath 24 | Optional, path to the parameters file. Defaults to parameters.json. If file is not found, will prompt for parameter values based on template. 25 | #> 26 | 27 | param( 28 | [Parameter(Mandatory=$True)] 29 | [string] 30 | $subscriptionId, 31 | 32 | [Parameter(Mandatory=$True)] 33 | [string] 34 | $resourceGroupName, 35 | 36 | [string] 37 | $resourceGroupLocation, 38 | 39 | [Parameter(Mandatory=$True)] 40 | [string] 41 | $deploymentName, 42 | 43 | [string] 44 | $templateFilePath = "template.json", 45 | 46 | [string] 47 | $parametersFilePath = "parameters.json" 48 | ) 49 | 50 | <# 51 | .SYNOPSIS 52 | Registers RPs 53 | #> 54 | Function RegisterRP { 55 | Param( 56 | [string]$ResourceProviderNamespace 57 | ) 58 | 59 | Write-Host "Registering resource provider '$ResourceProviderNamespace'"; 60 | Register-AzureRmResourceProvider -ProviderNamespace $ResourceProviderNamespace; 61 | } 62 | 63 | #****************************************************************************** 64 | # Script body 65 | # Execution begins here 66 | #****************************************************************************** 67 | $ErrorActionPreference = "Stop" 68 | 69 | # sign in 70 | Write-Host "Logging in..."; 71 | Login-AzureRmAccount; 72 | 73 | # select subscription 74 | Write-Host "Selecting subscription '$subscriptionId'"; 75 | Select-AzureRmSubscription -SubscriptionID $subscriptionId; 76 | 77 | # Register RPs 78 | $resourceProviders = @("microsoft.automation","microsoft.documentdb","microsoft.storage"); 79 | if($resourceProviders.length) { 80 | Write-Host "Registering resource providers" 81 | foreach($resourceProvider in $resourceProviders) { 82 | RegisterRP($resourceProvider); 83 | } 84 | } 85 | 86 | #Create or check for existing resource group 87 | $resourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -ErrorAction SilentlyContinue 88 | if(!$resourceGroup) 89 | { 90 | Write-Host "Resource group '$resourceGroupName' does not exist. To create a new resource group, please enter a location."; 91 | if(!$resourceGroupLocation) { 92 | $resourceGroupLocation = Read-Host "resourceGroupLocation"; 93 | } 94 | Write-Host "Creating resource group '$resourceGroupName' in location '$resourceGroupLocation'"; 95 | New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation 96 | } 97 | else{ 98 | Write-Host "Using existing resource group '$resourceGroupName'"; 99 | } 100 | 101 | # Start the deployment 102 | Write-Host "Starting deployment..."; 103 | if(Test-Path $parametersFilePath) { 104 | New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath -TemplateParameterFile $parametersFilePath; 105 | } else { 106 | New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath; 107 | } -------------------------------------------------------------------------------- /Deploy/ServiceProvider/ARM Template/parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "automationAccounts_CSPOperationsBot_name": { 6 | "value": null 7 | }, 8 | "databaseAccounts_cspoperationsdb_name": { 9 | "value": null 10 | }, 11 | "certificates_AzureClassicRunAsCertificate_base64Value": { 12 | "value": null 13 | }, 14 | "certificates_AzureRunAsCertificate_base64Value": { 15 | "value": null 16 | }, 17 | "automationAccounts_CSPOperationsBot_name_1": { 18 | "value": null 19 | }, 20 | "databaseAccounts_cspoperationsdb_name_1": { 21 | "value": null 22 | }, 23 | "storageAccounts_springcspopsdump_name": { 24 | "value": null 25 | }, 26 | "runbooks_RB_Ops_CleanupDaily_name": { 27 | "value": null 28 | }, 29 | "runbooks_RB_Ops_CSV2AzureTable_name": { 30 | "value": null 31 | }, 32 | "runbooks_RB_Ops_DeleteEmptyLogs_name": { 33 | "value": null 34 | }, 35 | "runbooks_RB_Ops_ProcessLogs_name": { 36 | "value": null 37 | }, 38 | "modules_Azure_name": { 39 | "value": null 40 | }, 41 | "modules_Azure.Storage_name": { 42 | "value": null 43 | }, 44 | "modules_AzureRM.Automation_name": { 45 | "value": null 46 | }, 47 | "modules_AzureRM.Compute_name": { 48 | "value": null 49 | }, 50 | "modules_AzureRM.Profile_name": { 51 | "value": null 52 | }, 53 | "modules_AzureRM.Resources_name": { 54 | "value": null 55 | }, 56 | "modules_AzureRM.Sql_name": { 57 | "value": null 58 | }, 59 | "modules_AzureRM.Storage_name": { 60 | "value": null 61 | }, 62 | "modules_Microsoft.PowerShell.Core_name": { 63 | "value": null 64 | }, 65 | "modules_Microsoft.PowerShell.Diagnostics_name": { 66 | "value": null 67 | }, 68 | "modules_Microsoft.PowerShell.Management_name": { 69 | "value": null 70 | }, 71 | "modules_Microsoft.PowerShell.Security_name": { 72 | "value": null 73 | }, 74 | "modules_Microsoft.PowerShell.Utility_name": { 75 | "value": null 76 | }, 77 | "modules_Microsoft.WSMan.Management_name": { 78 | "value": null 79 | }, 80 | "modules_Orchestrator.AssetManagement.Cmdlets_name": { 81 | "value": null 82 | }, 83 | "certificates_AzureClassicRunAsCertificate_name": { 84 | "value": null 85 | }, 86 | "certificates_AzureRunAsCertificate_name": { 87 | "value": null 88 | }, 89 | "connections_AzureClassicRunAsConnection_name": { 90 | "value": null 91 | }, 92 | "connections_AzureRunAsConnection_name": { 93 | "value": null 94 | }, 95 | "schedules_Schedule_Daily_name": { 96 | "value": null 97 | }, 98 | "jobSchedules_37c4294f_876f_48d6_9b6b_6fdcf04d19d3_name": { 99 | "value": null 100 | } 101 | } 102 | } -------------------------------------------------------------------------------- /Deploy/ServiceProvider/ARM Template/template.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "automationAccounts_CSPOperationsBot_name": { 6 | "defaultValue": null, 7 | "type": "SecureString" 8 | }, 9 | "databaseAccounts_cspoperationsdb_name": { 10 | "defaultValue": null, 11 | "type": "SecureString" 12 | }, 13 | "certificates_AzureClassicRunAsCertificate_base64Value": { 14 | "defaultValue": null, 15 | "type": "SecureString" 16 | }, 17 | "certificates_AzureRunAsCertificate_base64Value": { 18 | "defaultValue": null, 19 | "type": "SecureString" 20 | }, 21 | "automationAccounts_CSPOperationsBot_name_1": { 22 | "defaultValue": "CSPOperationsBot", 23 | "type": "String" 24 | }, 25 | "databaseAccounts_cspoperationsdb_name_1": { 26 | "defaultValue": "cspoperationsdb", 27 | "type": "String" 28 | }, 29 | "storageAccounts_springcspopsdump_name": { 30 | "defaultValue": "springcspopsdump", 31 | "type": "String" 32 | }, 33 | "runbooks_RB_Ops_CleanupDaily_name": { 34 | "defaultValue": "CSPOperationsBot/RB-Ops-CleanupDaily", 35 | "type": "String" 36 | }, 37 | "runbooks_RB_Ops_CSV2AzureTable_name": { 38 | "defaultValue": "CSPOperationsBot/RB-Ops-CSV2AzureTable", 39 | "type": "String" 40 | }, 41 | "runbooks_RB_Ops_DeleteEmptyLogs_name": { 42 | "defaultValue": "CSPOperationsBot/RB-Ops-DeleteEmptyLogs", 43 | "type": "String" 44 | }, 45 | "runbooks_RB_Ops_ProcessLogs_name": { 46 | "defaultValue": "CSPOperationsBot/RB-Ops-ProcessLogs", 47 | "type": "String" 48 | }, 49 | "modules_Azure_name": { 50 | "defaultValue": "CSPOperationsBot/Azure", 51 | "type": "String" 52 | }, 53 | "modules_Azure.Storage_name": { 54 | "defaultValue": "CSPOperationsBot/Azure.Storage", 55 | "type": "String" 56 | }, 57 | "modules_AzureRM.Automation_name": { 58 | "defaultValue": "CSPOperationsBot/AzureRM.Automation", 59 | "type": "String" 60 | }, 61 | "modules_AzureRM.Compute_name": { 62 | "defaultValue": "CSPOperationsBot/AzureRM.Compute", 63 | "type": "String" 64 | }, 65 | "modules_AzureRM.Profile_name": { 66 | "defaultValue": "CSPOperationsBot/AzureRM.Profile", 67 | "type": "String" 68 | }, 69 | "modules_AzureRM.Resources_name": { 70 | "defaultValue": "CSPOperationsBot/AzureRM.Resources", 71 | "type": "String" 72 | }, 73 | "modules_AzureRM.Sql_name": { 74 | "defaultValue": "CSPOperationsBot/AzureRM.Sql", 75 | "type": "String" 76 | }, 77 | "modules_AzureRM.Storage_name": { 78 | "defaultValue": "CSPOperationsBot/AzureRM.Storage", 79 | "type": "String" 80 | }, 81 | "modules_Microsoft.PowerShell.Core_name": { 82 | "defaultValue": "CSPOperationsBot/Microsoft.PowerShell.Core", 83 | "type": "String" 84 | }, 85 | "modules_Microsoft.PowerShell.Diagnostics_name": { 86 | "defaultValue": "CSPOperationsBot/Microsoft.PowerShell.Diagnostics", 87 | "type": "String" 88 | }, 89 | "modules_Microsoft.PowerShell.Management_name": { 90 | "defaultValue": "CSPOperationsBot/Microsoft.PowerShell.Management", 91 | "type": "String" 92 | }, 93 | "modules_Microsoft.PowerShell.Security_name": { 94 | "defaultValue": "CSPOperationsBot/Microsoft.PowerShell.Security", 95 | "type": "String" 96 | }, 97 | "modules_Microsoft.PowerShell.Utility_name": { 98 | "defaultValue": "CSPOperationsBot/Microsoft.PowerShell.Utility", 99 | "type": "String" 100 | }, 101 | "modules_Microsoft.WSMan.Management_name": { 102 | "defaultValue": "CSPOperationsBot/Microsoft.WSMan.Management", 103 | "type": "String" 104 | }, 105 | "modules_Orchestrator.AssetManagement.Cmdlets_name": { 106 | "defaultValue": "CSPOperationsBot/Orchestrator.AssetManagement.Cmdlets", 107 | "type": "String" 108 | }, 109 | "certificates_AzureClassicRunAsCertificate_name": { 110 | "defaultValue": "CSPOperationsBot/AzureClassicRunAsCertificate", 111 | "type": "String" 112 | }, 113 | "certificates_AzureRunAsCertificate_name": { 114 | "defaultValue": "CSPOperationsBot/AzureRunAsCertificate", 115 | "type": "String" 116 | }, 117 | "connections_AzureClassicRunAsConnection_name": { 118 | "defaultValue": "CSPOperationsBot/AzureClassicRunAsConnection", 119 | "type": "String" 120 | }, 121 | "connections_AzureRunAsConnection_name": { 122 | "defaultValue": "CSPOperationsBot/AzureRunAsConnection", 123 | "type": "String" 124 | }, 125 | "schedules_Schedule_Daily_name": { 126 | "defaultValue": "CSPOperationsBot/Schedule-Daily", 127 | "type": "String" 128 | }, 129 | "jobs_b2428a7c_aae2_4173_b855_9b19c6f38b42_name": { 130 | "defaultValue": "CSPOperationsBot/b2428a7c-aae2-4173-b855-9b19c6f38b42", 131 | "type": "String" 132 | }, 133 | "jobs_562a12e5_2ac1_4e53_a3d1_0dfd14dcc9b6_name": { 134 | "defaultValue": "CSPOperationsBot/562a12e5-2ac1-4e53-a3d1-0dfd14dcc9b6", 135 | "type": "String" 136 | }, 137 | "jobs_5cf08d9c_838a_4e5b_aea8_996fee96f07a_name": { 138 | "defaultValue": "CSPOperationsBot/5cf08d9c-838a-4e5b-aea8-996fee96f07a", 139 | "type": "String" 140 | }, 141 | "jobs_5c3eb2e2_4f00_4116_a087_b186905d7df2_name": { 142 | "defaultValue": "CSPOperationsBot/5c3eb2e2-4f00-4116-a087-b186905d7df2", 143 | "type": "String" 144 | }, 145 | "jobs_11d1b837_97f6_4fdd_aee2_e761e49cdc06_name": { 146 | "defaultValue": "CSPOperationsBot/11d1b837-97f6-4fdd-aee2-e761e49cdc06", 147 | "type": "String" 148 | }, 149 | "jobs_1e050e7f_6495_4a56_a9d2_84fd561c87da_name": { 150 | "defaultValue": "CSPOperationsBot/1e050e7f-6495-4a56-a9d2-84fd561c87da", 151 | "type": "String" 152 | }, 153 | "jobs_9c5b7ddc_1e41_44b2_84ad_d06a13d5a0e5_name": { 154 | "defaultValue": "CSPOperationsBot/9c5b7ddc-1e41-44b2-84ad-d06a13d5a0e5", 155 | "type": "String" 156 | }, 157 | "jobs_b85a1861_2161_4b41_ad78_817a0f7f6aee_name": { 158 | "defaultValue": "CSPOperationsBot/b85a1861-2161-4b41-ad78-817a0f7f6aee", 159 | "type": "String" 160 | }, 161 | "jobs_7d7bcf2b_d60e_4cb4_8289_bdf2ea340b93_name": { 162 | "defaultValue": "CSPOperationsBot/7d7bcf2b-d60e-4cb4-8289-bdf2ea340b93", 163 | "type": "String" 164 | }, 165 | "jobs_388e5c31_1bbd_4342_94cf_2dfcd934bc27_name": { 166 | "defaultValue": "CSPOperationsBot/388e5c31-1bbd-4342-94cf-2dfcd934bc27", 167 | "type": "String" 168 | }, 169 | "jobs_05054954_db58_48ea_9e27_e6ef0362c29d_name": { 170 | "defaultValue": "CSPOperationsBot/05054954-db58-48ea-9e27-e6ef0362c29d", 171 | "type": "String" 172 | }, 173 | "jobs_234fd6ca_536b_4db1_9545_e4d4b14ea912_name": { 174 | "defaultValue": "CSPOperationsBot/234fd6ca-536b-4db1-9545-e4d4b14ea912", 175 | "type": "String" 176 | }, 177 | "jobs_4f2d8451_5f42_45fe_898d_4994971fa145_name": { 178 | "defaultValue": "CSPOperationsBot/4f2d8451-5f42-45fe-898d-4994971fa145", 179 | "type": "String" 180 | }, 181 | "jobs_35c81bf1_7edd_49b2_bb01_b2f065185f6b_name": { 182 | "defaultValue": "CSPOperationsBot/35c81bf1-7edd-49b2-bb01-b2f065185f6b", 183 | "type": "String" 184 | }, 185 | "jobs_ec15dd81_f183_4ad5_af5b_9b94ab57b019_name": { 186 | "defaultValue": "CSPOperationsBot/ec15dd81-f183-4ad5-af5b-9b94ab57b019", 187 | "type": "String" 188 | }, 189 | "jobs_bc5dd2c1_8361_48ea_870e_543fbf8be40c_name": { 190 | "defaultValue": "CSPOperationsBot/bc5dd2c1-8361-48ea-870e-543fbf8be40c", 191 | "type": "String" 192 | }, 193 | "jobs_10ef5488_f69d_49df_9fc4_9adafde1985b_name": { 194 | "defaultValue": "CSPOperationsBot/10ef5488-f69d-49df-9fc4-9adafde1985b", 195 | "type": "String" 196 | }, 197 | "jobs_bb98afed_f0ec_47fe_8b6c_8172b64c75bb_name": { 198 | "defaultValue": "CSPOperationsBot/bb98afed-f0ec-47fe-8b6c-8172b64c75bb", 199 | "type": "String" 200 | }, 201 | "jobs_c948fe57_2ba0_4e9c_9270_5d0f8314cada_name": { 202 | "defaultValue": "CSPOperationsBot/c948fe57-2ba0-4e9c-9270-5d0f8314cada", 203 | "type": "String" 204 | }, 205 | "jobs_bd9264c7_2b89_4e6c_8b0e_adbd0bc605e8_name": { 206 | "defaultValue": "CSPOperationsBot/bd9264c7-2b89-4e6c-8b0e-adbd0bc605e8", 207 | "type": "String" 208 | }, 209 | "jobs_c6bd9352_9a80_49e3_889f_f52baaf1c0ef_name": { 210 | "defaultValue": "CSPOperationsBot/c6bd9352-9a80-49e3-889f-f52baaf1c0ef", 211 | "type": "String" 212 | }, 213 | "jobs_ff512d01_35d5_44c2_85bd_adf4e6246b0d_name": { 214 | "defaultValue": "CSPOperationsBot/ff512d01-35d5-44c2-85bd-adf4e6246b0d", 215 | "type": "String" 216 | }, 217 | "jobs_13b1ff02_9ba5_48d9_aa2d_448cdbd062ab_name": { 218 | "defaultValue": "CSPOperationsBot/13b1ff02-9ba5-48d9-aa2d-448cdbd062ab", 219 | "type": "String" 220 | }, 221 | "jobs_adc75d5b_661c_4462_893f_0a98a049e0c3_name": { 222 | "defaultValue": "CSPOperationsBot/adc75d5b-661c-4462-893f-0a98a049e0c3", 223 | "type": "String" 224 | }, 225 | "jobs_42703ae6_c88e_4deb_9725_438794502c9d_name": { 226 | "defaultValue": "CSPOperationsBot/42703ae6-c88e-4deb-9725-438794502c9d", 227 | "type": "String" 228 | }, 229 | "jobs_7f212146_d898_4d6e_83d8_9f758ae7ae5e_name": { 230 | "defaultValue": "CSPOperationsBot/7f212146-d898-4d6e-83d8-9f758ae7ae5e", 231 | "type": "String" 232 | }, 233 | "jobs_3ff0d78f_eeaf_4729_ab95_432779e47d93_name": { 234 | "defaultValue": "CSPOperationsBot/3ff0d78f-eeaf-4729-ab95-432779e47d93", 235 | "type": "String" 236 | }, 237 | "jobs_daa0aa64_9e0f_48be_af42_4a631df232e3_name": { 238 | "defaultValue": "CSPOperationsBot/daa0aa64-9e0f-48be-af42-4a631df232e3", 239 | "type": "String" 240 | }, 241 | "jobs_b0b5dc40_dc44_43d6_8177_9d039944e67a_name": { 242 | "defaultValue": "CSPOperationsBot/b0b5dc40-dc44-43d6-8177-9d039944e67a", 243 | "type": "String" 244 | }, 245 | "jobs_36322bea_0ee0_4170_b771_0702b203183c_name": { 246 | "defaultValue": "CSPOperationsBot/36322bea-0ee0-4170-b771-0702b203183c", 247 | "type": "String" 248 | }, 249 | "jobs_7faa2823_9589_4e09_a1af_d17b9d56371b_name": { 250 | "defaultValue": "CSPOperationsBot/7faa2823-9589-4e09-a1af-d17b9d56371b", 251 | "type": "String" 252 | }, 253 | "jobs_d492672a_e25f_4cb7_aeb5_4cd2bbdf3208_name": { 254 | "defaultValue": "CSPOperationsBot/d492672a-e25f-4cb7-aeb5-4cd2bbdf3208", 255 | "type": "String" 256 | }, 257 | "jobs_ca20ed9d_b218_42a1_b5f0_c3c0c6288105_name": { 258 | "defaultValue": "CSPOperationsBot/ca20ed9d-b218-42a1-b5f0-c3c0c6288105", 259 | "type": "String" 260 | }, 261 | "jobs_47af6fd7_e717_4858_a9c9_02dcb4a14f93_name": { 262 | "defaultValue": "CSPOperationsBot/47af6fd7-e717-4858-a9c9-02dcb4a14f93", 263 | "type": "String" 264 | }, 265 | "jobs_c0f78c73_31b4_4e5f_946d_b3837dc2a5e7_name": { 266 | "defaultValue": "CSPOperationsBot/c0f78c73-31b4-4e5f-946d-b3837dc2a5e7", 267 | "type": "String" 268 | }, 269 | "jobs_f34dddd9_d781_48f5_838c_4ad61196debf_name": { 270 | "defaultValue": "CSPOperationsBot/f34dddd9-d781-48f5-838c-4ad61196debf", 271 | "type": "String" 272 | }, 273 | "jobs_ffd51261_8f1a_4fa2_aba3_855aa4c3e66b_name": { 274 | "defaultValue": "CSPOperationsBot/ffd51261-8f1a-4fa2-aba3-855aa4c3e66b", 275 | "type": "String" 276 | }, 277 | "jobs_b511bca9_67a3_4179_8696_9256c0a0af70_name": { 278 | "defaultValue": "CSPOperationsBot/b511bca9-67a3-4179-8696-9256c0a0af70", 279 | "type": "String" 280 | }, 281 | "jobs_76ab68d5_12a0_4a37_9855_5638ccff1afd_name": { 282 | "defaultValue": "CSPOperationsBot/76ab68d5-12a0-4a37-9855-5638ccff1afd", 283 | "type": "String" 284 | }, 285 | "jobs_f64a0a52_ce41_466a_a5de_713a761cf0b8_name": { 286 | "defaultValue": "CSPOperationsBot/f64a0a52-ce41-466a-a5de-713a761cf0b8", 287 | "type": "String" 288 | }, 289 | "jobs_a172f7bc_9d8f_4d37_8898_167ae9576f61_name": { 290 | "defaultValue": "CSPOperationsBot/a172f7bc-9d8f-4d37-8898-167ae9576f61", 291 | "type": "String" 292 | }, 293 | "jobs_d896c310_cc47_4db1_a0b4_5a8349fa1a86_name": { 294 | "defaultValue": "CSPOperationsBot/d896c310-cc47-4db1-a0b4-5a8349fa1a86", 295 | "type": "String" 296 | }, 297 | "jobs_38182e13_ac96_4ee1_9499_cd6548156159_name": { 298 | "defaultValue": "CSPOperationsBot/38182e13-ac96-4ee1-9499-cd6548156159", 299 | "type": "String" 300 | }, 301 | "jobs_0a41bb9d_e609_4490_a9b2_f11a112e3456_name": { 302 | "defaultValue": "CSPOperationsBot/0a41bb9d-e609-4490-a9b2-f11a112e3456", 303 | "type": "String" 304 | }, 305 | "jobs_ba91f542_6347_4fea_b211_9aaab5c24a53_name": { 306 | "defaultValue": "CSPOperationsBot/ba91f542-6347-4fea-b211-9aaab5c24a53", 307 | "type": "String" 308 | }, 309 | "jobs_c46e8752_b1e7_4f2b_a109_aa2ce76a8a0b_name": { 310 | "defaultValue": "CSPOperationsBot/c46e8752-b1e7-4f2b-a109-aa2ce76a8a0b", 311 | "type": "String" 312 | }, 313 | "jobs_8f604319_1adb_4cb2_b648_5d2152ccafea_name": { 314 | "defaultValue": "CSPOperationsBot/8f604319-1adb-4cb2-b648-5d2152ccafea", 315 | "type": "String" 316 | }, 317 | "jobSchedules_37c4294f_876f_48d6_9b6b_6fdcf04d19d3_name": { 318 | "defaultValue": "CSPOperationsBot/37c4294f-876f-48d6-9b6b-6fdcf04d19d3", 319 | "type": "String" 320 | } 321 | }, 322 | "variables": {}, 323 | "resources": [ 324 | { 325 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot'.", 326 | "type": "Microsoft.Automation/automationAccounts", 327 | "name": "[parameters('automationAccounts_CSPOperationsBot_name_1')]", 328 | "apiVersion": "2015-10-31", 329 | "location": "westeurope", 330 | "properties": { 331 | "sku": { 332 | "name": "[parameters('automationAccounts_CSPOperationsBot_name')]" 333 | } 334 | }, 335 | "dependsOn": [] 336 | }, 337 | { 338 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourceGroups/CSPOperations/providers/Microsoft.DocumentDB/databaseAccounts/cspoperationsdb'.", 339 | "type": "Microsoft.DocumentDB/databaseAccounts", 340 | "kind": "GlobalDocumentDB", 341 | "name": "[parameters('databaseAccounts_cspoperationsdb_name_1')]", 342 | "apiVersion": "2015-04-08", 343 | "location": "West Europe", 344 | "tags": {}, 345 | "properties": { 346 | "databaseAccountOfferType": "Standard", 347 | "consistencyPolicy": { 348 | "defaultConsistencyLevel": "Session", 349 | "maxIntervalInSeconds": 5, 350 | "maxStalenessPrefix": 100 351 | }, 352 | "name": "[parameters('databaseAccounts_cspoperationsdb_name')]" 353 | }, 354 | "dependsOn": [] 355 | }, 356 | { 357 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourceGroups/cspoperations/providers/Microsoft.Storage/storageAccounts/springcspopsdump'.", 358 | "type": "Microsoft.Storage/storageAccounts", 359 | "sku": { 360 | "name": "Standard_LRS", 361 | "tier": "Standard" 362 | }, 363 | "kind": "Storage", 364 | "name": "[parameters('storageAccounts_springcspopsdump_name')]", 365 | "apiVersion": "2016-01-01", 366 | "location": "westeurope", 367 | "tags": {}, 368 | "properties": {}, 369 | "dependsOn": [] 370 | }, 371 | { 372 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/runbooks/RB-Ops-CleanupDaily'.", 373 | "type": "Microsoft.Automation/automationAccounts/runbooks", 374 | "name": "[parameters('runbooks_RB_Ops_CleanupDaily_name')]", 375 | "apiVersion": "2015-10-31", 376 | "location": "westeurope", 377 | "properties": { 378 | "runbookType": "PowerShell", 379 | "logVerbose": false, 380 | "logProgress": false 381 | }, 382 | "dependsOn": [ 383 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 384 | ] 385 | }, 386 | { 387 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/runbooks/RB-Ops-CSV2AzureTable'.", 388 | "type": "Microsoft.Automation/automationAccounts/runbooks", 389 | "name": "[parameters('runbooks_RB_Ops_CSV2AzureTable_name')]", 390 | "apiVersion": "2015-10-31", 391 | "location": "westeurope", 392 | "properties": { 393 | "runbookType": "PowerShell", 394 | "logVerbose": false, 395 | "logProgress": false 396 | }, 397 | "dependsOn": [ 398 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 399 | ] 400 | }, 401 | { 402 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/runbooks/RB-Ops-DeleteEmptyLogs'.", 403 | "type": "Microsoft.Automation/automationAccounts/runbooks", 404 | "name": "[parameters('runbooks_RB_Ops_DeleteEmptyLogs_name')]", 405 | "apiVersion": "2015-10-31", 406 | "location": "westeurope", 407 | "properties": { 408 | "runbookType": "PowerShell", 409 | "logVerbose": false, 410 | "logProgress": false 411 | }, 412 | "dependsOn": [ 413 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 414 | ] 415 | }, 416 | { 417 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/runbooks/RB-Ops-ProcessLogs'.", 418 | "type": "Microsoft.Automation/automationAccounts/runbooks", 419 | "name": "[parameters('runbooks_RB_Ops_ProcessLogs_name')]", 420 | "apiVersion": "2015-10-31", 421 | "location": "westeurope", 422 | "properties": { 423 | "runbookType": "PowerShell", 424 | "logVerbose": false, 425 | "logProgress": false 426 | }, 427 | "dependsOn": [ 428 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 429 | ] 430 | }, 431 | { 432 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Azure'.", 433 | "type": "Microsoft.Automation/automationAccounts/modules", 434 | "name": "[parameters('modules_Azure_name')]", 435 | "apiVersion": "2015-10-31", 436 | "properties": { 437 | "isGlobal": true, 438 | "version": null, 439 | "sizeInBytes": 0 440 | }, 441 | "dependsOn": [ 442 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 443 | ] 444 | }, 445 | { 446 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Azure.Storage'.", 447 | "type": "Microsoft.Automation/automationAccounts/modules", 448 | "name": "[parameters('modules_Azure.Storage_name')]", 449 | "apiVersion": "2015-10-31", 450 | "properties": { 451 | "isGlobal": true, 452 | "version": null, 453 | "sizeInBytes": 0 454 | }, 455 | "dependsOn": [ 456 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 457 | ] 458 | }, 459 | { 460 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Automation'.", 461 | "type": "Microsoft.Automation/automationAccounts/modules", 462 | "name": "[parameters('modules_AzureRM.Automation_name')]", 463 | "apiVersion": "2015-10-31", 464 | "properties": { 465 | "isGlobal": true, 466 | "version": null, 467 | "sizeInBytes": 0 468 | }, 469 | "dependsOn": [ 470 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 471 | ] 472 | }, 473 | { 474 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Compute'.", 475 | "type": "Microsoft.Automation/automationAccounts/modules", 476 | "name": "[parameters('modules_AzureRM.Compute_name')]", 477 | "apiVersion": "2015-10-31", 478 | "properties": { 479 | "isGlobal": true, 480 | "version": null, 481 | "sizeInBytes": 0 482 | }, 483 | "dependsOn": [ 484 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 485 | ] 486 | }, 487 | { 488 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Profile'.", 489 | "type": "Microsoft.Automation/automationAccounts/modules", 490 | "name": "[parameters('modules_AzureRM.Profile_name')]", 491 | "apiVersion": "2015-10-31", 492 | "properties": { 493 | "isGlobal": true, 494 | "version": null, 495 | "sizeInBytes": 0 496 | }, 497 | "dependsOn": [ 498 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 499 | ] 500 | }, 501 | { 502 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Resources'.", 503 | "type": "Microsoft.Automation/automationAccounts/modules", 504 | "name": "[parameters('modules_AzureRM.Resources_name')]", 505 | "apiVersion": "2015-10-31", 506 | "properties": { 507 | "isGlobal": true, 508 | "version": null, 509 | "sizeInBytes": 0 510 | }, 511 | "dependsOn": [ 512 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 513 | ] 514 | }, 515 | { 516 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Sql'.", 517 | "type": "Microsoft.Automation/automationAccounts/modules", 518 | "name": "[parameters('modules_AzureRM.Sql_name')]", 519 | "apiVersion": "2015-10-31", 520 | "properties": { 521 | "isGlobal": true, 522 | "version": null, 523 | "sizeInBytes": 0 524 | }, 525 | "dependsOn": [ 526 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 527 | ] 528 | }, 529 | { 530 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/AzureRM.Storage'.", 531 | "type": "Microsoft.Automation/automationAccounts/modules", 532 | "name": "[parameters('modules_AzureRM.Storage_name')]", 533 | "apiVersion": "2015-10-31", 534 | "properties": { 535 | "isGlobal": true, 536 | "version": null, 537 | "sizeInBytes": 0 538 | }, 539 | "dependsOn": [ 540 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 541 | ] 542 | }, 543 | { 544 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.PowerShell.Core'.", 545 | "type": "Microsoft.Automation/automationAccounts/modules", 546 | "name": "[parameters('modules_Microsoft.PowerShell.Core_name')]", 547 | "apiVersion": "2015-10-31", 548 | "properties": { 549 | "isGlobal": true, 550 | "version": null, 551 | "sizeInBytes": 0 552 | }, 553 | "dependsOn": [ 554 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 555 | ] 556 | }, 557 | { 558 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.PowerShell.Diagnostics'.", 559 | "type": "Microsoft.Automation/automationAccounts/modules", 560 | "name": "[parameters('modules_Microsoft.PowerShell.Diagnostics_name')]", 561 | "apiVersion": "2015-10-31", 562 | "properties": { 563 | "isGlobal": true, 564 | "version": null, 565 | "sizeInBytes": 0 566 | }, 567 | "dependsOn": [ 568 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 569 | ] 570 | }, 571 | { 572 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.PowerShell.Management'.", 573 | "type": "Microsoft.Automation/automationAccounts/modules", 574 | "name": "[parameters('modules_Microsoft.PowerShell.Management_name')]", 575 | "apiVersion": "2015-10-31", 576 | "properties": { 577 | "isGlobal": true, 578 | "version": null, 579 | "sizeInBytes": 0 580 | }, 581 | "dependsOn": [ 582 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 583 | ] 584 | }, 585 | { 586 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.PowerShell.Security'.", 587 | "type": "Microsoft.Automation/automationAccounts/modules", 588 | "name": "[parameters('modules_Microsoft.PowerShell.Security_name')]", 589 | "apiVersion": "2015-10-31", 590 | "properties": { 591 | "isGlobal": true, 592 | "version": null, 593 | "sizeInBytes": 0 594 | }, 595 | "dependsOn": [ 596 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 597 | ] 598 | }, 599 | { 600 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.PowerShell.Utility'.", 601 | "type": "Microsoft.Automation/automationAccounts/modules", 602 | "name": "[parameters('modules_Microsoft.PowerShell.Utility_name')]", 603 | "apiVersion": "2015-10-31", 604 | "properties": { 605 | "isGlobal": true, 606 | "version": null, 607 | "sizeInBytes": 0 608 | }, 609 | "dependsOn": [ 610 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 611 | ] 612 | }, 613 | { 614 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Microsoft.WSMan.Management'.", 615 | "type": "Microsoft.Automation/automationAccounts/modules", 616 | "name": "[parameters('modules_Microsoft.WSMan.Management_name')]", 617 | "apiVersion": "2015-10-31", 618 | "properties": { 619 | "isGlobal": true, 620 | "version": null, 621 | "sizeInBytes": 0 622 | }, 623 | "dependsOn": [ 624 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 625 | ] 626 | }, 627 | { 628 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/modules/Orchestrator.AssetManagement.Cmdlets'.", 629 | "type": "Microsoft.Automation/automationAccounts/modules", 630 | "name": "[parameters('modules_Orchestrator.AssetManagement.Cmdlets_name')]", 631 | "apiVersion": "2015-10-31", 632 | "properties": { 633 | "isGlobal": true, 634 | "version": null, 635 | "sizeInBytes": 0 636 | }, 637 | "dependsOn": [ 638 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 639 | ] 640 | }, 641 | { 642 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/certificates/AzureClassicRunAsCertificate'.", 643 | "type": "Microsoft.Automation/automationAccounts/certificates", 644 | "name": "[parameters('certificates_AzureClassicRunAsCertificate_name')]", 645 | "apiVersion": "2015-10-31", 646 | "properties": { 647 | "description": "This certificate is used to authenticate with Azure so that you can manage Azure classic resources from runbooks. For details on this certificate, or to manage it, go to this account’s Settings. For example usage, see the tutorial runbook in this account.", 648 | "base64Value": "[parameters('certificates_AzureClassicRunAsCertificate_base64Value')]" 649 | }, 650 | "dependsOn": [ 651 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 652 | ] 653 | }, 654 | { 655 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/certificates/AzureRunAsCertificate'.", 656 | "type": "Microsoft.Automation/automationAccounts/certificates", 657 | "name": "[parameters('certificates_AzureRunAsCertificate_name')]", 658 | "apiVersion": "2015-10-31", 659 | "properties": { 660 | "description": "This certificate is used to authenticate with the service principal that was automatically created for this account. For details on this service principal and certificate, or to recreate them, go to this account’s Settings. For example usage, see the tutorial runbook in this account.", 661 | "base64Value": "[parameters('certificates_AzureRunAsCertificate_base64Value')]" 662 | }, 663 | "dependsOn": [ 664 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 665 | ] 666 | }, 667 | { 668 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/connections/AzureClassicRunAsConnection'.", 669 | "type": "Microsoft.Automation/automationAccounts/connections", 670 | "name": "[parameters('connections_AzureClassicRunAsConnection_name')]", 671 | "apiVersion": "2015-10-31", 672 | "properties": { 673 | "description": null, 674 | "fieldDefinitionValues": null, 675 | "connectionType": { 676 | "name": "AzureClassicCertificate" 677 | } 678 | }, 679 | "dependsOn": [ 680 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 681 | ] 682 | }, 683 | { 684 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/connections/AzureRunAsConnection'.", 685 | "type": "Microsoft.Automation/automationAccounts/connections", 686 | "name": "[parameters('connections_AzureRunAsConnection_name')]", 687 | "apiVersion": "2015-10-31", 688 | "properties": { 689 | "description": null, 690 | "fieldDefinitionValues": null, 691 | "connectionType": { 692 | "name": "AzureServicePrincipal" 693 | } 694 | }, 695 | "dependsOn": [ 696 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 697 | ] 698 | }, 699 | { 700 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/schedules/Schedule-Daily'.", 701 | "type": "Microsoft.Automation/automationAccounts/schedules", 702 | "name": "[parameters('schedules_Schedule_Daily_name')]", 703 | "apiVersion": "2015-10-31", 704 | "properties": { 705 | "description": "", 706 | "startTime": "2017-04-06T00:00:00+04:00", 707 | "expiryTime": "9999-12-31T23:59:59.9999999+00:00", 708 | "isEnabled": true, 709 | "interval": 1, 710 | "frequency": "Day" 711 | }, 712 | "dependsOn": [ 713 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 714 | ] 715 | }, 716 | { 717 | "comments": "Generalized from resource: '/subscriptions/28506137-3983-48f9-b55f-c4f24f3b3802/resourcegroups/CSPOperations/providers/Microsoft.Automation/automationAccounts/CSPOperationsBot/jobSchedules/37c4294f-876f-48d6-9b6b-6fdcf04d19d3'.", 718 | "type": "Microsoft.Automation/automationAccounts/jobSchedules", 719 | "name": "[parameters('jobSchedules_37c4294f_876f_48d6_9b6b_6fdcf04d19d3_name')]", 720 | "apiVersion": "2015-10-31", 721 | "properties": { 722 | "runbook": { 723 | "name": "RB-Ops-CleanupDaily" 724 | }, 725 | "schedule": { 726 | "name": "Schedule-Daily" 727 | }, 728 | "parameters": null 729 | }, 730 | "dependsOn": [ 731 | "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccounts_CSPOperationsBot_name_1'))]" 732 | ] 733 | } 734 | ] 735 | } -------------------------------------------------------------------------------- /Deploy/ServiceProvider/PS-Ops-CleanupDaily.ps1: -------------------------------------------------------------------------------- 1 | #Use the local AzureRunAsConnection account for actions within the tenant 2 | $Conn = Get-AutomationConnection -Name AzureRunAsConnection 3 | Add-AzureRMAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint 4 | 5 | # Set service provider Azure storage account 6 | $StorageAccountName = "" 7 | $StorageContainerName = "
" 8 | $TargetStorageContainerName = "" 9 | $StorageAccountKey = "" 10 | 11 | $Ctx = New-AzureStorageContext $StorageAccountName -StorageAccountKey $StorageAccountKey 12 | 13 | #Cleanup all 0 byte files - should no longer be needed 14 | Get-AzureStorageBlob -Container $StorageContainerName -Context @Ctx | Where-Object {$_.Length -eq 0} | Remove-AzureStorageBlob 15 | 16 | #Get all blobs older than an hour 17 | $blobs = Get-AzureStorageBlob -Container $StorageContainerName -Context @Ctx | Where-Object {$_.LastModified -lt (Get-Date).AddHours(-1)} 18 | 19 | #Copy blobs from one container to another. 20 | $blobs| Start-AzureStorageBlobCopy -DestContainer $TargetStorageContainerName -DestContext $Ctx 21 | 22 | $blobs| Remove-AzureStorageBlob 23 | -------------------------------------------------------------------------------- /Deploy/ServiceProvider/PowerBI Dashboards/zMonitor-Sample.pbix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/ServiceProvider/PowerBI Dashboards/zMonitor-Sample.pbix -------------------------------------------------------------------------------- /Deploy/Tenant/RB-Ops-Daily.ps1: -------------------------------------------------------------------------------- 1 | #Alerts generated in the past 24 hours that are still open 2 | .\RB-ProcessLogs.ps1 ` 3 | -ReportName "activealertscritical" ` 4 | -dynamicQuery "Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertState!=Closed" 5 | 6 | #All Windows VMs that require updates 7 | .\RB-ProcessLogs.ps1 ` 8 | -ReportName "anyupdatesrequired" ` 9 | -dynamicQuery "Type=Update OSType!=Linux UpdateState=Needed Optional=false | select Computer,Title,KBID,Classification,UpdateSeverity,PublishedDate" 10 | 11 | #All VMs that are missing critical updates 12 | .\RB-ProcessLogs.ps1 ` 13 | -ReportName "criticalupdatesrequired" ` 14 | -dynamicQuery "Type=Update UpdateState=Needed Optional=false (Classification=""Security Updates"" OR Classification=""Critical Updates"")" 15 | 16 | #All VMs with more than 2GB RAM available on average 17 | .\RB-ProcessLogs.ps1 ` 18 | -ReportName "vmswithover2gbramavailable" ` 19 | -dynamicQuery "Type=Perf ObjectName=Memory CounterName=""Available MBytes"" | measure avg(CounterValue) by Computer | where AggregatedValue>2048" 20 | 21 | #All computers with their most recent data 22 | .\RB-ProcessLogs.ps1 ` 23 | -ReportName "allvmsmostrecentdata" ` 24 | -dynamicQuery "NOT(ObjectName=""Advisor Metrics"" OR ObjectName=ManagedSpace) TimeGenerated>NOW-5MINUTES" 25 | 26 | -------------------------------------------------------------------------------- /Deploy/Tenant/RB-Ops-Hourly.ps1: -------------------------------------------------------------------------------- 1 | #Average CPU usage calculated over 10 minutes for the last 1 hour 2 | .\RB-ProcessLogs.ps1 ` 3 | -ReportName "perfavgcpu" ` 4 | -dynamicQuery "Type=Perf CounterName=""% Processor Time"" TimeGenerated>=NOW-1HOURS | measure avg(CounterValue) by Computer interval 30MINUTE" 5 | 6 | #All detected threats based on threat status rank 7 | .\RB-ProcessLogs.ps1 ` 8 | -ReportName "securitydetectedthreats" ` 9 | -dynamicQuery "Type=ProtectionStatus ThreatStatusRank > 199 ThreatStatusRank != 470 | measure max(ThreatStatusRank) as Rank by Computer" 10 | 11 | #All Windows security login failures in the past 1 hour 12 | .\RB-ProcessLogs.ps1 ` 13 | -ReportName "acctloginfailurepasthour" ` 14 | -dynamicQuery "Type=SecurityEvent EventID=4625 TimeGenerated>=NOW-1HOURS" 15 | 16 | #All Linux Syslog errors in the past 1 hour 17 | .\RB-ProcessLogs.ps1 ` 18 | -ReportName "linuxsyslogerrors" ` 19 | -dynamicQuery "Type=Syslog SeverityLevel=error TimeGenerated>NOW-1HOURS" -------------------------------------------------------------------------------- /Deploy/Tenant/RB-ProcessLogs.ps1: -------------------------------------------------------------------------------- 1 | [CmdletBinding()] 2 | Param( 3 | [Parameter (Mandatory=$true,Position=1)] 4 | [string]$reportname, 5 | 6 | [Parameter (Mandatory=$true,Position=2)] 7 | [string]$dynamicQuery 8 | ) 9 | 10 | #Use the local AzureRunAsConnection account for actions within the tenant 11 | $Conn = Get-AutomationConnection -Name AzureRunAsConnection 12 | Add-AzureRMAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint 13 | 14 | # Set service provider Azure storage account and get the context 15 | $StorageAccountName = "" 16 | $StorageContainerName = "" 17 | $StorageAccountKey = "" 18 | $Ctx = New-AzureStorageContext $StorageAccountName -StorageAccountKey $StorageAccountKey 19 | 20 | $workspace = Get-AutomationVariable -Name "OMSWorkspaceName" 21 | $date = get-date -f yyyyMMddHHmm 22 | 23 | # Run the OMS Query Search 24 | # NOTE : Results are limited to 5000 results by the API 25 | $result = Get-AzureRmOperationalInsightsSearchResults -ResourceGroupName "zMonitor" -WorkspaceName $($workspace) -Top 5000 -Query $dynamicQuery 26 | 27 | # Process the report if it contains data 28 | if ($result.Value.Count -gt 0) 29 | { 30 | $result.Value | ConvertFrom-Json | Export-Csv -NoTypeInformation $env:TEMP\$($workspace)-$($reportname)-$($date)-temp.csv -Force 31 | 32 | Import-Csv $env:TEMP\$(Get-AutomationVariable -Name "OMSWorkspaceName")-$($reportname)-$($date)-temp.csv | 33 | select-Object *,@{Name='tenantworkspace';Expression={$($workspace)}},@{Name='reportname';Expression={$($reportname)}} | 34 | Export-Csv -NoTypeInformation $env:TEMP\$($workspace)-$($reportname)-$($date).csv 35 | 36 | #Write-Output "Moving CSV Results File to Azure Blob Storage." 37 | Set-AzureStorageBlobContent -Context $Ctx -File $env:TEMP\$($workspace)-$($reportname)-$($date).csv -Container $StorageContainerName -Force | Out-Null 38 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/README.md: -------------------------------------------------------------------------------- 1 | # Microsoft Operations Management Suite 2 | 3 | Original template located at [https://github.com/Azure/azure-quickstart-templates/tree/master/oms-all-deploy](https://github.com/Azure/azure-quickstart-templates/tree/master/oms-all-deploy) 4 | 5 | [![Deploy to Azure](http://azuredeploy.net/deploybutton.png)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fazure%2Fazure-quickstart-templates%2Fmaster%2Foms-all-deploy%2F%2Fazuredeploy.json) 6 | 7 | 8 | 9 | 10 | Your time is precious, why spend it on trying to integrate multiple tools. Lose the product palooza and unify on a single solution, providing management at your fingertips. Get up and running in seconds and have real insights in just hours, giving you faster time to value. 11 | 12 | ## Microsoft OMS Azure Resource Manager Template 13 | 14 | This template will deploy *all* the OMS services into a Resource Group 15 | 16 | ![alt text](images/resourcegroup.png "OMS") 17 | 18 | * Azure Log Analytics 19 | 20 | Instead of spending time adding data sources to your workspace and constructing the search queries for common scenarios, you will have multiple solutions enabled by default, common Windows and Linux logs present, as well as some of the most used performance counters regardless of platform. With saved searches categorized in the workspace, it is easy to get started immediately after you have added your machines to the workspace 21 | 22 | * Azure Automation 23 | 24 | The template will create several assets for you to use, such as credentials and variables that can be used out-of-the-box with the runbooks provided. All the dependencies are there. 25 | 26 | * Azure Backup 27 | 28 | Get started immediately post deployment by running the provided runbook in Azure Automation that will enable Azure IaaS backup on your VMs present within the region where you deployed your Recovery Vault 29 | 30 | * Azure Site Recovery 31 | 32 | After deployment, you just have to add your Hyper-V hosts or/and Management/Configuration Servers to the Recovery Vault and leverage the pre-created Hyper-V site and policies for your replication provider 33 | You can leverage the pre-created storage account as target for your replication scenarios. 34 | 35 | ### Post Deployment 36 | 37 | * Enable Azure IaaS Backup using a runbook 38 | 39 | ![alt text](images/runbook.png "runbook") 40 | 41 | * Add Hyper-V hosts to your primary Hyper-V site and associate them with the default replication policy 42 | 43 | ![alt text](images/hvsite.png "HyperV") 44 | 45 | ![alt text](images/hvpolicy.png "HVPolicy") 46 | 47 | * Associate your Management/Configuration Servers with the default replication policy 48 | 49 | ![alt text](images/vmwarepolicy.png "VMware") 50 | 51 | * Explore the solutions within Log Analytics after adding VMs/servers and storage accounts 52 | 53 | The template will enable the following solutions: 54 | 55 | * Change Tracking 56 | * Security and Audit 57 | * System Update Assessment 58 | * Agent Health 59 | 60 | ![alt text](images/la.png "Log Analytics") 61 | 62 | Explore a rich list of saved searches within Log Search 63 | 64 | ![alt text](images/searches.png "Searches") 65 | 66 | Explore the Agent Health solution 67 | 68 | ![alt text](images/agents.png "Agents overview") 69 | 70 | Explore the Updates solution 71 | 72 | ![alt text](images/updates.png "Updates") 73 | 74 | Explore the Security solution 75 | 76 | ![alt text](images/security.png "Security overview") 77 | 78 | *This template will be updated to add more capabilities* 79 | 80 | -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/azuredeploy.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "omsRecoveryVaultName": { 6 | "type": "string", 7 | "metadata": { 8 | "description": "Assign a name for the ASR Recovery Vault" 9 | } 10 | }, 11 | "omsRecoveryVaultRegion": { 12 | "type": "string", 13 | "defaultValue": "West Europe", 14 | "allowedValues": [ 15 | "West US", 16 | "East US", 17 | "North Europe", 18 | "West Europe", 19 | "Brazil South", 20 | "East Asia", 21 | "Southeast Asia", 22 | "North Central US", 23 | "South Central US", 24 | "Japan East", 25 | "Japan West", 26 | "Australia East", 27 | "Australia Southeast", 28 | "Central US", 29 | "East US 2", 30 | "Central India", 31 | "South India" 32 | ], 33 | "metadata": { 34 | "description": "Specify the region for your Recovery Vault" 35 | } 36 | }, 37 | "omsWorkspaceName": { 38 | "type": "string", 39 | "metadata": { 40 | "description": "Assign a name for the Log Analytic Workspace Name" 41 | } 42 | }, 43 | "omsWorkspaceRegion": { 44 | "type": "string", 45 | "defaultValue": "West Europe", 46 | "allowedValues": [ 47 | "East US", 48 | "West Europe", 49 | "Southeast Asia", 50 | "Australia Southeast" 51 | ], 52 | "metadata": { 53 | "description": "Specify the region for your Workspace" 54 | } 55 | }, 56 | "omsAutomationAccountName": { 57 | "type": "string", 58 | "metadata": { 59 | "description": "Assign a name for the Automation account" 60 | } 61 | }, 62 | "omsAutomationRegion": { 63 | "type": "string", 64 | "defaultValue": "West Europe", 65 | "allowedValues": [ 66 | "Japan East", 67 | "East US 2", 68 | "West Europe", 69 | "Southeast Asia", 70 | "South Central US", 71 | "North Europe", 72 | "Canada Central", 73 | "Australia Southeast", 74 | "Central India", 75 | "Japan East" 76 | ], 77 | "metadata": { 78 | "description": "Specify the region for your Automation account" 79 | } 80 | }, 81 | "_artifactsLocation": { 82 | "type": "string", 83 | "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/oms-all-deploy", 84 | "metadata": { 85 | "description": "The base URI where artifacts required by this template are located" 86 | } 87 | }, 88 | "_artifactsLocationSasToken": { 89 | "type": "securestring", 90 | "defaultValue": "", 91 | "metadata": { 92 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated" 93 | } 94 | }, 95 | "azureAdmin": { 96 | "type": "string", 97 | "metadata": { 98 | "description": "Enter your service admin user" 99 | } 100 | }, 101 | "azureAdminPwd": { 102 | "type": "securestring", 103 | "metadata": { 104 | "description": "Enter the pwd for the service admin user. The pwd is enrypted during runtime and in the Automation assets" 105 | } 106 | } 107 | }, 108 | "variables": { 109 | "nestedTemplates": { 110 | "omsRecoveryServices": "[concat(parameters('_artifactsLocation'), '/nestedtemplates/omsRecoveryServices.json', parameters('_artifactsLocationSasToken'))]", 111 | "omsAutomation": "[concat(parameters('_artifactsLocation'), '/nestedtemplates/omsAutomation.json', parameters('_artifactsLocationSasToken'))]", 112 | "omsWorkspace": "[concat(parameters('_artifactsLocation'), '/nestedtemplates/omsWorkspace.json', parameters('_artifactsLocationSasToken'))]" 113 | } 114 | }, 115 | "resources": [ 116 | { 117 | "type": "Microsoft.Resources/deployments", 118 | "apiVersion": "2016-02-01", 119 | "name": "omsWorkspace", 120 | "dependsOn": [ 121 | "[concat('Microsoft.Resources/deployments/', 'omsRecoveryServices')]" 122 | ], 123 | "properties": { 124 | "mode": "Incremental", 125 | "templateLink": { 126 | "uri": "[variables('nestedTemplates').omsWorkspace]", 127 | "contentVersion": "1.0.0.0" 128 | }, 129 | "parameters": { 130 | "omsWorkspaceName": { 131 | "value": "[parameters('omsWorkspaceName')]" 132 | }, 133 | "omsWorkspaceRegion": { 134 | "value": "[parameters('omsWorkspaceRegion')]" 135 | } 136 | } 137 | } 138 | }, 139 | { 140 | "type": "Microsoft.Resources/deployments", 141 | "apiVersion": "2016-02-01", 142 | "name": "omsRecoveryServices", 143 | "properties": { 144 | "mode": "Incremental", 145 | "templateLink": { 146 | "uri": "[variables('nestedTemplates').omsRecoveryServices]", 147 | "contentVersion": "1.0.0.0" 148 | }, 149 | "parameters": { 150 | "omsRecoveryVaultName": { 151 | "value": "[parameters('omsRecoveryVaultName')]" 152 | }, 153 | "omsRecoveryVaultRegion": { 154 | "value": "[parameters('omsRecoveryVaultRegion')]" 155 | } 156 | } 157 | } 158 | }, 159 | { 160 | "type": "Microsoft.Resources/deployments", 161 | "apiVersion": "2016-02-01", 162 | "name": "omsAutomation", 163 | "dependsOn": [ 164 | "[concat('Microsoft.Resources/deployments/', 'omsRecoveryServices')]", 165 | "[concat('Microsoft.Resources/deployments/', 'omsWorkspace')]" 166 | ], 167 | "properties": { 168 | "mode": "Incremental", 169 | "templateLink": { 170 | "uri": "[variables('nestedTemplates').omsAutomation]", 171 | "contentVersion": "1.0.0.0" 172 | }, 173 | "parameters": { 174 | "omsAutomationAccountName": { 175 | "value": "[parameters('omsAutomationAccountName')]" 176 | }, 177 | "omsAutomationRegion": { 178 | "value": "[parameters('omsAutomationRegion')]" 179 | }, 180 | "omsRecoveryVaultName": { 181 | "value": "[parameters('omsRecoveryVaultName')]" 182 | }, 183 | "omsWorkspaceName": { 184 | "value": "[parameters('omsWorkspaceName')]" 185 | }, 186 | "azureAdmin": { 187 | "value": "[parameters('azureAdmin')]" 188 | }, 189 | "azureAdminPwd": { 190 | "value": "[parameters('azureAdminPwd')]" 191 | }, 192 | "_artifactsLocation": { 193 | "value": "[parameters('_artifactsLocation')]" 194 | }, 195 | "_artifactsLocationSasToken": { 196 | "value": "[parameters('_artifactsLocationSasToken')]" 197 | } 198 | } 199 | } 200 | } 201 | ], 202 | "outputs": { } 203 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/azuredeploy.parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "omsRecoveryVaultName": { 6 | "value": "zMonitorVault" 7 | }, 8 | "omsRecoveryVaultRegion": { 9 | "value": "West Europe" 10 | }, 11 | "omsWorkspaceName": { 12 | "value": "GEN-UNIQUE-20" 13 | }, 14 | "omsWorkspaceRegion": { 15 | "value": "West Europe" 16 | }, 17 | "omsAutomationAccountName": { 18 | "value": "zMonitorBot" 19 | }, 20 | "omsAutomationRegion": { 21 | "value": "West Europe" 22 | }, 23 | "azureAdminPwd": { 24 | "value": "GEN-PASSWORD" 25 | }, 26 | "azureAdmin": { 27 | "value": "azureadmin" 28 | }, 29 | "_artifactsLocation": { 30 | "value": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/oms-all-deploy" 31 | } 32 | } 33 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/agents.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/agents.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/hvpolicy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/hvpolicy.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/hvsite.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/hvsite.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/la.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/la.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/resourcegroup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/resourcegroup.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/runbook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/runbook.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/searches.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/searches.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/security.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/updates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/updates.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/images/vmwarepolicy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Deploy/Tenant/oms-all-deploy/images/vmwarepolicy.png -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "itemDisplayName": "Microsoft OMS", 3 | "description": "Deploys all OMS Services to a Resource Group", 4 | "summary": "This template deploys all the OMS services with additional artifacts to a Resource Group", 5 | "githubUsername": "krnese", 6 | "dateUpdated": "2017-01-19" 7 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/nestedtemplates/omsAutomation.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "omsAutomationAccountName": { 6 | "type": "string", 7 | "defaultValue": "", 8 | "metadata": { 9 | "description": "Assign a name for the Automation account" 10 | } 11 | }, 12 | "omsAutomationRegion": { 13 | "type": "string", 14 | "defaultValue": "West Europe", 15 | "allowedValues": [ 16 | "Japan East", 17 | "East US 2", 18 | "West Europe", 19 | "Southeast Asia", 20 | "South Central US", 21 | "North Europe", 22 | "Canada Central", 23 | "Australia Southeast", 24 | "Central India", 25 | "Japan East" 26 | ], 27 | "metadata": { 28 | "description": "Specify the region for your Automation account" 29 | } 30 | }, 31 | "omsWorkspaceName": { 32 | "type": "string", 33 | "defaultValue": "", 34 | "metadata": { 35 | "description": "Assign a name for the OMS workspace" 36 | } 37 | }, 38 | "omsRecoveryVaultName": { 39 | "type": "string", 40 | "defaultValue": "", 41 | "metadata": { 42 | "description": "Assign a name for the ASR Recovery Vault" 43 | } 44 | }, 45 | "azureAdmin": { 46 | "type": "string", 47 | "metadata": { 48 | "description": "Enter your service admin user" 49 | } 50 | }, 51 | "azureAdminPwd": { 52 | "type": "securestring", 53 | "metadata": { 54 | "description": "Enter the pwd for the service admin user. The pwd is enrypted during runtime and in the Automation assets" 55 | } 56 | }, 57 | "_artifactsLocation": { 58 | "type": "string", 59 | "defaultValue": "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/oms-all-deploy", 60 | "metadata": { 61 | "description": "The base URI where artifacts required by this template are located" 62 | } 63 | }, 64 | "_artifactsLocationSasToken": { 65 | "type": "securestring", 66 | "defaultValue": "", 67 | "metadata": { 68 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated." 69 | } 70 | } 71 | }, 72 | "variables": { 73 | "psModules": { 74 | "azureRmProfile": { 75 | "name": "AzureRm.Profile", 76 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.profile.1.0.11.nupkg" 77 | }, 78 | "azureRmResources": { 79 | "name": "AzureRm.Resources", 80 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.resources.2.0.2.nupkg" 81 | }, 82 | "azureStorage": { 83 | "name": "Azure.Storage", 84 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azure.storage.1.1.5.nupkg" 85 | }, 86 | "azureRmStorage": { 87 | "name": "AzureRm.Storage", 88 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.storage.1.1.3.nupkg" 89 | }, 90 | "azureRmOperationalInsights": { 91 | "name": "AzureRm.OperationalInsights", 92 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.operationalinsights.1.0.9.nupkg" 93 | }, 94 | "azureRmSiteRecovery": { 95 | "name": "AzureRm.SiteRecovery", 96 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.siterecovery.1.1.10.nupkg" 97 | }, 98 | "azureRmRecoveryServices": { 99 | "name": "AzureRm.RecoveryServices", 100 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.recoveryservices.1.1.3.nupkg" 101 | }, 102 | "azureRmBackup": { 103 | "name": "AzureRm.Backup", 104 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.backup.1.0.9.nupkg" 105 | }, 106 | "azureRmCompute": { 107 | "name": "AzureRm.Compute", 108 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.compute.1.3.3.nupkg" 109 | }, 110 | "azureRmAutomation": { 111 | "name": "AzureRm.Automation", 112 | "url": "https://devopsgallerystorage.blob.core.windows.net/packages/azurerm.automation.1.0.11.nupkg" 113 | } 114 | }, 115 | "runbooks": { 116 | "omsABUscript": { 117 | "name": "AzureIaasBackup", 118 | "version": "1.0.0.0", 119 | "description": "Runbook to automatically backup IaaS VMs within the ABU region", 120 | "type": "PowerShell", 121 | "Id": "" 122 | } 123 | }, 124 | "scriptUri": "[concat(parameters('_artifactsLocation'),'/scripts/Automated-IaaS-Backup.ps1', parameters('_artifactsLocationSasToken'))]", 125 | "azureSubscriptionId": "AzureSubscriptionId", 126 | "omsWorkspaceId": "OMSWorkspaceId", 127 | "omsWorkspaceKey": "OMSWorkspacekey", 128 | "omsWorkspaceNameAsset": "OMSWorkspaceName", 129 | "omsResourceGroupName": "OMSResourceGroupName", 130 | "omsRecoveryVault": "OMSRecoveryVault", 131 | "azureCredentials": "AzureCredentials" 132 | }, 133 | "resources": [ 134 | { 135 | "apiversion": "2015-10-31", 136 | "location": "[parameters('omsAutomationRegion')]", 137 | "name": "[parameters('omsAutomationAccountName')]", 138 | "type": "Microsoft.Automation/automationAccounts", 139 | "comments": "Automation account for OMS", 140 | "properties": { 141 | "sku": { 142 | "name": "OMS" 143 | } 144 | }, 145 | "resources": [ 146 | { 147 | "name": "[variables('omsWorkspaceId')]", 148 | "type": "variables", 149 | "apiVersion": "2015-10-31", 150 | "dependsOn": [ 151 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 152 | ], 153 | "tags": { }, 154 | "properties": { 155 | "description": "OMS Workspace Id", 156 | "value": "[concat('\"',reference(resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName')),'2015-11-01-preview').customerId,'\"')]" 157 | } 158 | }, 159 | { 160 | "name": "[variables('omsWorkspaceKey')]", 161 | "type": "variables", 162 | "apiVersion": "2015-10-31", 163 | "dependsOn": [ 164 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 165 | ], 166 | "tags": { }, 167 | "properties": { 168 | "description": "OMS Workspace key", 169 | "value": "[concat('\"',listKeys(resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName')), '2015-11-01-preview').primarySharedKey,'\"')]" 170 | } 171 | }, 172 | { 173 | "name": "[variables('azureSubscriptionId')]", 174 | "type": "variables", 175 | "apiVersion": "2015-10-31", 176 | "dependsOn": [ 177 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 178 | ], 179 | "tags": { 180 | }, 181 | "properties": { 182 | "description": "Azure Subscription Id", 183 | "isEncrypted": 0, 184 | "type": "string", 185 | "value": "[concat('\"',subscription().subscriptionId,'\"')]" 186 | } 187 | }, 188 | { 189 | "name": "[variables('omsRecoveryVault')]", 190 | "type": "variables", 191 | "apiVersion": "2015-10-31", 192 | "dependsOn": [ 193 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 194 | ], 195 | "tags": { }, 196 | "properties": { 197 | "description": "OMS Recovery Vault Name", 198 | "value": "[concat('\"',parameters('omsRecoveryVaultName'),'\"')]" 199 | } 200 | }, 201 | { 202 | "name": "[variables('omsResourceGroupName')]", 203 | "type": "variables", 204 | "apiVersion": "2015-10-31", 205 | "dependsOn": [ 206 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 207 | ], 208 | "tags": { }, 209 | "properties": { 210 | "description": "OMS Recovery Vault Name", 211 | "value": "[concat('\"',resourceGroup().name,'\"')]" 212 | } 213 | }, 214 | { 215 | "name": "[variables('azureCredentials')]", 216 | "type": "credentials", 217 | "apiVersion": "2015-10-31", 218 | "dependsOn": [ 219 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 220 | ], 221 | "tags": { }, 222 | "properties": { 223 | "description": "Azure Subscription Credentials", 224 | "password": "[parameters('azureAdminPwd')]", 225 | "userName": "[parameters('azureAdmin')]" 226 | } 227 | }, 228 | { 229 | "name": "[variables('omsWorkspaceNameAsset')]", 230 | "type": "variables", 231 | "apiVersion": "2015-10-31", 232 | "dependsOn": [ 233 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 234 | ], 235 | "tags": { }, 236 | "properties": { 237 | "description": "OMS Recovery Vault Name", 238 | "value": "[concat('\"',parameters('omsWorkspaceName'),'\"')]" 239 | } 240 | }, 241 | { 242 | "name": "[variables('psModules').azureRmOperationalInsights.name]", 243 | "type": "Modules", 244 | "apiVersion": "2015-10-31", 245 | "tags": { }, 246 | "dependsOn": [ 247 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 248 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]" 249 | ], 250 | "properties": { 251 | "contentLink": { 252 | "uri": "[variables('psModules').azureRMOperationalInsights.url]" 253 | } 254 | } 255 | }, 256 | { 257 | "name": "[variables('psModules').azureRmResources.name]", 258 | "type": "Modules", 259 | "apiVersion": "2015-10-31", 260 | "tags": { }, 261 | "dependsOn": [ 262 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 263 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]" 264 | ], 265 | "properties": { 266 | "contentLink": { 267 | "uri": "[variables('psModules').AzureRMResources.url]" 268 | } 269 | } 270 | }, 271 | { 272 | "name": "[variables('psModules').azureRmAutomation.name]", 273 | "type": "Modules", 274 | "apiVersion": "2015-10-31", 275 | "tags": { }, 276 | "dependsOn": [ 277 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 278 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 279 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmResources.name)]" 280 | ], 281 | "properties": { 282 | "contentLink": { 283 | "uri": "[variables('psModules').azureRMAutomation.url]" 284 | } 285 | } 286 | }, 287 | { 288 | "name": "[variables('psModules').azureRmStorage.name]", 289 | "type": "Modules", 290 | "apiVersion": "2015-10-31", 291 | "tags": { }, 292 | "dependsOn": [ 293 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 294 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 295 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureStorage.name)]" 296 | ], 297 | "properties": { 298 | "contentLink": { 299 | "uri": "[variables('psModules').azureRmStorage.url]" 300 | } 301 | } 302 | }, 303 | { 304 | "name": "[variables('psModules').azureStorage.name]", 305 | "type": "Modules", 306 | "apiVersion": "2015-10-31", 307 | "tags": { }, 308 | "dependsOn": [ 309 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 310 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]" 311 | ], 312 | "properties": { 313 | "contentLink": { 314 | "uri": "[variables('psModules').azureStorage.url]" 315 | } 316 | } 317 | }, 318 | { 319 | "name": "[variables('psModules').azureRmCompute.name]", 320 | "type": "Modules", 321 | "apiVersion": "2015-10-31", 322 | "tags": { }, 323 | "dependsOn": [ 324 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 325 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]" 326 | ], 327 | "properties": { 328 | "contentLink": { 329 | "uri": "[variables('psModules').azureRmCompute.url]" 330 | } 331 | } 332 | }, 333 | { 334 | "name": "[variables('psModules').azureRmSiteRecovery.name]", 335 | "type": "Modules", 336 | "apiVersion": "2015-10-31", 337 | "tags": { }, 338 | "dependsOn": [ 339 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 340 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 341 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureStorage.name)]" 342 | ], 343 | "properties": { 344 | "contentLink": { 345 | "uri": "[variables('psModules').AzureRmSiteRecovery.url]" 346 | } 347 | } 348 | }, 349 | { 350 | "name": "[variables('psModules').azureRmbackup.name]", 351 | "type": "Modules", 352 | "apiVersion": "2015-10-31", 353 | "tags": { }, 354 | "dependsOn": [ 355 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 356 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 357 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureStorage.name)]" 358 | ], 359 | "properties": { 360 | "contentLink": { 361 | "uri": "[variables('psModules').azureRmBackup.url]" 362 | } 363 | } 364 | }, 365 | { 366 | "name": "[variables('psModules').azureRmRecoveryServices.name]", 367 | "type": "Modules", 368 | "apiVersion": "2015-10-31", 369 | "tags": { }, 370 | "dependsOn": [ 371 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 372 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 373 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsautomationAccountName'), '/Modules/', variables('psModules').azureStorage.name)]" 374 | ], 375 | "properties": { 376 | "contentLink": { 377 | "uri": "[variables('psModules').azureRmRecoveryServices.url]" 378 | } 379 | } 380 | }, 381 | { 382 | "name": "[variables('psModules').azureRmProfile.name]", 383 | "type": "Modules", 384 | "apiVersion": "2015-10-31", 385 | "tags": { }, 386 | "dependsOn": [ 387 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]" 388 | ], 389 | "properties": { 390 | "contentLink": { 391 | "uri": "[variables('psModules').azureRmProfile.url]" 392 | } 393 | } 394 | }, 395 | { 396 | "name": "[variables('runbooks').omsABUscript.name]", 397 | "type": "runbooks", 398 | "apiVersion": "2015-10-31", 399 | "location": "[parameters('omsAutomationRegion')]", 400 | "dependsOn": [ 401 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'))]", 402 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/variables/', variables('azureSubscriptionId'))]", 403 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/variables/', variables('omsWorkspaceId'))]", 404 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/variables/', variables('omsWorkspaceKey'))]", 405 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmProfile.name)]", 406 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmResources.name)]", 407 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmCompute.name)]", 408 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureStorage.name)]", 409 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmStorage.name)]", 410 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmRecoveryServices.name)]", 411 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmSiteRecovery.name)]", 412 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmBackup.name)]", 413 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmOperationalInsights.name)]", 414 | "[concat('Microsoft.Automation/automationAccounts/', parameters('omsAutomationAccountName'), '/Modules/', variables('psModules').azureRmAutomation.name)]" 415 | ], 416 | "tags": { }, 417 | "properties": { 418 | "runbookType": "[variables('runbooks').omsABUscript.type]", 419 | "logProgress": "false", 420 | "logVerbose": "false", 421 | "description": "[variables('runbooks').omsABUscript.description]", 422 | "publishContentLink": { 423 | "uri": "[variables('scriptUri')]", 424 | "version": "[variables('runbooks').omsABUscript.version]" 425 | } 426 | } 427 | } 428 | ] 429 | } 430 | ], 431 | "outputs": { } 432 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/nestedtemplates/omsRecoveryServices.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "omsRecoveryVaultName": { 6 | "type": "string", 7 | "defaultValue": "", 8 | "metadata": { 9 | "description": "Assign a name for the ASR Recovery Vault" 10 | } 11 | }, 12 | "omsRecoveryVaultRegion": { 13 | "type": "string", 14 | "defaultValue": "West Europe", 15 | "allowedValues": [ 16 | "West US", 17 | "East US", 18 | "North Europe", 19 | "West Europe", 20 | "Brazil South", 21 | "East Asia", 22 | "Southeast Asia", 23 | "North Central US", 24 | "South Central US", 25 | "Japan East", 26 | "Japan West", 27 | "Australia East", 28 | "Australia Southeast", 29 | "Central US", 30 | "East US 2", 31 | "Central India", 32 | "South India" 33 | ], 34 | "metadata": { 35 | "description": "Specify the region for your Recovery Vault" 36 | } 37 | } 38 | }, 39 | "variables": { 40 | "recoveryStorageAccountName": "[toLower(concat('asr', uniqueString(resourceGroup().id)))]", 41 | "recoveryStorageType": "Standard_LRS" 42 | }, 43 | "resources": [ 44 | { 45 | "apiVersion": "2016-06-01", 46 | "location": "[parameters('omsRecoveryVaultRegion')]", 47 | "name": "[parameters('omsRecoveryVaultName')]", 48 | "type": "Microsoft.RecoveryServices/vaults", 49 | "comments": "ASR Recovery Vault for OMS", 50 | "sku": { 51 | "name": "RS0", 52 | "tier": "Standard" 53 | }, 54 | "properties": { }, 55 | "resources": [ 56 | { 57 | "apiVersion": "2016-06-01", 58 | "name": "HyperVPrimarySite", 59 | "type": "replicationFabrics", 60 | "id": "[resourceId('Microsoft.RecoveryServices/vaults/replicationFabrics', parameters('omsRecoveryVaultName'), 'HyperVPrimarySite')]", 61 | "dependsOn": [ 62 | "[concat('Microsoft.RecoveryServices/vaults/', parameters('omsRecoveryVaultName'))]" 63 | ], 64 | "properties": { 65 | "friendlyName": "PrimarySite", 66 | "fabricType": "HyperVSite" 67 | } 68 | }, 69 | { 70 | "apiVersion": "2016-06-01", 71 | "name": "DefaultVMwarePolicy", 72 | "type": "replicationPolicies", 73 | "id": "[resourceId('Microsoft.RecoveryServices/vaults/replicationPolicies', parameters('omsRecoveryVaultName'), 'DefaultVMwarePolicy')]", 74 | "dependsOn": [ 75 | "[concat('Microsoft.RecoveryServices/vaults/', parameters('omsRecoveryVaultName'))]" 76 | ], 77 | "properties": { 78 | "subscriptionid": "[subscription().subscriptionId]", 79 | "friendlyName": "DefaultVMwarePolicy", 80 | "providerSpecificInput": { 81 | "instanceType": "InMageAzureV2", 82 | "crashConsistentFrequencyInMinutes": 5, 83 | "recoveryPointThresholdInMinutes": 15, 84 | "recoveryPointHistory": 1440, 85 | "appConsistentFrequencyInMinutes": 60, 86 | "multiVmSyncStatus": "Enable" 87 | } 88 | } 89 | }, 90 | { 91 | "apiVersion": "2016-06-01", 92 | "name": "DefaultVMwarePolicy-failback", 93 | "type": "replicationPolicies", 94 | "id": "[resourceId('Microsoft.RecoveryServices/vaults/replicationPolicies', parameters('omsRecoveryVaultName'), 'DefaultVMwarePolicy-failback')]", 95 | "dependsOn": [ 96 | "[concat('Microsoft.RecoveryServices/vaults/', parameters('omsRecoveryVaultName'))]", 97 | "[concat('Microsoft.RecoveryServices/vaults/', parameters('omsRecoveryVaultName'), '/replicationPolicies/DefaultVMwarePolicy')]" 98 | ], 99 | "properties": { 100 | "subscriptionid": "[subscription().subscriptionId]", 101 | "friendlyName": "DefaultVMwarePolicy-failback", 102 | "providerSpecificInput": { 103 | "instanceType": "InMage", 104 | "recoveryPointThresholdInMinutes": 15, 105 | "recoveryPointHistory": 1440, 106 | "appConsistentFrequencyInMinutes": 60, 107 | "multiVmSyncStatus": "Enable" 108 | } 109 | } 110 | }, 111 | { 112 | "apiVersion": "2016-06-01", 113 | "name": "DefaultHyperVPolicy", 114 | "type": "replicationPolicies", 115 | "id": "[resourceId('Microsoft.RecoveryServices/vaults/replicationPolicies', parameters('omsRecoveryVaultName'), 'DefaultHyperVPolicy')]", 116 | "dependsOn": [ 117 | "[concat('Microsoft.RecoveryServices/vaults/', parameters('omsRecoveryVaultName'))]" 118 | ], 119 | "properties": { 120 | "subscriptionId": "[subscription().subscriptionId]", 121 | "friendlyName": "DefaultHyperVPolicy", 122 | "providerSpecificInput": { 123 | "instanceType": "HyperVReplicaAzure", 124 | "recoveryPointHistoryDurationInHours": 2, 125 | "applicationConsistentSnapshotFrequencyInHours": 0, 126 | "replicationInterval": 900, 127 | "onlineReplicationStartTime": "", 128 | "activeStorageAccountId": "[reference(resourceId('Microsoft.Storage/storageAccounts/',variables('recoveryStorageAccountName')))]", 129 | "encryption": "Disable" 130 | } 131 | } 132 | } 133 | ] 134 | }, 135 | { 136 | "apiVersion": "2015-06-15", 137 | "location": "[parameters('omsRecoveryVaultRegion')]", 138 | "name": "[variables('recoveryStorageAccountName')]", 139 | "type": "Microsoft.Storage/storageAccounts", 140 | "comments": "Storage account for ASR", 141 | "properties": { 142 | "accountType": "[variables('recoveryStorageType')]" 143 | } 144 | } 145 | ], 146 | "outputs": { } 147 | } 148 | 149 | -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/nestedtemplates/omsWorkspace.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "omsWorkspaceName": { 6 | "type": "string", 7 | "metadata": { 8 | "description": "Assign a name for the Log Analytic Workspace Name" 9 | } 10 | }, 11 | "omsWorkspaceRegion": { 12 | "type": "string", 13 | "defaultValue": "West Europe", 14 | "allowedValues": [ 15 | "East US", 16 | "West Europe", 17 | "Southeast Asia", 18 | "Australia Southeast" 19 | ], 20 | "metadata": { 21 | "description": "Specify the region for your Workspace" 22 | } 23 | } 24 | }, 25 | "variables": { 26 | "securitySolution": "[concat('Security', '(', parameters('omsWorkspaceName'), ')')]", 27 | "securitySolutionName": "Security", 28 | "agentSolution": "[concat('AgentHealthAssessment', '(', parameters('omsWorkspaceName'), ')')]", 29 | "agentSolutionName": "AgentHealthAssessment", 30 | "changeTrackingSolution": "[concat('ChangeTracking', '(', parameters('omsWorkspaceName'), ')')]", 31 | "changeTrackingSolutionName": "ChangeTracking", 32 | "updatesSolution": "[concat('Updates', '(', parameters('omsWorkspaceName'), ')')]", 33 | "updatesSolutionName": "Updates", 34 | "azureSolution": "[concat('AzureActivity', '(', parameters('omsWorkspaceName'), ')')]", 35 | "azureSolutionName": "AzureActivity" 36 | }, 37 | "resources": [ 38 | { 39 | "apiVersion": "2015-11-01-preview", 40 | "location": "[parameters('omsWorkspaceRegion')]", 41 | "name": "[parameters('omsWorkspaceName')]", 42 | "type": "Microsoft.OperationalInsights/workspaces", 43 | "comments": "Log Analytics workspace", 44 | "properties": { 45 | "sku": { 46 | "name": "pernode" 47 | } 48 | }, 49 | "resources": [ 50 | { 51 | "name": "AzureActivityLog", 52 | "type": "datasources", 53 | "apiVersion": "2015-11-01-preview", 54 | "dependsOn": [ 55 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 56 | ], 57 | "kind": "AzureActivityLog", 58 | "properties": { 59 | "linkedResourceId": "[concat(subscription().id, '/providers/Microsoft.Insights/eventTypes/management')]" 60 | } 61 | }, 62 | { 63 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'SoftwareUpdateFailed1')]", 64 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 65 | "apiVersion": "2015-11-01-preview", 66 | "dependsOn": [ 67 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 68 | ], 69 | "tags": {}, 70 | "properties": { 71 | "ETag": "*", 72 | "query": "Type=Event EventID=20 Source=\"Microsoft-Windows-WindowsUpdateClient\" EventLog=\"System\" TimeGenerated>NOW-24HOURS | Measure Count() By Computer", 73 | "displayName": "A Software Update Installation Failed", 74 | "category": "Software Updates" 75 | } 76 | }, 77 | { 78 | "apiVersion": "2015-11-01-preview", 79 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'HyperV1')]", 80 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 81 | "dependsOn": [ 82 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 83 | ], 84 | "properties": { 85 | "ETag": "*", 86 | "category": "HyperV", 87 | "displayName": "VMs created last 24 hours", 88 | "query": "EventLog=\"Microsoft-Windows-Hyper-V-VMMS-Admin\" EventLevelName=information EventID=13002 TimeGenerated>NOW-1DAY " 89 | } 90 | }, 91 | { 92 | "apiVersion": "2015-11-01-preview", 93 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'HyperV2')]", 94 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 95 | "dependsOn": [ 96 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 97 | ], 98 | "properties": { 99 | "ETag": "*", 100 | "category": "HyperV", 101 | "displayName": "VMs deleted last 24 hours", 102 | "Query": "EventLog=\"Microsoft-Windows-Hyper-V-VMMS-Admin\" EventLevelName=information EventID=13003 TimeGenerated>NOW-1DAY" 103 | } 104 | }, 105 | { 106 | "apiVersion": "2015-11-01-preview", 107 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'HyperV3')]", 108 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 109 | "dependsOn": [ 110 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 111 | ], 112 | "properties": { 113 | "ETag": "*", 114 | "category": "HyperV", 115 | "displayName": "Replication throughput per VM", 116 | "query": "Type:Perf ObjectName=\"Hyper-V Azure Replication Agent\" CounterName=\"Replication Throughput\" TimeGenerated>NOW-8HOURS | measure avg(CounterValue) by InstanceName interval 15minutes" 117 | } 118 | }, 119 | { 120 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'SoftwareUpdateFailed2')]", 121 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 122 | "apiVersion": "2015-11-01-preview", 123 | "dependsOn": [ 124 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 125 | ], 126 | "tags": {}, 127 | "properties": { 128 | "ETag": "*", 129 | "query": "Type=Event EventID=20 Source=\"Microsoft-Windows-WindowsUpdateClient\" EventLog=\"System\" TimeGenerated>NOW-168HOURS", 130 | "displayName": "A Software Update Installation Failed", 131 | "category": "Software Updates" 132 | } 133 | }, 134 | { 135 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'Network1')]", 136 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 137 | "apiVersion": "2015-11-01-preview", 138 | "dependsOn": [ 139 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 140 | ], 141 | "tags": {}, 142 | "properties": { 143 | "ETag": "*", 144 | "query": "Type=Event EventID=4202 Source=\"TCPIP\" EventLog=\"System\" TimeGenerated>NOW-24HOURS | Measure Count() By Computer", 145 | "displayName": "A Network adatper was disconnected from the network", 146 | "category": "Networking" 147 | } 148 | }, 149 | { 150 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'Network2')]", 151 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 152 | "apiVersion": "2015-11-01-preview", 153 | "dependsOn": [ 154 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 155 | ], 156 | "tags": {}, 157 | "properties": { 158 | "ETag": "*", 159 | "query": "Type=Event EventID=4198 OR EventID=4199 Source=\"TCPIP\" EventLog=\"System\" TimeGenerated>NOW-24HOURS", 160 | "displayName": "Duplicate IP address has been detected", 161 | "category": "Networking" 162 | } 163 | }, 164 | { 165 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'NTFS1')]", 166 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 167 | "apiVersion": "2015-11-01-preview", 168 | "dependsOn": [ 169 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 170 | ], 171 | "tags": {}, 172 | "properties": { 173 | "ETag": "*", 174 | "query": "Type=Event EventID=98 Source=\"Microsoft-Windows-Ntfs\" EventLog=\"System\" TimeGenerated>NOW-24HOURS | Measure Count() By Computer", 175 | "displayName": "NTFS File System Corruption", 176 | "category": "NTFS" 177 | } 178 | }, 179 | { 180 | "name": "[concat(parameters('omsWorkspaceName'), '/', 'NTFS2')]", 181 | "type": "Microsoft.OperationalInsights/workspaces/savedSearches", 182 | "apiVersion": "2015-11-01-preview", 183 | "dependsOn": [ 184 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 185 | ], 186 | "tags": {}, 187 | "properties": { 188 | "ETag": "*", 189 | "query": "Type=Event EventID=40 OR EventID=36� Source=\"DISK\" EventLog=\"System\" TimeGenerated>NOW-24HOURS | Measure Count() By Compute", 190 | "displayName": "NTFS Quouta treshold limit reached", 191 | "category": "NTFS" 192 | } 193 | }, 194 | { 195 | "apiVersion": "2015-11-01-preview", 196 | "type": "datasources", 197 | "name": "LogicalDisk1", 198 | "dependsOn": [ 199 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 200 | ], 201 | "kind": "WindowsPerformanceCounter", 202 | "properties": { 203 | "objectName": "LogicalDisk", 204 | "instanceName": "*", 205 | "intervalSeconds": 10, 206 | "counterName": "Avg Disk sec/Read" 207 | } 208 | }, 209 | { 210 | "apiVersion": "2015-11-01-preview", 211 | "type": "datasources", 212 | "name": "LogicalDisk2", 213 | "dependsOn": [ 214 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 215 | ], 216 | "kind": "WindowsPerformanceCounter", 217 | "properties": { 218 | "objectName": "LogicalDisk", 219 | "instanceName": "*", 220 | "intervalSeconds": 10, 221 | "counterName": "Avg Disk sec/Write" 222 | } 223 | }, 224 | { 225 | "apiVersion": "2015-11-01-preview", 226 | "type": "datasources", 227 | "name": "LogicalDisk3", 228 | "dependsOn": [ 229 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 230 | ], 231 | "kind": "WindowsPerformanceCounter", 232 | "properties": { 233 | "objectName": "LogicalDisk", 234 | "instanceName": "*", 235 | "intervalSeconds": 10, 236 | "counterName": "Current Disk Queue Lenght" 237 | } 238 | }, 239 | { 240 | "apiVersion": "2015-11-01-preview", 241 | "type": "datasources", 242 | "name": "LogicalDisk4", 243 | "dependsOn": [ 244 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 245 | ], 246 | "kind": "WindowsPerformanceCounter", 247 | "properties": { 248 | "objectName": "LogicalDisk", 249 | "instanceName": "*", 250 | "intervalSeconds": 10, 251 | "counterName": "Disk Reads/sec" 252 | } 253 | }, 254 | { 255 | "apiVersion": "2015-11-01-preview", 256 | "type": "datasources", 257 | "name": "LogicalDisk5", 258 | "dependsOn": [ 259 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 260 | ], 261 | "kind": "WindowsPerformanceCounter", 262 | "properties": { 263 | "objectName": "LogicalDisk", 264 | "instanceName": "*", 265 | "intervalSeconds": 10, 266 | "counterName": "Disk Transfers/sec" 267 | } 268 | }, 269 | { 270 | "apiVersion": "2015-11-01-preview", 271 | "type": "datasources", 272 | "name": "LogicalDisk6", 273 | "dependsOn": [ 274 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 275 | ], 276 | "kind": "WindowsPerformanceCounter", 277 | "properties": { 278 | "objectName": "LogicalDisk", 279 | "instanceName": "*", 280 | "intervalSeconds": 10, 281 | "counterName": "Disk Writes/sec" 282 | } 283 | }, 284 | { 285 | "apiVersion": "2015-11-01-preview", 286 | "type": "datasources", 287 | "name": "LogicalDisk7", 288 | "dependsOn": [ 289 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 290 | ], 291 | "kind": "WindowsPerformanceCounter", 292 | "properties": { 293 | "objectName": "LogicalDisk", 294 | "instanceName": "*", 295 | "intervalSeconds": 10, 296 | "counterName": "Free Megabytes" 297 | } 298 | }, 299 | { 300 | "apiVersion": "2015-11-01-preview", 301 | "type": "datasources", 302 | "name": "LogicalDisk8", 303 | "dependsOn": [ 304 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 305 | ], 306 | "kind": "WindowsPerformanceCounter", 307 | "properties": { 308 | "objectName": "LogicalDisk", 309 | "instanceName": "*", 310 | "intervalSeconds": 10, 311 | "counterName": "% Free Space" 312 | } 313 | }, 314 | { 315 | "apiVersion": "2015-11-01-preview", 316 | "type": "datasources", 317 | "name": "Memory1", 318 | "dependsOn": [ 319 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 320 | ], 321 | "kind": "WindowsPerformanceCounter", 322 | "properties": { 323 | "objectName": "Memory", 324 | "instanceName": "*", 325 | "intervalSeconds": 10, 326 | "counterName": "Available MBytes" 327 | } 328 | }, 329 | { 330 | "apiVersion": "2015-11-01-preview", 331 | "type": "datasources", 332 | "name": "Memory2", 333 | "dependsOn": [ 334 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 335 | ], 336 | "kind": "WindowsPerformanceCounter", 337 | "properties": { 338 | "objectName": "Memory", 339 | "instanceName": "*", 340 | "intervalSeconds": 10, 341 | "counterName": "% Committed Bytes In Use" 342 | } 343 | }, 344 | { 345 | "apiVersion": "2015-11-01-preview", 346 | "type": "datasources", 347 | "name": "Network1", 348 | "dependsOn": [ 349 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 350 | ], 351 | "kind": "WindowsPerformanceCounter", 352 | "properties": { 353 | "objectName": "Network Adapter", 354 | "instanceName": "*", 355 | "intervalSeconds": 10, 356 | "counterName": "Bytes Received/sec" 357 | } 358 | }, 359 | { 360 | "apiVersion": "2015-11-01-preview", 361 | "type": "datasources", 362 | "name": "Network2", 363 | "dependsOn": [ 364 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 365 | ], 366 | "kind": "WindowsPerformanceCounter", 367 | "properties": { 368 | "objectName": "Network Adapter", 369 | "instanceName": "*", 370 | "intervalSeconds": 10, 371 | "counterName": "Bytes Sent/sec" 372 | } 373 | }, 374 | { 375 | "apiVersion": "2015-11-01-preview", 376 | "type": "datasources", 377 | "name": "Network3", 378 | "dependsOn": [ 379 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 380 | ], 381 | "kind": "WindowsPerformanceCounter", 382 | "properties": { 383 | "objectName": "Network Adapter", 384 | "instanceName": "*", 385 | "intervalSeconds": 10, 386 | "counterName": "Bytes Total/sec" 387 | } 388 | }, 389 | { 390 | "apiVersion": "2015-11-01-preview", 391 | "type": "datasources", 392 | "name": "CPU1", 393 | "dependsOn": [ 394 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 395 | ], 396 | "kind": "WindowsPerformanceCounter", 397 | "properties": { 398 | "objectName": "Processor", 399 | "instanceName": "_Total", 400 | "intervalSeconds": 10, 401 | "counterName": "% Processor Time" 402 | } 403 | }, 404 | { 405 | "apiVersion": "2015-11-01-preview", 406 | "type": "datasources", 407 | "name": "CPU2", 408 | "dependsOn": [ 409 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 410 | ], 411 | "kind": "WindowsPerformanceCounter", 412 | "properties": { 413 | "objectName": "System", 414 | "instanceName": "*", 415 | "intervalSeconds": 10, 416 | "counterName": "Processor Queue Lenght" 417 | } 418 | }, 419 | { 420 | "apiVersion": "2015-11-01-preview", 421 | "type": "datasources", 422 | "name": "System", 423 | "dependsOn": [ 424 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 425 | ], 426 | "kind": "WindowsEvent", 427 | "properties": { 428 | "eventLogName": "System", 429 | "eventTypes": [ 430 | { 431 | "eventType": "Error" 432 | }, 433 | { 434 | "eventType": "Warning" 435 | } 436 | ] 437 | } 438 | }, 439 | { 440 | "apiVersion": "2015-11-01-preview", 441 | "type": "datasources", 442 | "name": "Application", 443 | "dependsOn": [ 444 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 445 | ], 446 | "kind": "WindowsEvent", 447 | "properties": { 448 | "eventLogName": "Application", 449 | "eventTypes": [ 450 | { 451 | "eventType": "Error" 452 | }, 453 | { 454 | "eventType": "Warning" 455 | } 456 | ] 457 | } 458 | }, 459 | { 460 | "apiVersion": "2015-11-01-preview", 461 | "type": "datasources", 462 | "name": "Microsoft-Windows-Hyper-V-VMMS-Admin", 463 | "dependsOn": [ 464 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 465 | ], 466 | "kind": "WindowsEvent", 467 | "properties": { 468 | "eventLogName": "Microsoft-Windows-Hyper-V-VMMS-Admin", 469 | "eventTypes": [ 470 | { 471 | "eventType": "Error" 472 | }, 473 | { 474 | "eventType": "Warning" 475 | }, 476 | { 477 | "eventType": "Information" 478 | } 479 | ] 480 | } 481 | }, 482 | { 483 | "apiVersion": "2015-11-01-preview", 484 | "type": "datasources", 485 | "name": "Hyper-VAzureReplicationAgent1", 486 | "dependsOn": [ 487 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 488 | ], 489 | "kind": "WindowsPerformanceCounter", 490 | "properties": { 491 | "objectName": "Hyper-V Azure Replication Agent", 492 | "instanceName": "*", 493 | "intervalSeconds": 10, 494 | "counterName": "Average Replication Size" 495 | } 496 | }, 497 | { 498 | "apiVersion": "2015-11-01-preview", 499 | "type": "datasources", 500 | "name": "Hyper-VAzureReplicationAgent2", 501 | "dependsOn": [ 502 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 503 | ], 504 | "kind": "WindowsPerformanceCounter", 505 | "properties": { 506 | "objectName": "Hyper-V Azure Replication Agent", 507 | "instanceName": "*", 508 | "intervalSeconds": 10, 509 | "counterName": "Replication Throughput" 510 | } 511 | }, 512 | { 513 | "apiVersion": "2015-11-01-preview", 514 | "type": "datasources", 515 | "name": "Hyper-VAzureReplicationAgent3", 516 | "dependsOn": [ 517 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 518 | ], 519 | "kind": "WindowsPerformanceCounter", 520 | "properties": { 521 | "objectName": "Hyper-V Azure Replication Agent", 522 | "instanceName": "*", 523 | "intervalSeconds": 10, 524 | "counterName": "Network Send Throughput" 525 | } 526 | }, 527 | { 528 | "apiVersion": "2015-11-01-preview", 529 | "type": "datasources", 530 | "name": "Hyper-VAzureReplicationAgent4", 531 | "dependsOn": [ 532 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 533 | ], 534 | "kind": "WindowsPerformanceCounter", 535 | "properties": { 536 | "objectName": "Hyper-V Azure Replication Agent", 537 | "instanceName": "*", 538 | "intervalSeconds": 10, 539 | "counterName": "Replication Count" 540 | } 541 | }, 542 | { 543 | "apiVersion": "2015-11-01-preview", 544 | "type": "datasources", 545 | "name": "Hyper-VAzureReplicationAgent5", 546 | "dependsOn": [ 547 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 548 | ], 549 | "kind": "WindowsPerformanceCounter", 550 | "properties": { 551 | "objectName": "Hyper-V Azure Replication Agent", 552 | "instanceName": "*", 553 | "intervalSeconds": 10, 554 | "counterName": "Network Bytes Sent" 555 | } 556 | }, 557 | { 558 | "apiVersion": "2015-11-01-preview", 559 | "type": "datasources", 560 | "name": "Hyper-VAzureReplicationAgent6", 561 | "dependsOn": [ 562 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 563 | ], 564 | "kind": "WindowsPerformanceCounter", 565 | "properties": { 566 | "objectName": "Hyper-V Azure Replication Agent", 567 | "instanceName": "*", 568 | "intervalSeconds": 10, 569 | "counterName": "Last Replication Size" 570 | } 571 | }, 572 | { 573 | "apiVersion": "2015-11-01-preview", 574 | "type": "datasources", 575 | "name": "Hyper-VAzureReplicationAgent7", 576 | "dependsOn": [ 577 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 578 | ], 579 | "kind": "WindowsPerformanceCounter", 580 | "properties": { 581 | "objectName": "Hyper-V Azure Replication Agent", 582 | "instanceName": "*", 583 | "intervalSeconds": 10, 584 | "counterName": "Resynchronized Bytes" 585 | } 586 | }, 587 | { 588 | "apiVersion": "2015-11-01-preview", 589 | "type": "datasources", 590 | "name": "Linux", 591 | "dependsOn": [ 592 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 593 | ], 594 | "kind": "LinuxPerformanceObject", 595 | "properties": { 596 | "performanceCounters": [ 597 | { 598 | "counterName": "% Used Inodes" 599 | }, 600 | { 601 | "counterName": "Free Megabytes" 602 | }, 603 | { 604 | "counterName": "% Used Space" 605 | }, 606 | { 607 | "counterName": "Disk Transfers/sec" 608 | }, 609 | { 610 | "counterName": "Disk Reads/sec" 611 | }, 612 | { 613 | "counterName": "Disk Writes/sec" 614 | } 615 | ], 616 | "objectName": "Logical Disk", 617 | "instanceName": "*", 618 | "intervalSeconds": 10 619 | } 620 | }, 621 | { 622 | "apiVersion": "2015-11-01-preview", 623 | "type": "datasources", 624 | "name": "LinuxPerfCollection", 625 | "dependsOn": [ 626 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 627 | ], 628 | "kind": "LinuxPerformanceCollection", 629 | "properties": { 630 | "state": "Enabled" 631 | } 632 | }, 633 | { 634 | "apiVersion": "2015-11-01-preview", 635 | "type": "datasources", 636 | "name": "IISLog", 637 | "dependsOn": [ 638 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 639 | ], 640 | "kind": "IISLogs", 641 | "properties": { 642 | "state": "OnPremiseEnabled" 643 | } 644 | }, 645 | { 646 | "apiVersion": "2015-11-01-preview", 647 | "type": "datasources", 648 | "name": "Syslog", 649 | "dependsOn": [ 650 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 651 | ], 652 | "kind": "LinuxSyslog", 653 | "properties": { 654 | "syslogName": "kern", 655 | "syslogSeverities": [ 656 | { 657 | "severity": "emerg" 658 | }, 659 | { 660 | "severity": "alert" 661 | }, 662 | { 663 | "severity": "crit" 664 | }, 665 | { 666 | "severity": "err" 667 | }, 668 | { 669 | "severity": "warning" 670 | } 671 | ] 672 | } 673 | }, 674 | { 675 | "apiVersion": "2015-11-01-preview", 676 | "type": "datasources", 677 | "name": "SyslogCollection", 678 | "dependsOn": [ 679 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 680 | ], 681 | "kind": "LinuxSyslogCollection", 682 | "properties": { 683 | "state": "Enabled" 684 | } 685 | } 686 | ] 687 | }, 688 | { 689 | "apiVersion": "2015-11-01-preview", 690 | "name": "[variables('securitySolution')]", 691 | "type": "Microsoft.OperationsManagement/solutions", 692 | "location": "[parameters('omsWorkspaceRegion')]", 693 | "id": "[resourceId('Microsoft.OperationsManagement/solutions', variables('securitySolution'))]", 694 | "dependsOn": [ 695 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 696 | ], 697 | "properties": { 698 | "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 699 | }, 700 | "plan": { 701 | "name": "[variables('securitySolution')]", 702 | "publisher": "Microsoft", 703 | "product": "[concat('OMSGallery/', variables('securitySolutionName'))]", 704 | "promotionCode": "" 705 | } 706 | }, 707 | { 708 | "apiVersion": "2015-11-01-preview", 709 | "name": "[variables('updatesSolution')]", 710 | "type": "Microsoft.OperationsManagement/solutions", 711 | "location": "[parameters('omsWorkspaceRegion')]", 712 | "id": "[resourceId('Microsoft.OperationsManagement/solutions', variables('updatesSolution'))]", 713 | "dependsOn": [ 714 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 715 | ], 716 | "properties": { 717 | "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 718 | }, 719 | "plan": { 720 | "name": "[variables('updatesSolution')]", 721 | "publisher": "Microsoft", 722 | "product": "[concat('OMSGallery/', variables('updatesSolutionName'))]", 723 | "promotionCode": "" 724 | } 725 | }, 726 | { 727 | "apiVersion": "2015-11-01-preview", 728 | "name": "[variables('changeTrackingSolution')]", 729 | "type": "Microsoft.OperationsManagement/solutions", 730 | "location": "[parameters('omsWorkspaceRegion')]", 731 | "id": "[resourceId('Microsoft.OperationsManagement/solutions', variables('changeTrackingSolution'))]", 732 | "dependsOn": [ 733 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 734 | ], 735 | "properties": { 736 | "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 737 | }, 738 | "plan": { 739 | "name": "[variables('changeTrackingSolution')]", 740 | "publisher": "Microsoft", 741 | "product": "[concat('OMSGallery/', variables('changeTrackingSolutionName'))]", 742 | "promotionCode": "" 743 | } 744 | }, 745 | { 746 | "apiVersion": "2015-11-01-preview", 747 | "name": "[variables('agentSolution')]", 748 | "type": "Microsoft.OperationsManagement/solutions", 749 | "location": "[parameters('omsWorkspaceRegion')]", 750 | "id": "[resourceId('Microsoft.OperationsManagement/solutions', variables('agentSolution'))]", 751 | "dependsOn": [ 752 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 753 | ], 754 | "properties": { 755 | "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 756 | }, 757 | "plan": { 758 | "name": "[variables('agentSolution')]", 759 | "publisher": "Microsoft", 760 | "product": "[concat('OMSGallery/', variables('agentSolutionName'))]", 761 | "promotionCode": "" 762 | } 763 | }, 764 | { 765 | "name": "[variables('azureSolution')]", 766 | "type": "Microsoft.OperationsManagement/solutions", 767 | "apiVersion": "2015-11-01-preview", 768 | "location": "[parameters('omsWorkspaceRegion')]", 769 | "dependsOn": [ 770 | "[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 771 | ], 772 | "plan": { 773 | "name": "[variables('azureSolution')]", 774 | "product": "[concat('OMSGallery/', variables('azureSolutionName'))]", 775 | "publisher": "Microsoft", 776 | "promotionCode": "" 777 | }, 778 | "properties": { 779 | "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]" 780 | } 781 | } 782 | ], 783 | "outputs": {} 784 | } -------------------------------------------------------------------------------- /Deploy/Tenant/oms-all-deploy/scripts/Automated-IaaS-Backup.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .Synopsis 3 | Runbook for automated IaaS VM Backup in Azure using Backup and Site Recovery (OMS) 4 | .DESCRIPTION 5 | This Runbook will enable Backup on existing Azure IaaS VMs. 6 | You need to provide input to the Resource Group name that contains the Backup and Site Recovery (OMS) Resourcem the name of the recovery vault, 7 | Fabric type, preferred policy and the template URI where the ARM template is located. Have fun! 8 | #> 9 | 10 | $credential = Get-AutomationPSCredential -Name 'AzureCredentials' 11 | $subscriptionId = Get-AutomationVariable -Name 'AzureSubscriptionID' 12 | $OMSWorkspaceId = Get-AutomationVariable -Name 'OMSWorkspaceId' 13 | $OMSWorkspaceKey = Get-AutomationVariable -Name 'OMSWorkspaceKey' 14 | $OMSWorkspaceName = Get-AutomationVariable -Name 'OMSWorkspaceName' 15 | $OMSResourceGroupName = Get-AutomationVariable -Name 'OMSResourceGroupName' 16 | $TemplateUri='https://raw.githubusercontent.com/krnese/AzureDeploy/master/OMS/MSOMS/AzureIaaSBackup/azuredeploy.json' 17 | $OMSRecoveryVault = Get-AutomationVariable -Name 'OMSRecoveryVault' 18 | 19 | $ErrorActionPreference = 'Stop' 20 | 21 | Try { 22 | Login-AzureRmAccount -credential $credential 23 | Select-AzureRmSubscription -SubscriptionId $subscriptionId 24 | 25 | } 26 | 27 | Catch { 28 | $ErrorMessage = 'Login to Azure failed.' 29 | $ErrorMessage += " `n" 30 | $ErrorMessage += 'Error: ' 31 | $ErrorMessage += $_ 32 | Write-Error -Message $ErrorMessage ` 33 | -ErrorAction Stop 34 | } 35 | 36 | Try { 37 | 38 | $Location = Get-AzureRmRecoveryServicesVault -Name $OMSRecoveryVault -ResourceGroupName $OMSResourceGroupName | select -ExpandProperty Location 39 | } 40 | 41 | Catch { 42 | $ErrorMessage = 'Failed to retrieve the OMS Recovery Location property' 43 | $ErrorMessage += "`n" 44 | $ErrorMessage += 'Error: ' 45 | $ErrorMessage += $_ 46 | Write-Error -Message $ErrorMessage ` 47 | -ErrorAction Stop 48 | } 49 | 50 | Try { 51 | $VMs = Get-AzureRmVM | Where-Object {$_.Location -eq $Location} 52 | } 53 | 54 | Catch { 55 | $ErrorMessage = 'Failed to retrieve the VMs.' 56 | $ErrorMessage += "`n" 57 | $ErrorMessage += 'Error: ' 58 | $ErrorMessage += $_ 59 | Write-Error -Message $ErrorMessage ` 60 | -ErrorAction Stop 61 | } 62 | 63 | # Enable Backup 64 | 65 | Try { 66 | Foreach ($vm in $vms) 67 | { 68 | New-AzureRmResourceGroupDeployment -Name $vm.name ` 69 | -ResourceGroupName $OMSResourceGroupName ` 70 | -TemplateUri $TemplateUri ` 71 | -omsRecoveryResourceGroupName $OMSResourceGroupName ` 72 | -vmResourceGroupName $vm.ResourceGroupName ` 73 | -vaultName $OMSRecoveryVault ` 74 | -vmName $vm.name ` 75 | -Verbose 76 | } 77 | } 78 | 79 | Catch { 80 | $ErrorMessage = 'Failed to enable backup using ARM template.' 81 | $ErrorMessage += "`n" 82 | $ErrorMessage += 'Error: ' 83 | $ErrorMessage += $_ 84 | Write-Error -Message $ErrorMessage ` 85 | -ErrorAction Stop 86 | } 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /Deploy/Tenant/zMonitorDeploy.ps1: -------------------------------------------------------------------------------- 1 | # The config settings are for CSP partners, which need the TenantID as well as SubscriptionID. 2 | # For non-CSP deployments, the TenantID is not used. 3 | $TenantID = "" 4 | $SubscriptionID = "" 5 | $resourceGroupName = "zMonitor" 6 | $resourceRegion = "West Europe" # Your preferred region 7 | $templateFilePath = "\Tenant\oms-all-deploy\azuredeploy.json" 8 | 9 | # Remove TenantID for non-CSP deployments 10 | Login-AzureRmAccount -TenantId $TenantID -SubscriptionId $SubscriptionID 11 | 12 | $resourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -ErrorAction SilentlyContinue 13 | if(!$resourceGroup) 14 | { 15 | Write-Host "Resource group '$resourceGroupName' does not exist. To create a new resource group, please enter a location."; 16 | if(!$resourceRegion) { 17 | $resourceRegion = Read-Host "resourceGroupLocation"; 18 | } 19 | Write-Host "Creating resource group '$resourceGroupName' in location '$resourceRegion'"; 20 | New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceRegion 21 | } 22 | else{ 23 | Write-Host "Using existing resource group '$resourceGroupName'"; 24 | } 25 | 26 | New-AzureRmResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateFile $templateFilePath; 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Documentation/Contributing.md: -------------------------------------------------------------------------------- 1 | # zMontior 2 | 3 | ## Contributing 4 | 5 | We are thrilled that you'd like to contribute to this project. The community will drive the usefulness of this project. 6 | 7 | This project adheres to the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 8 | By participating, you are expected to uphold this code. -------------------------------------------------------------------------------- /Documentation/Cost-Estimate.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | ## Cost Estimates 4 | 5 | Cost estimates for the zMonitor solution really depend on what you are monitoring, the solutions enabled in Log Analytics and how often. 6 | 7 | All pricing estimates in this document are based on region "West Europe" and are indicative only. 8 | 9 | ### Tenant / Subscription 10 | 11 | For tenants or subscriptions with a small footprint, 4 VMs with log management enabled, the free versions should be sufficient. Log management drives the most consumption of capacity in Log Analytics, contributing approximatley 100MB per day per VM. After the 500MB daily limit is hit, switch to standalone per GB pricing tier (currently at $2.30 per GB). A inidicative rule of thumb is number of VMs x 100MB to work out potential costs, e.g. 20 VMs = 2GB = $4.60 per month (mileage may very depending on workloads but it's a good indicator). 12 | 13 | Basic tenant monitoring: 14 | 15 | | Component | Assumptions | Cost (monthly) | 16 | | ----------------------------- | ------------------------- | ------------------ | 17 | | Log Analytics | 3-4 VMs (Free) | $ 0.00 | 18 | | Azure Automation | 500 minutes (Free) | $ 0.00 | 19 | | | | **$ 0.00** | 20 | 21 | ### Service Provider / Central 22 | 23 | | Component | Assumptions | Cost (monthly) | 24 | | ----------------------------- | ------------------------- | ------------------ | 25 | | Azure Storage Account (BLOB) | 10 GB stored | $ 0.20 | 26 | | Stream Analytics | 1 Unit | $ 89.28 | 27 | | Azure Cosmos DB | 2 GB stored, 400 RUs | $ 24.31 | 28 | | Azure Automation | 500 minutes (Free) | $ 0.00 | 29 | | | | **$ 113.78** | 30 | 31 | * [Optional] Power BI - assume you have a license for PowerBI Desktop. 32 | 33 | DISCLAIMER: The pricing reflected here is for demonstration purposes only. Actual pricing and costs may vary. We also recommend that you do your own testing to determine actual costs for your requirements. 34 | -------------------------------------------------------------------------------- /Documentation/Deploy-ServiceProvider.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | ## Service Provider / Central Deployment 4 | 5 | Tenant / subscription operations monitoring is enabled through OMS Log Analytics. What you monitor and report on is dependent on the solutions and agents deployed, how monitoring is configured per workload in each tenant and the queries defined. 6 | 7 | The service provider / central component of the solution is enabled using four core Azure components: 8 | 9 | * Azure Storage Account 10 | * Azure Automation 11 | * Azure Stream Analytics 12 | * Azure Cosmos DB 13 | 14 | The overall process for tenant monitoring for the service provider is: 15 | 16 | ![zMonitorCentral](images/zMonitorCentral.png) 17 | 18 | 1. Receive tenant OMS logs as CSV in storage account container 19 | 1. Use Stream Analytics to move the CSV into Cosmos DB (formerly DocumentDB) 20 | 1. Run cleanup process through Azure Automation at least daily (cleans up the CSV container, and archives processed CSVs) 21 | 1. Visualize. This solution provides a work in progress PowerBI sample for viewing data. Viusalization can be done through any mechanism familiar to you, including existing tools as long as they can query Cosmos DB. PowerBI is provided for convenience as a starting point. 22 | 23 | ## Deployment 24 | 25 | Below are the basic steps required to deploy the service provider component of the solution, provided as interim guidance while working on the ARM template (currently limited by stream analytics configuration). 26 | 27 | What's needed to setup the service provider components of zMontior. 28 | 29 | * Storage Account (BLOBs) 30 | 31 | Storage for the CSV logs, Hot Locally Redundant (LRS) BLOB storage is sufficient. Cold may work but hasn't been tested. 32 | 33 | Create storage account: 34 | 35 | ![Create Storage Account](images/central_storage_create.png) 36 | 37 | * Create two containers 38 | * Main logs container 39 | 40 | The container where the logs get dropped from subscriptions/tenants. 41 | 42 | ![Create containers](images/central_storagecontainer_create.png) 43 | 44 | * Archive logs container 45 | 46 | Long term retention of CSV logs, useful for later processing. Not directly required by this solution. 47 | 48 | * Azure Autoamtion 49 | 50 | Runs the CSV cleanup and archiving jobs. Create automation account: 51 | 52 | ![Create Automation Account](images/central_automation.png) 53 | 54 | * Deploy runbook: [RB-Ops-CleanupDaily](deploy/serviceprovider/PS-Ops-CleanupDaily.ps1) 55 | * Schedule to run at least once a day, recommended to run every hour or two 56 | * Update storage details in RB-Ops-CleanupDaily: 57 | ```PowerShell 58 | $StorageAccountName = "" 59 | $StorageContainerName = "
" 60 | $TargetStorageContainerName = "" 61 | $StorageAccountKey = "" 62 | ``` 63 | * Azure Cosmos DB 64 | 65 | Where the log data gets stored in JSON format, and where we report from. When querying Cosmos DB, we'll need the connection details, including the URI and key (read-only is sufficient) - both available under the "Keys" property under "Settings" on the Cosmos DB blade. 66 | 67 | * Create database 68 | 69 | ![Create Cosmos DB](images/central_cosmos_create.png) 70 | 71 | * Create a collection (+ Add Collection) 72 | 73 | ![Create Cosmos Collection](images/central_cosmoscollection_create.png) 74 | 75 | * Remember to set Time To Live (TTL) - recommended to set to 3 days (259200 seconds) 76 | 77 | This auto-deletes records in Cosmos DB older than what's specficied in the TTL setting. This keeps the collection size constrained and query performance reasonable. Adjust this according to your specific requirements. Remember, the original data is archived in the BLOB archive container. 78 | 79 | ![Cosmos DB TTL](images/central_cosmos_ttl.png) 80 | 81 | * Scale according to number of tenants and query performance 82 | 83 | Start scale on a single partition with 400 RUs. Increase RUs as query performance is impacted. Data ingest should not be impacted at 400 RUs as we add data in short bursts. 84 | 85 | * Stream Analytics 86 | 87 | Create a new Stream Analytics job: 88 | 89 | ![Create Stream Analytics job](images/central_streamanalytics_create.png) 90 | 91 | * Configure input : storage account main logs container 92 | 93 | ![Configure Stream Analytics input](images/central_streamanalytics_input.png) 94 | 95 | * Configure output : Cosmos DB collection 96 | 97 | ![Configure Stream Analytics output](images/central_streamanalytics_output.png) 98 | 99 | * Define the query: 100 | ```SQL 101 | SELECT 102 | * 103 | INTO 104 | [CosmosDBCollection] 105 | FROM 106 | [StorageContainerCSVs] 107 | ``` 108 | 109 | ![Define Stream Analytics query](images/central_streamanalytics_query.png) 110 | 111 | * Start the stream job 112 | 113 | ![Stream Analytics - Running](images/centralStreamAnalytics.png) 114 | 115 | * Visualize - PowerBI 116 | * Configure connection to CosmosDB using URI and key (read-only) 117 | 118 | NOTE: Use the datasource connector "DocumentDB (Beta)" 119 | -------------------------------------------------------------------------------- /Documentation/Deploy-Tenant.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | ## Tenant \ Subscription Deployment 4 | 5 | Tenant \ subscription operations monitoring is enabled through Operations Management Suite (OMS). What you monitor and report on is dependent on the solutions and agents deployed and how monitoring is configured per workload in each tenant. 6 | 7 | Monitoring is enabled using two core Azure components: 8 | 9 | * Azure Log Analytics (OMS) 10 | * Azure Automation 11 | 12 | The overall process for tenant monitoring is: 13 | 14 | 1. Configure Log Analytics 15 | 1. Define Log Analytics queries to extract the monitoring information required 16 | 1. Schedule Azure Automation runbooks to execute queries and upload to service provider 17 | 18 | ## Deployment 19 | 20 | 1. Deploy OMS components (zMonitorDeploy.ps1) 21 | 22 | Execute PowerShell deployment of ARM template. 23 | 24 | 1. Update script with relevant parameters: 25 | ```PowerShell 26 | $TenantID = "" 27 | $SubscriptionID = "" 28 | $resourceGroupName = "zMonitor" 29 | $resourceRegion = "West Europe" 30 | $templateFilePath = "\azuredeploy.json" 31 | ``` 32 | 1. Execute PowerShell script. 33 | 1. Login with CSP administrator account. 34 | 1. During execution you will be prompted for several additional parameters, or update the param file and specify in PowerShell script: 35 | ```PowerShell 36 | omsRecoveryVaultName: 37 | omsWorkspaceName: 38 | omsAutomationAccountName: 39 | azureadmin: 40 | azureAdminPwd: 41 | ``` 42 | NOTE: Ensure that the omsWorkspaceName is the same as the tenant name, for example, if registered tenant name is tenant1.onmicrosoft.com, then make the omsWorkspaceName "tenant1". The omsWorkspace name is how you uniquely identify subscriptions or tenants. 43 | 44 | 1. Wait for script execution to complete (takes about 10 minutes). 45 | 46 | 1. Config Azure Log Analytics 47 | 48 | Under Log Analytics, go through and configure all the Workspace Data Sources and ensure everything you want to monitor has been added. Ensure you also configure the log collection from storage account logs. 49 | 50 | 1. Configure Azure Automation 51 | 52 | Take your time through this section. The components need time to register and come online. 53 | 54 | 1. Create Run As Account 55 | 56 | ![Create Run As Account](images/tenantCreateRunAsAccount.png) 57 | 58 | 1. Update Azure Modules 59 | 60 | ![Update Azure Modules](images/tenantUpdateModules.png) 61 | 62 | 1. Update storage settings in "RB-ProcessLogs.ps1" 63 | 64 | ```PowerShell 65 | # Set service provider Azure storage account and get the context 66 | $StorageAccountName = "" 67 | $StorageContainerName = "" 68 | $StorageAccountKey = "" 69 | ``` 70 | These are the settings in the service providers BLOB storage account. 71 | 72 | 1. Import existing runbooks 73 | 74 | ![Import Runbooks](images/tenantImportRunbooks.png) 75 | 76 | Repeat for all scripts: 77 | * RB-Ops-Daily.ps1 78 | * RB-Ops-Hourly.ps1 79 | * RB-ProcessLogs.ps1 80 | 81 | For each of the imported runbooks, open the Runbook blade, click "Edit" then "Publish". 82 | 83 | Then create and link schedules for the Daily and Hourly scripts: 84 | 85 | ![Example: Schedule Daily Runbook](images/tenantScheduleDailyRunbook.png) 86 | 87 | To ensure everything is properly configured, run the following runbooks once, and validate output: 88 | * RB-Ops-Daily.ps1 89 | * RB-Ops-Hourly.ps1 90 | 91 | ALL SET! 92 | 93 | 1. (Optional) Customize 94 | 95 | This solution is designed to be highly scalable and flexible. If you can query it in Log Analytics, you can report on it in zMonitor. The included queries today are documented [here](Log-Reports.md). To this end, feel free to customize the data collection queries, by editting : 96 | 97 | * RB-Ops-Daily.ps1 - for queries that run daily 98 | * RB-Ops-Hourly.ps1 - for queries that run hourly 99 | 100 | Or you can create additional PowerShell scripts for other intervals/schedules, if desired. 101 | -------------------------------------------------------------------------------- /Documentation/Log-Reports.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | ## Reports 4 | 5 | The queries included in this sample solution are designed to be flexible and highly configurable. To help kick start the process, a number of queries / reports are provided. They can be categorized in two categories, queries that can run daily, and queries that should run hourly (or any interval required for the data being reported on). 6 | 7 | ### Daily Reports 8 | 9 | * Alerts generated in the past 24 hours that are still open ("activealertscritical") 10 | * All Windows VMs that require updates ("anyupdatesrequired") 11 | * All VMs that are missing critical updates ("criticalupdatesrequired") 12 | * All VMs with more than 2GB RAM available on average ("vmswithover2gbramavailable") 13 | * All computers with their most recent data ("allvmsmostrecentdata") 14 | 15 | ### Hourly Reports 16 | 17 | * Average CPU usage calculated over 10 minutes for the last 1 hours ("perfavgcpu") 18 | * All detected threats based on threat status rank ("securitydetectedthreats") 19 | * All Windows security login failures in the past 1 hours ("acctloginfailurepasthour") 20 | * All Linux Syslog errors in the past 1 hour ("linuxsyslogerrors") 21 | -------------------------------------------------------------------------------- /Documentation/Writing-Reports.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | ## Writing Queries 4 | 5 | Some tips for gettings started with writing Log Analytics queries and generating reports. 6 | 7 | A great place to start is the default "Saved Searches" in Log Analytics. Once you start exploring writing your own queries, a good place to start digging is: 8 | 9 | ```LogAnalytics 10 | * | Measure count() by Type 11 | ``` 12 | 13 | ## References 14 | 15 | Some excellent resources to get up and running quickly: 16 | 17 | * [Find data using log searches](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-log-searches) 18 | * [Log Analytics search reference](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-search-reference) -------------------------------------------------------------------------------- /Documentation/images/centralStreamAnalytics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/centralStreamAnalytics.png -------------------------------------------------------------------------------- /Documentation/images/central_automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_automation.png -------------------------------------------------------------------------------- /Documentation/images/central_cosmos_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_cosmos_create.png -------------------------------------------------------------------------------- /Documentation/images/central_cosmos_ttl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_cosmos_ttl.png -------------------------------------------------------------------------------- /Documentation/images/central_cosmoscollection_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_cosmoscollection_create.png -------------------------------------------------------------------------------- /Documentation/images/central_storage_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_storage_create.png -------------------------------------------------------------------------------- /Documentation/images/central_storagecontainer_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_storagecontainer_create.png -------------------------------------------------------------------------------- /Documentation/images/central_streamanalytics_create.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_streamanalytics_create.png -------------------------------------------------------------------------------- /Documentation/images/central_streamanalytics_input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_streamanalytics_input.png -------------------------------------------------------------------------------- /Documentation/images/central_streamanalytics_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_streamanalytics_output.png -------------------------------------------------------------------------------- /Documentation/images/central_streamanalytics_query.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/central_streamanalytics_query.png -------------------------------------------------------------------------------- /Documentation/images/loganalytics.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/loganalytics.png -------------------------------------------------------------------------------- /Documentation/images/tenantCreateRunAsAccount.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/tenantCreateRunAsAccount.png -------------------------------------------------------------------------------- /Documentation/images/tenantImportRunbooks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/tenantImportRunbooks.png -------------------------------------------------------------------------------- /Documentation/images/tenantScheduleDailyRunbook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/tenantScheduleDailyRunbook.png -------------------------------------------------------------------------------- /Documentation/images/tenantUpdateModules.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/tenantUpdateModules.png -------------------------------------------------------------------------------- /Documentation/images/zMonitorCentral.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/zMonitorCentral.png -------------------------------------------------------------------------------- /Documentation/images/zMonitorOverview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/zMonitor/a9a5a2a781c15b77a5791848794284fc136ee063/Documentation/images/zMonitorOverview.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # zMonitor 2 | 3 | An Azure platform native monitoring solution that enables Azure monitoring across multiple tenants or subscriptions. 4 | 5 | ## Overview 6 | 7 | Problem statement: A service provider with 50 tenants, each with Azure subscriptions provisioned through CSP (Cloud Solution Provider), needs to consolidate operational telemetry to optimize running costs, as well as deliver higher SLAs with a minimum amount of administrative overhead. 8 | 9 | Enter zMonitor, a platform for reporting based on Log Analytics data collected, quickly gaining insights across tenants or subscriptions. Gain insights on disks capacity status, VM performance - over or under utilized CPU/Memory/Disk/etc, security vulnerabilities - failed logons, update/patch status, application errors, etc. 10 | 11 | The primary goal is to utilize Azure native components, and deliver an as simple as possible, highly configurable and scalable, cost-effective monitoring solution. The driving force behind this solution was the need to be able to monitor Azure resources across tenants (for service providers), using Azure native tools. While there are many metrics and logs generated in Azure, surfacing this information across subscriptions/tenants and effectively monitoring proved challenging. Design decisions focused on limiting Azure costs on the tenants/subscriptions components, and rather have the bulk of the costs incurred on the single central component (service provider). 12 | 13 | For an indication of potential costs for the solution, review the [cost estimate](Documentation/Cost-Estimate.md) documentation. 14 | 15 | ## Solution 16 | 17 | For monitoring within subscriptions, OMS Log Analytics is leveraged as the native log and metric aggregation toolset in Azure. Using the free tier of Log Analytics will be sufficient for most cases, but depends on the number of resources being monitored and the metrics being collected. 18 | 19 | Log Analytics data is then exported into a central Cosmos DB collection, from where it can be vizualized using any preferred tool. For this solution, PowerBI is used for demonstration purposes. 20 | 21 | ![zMonitor Solution Overview](Documentation/images/zMonitorOverview.png) 22 | 23 | The components that make up the solution: 24 | 25 | * Tenant / Subscription 26 | 27 | * Log Analytics 28 | * Azure Automation 29 | 30 | * Service Provider / Central Repository 31 | 32 | * Azure Storage Account (BLOB) 33 | * Stream Analytics 34 | * Azure Cosmos DB 35 | * Azure Automation 36 | * [Optional] Power BI 37 | 38 | For additional info on what is currently enabled through this solution (work in progress): 39 | 40 | * [Reports/Queries](Documentation/Log-Reports.md) 41 | * [Resources for writing Log Analytics queries](Documentation/Writing-Reports.md) 42 | 43 | ## Deployment 44 | 45 | The detailed deployment instructions for the solution: 46 | 47 | [Deploying monitoring for Tenant/ Subscription][6] 48 | 49 | [Deploying the central repository (e.g. Service Provider)][7] 50 | 51 | ## Azure Resource Documentation 52 | 53 | For more information on the individual components, please refer to the official documentation: 54 | 55 | * [Log Analytics][1] 56 | 57 | 58 | 59 | * [Azure Automation][2] 60 | 61 | * [Stream Analytics][3] 62 | 63 | * [Azure Cosmos DB][4] 64 | 65 | * [Power BI][5] 66 | 67 | ## Contributions 68 | 69 | Please refer to [CONTRIBUTING](Documentation/Contributing.md) 70 | 71 | ## License 72 | 73 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 74 | 75 | The MIT License (MIT) 76 | 77 | Copyright (c) 2016 Microsoft 78 | 79 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 80 | 81 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 82 | 83 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 84 | 85 | 86 | [1]: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-overview 87 | [2]: https://docs.microsoft.com/en-us/azure/automation/automation-intro 88 | [3]: https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-introduction 89 | [4]: https://docs.microsoft.com/en-us/azure/cosmos-db/ 90 | [5]: https://powerbi.microsoft.com/en-us/documentation/powerbi-landing-page/ 91 | [6]: Documentation/Deploy-Tenant.md 92 | [7]: Documentation/Deploy-ServiceProvider.md 93 | --------------------------------------------------------------------------------