In this chapter, we look at the monitoring, performance, health, and management of Azure Virtual Desktop (AVD). Being able to monitor your AVD environment helps you spot issues and optimize the configurations for a good user experience (UX). In this section, we take a look at the three key areas of monitoring, performance, and health. The key topics we'll cover in this chapter are outlined here:
Azure Monitor for AVD is essentially a built-in dashboard built using Azure Monitor workbooks. This helps an information technology (IT) administrator understand the current environment state and enables the troubleshooting of some of the issues that may occur within an AVD environment.
Before you can get started with Azure Monitor for AVD, you need to make sure of the following:
Once you have met the criteria to proceed, we can move on to look at creating a Log Analytics workspace.
The first thing to do is deploy Log Analytics to configure it to collect data from AVD. To do this, you will first need to open the Log Analytics workspaces page using the Azure search bar, as shown in the following screenshot:
Once we have opened the Log Analytics workspaces page, we can progress to creating a new Log Analytics workspace. Here are the steps to do this:
Once the deployment has finished, you should see the Log Analytics workspace you created in the Log Analytics workspaces page, as shown in the following screenshot:
Important Note
The default pricing tier for Log Analytics will be configured, as shown in the preceding screenshot. You will not incur any charges until you collect sufficient amounts of data. You can cap data using the Daily cap feature located under Usage and estimated costs in the General menu section.
The following screenshot shows where the Daily cap button is located:
The following screenshot shows the Daily cap blade, which can be used to control the daily ingestion of data:
Now that we have created our Log Analytics workspace, we can proceed with configuring monitoring in AVD.
In this section, we will take a look at setting up the required monitoring components for AVD. To do this, we will navigate to the Azure Virtual Desktop page and then click Insights under the Monitoring section.
There are multiple different ways to configure Azure Monitor for AVD. In this example, we will use Insights within the Azure Virtual Desktop page. However, we first need to configure the workbook for AVD, as follows:
Let's get started.
We now need to configure the workspace by deploying the Log Analytics settings for the AVD workspace. Follow these steps:
Once the template is deployed, you can then progress with configuring performance counters.
For the AVD dashboard to display the correct information, we need to ensure that all the correct counters are enabled for each session host. You can enable the counters using configurable performance counters within the Check Configuration workbook on the Session host data settings tab.
As shown in the previous steps, proceed as follows:
Once you have finished configuring the performance counters, you can then proceed with configuring the event counters.
The final section of configuring Azure Monitor is to configure the event logs. The process is the same as for configuring the performance counters. Scroll down the page to Configure events under Configuration workbook | Session host data settings, and then proceed as follows:
You should see a No missing events found message if the configuration has been done correctly, as highlighted in the following screenshot:
Now that we have finished configuring Azure Monitor for AVD, we can take a look at the different areas of the monitoring workspace for AVD.
In this section, we will take a look at how to use Azure Monitor to spot issues and view the current state of an AVD environment.
Important Note
Log Analytics is essentially the data used when visualizing ingested AVD data. AVD Insights is a templated dashboard that uses the configured log analytics and counters to provide IT administrators information about the organization's AVD environment.
Within the AVD Insights workspace, there are nine tabs, as follows:
The Overview tab, as highlighted in the following screenshot, provides an overview of the AVD environment, which looks at the Host pool details, Connection Diagnostics, Host Performance, Utilization, and Alerts. We can look at the specific workspace tabs to drill down for more detailed information:
The Connection Diagnostics tab provides details on connections. This allows you, as the IT administrator, to review any alerts and investigate any problems. In this example, I noticed there was an FSLogix error relating to the storage path not being found, which shows up in the Connection Diagnostics tab:
The following screenshot shows a drill-down of errors that provides more granularity:
The Connection Performance tab, shown in the following screenshot, provides information on new and existing sessions, which enables IT administrators to review slow sign-in times and diagnose possible login issues:
The Host Diagnostics tab, shown in the following screenshot, provides information on the host pool configuration, performance counters, events, and any errors. This can help you pinpoint any issues related to a session host and monitor the central processing unit (CPU) and memory usage:
The Host Performance tab, shown in the following screenshot, provides insights into the overall performance and enables IT administrators to drill down into possible issues with processes, CPU, memory, and disk queuing. This helps to identify the host saturation and any applications that may be consuming a lot of resources:
The Users tab, shown in the following screenshot, provides a detailed output on user performance and any errors relating to a specific user. This tab helps to identify specific user issues and allows IT administrators to quickly understand the client device in use, client version, and any errors during connectivity:
The Utilization tab shows the current utilization metrics of your AVD environment. This is particularly useful for capacity management and understanding any potential performance degradation of the environment.
The Clients tab, illustrated in the following screenshot, shows connections and feed refreshes and the version of the client in use. IT administrators can get a full picture of which clients are being used within the AVD environment from here:
The final tab, Alerts, is used to show the number of alerts raised over a period of time, and the severity of those alerts. The tab can be seen in the following screenshot. We will cover the configuration of alerts in the Setting up alerts using alert rules section:
In this section, we took a quick look at the AVD Insights workspace and the different tabs and learned how IT administrators can use Azure Monitor to quickly diagnose and resolve AVD issues. In the next section, we take a look at setting up alerts based on outputs from a query.
Within Log Analytics, you can query logs and set a frequency. You can also set an alert based on the output of the query. Rules can be triggered using one or more actions.
Tip
Using alerts to notify administrators or specified users about issues within your AVD environment can be helpful for those who are not continually monitoring the Insights page. This can also be useful for IT administrators who may be on-call or need to receive a text message or other notification of a possible issue/failure.
To set up an alert, proceed as follows:
Important Note
The EventID value of 26 is related to the failure to load an FSLogix profile.
Once complete, click the Done button, as illustrated in the following screenshot:
The next step is to create an action group, and in this example, we only need a notification. You can configure actions in more advanced configurations. Proceed as follows:
This section looked at creating an alert rule to notify IT administrators of a specific issue or problem with the AVD environment. The example I showed was a simple FSLogix alert using event logs; however, you can create custom and customized alerts specific to your environment.
In the next section, we take a look at Kusto and how you can use this query language to query AVD to diagnose issues and pull useful information specific to your environment.
Kusto Query Language (KQL) is a read-only language used to query datasets within Microsoft Azure. Similar to Structured Query Language (SQL), Kusto can be used to query data, but it can't update or delete, as SQL can. Kusto can be used when querying AVD services and other related components, and you can create custom queries to output information that is important to you.
You can use Kusto with the following Azure services:
Fun Fact
It is understood that the name Kusto was an internal code name named after Jacques Cousteau, as a reference to exploring the ocean of data. You may notice that reference when launching the Kusto Explorer tool, which we will look at shortly. The development of Kusto was focused on addressing the need for fast and scalable logs analytics.
Before we start writing a basic query for AVD, we first need to look at how to use Kusto Explorer. Kusto Explorer is a free tool you can download from the Microsoft Docs page here: https://aka.ms/ke.
Once you have downloaded and installed Kusto Explorer, you'll need to connect to your Azure Log Analytics workspace using the following (cluster connection):
Remember to change the subscription identifier (ID), resource group name, and workspace name within the preceding string (cluster connection).
To connect your Log Analytics workspace to Kusto Explorer, you will need to add a connection, as shown in the following screenshot:
Enter the cluster connection (the Uniform Resource Locator (URL) for Log Analytics), as illustrated in the following screenshot:
Once connected, you should be able to see the Connections tab and a list of tables within the tree, as shown in the following screenshot:
Now that we have configured Kusto Explorer, we can proceed with creating queries for AVD.
In this section, we will take a look at a few quick queries you can build using Kusto Explorer. You can create and customize queries within Azure; however, Kusto Explorer allows you to work on them in a nice client application and produce graphs as well.
Let's get started with a basic AVD error query.
Within the Connections tab, right-click on Connections and select Open in New tab, as highlighted in the following screenshot:
Once you have clicked the new tab, you should be able to see a new tab created, as shown in the following screenshot:
A straightforward query with no filtering would be WVDErrors—this will collect any recorded errors within the WVDErrors table and display them within the output panel, as shown in the following screenshot:
You can then add a filter by using the where Boolean expression to pull a specific time or time range, which may be helpful when reviewing the logs for a specific issue.
The following query shows the usage of where:
WVDErrors
| where TimeGenerated > (datetime(2021-10-31T20:02:18.0000000Z) - 24h)
Here's the output:
In this example, I wanted to show you where to specify specific columns using the project operator. The project operator allows you to pick out specific columns you require.
I used the WVDConnections table this time and then selected a few of the columns to provide an easy-to-read output. Here's an example:
WVDConnections
| where TimeGenerated > (datetime(2021-10-31T20:18:18.0000000Z) - 24h)
| project UserName, State, SessionHostName, TimeGenerated, ConnectionType
The following screenshot shows the usage of Kusto Explorer, using the preceding query, which uses the project operator:
In this final example, I wanted to show you how to filter using CodeSymbolic, which allows you to filter on a specific message. In this example, I have shut the session host down without logging a user off. I wanted to find out which users did not successfully log off before host shutdown. To do this, I used the following Kusto query:
| where CodeSymbolic == "ConnectionFailedReverseUngracefulClose"
The following screenshot shows the results of the preceding query:
In this section, we looked at querying a Log Analytics workspace using Kusto Explorer. We also looked at a couple of examples to help you get started with querying your own AVD environment.
In the next section, we will take a look at using Azure Advisor for AVD.
Azure Advisor can be used to help resolve common issues, and it also provides recommendations. Azure Advisor's recommendations include resource reliability, security, operational excellence, performance, and cost.
To get started with Azure Advisor, simply enter advisor into the Azure search bar and select the service that appears, as illustrated in the following screenshot:
You will then be presented with several advisories within five categories, as follows:
The following screenshot shows the Azure Advisor Overview page:
Use the recommendations to enhance your configuration and relatability and reduce the cost.
We looked at Azure Advisor in this section and briefly looked at the value it can bring to your AVD environment.
This chapter looked at setting up and configuring Azure Monitor for AVD and using the AVD Insights workspace. We then moved on to setting up custom alerts using alert rules, which will notify IT administrators of a specific error or issue. We then looked at KQL and a few examples of querying a Log Analytics workspace. We then finished off the chapter, briefly looking at Azure Advisor for AVD.
Here are a few questions to test your understanding of this chapter: