Visualising the performance of Linux VMs in Azure

Visualising the performance of Linux VMs in Azure


Mia LaVada shares how teams at the Center for Internet Security and Microsoft Azure worked together to test CIS Hardened Images for Linux 

Guest contributor |

Cloud computing carries many benefits for your business, as long as you’re able to ensure the performance and availability of your cloud environments.

For example, whilst cloud computing can allow organisations to rapidly scale cloud services, in the absence of performance and availability, you can’t reliably scale your services to fit your needs. This means that your organisation could miss out on taking advantage of certain resources, or it might need to pay for resources it no longer needs for a period of time.   

Furthermore, poor availability in the cloud means that you can’t count on having cloud-based backups available in the event of a disaster. Even if they are available, poor performance might render those backups incomplete, potentially costing your organisation due to lost data, intellectual property, and so on.  

An absence of performance and availability can also limit access to innovative technology. If this is the case, organisations can’t use the cloud to adequately experiment with new technology such as artificial intelligence and machine learning. This can provide you with an inaccurate picture of how new technologies work, causing you to lose out by not innovating now.    

At the Center for Internet Security (CIS), we understand the importance of performance and availability for your cloud environments. That’s why we partnered with the Microsoft Azure team to test CIS Hardened Images for Linux with the Azure Monitor Agent.  

Visualising performance and availability in Microsoft Azure   

For context, Azure Monitor is a service that helps you evaluate the availability and performance of your applications and services in Azure. It uses telemetry to provide you with an overview of your applications. With that information, you can proactively remediate issues that undermine the availability and performance of your apps and their dependent resources.    

Azure Monitor used to employ legacy monitoring agents for data collection, but now the Azure Monitor Agent (AMA) does all that work. First, it gathers data from the guest operating systems of Azure and hybrid virtual machine images. It then feeds that data into Azure Monitor, where it informs insights and other services like Microsoft Sentinel. 

AMA sends various types of information to Azure Monitor. These include logs, or events that occurred within the system, and traces, or series of related events that follow a user request through a distributed system. These and other pieces of data help you monitor the health and performance of Azure virtual machines (VMs) at scale, including Linux VMs. 

Helping you make the most of CIS Hardened Images for Linux   

Overall, it was a smooth process testing the CIS Hardened Images for Linux. The Azure team made a few tweaks to AMA throughout the investigation to account for the differences across various Linux distributions but even so, there weren’t any issues with AMA functionality degradation when installed on a CIS machine.   

When the Azure team did make some changes to AMA, it did so to comply with the CIS Benchmarks settings post-AMA install. Primarily, these changes involved strengthening the permissions for file and directory ownership and ensuring a loopback network setup of an AMA sub-component. 

With the testing period over, AMA is now validated for successful deployment and overall functionality, including end-to-end data flow for all data types on images, for a range of CIS Linux Hardened Images.  

The Azure team has also integrated CIS Hardened Images into the pre-release validation process for continual re-validation when new AMA versions become available. This ensures no AMA functionality regression, thereby helping you maintain the performance and availability of these pre-hardened virtual machine images for Linux going forward. 

An ongoing partnership   

Microsoft and CIS are committed to continuing their partnership to make its products more secure and available on a variety of Linux environments, benchmarks and settings.  

Get started with a CIS Hardened Image on the Azure Marketplace 

Mia LaVada is product manager of benchmarks and cloud at the Center for Internet Security 

This article was originally published in the Winter 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription. 

Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.