Prerequisites for the Nodinite Azure Monitoring agent
This page describes the prerequisites to successfully install and run the Nodinite Azure Monitoring Agent.
| Verified | Topic |
|---|---|
| Software Requirements | |
| What Azure User rights and Services does the Azure agent require? | |
| What Windows User Rights does the Azure agent require? | |
| What Firewall settings are required for the Azure agent? | |
| What Azure Services does the Functions Monitoring require? |
Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink) as long as the Log API can be accessed on the configured port.
We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)
Software Requirements
The Azure Agent is a Windows Service and is usually installed on the Nodinite application server.
| Product | |
|---|---|
| Windows Server | Windows 2022Windows 2019Windows 2016Windows 2012 R2Windows 2012 |
| .NET Framework | .NET Framework 4.8 or later New 6.0 |
Earlier versions of this agent made use of .NET Framework 4.7.2.
Supported Versions
Cloud technologies are evolving fast and Microsoft deprecates older versions of their APIs now and then. Nodinite will always support the APIs supported by Microsoft. This means you need to update Nodinite and our Azure Agent from time to time.
Make sure to subscribe to our Release Notes
What Azure User rights and Services does the Azure agent require?
For the Least Privileges, review the Azure Access page, least privileges section; Carefully read and follow the instructions detailed in the Azure Applications Access user guide for specific use, and insights about the least privileges required.
The agent has features to Read, Write, Manage and Post data to many Azure-related services.
The agent makes use of the Azure REST API to read/manage Azure services and resources and also a Connection String to access the Storage account.
- To ease the Administration, The ApplicationId/ClientId can be assigned the Contributor role.
- To send messages to the Azure Event Hub; Add the Azure Event Hubs Data Sender to the ApplicationId/ClientId.
- To monitor Azure Storage; The agent uses Connection Strings to read the content on the Azure Storage (Blobs, Queues, Files). Additional RBAC reading for Azure Storage.
- To Monitor Azure Key Vault, the App Registration (Application/Client) must be assigned the Key Vault Reader role.
- To Monitor Azure Functions, Azure Monitoring must be enabled. This means an Application Insights instance must be tied to the Azure Function Web Site hosting the Functions included in the Monitoring. You must provide an API Key to allow the Monitoring agent to access the Application Insights instance. You can also set the API Key directly on the Web Site - Function App Resource hosting the Functions included in the Monitoring.
- Some features like Web Jobs History requires the
SCM Basic Auth Publishing Credentialsto be set toOn.
What Windows User Rights does the Azure agent require?
The agent is installed as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.
- Local named account or domain account (preferred).
- Access and run-time rights.
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.
What Firewall settings are required for the Azure agent?
The Azure Agent has both inbound and outbound communication:
- Between the Monitoring Service and the Azure Agent.
- Between the Azure Agent and Azure Management API and/or the Connection String.
1. Between the Monitoring Service and the Azure agent
The following ports must be allowed on the Windows server where the agent is installed and running :
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file) |
And further with 'Option 1' or 'Option 2' as documented next:
Option 1 (Local network)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 8000 | RPC | Communication is initiated by the Monitoring Service |
Option 2 (Cloud/Hybrid)
Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.
Nodinite uses the same principle technique as the On-Premise data gateway; Review the 'Adjust communication settings for the on-premises data gateway' user guide.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic | ||||
| 5671, 5672 | Secure AMQP | |||||
| 9350 - 9354 | Net.TCP |
2. Between the Azure agent and Azure Management API
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic with the Azure REST API. - Safelist the Azure portal URLs on your firewall or proxy server |
What Azure Services does the Functions Monitoring require?
You must enable Applications Insights for Azure Functions to use with the Nodinite Monitoring.
The agent makes use of custom Kusto queries to get the logs and also to evaluate the state and metrics of executions.
This topic is covered in the How to configure monitoring for Azure Functions user guide.
Frequently asked questions
Additional solutions to common problems and the Nodinite Azure Monitoring Agent FAQ exist in the Troubleshooting user guide.
How do I enable Logging using Azure API Management Services?
Please review the APIMGMT - Logging user guide to enable Nodinite Logging with Azure API Management Service APIs.
How do I enable Logging using Azure Functions?
Please review the Serilog user guide to enable Nodinite Logging with Azure Functions.
Next Step
Related
Add or manage a Monitoring Agent Configuration
Monitoring Agents
Administration
Monitoring Agents