Monitoring
Chapter 10 covers monitoring in more detail. However, since this is one of the core pillars, I wanted to quickly touch on it here as part of architectural decisions. As architects the exact operation of services will typically fall outside of the scope; however, an organization may have requirements for insight into network traffic and/or accompanying logs. Additionally, the ability to check the health and flow of traffic may be required.
Like nearly all Azure resources, the diagnostics logs associated to networking can be sent to Log Analytics, a storage account, and/or an event hub (where the logs can be consumed by a SIEM solution). Network Watcher provides a number of capabilities around network health, including diagnosing connection and routing issues, troubleshooting VPN and ExpressRoute, and providing easy insight into NSGs deployed and in effect in an environment. It also has capabilities to capture packets via an extension in the VM, which is separate from the virtual...
