Azure Network Watcher
With remote work being the new norm, businesses have started deploying all their assets into the cloud. But even before the onset of the pandemic, cloud deployments had been rampantly growing since the past decade. By 2025, it is estimated that the data deployed in the cloud would cross a staggering mark of 100 zettabytes!
When you deploy data assets in the Azure cloud, you simply build a virtual network and set up all the ties to your on-premise network via express route or independently run it in the cloud and have your virtual network setup.
Express route helps your on-premise network(here on-premise network refers to your corporate IT network) to connect to Microsoft Azure cloud over a private network via a connectivity provider.
However, it does not stop with all the data assets being deployed to the cloud. You have to monitor the health and status of your Azure Virtual Network. By monitoring it, you can ensure that your data is secure and even take preemptive measures in case your virtual network is having connection issues.
To monitor all the ins and outs of your Azure virtual network, you have the Azure Network Watcher which provides several promising features over other network watchers in the market. Let’s find out more in this post.
Table of Contents
- What is the Azure Network Watcher?
- Azure Network Watcher Elements
- Pricing of Azure Network Watcher
- Final Words
What is the the Azure Network Watcher?
Azure Network Watcher provides 360-degree monitoring and logging for all IaaS virtual networks. Azure automatically adds the Azure Network Watcher when you build or update an Azure Virtual Network into your subscription. Without knowing what Azure Network Watcher does, you might end up deleting it.
However, it is not suitable for PaaS-related networks or web analytics. To monitor PaaS resources there are many other resources offered by Azure such as Azure Monitor and Log Analytics.
Azure Network Watcher Elements
Azure Network Watcher allows you to gain insights into your network performance using several elements. Here is the breakdown of some of the common Azure Network Watcher elements.
The Connection monitor
This allows you to monitor all the components from one endpoint to another endpoint. It also ensures there is connectivity between 2 points(for instance the connection between a web application and database).
It is also used to measure latency points, where latency is the time taken by data packets to travel from one designated point to the other. Knowing the latency of your virtual network, you will know the Azure region where you will get better service.
Let us assume you have a VM hosting a web application and another VM hosting a database from which the former gets data. If someone applies a new route or a new security rule that blocks the communication, the connection monitor immediately notifies the user the current endpoint is not reachable along with the reason.
Network Performance Monitor
This element helps to monitor and report the performance of the network infrastructure endpoints in the virtual network. The NPM monitors the connectivity strength between Azure Virtual Network deployments and the on-premise network(your office/branch network).
The best aspect of the NPM is that as you add more and more endpoints to your network, it creates a visual diagram using a topology tool. This visually represents the IP addresses and hostnames in your Azure Virtual Network.
From a diagnostic perspective, Azure Network Watcher offers a handful of tools to diagnose traffic issues and load balance issues in your virtual network. They include -
IP flow verify - This tool informs us which security rule is blocking the communication from (or to) the virtual network. It tests the routing rules by allowing you to enter the source and destination IP addresses of your endpoints. It also provides the root cause to investigate or remediate further.
Connection troubleshooting tool - Used to test the connection between two VMs, URL, FQDN, and IPv4 addresses. Provides hop to hop paths from the source to destination through visually appealing Visio diagrams. Also provides min, max, and average latency between the source and destination. It even keeps a record of the number of packets dropped during the connection troubleshooting check.
Packet capture tool - Captures traffic to (and from) a virtual network and stores the packets for offline analysis.
Metrics tool - There are some limitations on how many resources you can deploy within an Azure virtual environment. This is where the metrics tool comes into play to inform where you are in comparison to these limitations. Limitations of deployment of resources are restricted based on your subscription and region. The metrics tool allows you to know how many resources are deployed and running, and how many resources can you deploy within the limitations. So by knowing the availability to deploy resources, you can plan the deployment of more and more resources in the future.
This is another interesting feature to capture networking components, IP addresses, virtual networks, application gateways, and much more. It gives the end-user a high-level view about how your network looks within the Azure environment.
All the logs of your Azure Virtual Network are captured and fed in the Operations Management Studio(OMS). This gives you an aerial view of your network when you want to look at your environment from an elevated point.
Pricing of Azure Network Watcher
When Azure creates a network watcher while deploying resources in your virtual network, there are no charges levied on it. However, the pricing plans for using the resources in the network watcher change based on your subscription and the region. For instance, if you consider the East US Azure region, network log storage comes with a capacity of 5 GB per month, but Azure charges 0.50$ for every GB of logs collected.
Azure network logs stores the system logs in a storage where you can set the retention upto 365 days. In case you fail to set the retention, Azure maintains the logs forever.
When it comes to the network diagnostic tool, you are allowed free 1000 checks per month. When you exceed this limit, Azure begins to charge $1 per 1000 checks.
Connection monitor includes 10 free tests per month and then charges a tier-based fee based on the number of tests performed. When the number of tests increases, the price decreases.
Let’s wrap this post with two most important benefits of Azure Network Watcher. Firstly, it provides a large toolbox for monitoring, diagnosing, and logging all the happenings within your Azure Virtual Network. Secondly, Azure has way more security certifications than any other cloud provider in the market.