Moving from SCOM to Azure Monitor: What's the difference?

Amidst the rapid rise in digital transformation and uptake of the cloud persists two leading solutions for end-to-end infrastructure monitoring: Azure Monitor and System Center Operations Manager (SCOM), both offerings from Microsoft, and both excelling in different areas of operational monitoring.

Monitoring is a key part of optimising our IT resources. When applications stop performing, databases get corrupted, and servers start crashing, it’s vital for all organisations to be one step ahead and have a way to proactively track and notify the business on issues - whether it’s in the code or infrastructure - and address them before they happen.

Xello frequently speaks with customers who have used SCOM for some time to monitor their on-premises infrastructure and have since moved their business to Microsoft Cloud - and want to understand the general benefits of moving their monitoring capabilities to Azure Monitor.

With plenty of misconceptions and outdated information to wade through, our team summaries each service, how they work and their key differences and focuses, so you understand why Azure Monitor is a worthy monitoring solution upgrade if your resources are in Azure.

 

What is Azure Monitor?

Azure Monitor what is it

Image via Microsoft

Azure Monitor (AM) is a cloud-based, end-to-end monitoring solution that allows businesses to collect granular performance and utilisation data from both their cloud and on-premises resources, and analyse and act on that data to proactively prevent and solve issues. It is accessed via Azure Portal and is the best tool to monitor active subscriptions and environments.

As a full-stack monitoring data platform, Azure Monitor is a central plane to acquire an up-to-date, 360-degree view of your environments - applications, infrastructure, network - and get regular alerts and updates on its status with metrics and logs that convey the health and performance of all resources and set up automated actions based on automated processes like alerts and rules.

Many of Azure’s broader monitoring services and tools are inbuilt and accessed here, providing additional advanced analytics, dashboards and visualisation map capabilities to enhance how you analyse your tracked business-critical data. AM collects data from a number of sources, divided into tiers - starting from your application to the operation system it runs on, to the services it depends on, and the platform it’s hosted on.

  1. Application monitoring data: This tells businesses the performance and status of the application and the coding, regardless of the platform it’s hosted on.
  2. Guest operating system monitoring data: This tells businesses about the OS the application is running on, whether it’s in Azure, another cloud platform or on-premises.
  3. Azure resource monitoring data: This tells businesses about the operation of Azure resources.
  4. Azure subscription monitoring data: This tells businesses about the management of Azure subscriptions and the health of all resources in said subscription.
  5. Azure tenant monitoring data: This tells businesses about the operational status of tenant-level Azure services like Azure Active Directory (Azure AD).

Azure Monitor then organises the data it collects for monitoring into two types: metrics and logs.

  • Metrics: Azure Log gives visualised metrics for every resource in Azure, categorised by subscription resource groups and resource type. Metrics represent system performance and status in handy numerical values, viewable in graphs. You can verify performance of apps and databases, from CPU usage, to average utilisation percentage, etc.
  • Logs: Azure Monitor provides information on log events in the activity log or event view in Windows 10. Log events include resources changes in groups or subscriptions such as additions or deletions and when specific users performed the action, while an activity log lists any actions that have occurred like network interruptions.

Metrics are useful because they represent some aspect of your application or system at a specific point in time for historical reference and to set up with alerts fairly quickly, while logs are telemetry events organised into text records that provide additional context (such as when a particular resource was created or modified last or when an error was detected in an application), that, when combined with metrics, helps you analyse and ascertain the full picture for deeper analysis and trending over time.

 

How Azure Monitor benefits businesses with better analysis

Azure Monitor vs SCOM benefits

 

Azure Monitor doesn’t just handle data collection for passive performance and status review.

It’s essential to be able to monitor and analyse resources when you need to, and notify and respond to issues identified in collected data. Having ways to summarise and present monitored data in an accessible, efficient manner - all in the same solution -is essential to keeping ahead of potential challenges. Azure Monitor provides a number of capabilities that greatly enhance our business and IT teams’ ability to tackle issues proactively, productively and ahead of time.

  • Alerts: Azure Monitor has in-built alerts to notify users when potential or ongoing issues are raised, filtered by past hour, past 6 hours or past 24 hours. You can search for specific resources within subscriptions or groups to pinpoint what you’re looking for. Alerts can be automated or handled manually - for example, you can set up automated emails to administrators to investigate a performance issue when it is identified, or set up an automatic process to take corrective action when issues arise and be notified of the action. Alert rules based on metrics give you close to real-time alerts based on numeric values, while alerts based on logs let you implement complex logic across your data from multiple sources - cloud, on-premises, etc.
  • Autoscale: Azure Monitor enables businesses to always have the exact amount of resources they need to run an application and create rules that use metrics collected by the service to set when you need to add resources when increases in load occur or when you need to remove sources that sit idle. Businesses can set a minimum and maximum number of instances and the logic that dictates when AM increases or decreases resources automatically, and set up alerts to review the changes.
  • Dashboards: AM comes with in-built dashboards that allow businesses to summarise metrics, usage charts (via the embedded Azure Application Insights tool), activity logs and event logs into a single visualised pane, which can be accessed and shared easily with other Azure users that handle monitoring and management of resources.
  • Power BI: As Microsoft Azure’s self-service business intelligence tool, Power BI provides deeper, interactive visualisations of multiple data sources and helps make data dashboards and reports more accessible. Currently, you can automatically import log data from Azure Monitor into Power BI to leverage richer visualisations and share metrics with your business users outside your administrators handling Azure Monitor.
  • Service Health: This is an overall at-a-glance overview of your Azure environment’s health to determine whether certain events have impacted the business negatively and require further attention.
  • Third-party integration: Azure Monitor supports other analytics and monitoring tools that aren’t already integrated natively in the central pane, such as OMS Insight & Analytics, Application Insights and several third-party tools for analytics flexibility.

Ultimately, AM’s capabilities help businesses get the jump on a number of potential problems before they negatively impact your business, like identifying network glitches before they lead to errors, discovering CPU spikes that indicate performance issues, or unexpected resource shutdown. It provides a better understanding on how your applications are performing in Azure Cloud and proactively identifies issues affecting them and the resources they depend on.

 

What is System Center Operations Manager (SCOM)?

SCOM vs Azure Monitor differences

 

Microsoft System Center Operations Manager (SCOM) is an IT monitoring and reporting tool often compared to Azure Monitor. As a key part of Microsoft System Center, it provides a single management console to view application performance and track on-premises environments.

As a cross-platform, enterprise-grade solution, SCOM specialises in collecting organisational data from the components and infrastructure which make up our apps - networking, servers and so on. It uses a health model to display a top-level status of all assets located on-premises.

SCOM’s health model measures and checks the health of a business-critical application hosted on-premises using monitors with configurable thresholds that define its overall state. Health states are categorised by red, amber or green, with three types of monitors:

  1. Unit Monitors: This measures a specific component of the application, like CPU usage percentage or network connectivity.
  2. Aggregate monitors: This displays the aggregate health state across multiple monitors.
  3. Dependency Monitors: For applications that depend on another component to function, this displays the health of the critical object.

Each health model also defines and structures rules to collect the relevant data that determines an app’s health value, such as performance data. This is how SCOM knows which app should be performing at what levels, and it can change the health status of apps if it detects it is operating outside of the set parameters of the business - or alert your users to review manually.

Rules typically provide three functions for an application:

  1. Information collection: This provides event and performance data on the app.
  2. Alerts: This notifies the business of when a specific event is detected in an event log.
  3. Commands: This allows users to run a command or script on a pre-defined schedule.

The discovery process driven by our monitors and their rules, and the execution of tasks within SCOM’s console is only possible with agents, software installed in the environment that acts as the method to collect data and send it back to SCOM, which reads it to determine health of resources based on monitor and rules configuration.

SCOM 2019 is set to be released sometime in Q1 2019, under a Long-Term Servicing Channel (LTSC) release, which means a new version comes every three years, though Microsoft have said it could be much less frequent going forward. This model provides 5 years of mainstream support and some years of extended support, with two Semi-Annual Channel (SAC) updates scheduled later this year.

However, compared to Azure Monitor’s near continuous maintenance and feature upgrades, it is far less future-proof if you need to monitor and analyse resources in the cloud versus primarily on-premises.

 

Can SCOM be used to monitor Azure environments?

The short answer is yes, SCOM can be slightly extended to monitor Azure resources in addition to on-premise data centres and servers even though it is a primarily on-premises solution. Although SCOM has traditionally been an on-premises monitoring product, there have been updates released by Microsoft have enhanced the toolset with certain cloud-based capabilities.

SCOM’s Management Pack (MP) are pre-packaged health and service models that are imported into SCOM to provide businesses with a ready monitoring template. Third-party software vendors sell MPs, as it is often more popular with businesses lacking IT expertise, though management packs can be created by users in the SCOM console.

Microsoft currently offers the SCOM 2016 Management Pack for monitoring Azure Cloud resources in SCOM. In addition, SCOM can be connected to Azure Log Analytics, which lets businesses leverage certain cloud-based features of the latter within the SCOM console.

SCOM ultimately remains a powerful monitoring tool for keeping track of on-premises resources, with certain limited extensions to monitor resources in the cloud within the SCOM console via integration with Azure Log Analytics - allowing you leverage some opportunities of Log Analytics while continuing to use Operations Manager.

While these options are available, a much more cost-effective and future-proof option lies in Azure Monitor. In the next section, we detail the differences between the two monitoring solutions and why Azure Monitor is the natural, recommended upgrade path for SCOM users.

 

Why Azure Monitor is better than SCOM for cloud monitoring

More and more businesses in Australia are moving resources to the cloud, with Gartner estimating enterprise IT spending for cloud-based offerings growing faster than growth in traditional non-cloud infrastructure through to 2022 - the cloud shift is well and truly here.

While SCOM remains a powerful tool for on-premises monitoring and even boasts certain cloud-based integrations which allow for limited use of Azure’s services within its console like Log Analytics, Azure Monitor is a more future-proof and robust monitoring toolset going forward.

Azure Monitor’s value lies in its integrated features. Since September 2018, the solution has included Azure Log Analytics and Azure Application Insights in the same package, without changes in pricing or compromise in capability. This means businesses can access and manage all aspects of advanced monitoring - alerts, logs and metrics - in one solution instead of many. Azure Monitor is also a pay for what you use service, with no upfront cost or termination fees.

Running on the proven scale and speed of Azure Cloud and its automation capabilities means alerts, notifications and tracking are far more efficient and can cover your business’s cloud environments more comprehensively than by opting to use SCOM connected to Azure Log Analytics alone, which only provides a fraction of cloud-empowered monitoring benefits.

Finally, Azure Monitor is also fully managed service, meaning Microsoft handle all the maintenance, patching and updating of new features or bug fixes for AM - freeing up staff to focus on monitoring and driving innovation in other key areas of the business.

Read more: SCOM of the Earth: Replacing Systems Center Operations Manager with Azure Monitor - A Guide

 

Azure Monitor vs SCOM: Next steps to prepare for better monitoring

For monitoring cloud-based resources and setting up powerful automated alerts and actions to handle potential challenges, Azure Monitor is the more robust option.

It has advanced analytics, dashboards and visualisation map capabilities to help enhance how organisations track, analyse and act based on collected business-critical data.

Azure Monitor is well positioned as the natural successor to SCOM for organisations moving resources over to Azure Cloud and that need an end-to-end monitoring solution to accompany their migration. Before adopting the service, book a free Azure Monitor Readiness Assessment to understand the many best practices necessary to optimise your cloud environment - and prepare for an optimal adoption of Azure Monitor.

azure_monitor_readiness_assessment_CTA_1