Home / Nerdio Academy / Nerdio / Nerdio Fundamentals: Notifications, Monitoring and Logging

Nerdio Fundamentals: Notifications, Monitoring and Logging

0 commentsJuly 10, 2019Videos

Joseph Landes
In this session we are going to talk about how notifications, monitoring and logging work in Nerdio for Azure. Things like setting backup alerts, how to change notifications in the Nerdio admin portal and logging all relevant actions in the product. Enjoy the session.

Vadim Vladimirskiy
There are a set of different notifications that you can configure. All of these get delivered via email to the various recipients and the recipients include partner admins and these people are basically the ones that are members of the partner, the MSP that has provisioned this account. So you’ll notice this account is 5,009 [Moorehart, 00:00:56] Inc. But if you see know who’s actually listed here, these are the various people at the partner admin level that are going to get notifications. So you can see that that is turned off by default, can be easily turned on just like that. It also can be configured to go, the notifications can go to their account IT admin. These would be people within the account itself. So you can see this is Chad ceo@fivethousandnine@nerdio.net and finally you can also add email addresses into this field, just kind of free hand if you have somebody who doesn’t fall into one of these two categories.

Vadim Vladimirskiy
All right, so as far as what the notifications are, so they’re broken into categories. There is user operations, so anything that you would do on the user screen right here, whether it’s a new user addition, deletion, archival, password reset or anything like that. If you enable this notification, it’s going to send an email to whoever is selected, so in this case, it would be these 11 people, this one IT admin and also this person right here. Or you can customize it any way you want. So this is user operations. There is a similar type of an alert that can go out for server operations. So things like server restart, shutdown, reset, power off, destroy, add server, add disc, change disc space, change CPU memory, disk size, et cetera. So anything that’s done on the server screen would be sent as a notification.

Vadim Vladimirskiy
Finally there is also set of notifications for network operations. These include VPN status changes. So if we go onto the VPN screen, which is under networking, you have the VPN tunnel and it can have various states. It can be either connected or disconnected or connecting. And then anytime the status changes, if that notification that you just saw on the previous screen is turned on, that notification will be triggered via email. So this is useful for monitoring VPN connectivity. Now this is not real time. There is somewhat of a lag of when these notifications are evaluated. Okay, so that’s the networking notification.

Vadim Vladimirskiy
When does this come up? Imagine you have a scenario where you have an office, you know a customer’s office, that has multiple internet lines and they have a SonicWall or some other firewall that can seamlessly fail over between the two. So if you have a SonicWall to SonicWall VPN tunnel, you can establish the VPN connections to use aggressive mode and be able to connect from the customer’s LAN over either one of the LAN connections that they may have. The challenge in Azure is that the only type of VPN that supported is main mode, which means that you must have a static IP address of the other location that it’s coming from. So in this case, you know it’s 1.2.3.4. If your VPN connection is coming from a different address, this tunnel will not come up. And there really isn’t an easy way to set up multiple tunnels to be able to point at the same at the same connection at the, at the same physical location. So the way you can work around this is by sending a notification that will email the help desk anytime the VPN goes down.

Vadim Vladimirskiy
And remember the VPN is used for printing and scanning. It’s not used for desktop connectivity because that goes over the [inaudible 00:04:53] gateway through the public internet. But if the VPN goes down and notification will go out within a certain period of time and the next audit interval of the connection, you can then come into this screen, edit this VPN connection right here, and then change the IP address to the IP of the second LAN interface on the client’s network. And then click save. And this is a manual process, but it will bring the VPN connection up just by making this change. So again, on the client, then you have two LAN connections. SonicWall can fail or whatever firewall is, can fail between the two seamlessly depending on which one is active, which one is down. And then you can modify the Azure VPN to point at the correct one depending on which one is available and be notified of the status change through this notification right here.

Vadim Vladimirskiy
The next category of notifications is backup alerts. So this is for things like if you go in and you remove a server from backups, so let’s go ahead and open them back up in another tab. So if you remove a server, if you disable a backup completely or if backup fails on any one server, it’s going to trigger a notification. So again, very helpful in just monitoring the status of the backup. So any user actions that administrator would take from this backup screen as well as any failures in the backup process. Okay. So let’s take a look here. So you basically, if I were to go in and turn this off or if I were to go in and remove this server from backup, then the notification would be sent to everybody that you saw on the previous screen.

Vadim Vladimirskiy
Okay. Next. You know we already went through these ones so let’s just turn them off for now because we don’t need to be getting this many. Okay, good. And then finally you have a set of notifications that get triggered when changes get made in the NAP. So this is NAP security notifications will be sent to all users that are allowed to log into NAP and the two options are send an email alerts when the NAP user is added and send an email alert when there’s a log in to the NAP using my username. So if you enable this, then every time I log in as a particular user into this environment, I will get notification. This is just for confirmation in case an account gets compromised, you will get an email notification that someone else logged in. If that wasn’t you, that will obviously alert you that something is going on. So, so those are NAP specific notifications.

Vadim Vladimirskiy
Okay. So that pretty much covers notifications. There’s also logging that I think we went over in the previous session, but I’ll mention it briefly. There is a log for provisioning tasks for things like actually the provisioning of the environment initially or maybe doing a certain environment upgrades like from a professional edition to enterprise edition, things like that. There is desktop logins and desktop logins basically show you which users logged into which RDS session hosts or VDI desktops. You can filter them by date as you saw just now, by name and by the machine they logged into. So if I only want to see people who logged into the the VM that has A00000D then it will filter it only to the VMs that have a D in the name. Okay, so really handy if you want to see when the last time the user logged in.

Vadim Vladimirskiy
Now with this, the way this information is retrieved is it’s actually coming from the SMS passcode database. The tracks are the login from any, VDI or RDS sessions. When you get the Windows login prompt, you type in the password, it records of entering that database, the NAP then pulls the information out of that database. It presents it here. That information gets captured when the user logs in, either initially when like there is not an active session or even if a user reconnects to a disconnected session because they will reauthenticate themselves and it will go through kind of a login process where two factor will be enforced, if that’s enabled for the user account, that user login attempt will be reflected here. So if you look at these attempts, this doesn’t mean that Angie in accounting logged into the desktop without being logged in first. It could be that Angie went for lunch and then came back and reconnected and typed in the password. That will also be logged as a log in attempt. Okay, so it’s both reconnect and fresh logins that are logged here.

Vadim Vladimirskiy
And then finally the biggest login area is the management tasks. Under management tasks, you have lots of ways to filter this view. There’s obviously a date range filter. There is a free text search filters. If I want to look for anything that’s all my sync ad tasks, there we go. I think it searches on the description of the task, which is why that previous one didn’t match but there this is a free text search field. We also have a category, various tasks have different categories. If I want to see all server operations, I can do this and then it will just filter it down to things that happened with servers.

Vadim Vladimirskiy
If I want to see user operations I can do it this way and then you can also filter by status. So remember pending just means the task hasn’t been picked up yet. It’s it’s waiting to be executed. It could be there’s something else running in front of it before it gets picked up. In progress means it’s currently running. Complete means it’s done and then error means is completed with some sort of an error. When there isn’t an error, there is a useful log over here that you can click on that will show you if there are any logs that were reported by the system that would explain what the error is. You know sometimes you get no log because maybe timed out or something. But in most cases, you’ll get something that that tells you what happened. In this case, the computer must’ve been off or something like that which is why it couldn’t connect to it.

Vadim Vladimirskiy
So those are the logs. And one final thing I want to remind you is that there is a little settings gear at the top, right. When you click on the settings gear, you can enable automated tasks. So even though, let’s clear our filters, so you can see, the last task that ran was, 3:10 which was a few minutes ago and we were changing notifications. You can see it was me who did that. You can see exactly what was changed, et cetera. So that’s nice and helpful but there aren’t too many other tasks today.

Vadim Vladimirskiy
If I go ahead and I unhide these automated tasks by setting into yes, you’ll see that in addition to all of the stuff that I’ve been doing, there are tasks that don’t have a username listed, which means they’re automated by the system. And these are the various things that happen on a scheduled interval behind the scenes, like updating performance monitoring data, submitting the other tasks, other scale schedule to Azure automation. You’re refreshing security settings, updating the security scores. So there’s updating things like the AD cache, right, so right there. So all types of background tasks are also logged. So this is a good year and setting to remember if you’re trying to investigate why a particular tasks may be sitting in pending state, it could be there’s something that it depends on, that’s currently running and that task that’s running may actually be an automated background tasks.

Vadim Vladimirskiy
So for example, if you’re making a change to a user account and at the same time there is a cache update that’s running and is in progress, then that user account update is going to sit in pending until that cache update is complete. So to investigate that, you would come in here and set this to on. When you said it to on, every time you navigate away from the screen and you come back, it actually gets automatically reset to off. So remember that this is a per view type of a setting. Every time you navigate away it, changes back to off.

Videos in the series