On-Premises Deployment of Azure Log Analytics (OMS)

Microsoft-Azure-cloud-hero
This post will show you how to deploy an Azure Logs Analytics, otherwise known as Operations Management Suite (OMS), agent to a Windows Server machine that is running outside of Azure. This post assumes that the agent will have direct Internet access — there is another solution that can use the OMS Log Analytics Forwarder.

The Solution

Microsoft OMS is capable of monitoring machines that are running in Azure, but it is also capable of monitoring machines that are running outside of Azure. Microsoft’s marketing mentions on-premises or Amazon Web Services (AWS), but the reality is that you can deploy the Microsoft Monitoring Agent (MMA) onto any Windows Server machine that meets the technical requirements and where you have admin-level login access to the operating system.
The reach of OMS’s monitoring can then be extended to all of your servers, adding deeper insights into infrastructure and applications. You might already have a monitoring system for on-premises or hosted servers, such as System Center Operations Manager (SCOM); that’s not an issue because OMS can complement those solutions — it actually integrates with SCOM. OMS adds other levels of monitoring, such as deeper insight into Active Directory and SQL Server, network performance monitoring, and security auditing.

This solution option is based on agents communicating directly via the Internet [Image Credit: Microsoft]
This solution option is based on agents communicating directly via the Internet [Image Credit: Microsoft]

Technical Requirements

The following must be present for this solution:

  • You must have deployed Log Analytics (OMS) in your Azure subscription.
  • The MMA, in this solution, must have direct or proxy Internet access via HTTPS. A different architecture allows for indirect access via OMS Log Analytics Forwarder.
  • The MMS supports Windows Server 2008 SP1, Windows 7 SP1, and later.
  • You can install the MMA on physical or virtual machines, but not Azure virtual machines — these are connected via the Azure Portal.

Download the Microsoft Monitoring Agent (MMA)

You can download the agent from the Log Analytics (OMS) workspace in the Azure Portal:

  1. Sign into the OMS workspace.
  2. Click the settings tile, and browse to Connected Sources.
  3. Click Windows Servers (note the option to download the MMA for Linux).
  4. Choose either the 64-bit or 32-bit download depending on the machines you want to monitor. Store the download(s) for reuse.
  5. Create a document or a notepad file to save some important information. Store this document securely.
  6. In the workspace, there is a copy button to the right of Workspace ID. Click this button to save the Workspace ID. Save this to your document for later reuse.
  7. Click the copy button for Primary Key and save this to your document for later reuse.
Download the MMA from the OMS workspace [Image Credit: Aidan Finn]
Download the MMA from the OMS workspace [Image Credit: Aidan Finn]

Manually Install the Agent

You can use automated methods to deploy the agent, such as command line or desired state configuration, but I will show you the setup.exe method. Make sure that you have access to the MMA installer from the machine that you want to install it on.

  1. Log in to the machine and run the installer
  2. Skip the welcome and agree to the licensing terms (if you agree to continue)
  3. Accept or customize the installation location
  4. You are asked if this is a SCOM or a OMS installation. Choose OMS
Use the MMA with OMS [Image Credit: Aidan Finn]
Use the MMA with OMS [Image Credit: Aidan Finn]
  1. Copy the Workspace ID and Primary Key from the portal into the Workspace ID and the Workspace Key fields of the MMA installer.
Connect the MMA to your OMS workspace [Image Credit: Aidan Finn]
Connect the MMA to your OMS workspace [Image Credit: Aidan Finn]
  1. Note the Advanced button, which is where you can configure a proxy connection, including username and password, if required.
  2. Finish the wizard.


The agent should start reporting to OMS after a few minutes.

The agent on the server is connected to OMS [Image Credit: Aidan Finn]
The agent on the server is connected to OMS [Image Credit: Aidan Finn]

If there are delays, you can then start troubleshooting by inspecting the Operations Manager log in Event View on the machine.
Inspect the OMS MMA logs on the machine [Image Credit: Aidan Finn]
Inspect the OMS MMA logs on the machine [Image Credit: Aidan Finn]