Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Performance Diagnostics for Azure Virtual Machines

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: VirtualMachines-024

Ensure that Performance Diagnostics feature is enabled for your Microsoft Azure virtual machine instances in order to help mitigate VM performance issues. Performance Diagnostics installs a VM extension that runs a self-help diagnostics tool named PerfInsights, available for both Windows and Linux operating systems. PerfInsights can collect and analyze diagnostic information such as virtual machine hardware and storage configuration, various log files, OS information, PCI device information, guest OS log files, configuration files, information about running processes, virtual machine instance disk, memory, CPU usage, and networking information. Once this data is properly collected and analyzed, PerfInsights provides an easy-to-read report of findings and recommendations necessary to remediate the performance issues found. You can run performance diagnostics directly from the Azure Portal, where you can also review VM instance performance insights and diagnostics data.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Performance
efficiency

Once enabled, the Performance Diagnostics feature can help you find and troubleshoot performance-related issues that can affect your Windows or Linux virtual machines (VMs). Supported troubleshooting scenarios include quick checks on known issues and best practices, and complex problems that involve slow VM performance or high usage of CPU, memory, or disk space.

Note: The list of operating systems supported by Performance Diagnostics feature is available at this URL.


Audit

To determine if Performance Diagnostics is enabled for your Azure virtual machines, perform the following operations:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to list only the virtual machines (VMs) available in the selected subscription.

05 Click on the name of the virtual machine that you want to examine.

06 In the navigation panel, under Support + troubleshooting, select Performance diagnostics to view the performance diagnostics reports generated for the selected Azure VM. If there are no diagnostics reports available, instead a Getting Started page with the following message is displayed: "You don't have any performance diagnostics reports. To troubleshoot performance issues on this virtual machine, install and run performance diagnostics.", the Performance Diagnostics feature is not enabled for the selected Microsoft Azure virtual machine.

07 Repeat step no. 5 and 6 for each Azure virtual machine available in the selected subscription.

08 Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run vm list command (Windows/macOS/Linux) using custom query filters to list the name and the associated resource group of each virtual machine provisioned within the current Azure subscription:

az vm list
    --output table
    --query '[*].{name:name, resourceGroup:resourceGroup}'

02 The command output should return the requested virtual machine (VM) identifiers:

Name                      ResourceGroup
-----------------------   ------------------------------
cc-project5-web-server    cloud-shell-storage-westeurope
cc-project5-app-server    cloud-shell-storage-westeurope

03 Run vm extension list command (Windows/macOS/Linux) using the name of the virtual machine that you want to examine and the associated resource group as identifier parameters to describe the name and the provisioning status of each software extension installed on the selected Azure VM:

az vm extension list
    --vm-name cc-project5-web-server
    --resource-group cloud-shell-storage-westeurope
    --output table
    --query '[*].{"ExtensionName": name, "ProvisioningState":provisioningState}'

04 The command output should return the virtual machine extensions installed:

ExtensionName                  ProvisioningState
----------------------------   -----------------
AzurePerformanceDiagnostics    Succeeded
AzureNetworkWatcherExtension   Succeeded
IaaSAntimalware                Succeeded

If the name of the PerfInsights extension, i.e. AzurePerformanceDiagnosticsLinux, and AzurePerformanceDiagnostics is not included in the list of installed extensions returned by the vm extension list command output or the extension name is included but the provisioning status is not set to Succeeded, the Performance Diagnostics feature, powered by PerfInsights extension, is not enabled for the selected Microsoft Azure virtual machine.

05 Repeat step no. 3 and 4 for each Azure virtual machine deployed within the current subscription.

06 Repeat steps no. 1 – 5 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable the Performance Diagnostics self-help tool for your Microsoft Azure virtual machines (VMs), perform the following operations:

Note: Enabling Performance Diagnostics for your Microsoft Azure virtual machines using Command Line Interface (CLI) is not currently supported.

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to list only the virtual machines (VMs) launched in the selected subscription.

05 Click on the name of the virtual machine that you want to analyze and troubleshoot using the Performance Diagnostics feature.

06 In the navigation panel, under Support + troubleshooting, select Performance diagnostics to access the diagnostic tool page.

07 On the Performance diagnostics page, click on Install performance diagnostics to install the PerfInsights extension and enable the Performance Diagnostics feature for the selected Azure virtual machine. Make sure that Run diagnostics after the installation finishes checkbox is selected to run a diagnostic after the installation is completed.

08 On the Run diagnostics configuration panel, perform the following:

  1. Choose the preferred performance analysis scenario to run from the Analysis dropdown list. At this point you can choose between Quick performance analysis and Performance analysis. Select a scenario depending on the performance issues suspected. There are multiple analysis scenarios that you can choose from once the feature installation is completed:
    • Quick performance analysis – rapidly checks for known performance issues, analyzes best practices, and collects diagnostics data. This analysis takes just a few minutes to complete.
    • Performance analysis – includes all checks available for the "Quick performance analysis" and monitors high resource consumption. Use this scenario to troubleshoot general performance issues, such as high CPU, memory, and disk usage. This analysis scenario takes between 30 seconds and 15 minutes, depending on the selected duration.
    • Advanced performance analysis – includes all checks within the "Performance analysis" scenario, and collects one or more traces. Use this scenario to troubleshoot complex issues that require additional traces. This analysis can take between 30 seconds and 15 minutes to complete, depending on the selected duration.
    • Azure Files analysis – includes all checks available for the "Performance analysis", and captures a network trace and SMB counters. Use this scenario to troubleshoot the performance of Azure files. The Azure Files analysis takes 30 seconds to 15 minutes to run, depending on the selected duration.
  2. Agree to the legal terms and accept the privacy policy provided in order to run performance diagnostics on the selected VM by selecting the I acknowledge that I am getting this software from Microsoft Corp. and that I have read and agree to the legal terms and privacy policy checkbox.
  3. (Optional) If you want to share diagnostics information with Microsoft, select I agree to share diagnostics information with Microsoft checkbox.
  4. Click OK to confirm the analysis scenario that you want to run and start the Performance Diagnostics installation process.

09 Once the feature installation is successfully completed, the selected analysis is performed for the specified duration. All the performance insights and related information gathered during analysis is uploaded to a storage account, then the performance diagnostics report is generated and listed on the Azure Management Console (Azure Portal). On the Performance diagnostics page, under Diagnostics reports, click on the newly generated performance diagnostics report and review the list of insights and recommendations provided in the selected report.

10 Repeat steps no. 5 – 9 to enable Performance Diagnostics for other Azure virtual machines provisioned in the selected subscription.

11 Repeat steps no. 3 – 10 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Oct 26, 2020