Traditional monitoring as a starting point
Anyone who has operated an Exchange Server themselves was well advised to monitor it. This classically included the following four aspects:
- Numerical values such as CPU load, RAM utilization, degree of filling of the hard disks
- Monitoring of started services and accessibility from the network
- Functional monitoring through synthetic transactions, logging in via EWS, sending and receiving roundtrip mails
- Monitoring of the event log for errors and warnings
For this purpose, solutions such as Nagios, Icinga and PRTG were installed in the server room, which can be used to monitor other servers and the company network in addition to Exchange. The individual desktop client was managed more by inventory and software distribution, but not directly monitored. Discover why this is important for your network monitoring, especially with the rise of cloud services, in the post “Update your traditional network monitoring for the cloud” on our blog.
Challenges of cloud monitoring
Almost all traditional monitoring approaches fail when it comes to Exchange Online or any other cloud services. The service provider operates the servers, in this case Microsoft, and are no longer accessible to the company via conventional monitoring. Monitoring the CPU load of a single server or all servers is simply not possible in a cloud environment, as the operator hides many servers behind load balancers. Events logs or hard disks are also no longer accessible. Only the accessibility of the respective services can be checked, and synthetic transactions executed.
If you previously monitored your servers in the data center using your own agents in the same data center, then these agents can now talk to the service in the cloud. However, to do this, the agents must first come to the cloud and address a meaningful address there, which also provides a response in a timely manner. In addition, cloud monitoring must not be designed in such a way that the cloud provider might suspect a DoS attack. In the best case, your requests would only be throttled consequently. In the worst case, your requests would be blocked based on the IP address. At the same time, regular access via the same IP address would also be blocked.
You must therefore choose other ways to determine a qualified status of the cloud services used and include it in your monitoring.