Azure Native Dynatrace Service
Azure Marketplace integration enables you to build a streamlined experience for purchasing, configuring, and managing the APM solution directly inside the Azure portal. After setting up the integration, Dynatrace appears as an Azure native service, and you can manage its configuration from Azure Portal.
Capabilities:
- Seamless onboarding: Easy onboarding to Dynatrace SaaS as an integrated service on Azure via Azure Marketplace. To set up the integration:
No event hubs, cloud functions, or configurations are required
- Unified billing: Get a single bill for all the resources you consume on Azure, including all Dynatrace SaaS consumption.
- Single sign-on: You don't need separate credentials for the Dynatrace portal. Sign in once in the Azure portal and seamlessly transition to Dynatrace when needed.
- Log monitoring: Enables forwarding of subscription activity and resource logs to Dynatrace. For details, see Log Monitoring Classic.
- OneAgent deployment: You get a unified management experience of Dynatrace OneAgents. You can install and uninstall Dynatrace OneAgents as extensions on Azure Virtual Machines and Azure App Services.
Limitations:
The integration will create a new Dynatrace environment and account; it can't run on an existing Dynatrace environment.
The Azure Native Dynatrace service is available via the Azure marketplace.
For getting a customized private offer for the Azure Native Dynatrace Service, reach out to Dynatrace sales via email to sales@dynatrace.com.
Prerequisites
Activate the private plan for Azure Native Dynatrace Service
Register the Dynatrace resource provider
Set up permissions
Activate the private plan for Azure Native Dynatrace Service
The Azure Native Dynatrace Service is available via a private plan. To have Dynatrace create a private plan for you, contact Dynatrace. Once you accept the offer, the private plan for Azure Native Dynatrace Service will be accessible on Azure Marketplace.
Register the Dynatrace resource provider
To create and manage the Dynatrace resources using the Azure Portal, you need to register a Dynatrace resource provider named Dynatrace.Observability in your Azure subscription.
Set up permissions
General permissions
- You need a
Contributorpermission to the Azure subscription.
The first user creating the first Dynatrace resource and environment in a subscription becomes the Dynatrace account owner of the Dynatrace account that is created during the integration deployment. For all subsequent Dynatrace resources and environments that are created in the same subscription by other users, the account owner will also have full permissions.
SSO permissions
If you use Azure Active Directory as your identity provider, you can establish single sign-on (SSO) from the Azure portal to Dynatrace. If you use a different identity provider or you don't want to establish SSO, you can skip this section.
-
To enable single sign-on authentication for your Dynatrace resource, you need to set up SSO in Azure Active Directory.
- On the Azure Portal, go to Azure Active Directory > Enterprise applications > New application.
- In the search field, enter
Dynatrace. - Select the Dynatrace application, and then select
Create. - After the application is created, go to the Dynatrace application and select Properties.
- Set Assignment required? to No, and then select Save.
- From the menu, select Single sign-on, and then select SAML.
- When prompted to Save single sign-on settings, select Yes.
After setting up SSO in Active Directory, you can enable SSO during or after the Azure integration deployment.
Set up the integration
When you first deploy the Azure Native Dynatrace Service, a new Dynatrace environment hosted on a new Dynatrace resource is created.
-
The Dynatrace resource is created in the Azure subscription and resource group that you select during the installation deployment. You can configure, manage, and troubleshoot issues on your Dynatrace resource from the Azure Portal.
-
The Dynatrace environment is created in the same Azure region in which you create the Dynatrace resource. In this new environment:
- After you install OneAgent, you can start monitoring metrics from your Azure resources. You can also collect metrics from the default services
- You can collect logs from your Azure resources
You do not need an environment ActiveGate for this integration.
To set up the integration
-
Go to the Azure subscription where you want to create the Dynatrace resource.
-
Select Resources, and then select Create.
-
Search for
Azure Native Dynatrace Service. You should see the message that a private product is available. -
Select the tile Azure Native Dynatrace Service.
-
In the list for choosing a plan, select the private plan that you accepted in Activate the private plan for Azure Native Dynatrace Service and then select Subscribe.
-
On Create a new Dynatrace environment, select Create.
-
In Basics, for Resource group, specify whether to create a new resource group or use an existing one.
A resource group is a container that holds related resources for an Azure solution. For more information, see Azure Resource Group overview.
-
Enter a Resource name for the Dynatrace resource, and then select a Region from the dropdown menu. The Dynatrace resource in Azure and the Dynatrace environment will be created in the selected region.
-
Select your Pricing plan, and then select Next: Metrics and Logs.
-
optional Select whether to Send subscription activity logs and/or Send Azure resource logs. For details, see Configure metrics and logs.
If you select Send Azure resource logs for all defined services, Azure resource logs are sent for all defined resources by default, which means logs are collected for all supported resources. To filter the specific set of Azure resources sending logs to Dynatrace, you can use Azure resource tags. Tag rules are:
- Azure resources with
Includetags send logs to Dynatrace. - Azure resources with
Excludetags don't send logs to Dynatrace. If there's a conflict between inclusion and exclusion rules, exclusion takes priority.
- Azure resources with
-
Select Next: Single sign-on.
-
optional Choose whether to Enable SSO through Azure Active Directory.
- If you don't want to enable this feature, select Next: Tags.
- If you want to enable this feature, select it, select the Dynatrace application ID that is displayed, and then select Next: Tags.
-
optional Specify tags for the new Dynatrace resource, and then select Next: Review + create.
-
Verify if the information submitted is correct, and then select Create. When the deployment is complete, you can select Go to resource to navigate to the specific Dynatrace resource.
Link multiple Azure subscriptions to one Dynatrace environment optional
After deploying the Azure integration, you can:
Link more Azure subscriptions to your newly created Dynatrace environment.
Link more Dynatrace environments to a single Azure subscription.
Follow the steps below, making sure to repeat the procedure for every subscription that you want to link.
-
Go to your desired Azure subscription, select Resources, and then select Create.
-
Search for
Azure Native Dynatrace Service. You should see the message that a private product is available. -
Select the tile Azure Native Dynatrace Service.
-
In the list for choosing a plan, select the private plan that you accepted in Activate the private plan for Azure Native Dynatrace Service and then select Subscribe.
-
On the option Link Azure subscription to an existing Dynatrace environment, select Create.
-
In Basics, for Resource group, specify whether to create a new resource group or use an existing one.
A resource group is a container that holds related resources for an Azure solution. For more information, see Azure Resource Group overview.
-
Enter a Resource name and then select a Region from the dropdown menu.
The Dynatrace environment to link and your new Dynatrace resource must be in the same region.
-
Select the Dynatrace environment to link to the Azure subscription, and then select Next: Metrics and Logs.
-
optional Select whether to Send subscription activity logs and/or Send Azure resource logs. For details, see Configure metrics and logs.
If you select Send Azure resource logs for all defined services, Azure resource logs are sent for all defined resources by default, which means that logs are collected for all supported resources. To filter the specific set of Azure resources sending logs to Dynatrace, you can use Azure resource tags. Tag rules are:
- Azure resources with
Includetags send logs to Dynatrace. - Azure resources with
Excludetags don't send logs to Dynatrace. If there's a conflict between inclusion and exclusion rules, exclusion takes priority.
- Azure resources with
-
Skip Next: Single sign-on (you can only configure SSO after deployment) and then select Next: Tags.
-
optional Specify tags for the new Dynatrace resource, and then select Next: Review + create.
-
Verify if the information submitted is correct, and then select Create. When the deployment is complete, you can select Go to resource to navigate to the specific Dynatrace resource.
Access your Dynatrace environment
After you set up the integration, you can access your Dynatrace environment directly from Azure Portal.
In Azure Portal, go to your Dynatrace resource and select Overview. All details of your Dynatrace environment will appear there, including direct links to the following web UI pages:
- Dashboards - For details, see Dashboards Classic.
- Log Viewer - For details, see Log viewer (Logs Classic).
- Smartscape topology - For details, see Visualize your environment topology through Smartscape.
Configure metrics and logs
Metrics
- You can activate metrics after the Azure integration deployment.
Collect metrics from Virtual Machines and App Services
To start collecting metrics from your Virtual Machines and App Services, you need to install Dynatrace OneAgent on these resources as an extension .
Collect metrics from cloud services
All services and metrics are enabled by default. You can disable them if needed by selecting the delete button from the list of services. After Dynatrace connects to your Azure environment, it immediately starts monitoring Azure's built-in services for the service principal you have defined. Built-in Azure metrics lists the metrics of Azure cloud services monitored by default.
Manage cloud services
All cloud services are monitored by default, but you can quickly disable them from the list or re-enable them as needed.
To add services to monitoring
- In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure.
- On the Azure overview page, find the connection that you want to change and select Edit
in that row. - Under Services, select Manage services.
- For each service that you want to add: select Add service, select the service from the list, and then select Add service.
- Select Save changes to save your configuration.
After you add a service, Dynatrace automatically starts collecting a set of metrics for that service.
Recommended metrics:
Are enabled by default and can't be disabled.
Can come with recommended dimensions (enabled by default, can't be disabled) and optional dimensions (disabled by default, can be enabled).
Apart from the recommended metrics, most services offer the possibility of enabling optional metrics that can be added and configured manually.
To see the complete list of Azure cloud services and learn about the metrics collected for each of them, see All Azure cloud services.
Alternatively, you can check the list of supported Azure services on Dynatrace Hub or within the in-product Hub: in the Dynatrace menu, go to Dynatrace Hub and search for Azure.
- In the Dynatrace menu, go to Settings and select Cloud and virtualization > Azure.
- On the Azure overview page, find the connection that you want to change and select Edit in that row.
- Under Services, select Manage services.
Select the service for which you want to add metrics. The service details page lists the metrics you are already monitoring for that service.
- Select Add metric.
- From the Add new metric list, select the metric and then select Add metric.
- Select
to expand the metric details and configure the metric. - Select Apply to save your configuration.
After you select the cloud services and save your changes, monitoring of the newly added services starts automatically.
Logs
- You can activate logs either during the Azure integration deployment or after deployment.
You can set up two types of logs from Azure to Dynatrace: subscription activity logs and Azure resource logs.
Subscription activity logs
Subscription activity logs provide insights into the operations (PUT, POST, DELETE) performed on each Azure resource in your subscription (the management plane). For each Azure subscription, there's a single activity log.
Azure resource logs
Azure resource logs provide insights into operations that were performed within an Azure resource (the data plane), such as getting a secret from a key vault or making a request to a database. The content of resource logs varies by the Azure service and resource type.
For a list of Azure resource logs, see Supported categories for Azure Monitor resource logs.
How to activate logs after deployment
Azure Native Dynatrace Service uses Dynatrace access token called azure-native-integration which is rotated every 24 hours.
Create tags
- You can create tags either during the Azure integration deployment or after deployment.
You can apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy. You can specify tags for the new Dynatrace resource in Azure by adding custom key/value pairs:
- For Name, enter the name of the tag corresponding to the Azure Dynatrace resource (for example,
owner). - For Value, enter the value of the tag corresponding to the Azure Dynatrace resource (for example, the owner's email account).
If you don't set any tags, all logs from the monitored resources on your Azure subscription are sent to Dynatrace.
How to create tags after deployment
In the Azure Portal, go to your new Dynatrace resource, and then select Tags. Alternatively, you can select Monitored resources, and then select Edit tags for the desired resources.
Manage monitored resources in Azure Portal
After deploying the Azure Native Dynatrace Service, you can view, manage, and monitor your Azure resources, and you can install OneAgent on your Azure Virtual Machines and Azure App Services.
To view your list of resources, in the Azure Portal, go to your Dynatrace resource and select Monitored resources. You can filter the list of resources displayed by Resource name (Azure resource name), Resource type (Azure resource type), Resource group (resource group name for the Azure resource), Region (location of the Azure resource), and Logs to Dynatrace (whether the resource is sending logs to Dynatrace).
To debug why a resource isn't sending logs, see Troubleshoot.
Deploy OneAgent on Azure Virtual Machines and Azure App Services
You can deploy OneAgent after the Azure integration deployment.
To monitor your Azure Virtual Machines or Azure App Services, you can install Dynatrace OneAgent on these resources as an extension.
Uninstall the Azure Native Dynatrace Service
To uninstall the Azure Native Dynatrace Service, you need to delete the Dynatrace resource. When the Dynatrace resource is deleted from Azure, logs and metrics are no longer sent to Dynatrace and all billing for Dynatrace through Azure Marketplace stops.
To delete the Dynatrace resource
- In the Azure Portal, go to your Dynatrace resource and select Overview.
- Select Delete.
- Enter the name of the application you want to delete, then select Delete.
How to request new features
If you have a feature request, use the Microsoft Developer Community to suggest new features.
Troubleshoot
Make sure that the Dynatrace application is installed in your Azure Active Directory, and that the SAML integration is enabled. For details, see SSO permissions.
If you linked an existing Dynatrace environment to your Azure subscription, and you’re not the Dynatrace account owner of that environment, the account owner needs to assign you SSO permissions in the respective Dynatrace environment so that you can enable SSO for that Dynatrace environment in Azure.
To assign SSO permissions in Dynatrace, there are two options:
- Assign a user to the Account manager group
- Add View and manage users and groups permission to a group
See below for instructions on each of these options.
For more information on user permissions, see Manage user groups and permissions.
Restart your App Service plan.
This isn't possible with the Azure Native Dynatrace Service. The Azure Native Dynatrace Service is strictly tied to an Azure tenant, and therefore logs can only be retrieved from subscriptions in the same Azure environment. To set up log monitoring for an Azure subscription in the same Azure tenant, create a Dynatrace resource in this subscription and follow the instructions to link multiple Azure subscriptions to one Dynatrace environment.
Use the Dynatrace OneAgent extension for Virtual Machines and create a PaaS token.
On Monitored resources for your Dynatrace resource, if there is an error message under Logs to Dynatrace, this means that your Azure resource isn't sending logs. There are several possible reasons for this:
- The resource doesn't support sending logs. For a list of supported resource types and log categories, see Supported categories for Azure Monitor resource logs.
- You have reached the limit of five diagnostic settings per Azure resource. For details, see Diagnostic settings in Azure Monitor.
- Logs aren't properly configured—only Azure resources that have the appropriate resource tags as configured in Metrics and logs can send logs to Dynatrace.
The region isn't supported—the Azure resource is in a region that doesn't currently send logs to Dynatrace.
OneAgent isn't installed/configured to send logs to Dynatrace (applies to Virtual Machines).
To delete Dynatrace for Azure, you need to have owner permission to your Dynatrace account.
Log ingest FAQ
The default limit is 100,000 log lines per subscription (Azure Native Dynatrace resource). To increase this limit, contact a Dynatrace product expert via live chat.
All Azure services in the Azure Monitor log categories ingest logs, including Azure Active Directory and Azure Monitor Integration Service.
Azure Native Dynatrace Service automatically enables log forwarding in the Azure subscription where the Dynatrace resource is enabled. Log forwarding is enabled for all supported services and resources. Tag filtering rules can be defined to include or exclude certain Azure resources from sending logs.
Logging with the Azure Native Dynatrace Service causes egress costs and platform logs cost, depending on:
-
The Azure region where the Azure Native Dynatrace Service is running.
Current possible regions are
East US,West US 3,West Europe,Canada CentralandUAE North. -
The Azure region where the log producer (the Azure resource) is running.
Examples:
- If the Azure Native Dynatrace resource receives logs from an Azure Kubernetes Service (AKS) resource, and both resources run in
East US, the egress cost1 is $0.01/GB (cross-Azure traffic). The cost for Platform Logs would be $0.25/GB. - If the Azure Native Dynatrace resource is running in
East USand receives logs from an AKS resource running inBrazil South, the egress cost1 is $0.16/GB. The cost for Platform Logs would be $0.25/GB.
Data extracted from Bandwith pricing on May 2nd, 2023.
Sending Azure logs through the Azure Native Dynatrace Service is cheaper than sending Azure logs to Dynatrace environments running on AWS, because the internet egress costs between Azure and AWS are higher.
Examples:
-
If Dynatrace SaaS is running in AWS
Europe (Ireland), and Azure Kubernetes Service (AKS) (the resource ingesting logs) is inWest Europe, the egress costs1 are as follows:First 100 GB/month: free
Next 10 TB/month: $0.08/GB
Next 40 TB/month: $0.065/GB
Next 100 TB/month: $0.06/GB
Next 350 TB/month: $0.04/GB
-
If you use log forwarding for Azure Kubernetes Service (AKS) running in
Brazil South, the egress costs1 are as follows:First 100 GB/month: free
Next 10 TB/month: $0.12/GB
Next 40 TB/month: $0.085/GB
Next 100 TB/month: $0.08/GB
Next 350 TB/month: $0.075/GB
Data extracted from Bandwith pricing on January 23, 2022.