Configuring Traffic Monitoring in Azure

Cet article n'est pas disponible en French. Affichez-la en English

Introduction

This feature is currently in a limited public preview.

Microsoft's Virtual Network TAP is explained in their overview as follows:

Azure virtual network TAP (Terminal Access Point) allows you to continuously stream your virtual machine network traffic to a network packet collector or analytics tool.

As a Field Effect client, you can take advantage of this functionality to stream all of the activity taking place within your Azure environment into Field Effect's virtual appliance.

Microsoft currently only supports the US West Central and Asia East regions for Virtual Network TAPs, therefore we can only support Azure traffic monitoring in those regions. Additionally, the destination host (appliance) and source VMs must be in the same Virtual Network or be in peer networks for Traffic Monitoring to work.

Current Limitations

Since this feature is currently in a limited public preview, the following limitations are in place:

Virtual network TAP only supports virtual machine's (VM) network interface as a mirroring source.
Virtual network TAP supports Load Balancer or VM's network interface as a destination resource for mirrored traffic.
Virtual network doesn't support Live Migration. VMs set as a source for virtual network TAPs will have live migration disabled.
VMs behind a Standard Load Balancer with Floating IP enabled can't be set as a mirroring source.
VMs behind Basic Load Balancer can't be set as a mirroring source.
Virtual network doesn't support mirroring of inbound Private Link Service traffic.
VMs in a virtual network with encryption enabled can't be set as mirroring source.
Virtual network TAP doesn't support IPv6.
When a VM is added or removed as a source, the VM might experience network downtime (up to 60 seconds)

Procedure

1: Create a new Network Interface

Start by creating a new network interface for the Field Effect appliance in Azure. This will be used as the destination in the required virtual network and subnet.

If the appliance VM is running, shut it down. Then, attach the network interface by navigating to VM > Networking > Networking Settings.

From this page, click Attach Network Interface and select the interface you created previously (see above) and add it. you can then turn the appliance VM back on.

Create a Virtual Network TAP

Navigate to https://aka.ms/VTAPPublicPreview and search for "Virtual Network terminal access points" and select it.

From the Virtual Network terminal access points page, click Create.

Set the project and instance details to align with your organization's configuration.

Click Select Destination Resource (shown above). From the Add a Destination page, select the interface you created earlier (see above).

Navigate back to the "Create Virtual Terminal Access Point" and select the Sources tab.

From the Sources tab, select all the VM instances you would like to monitor with Field Effect MDR.

After you have added all of you monitoring sources, click Review + Create. Verify that the correct source and destination details are listed in the summary window and click Create when ready. Once completed, the virtual appliance should now be ready to receive network traffic, which can help enrich the depth of Field Effect MDR's monitoring.

Adding Additional Sources

If you would like to add new monitoring sources after you have created this TAP, navigate to the VTAP's Resource -> Settings -> Sources page and select + Add.