How Do I Monitor Communication Between a Virtual Desktop and an Endpoint?
You as an admin must know how to monitor the communication between an endpoint and the virtual desktops. Endpoints can be another virtual machine (VM), a fully qualified domain name (FQDN), a uniform resource identifier (URI), or an IPv4 address.
Another tool is the Connection Monitor 2.0, which monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.
If an endpoint becomes unreachable, connection troubleshooting informs you of the reason. Potential reasons are a DNS name resolution problem; the CPU, memory, or firewall within the operating system of a VM; the hop type of a custom route; or a security rule for the VM or subnet of the outbound connection.
Additionally, the Connection Monitor provides the minimum, average, and maximum latency observed over time. After learning the latency for a connection, you may find that you’re able to decrease the latency by moving your Azure resources to different Azure regions.
How Do I View Resources in a Virtual Network and Their Relationships?
As resources are added to a virtual network, it can become difficult to understand what resources are in a virtual network and how they relate to each other. The topology capability enables you to generate a visual diagram of the resources in a virtual network and the relationships between the resources. Figure 4-38 shows an example topology diagram for a virtual network that has three subnets, two VMs, network interfaces, public IP addresses, network security groups, route tables, and the relationships between the resources.
Figure 4-38. An Azure virtual network, topology diagram
How Do I Diagnose Network Traffic Filtering Problems to or from a VM?
After you implement a VM, Azure applies various default security rules to the VM that allow or deny traffic to or from the VM. You as an admin might override Azure’s default rules or create additional rules. If you see a VM that may become unable to communicate with other resources, because of a security rule, the IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound). IP flow verifies the tests the communication and informs you if the connection succeeds or fails.
Important If the connection fails, IP flow checks and tells you which security rule allowed or denied the communication so that you can resolve the problem.