About VM Monitoring on Azure

Learn about the VM Monitoring options that are available to help you monitor assets in your Azure deployment.
As you deploy or terminate virtual machines in the Azure public cloud, you can either use the Panorama plugin for Azure or use the VM Monitoring script that runs on a virtual machine in the Azure public cloud environment to consistently enforce security policy rules on these workloads.
The Panorama plugin for Azure is built for scale and allows you to monitor up to 100 Azure subscriptions on the Azure public cloud. With this plugin, you use Panorama (running 8.1.3 or later) as an anchor to poll your subscriptions for tags, and then distribute the metadata (IP address-to-tag mapping) to many firewalls in a device group. Because Panorama communicates with your Azure subscriptions to retrieve VM information, you’re able to streamline the number of API calls made to the cloud environment. Although you can define Security policy locally on the firewall, using Panorama and the plugin makes it easier for you to centralize Security policy management and ensure consistent policies for hybrid and cloud-native architectures.
The VM Monitoring script posted on GitHub runs on a virtual machine in the Azure public cloud environment and is released under the community supported policy. The operating system of the virtual machine that the script runs on, must be Red Hat Enterprise Linux (RHEL) 7.4 with Python version 2.7.5. The script collects the IP address to tag mappings for all your Azure assets and uses the Azure and PAN-OS APIs to register the VM information—IP address to tag mapping—on the firewalls you specify. You can specify one or more virtual systems on the firewall to which you want to register the VM information.

Related Documentation