A high-level comparison of monitoring Windows OS with SCOM / OMS and Azure

A customer wants to move their core OS monitoring off of SCOM and over to OMS or another Azure-based solution.  I wrote up this comparison to highlight the key capabilities and differences in each. It's not intended to be an exhaustive list, but as a way to start the conversation.

Note that all the info here is current as of April 2018. Things change all the time, so take that into consideration!


 Core OS Monitoring Comparison 
System Center Operations Manager Azure-based solutions (Azure Monitor, Azure Diagnostics, OMS Log Analytics)
Windows Computer Health State
  • Monitors based on Availability, Performance, Configuration, Security
 Data collection
  • Collects:
    • performance counters,
    • event logs,
    • probe/script-based rules
  • Use Azure Monitor for host-level monitoring: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-overview-metrics
  • Use Azure Diagnostics or OMS for guest VM operating system monitoring
  • Azure Diagnostics can collect:
    • Performance data
    • Application logs
    • Windows Event logs
    • Custom error logs created by app or service
    • .NET Event source
    • IIS logs
    • ETW traces
    • Crash dumps
    • Azure diagnostics infrastructure logs
  • OMS can collect:
    • Performance data
    • Windows event logs
    • Custom logs
    • IIS logs
    • Syslog events
  • Monitor-based alerts
  • Event-based alerts
  • Performance (metric)-based alerts
  • Typically <1 minute alerting latency
Data visualization
  • Use the SCOM console or web console
  • Built-in dasbhoards, views, reports
  • Ability to custom author dashboards, views, reports
  • Queries OpsMgr database and datawarehouse
  • Azure Monitor:
    • Azure portal
    • Ability to custom author views, charts
    • Azure Monitor Metrics Explorer (preview)
  • OMS:
    • Log Analytics
    • View Designer
    • PowerBI
    • Service Map
  • Azure Diagnostics:
    • Route data to Azure Application Insights
    • Route data to Microsoft PowerBI
    • Route the data to a third-party visualization tool using either live streaming or by having the tool read from an archive in Azure storage
Administrative effort
  • Installing and tuning the management pack
    • With both SCOM and Azure, a key part of monitoring is knowing what you want to monitor/collect
Data retention
  • Two databases: OpsMgr database and Data Warehouse
  • OpsMgr database holds 7 days by default
  • Data Warehouse holds 400 days by default
  • Archive Azure Diagnostics Logs or Azure Monitor data to storage account to retain forever (or specify retention age)
  • Log Analytics has a retention age of 31 to 730 days