Monitor cloud management gateway

Applies to: Configuration Manager (current branch)

After the cloud management gateway (CMG) is running and clients are connecting through it, you can monitor clients and network traffic. Monitor the service to make sure its performance is optimal.

Monitor clients

Clients connected through the CMG appear in the Configuration Manager console the same way on-premises clients do. For more information, see how to monitor clients.

Monitor traffic in the console

Monitor traffic on the CMG using the Configuration Manager console:

  1. Go to the Administration workspace, expand Cloud Services, and select the Cloud Management Gateway node.

  2. Select the CMG in the list pane.

  3. View the traffic information in the details pane for the CMG connection point and the site system roles it connects to. These statistics show the client requests coming into these roles. The requests include policy, location, registration, content, inventory, and client notifications.

Set up outbound traffic alerts

Outbound traffic alerts help you know when network traffic approaches a 14-day threshold level. When you create the CMG, you can set up traffic alerts. If you skipped that part, you can still set up the alerts after the service is running. Adjust the alert settings at any time.

  1. Go to the Administration workspace, expand Cloud Services, and select the Cloud Management Gateway node.

  2. Select the CMG in the list pane, and then select Properties in the ribbon.

  3. Go to the Alerts tab to enable the threshold and alerts. Specify the 14-day data threshold in gigabytes (GB). Also specify the threshold percentage to raise the different alert levels.

  4. When you're done, select OK to save the changes.

Monitor logs

The following table lists the log files that contain information related to the cloud management gateway.

Log name Description Computer with log file
CloudMgr.log Records details about deploying the cloud management gateway service, ongoing service status, and use data associated with the service. To configure the logging level, edit the Logging level value in the following registry key: HKLM\SOFTWARE\ Microsoft\SMS\COMPONENTS\ SMS_CLOUD_ SERVICES_MANAGER The installdir folder on the primary site server or CAS.
CMGSetup.log Note 1 Records details about the second phase of the cloud management gateway deployment (local deployment in Azure). To configure the logging level, use the setting Trace level (Information (Default), Verbose, Error) on the Azure portal\Cloud services configuration tab. The %approot%\logs on your Azure server, or the SMS/Logs folder on the site system server
CMGService.log Note 1 Records details about the cloud management gateway service core component in Azure. To configure the logging level, use the setting Trace level (Information (Default), Verbose, Error) on the Azure portal\Cloud services configuration tab. The %approot%\logs on your Azure server, or the SMS/Logs folder on the site system server
SMS_Cloud_ProxyConnector.log Records details about setting up connections between the cloud management gateway service and the cloud management gateway connection point. Site system server
CMGContentService.log Note 1 When you enable a CMG to also serve content from Azure storage, this log records the details of that service. The %approot%\logs on your Azure server, or the SMS/Logs folder on the site system server
  • For troubleshooting deployments, use CloudMgr.log and CMGSetup.log
  • For troubleshooting service health, use CMGService.log and SMS_Cloud_ProxyConnector.log.
  • For troubleshooting client traffic, use CMGHttpHandler.log, CMGService.log, and SMS_Cloud_ProxyConnector.log.

Note 1: Logs synchronized from Azure

These are local Configuration Manager log files that cloud service manager syncs from Azure storage every five minutes. The cloud management gateway pushes logs to Azure storage every five minutes. So the maximum delay is 10 minutes. Verbose switches affect both local and remote logs. The actual file names include the service name and role instance identifier. For example, CMG-ServiceName-RoleInstanceID-CMGSetup.log. These log files are synced, so you don't need to RDP to the cloud management gateway to obtain them, and that option isn't supported.

Cloud management dashboard

The cloud management dashboard provides a centralized view for CMG usage. It also displays data about cloud users and devices.

In the Configuration Manager console, go to the Monitoring workspace. Select the Cloud Management node, and view the dashboard tiles.

The following screenshot shows the section of the cloud management dashboard specific for the CMG:

Cloud management dashboard tiles CMG traffic and Current online clients

Connection analyzer

To aid troubleshooting, use the CMG connection analyzer for real-time verification. The in-console utility checks the current status of the service, and the communication channel through the CMG connection point to any management points that allow CMG traffic.

  1. In the Configuration Manager console, go to the Administration workspace. Expand Cloud Services and select the Cloud management gateway node.

  2. Select the target CMG instance, and then select Connection analyzer in the ribbon.

  3. In the CMG connection analyzer window, select one of the following options to authenticate with the service:

    1. Azure AD user: Use this option to simulate communication the same as a cloud-based user identity signed in to an Azure AD-joined Windows 10 device. Select Sign In to securely enter the credentials for an Azure AD user account.

    2. Client certificate: Use this option to simulate communication the same as a Configuration Manager client with a client authentication certificate.

  4. Select Start to start the analysis. The analyzer window displays the results. Select an entry to see more details in the Description field.

Example output for the cloud management gateway (CMG) connection analyzer

Stop CMG when it exceeds threshold

Configuration Manager can stop a CMG service when the total data transfer goes over your limit. Use alerts to trigger notifications when the usage reaches warning or critical levels. To help reduce any unexpected Azure costs because of a spike in usage, this option turns off the cloud service.

Important

Even if the service isn't running, there are still costs associated with the cloud service. Stopping the service doesn't eliminate all associated Azure costs. To remove all cost for the cloud service, delete the CMG.

When you stop the CMG service, internet-based clients can't communicate with Configuration Manager.

The total data transfer (egress) includes data from the cloud service and storage account. This data comes from the following flows:

  • CMG to client
  • CMG to site, including CMG log files
  • If you enable CMG for content, storage account to client

For more information on these data flows, see CMG ports and data flow.

The storage alert threshold is separate. That alert monitors the capacity of your Azure storage instance.

When you select the CMG instance in the Cloud Management Gateway node in the console, you can see the total data transfer in the details pane.

Configuration Manager checks the threshold value every six minutes. If there's a sudden spike in usage, Configuration Manager can take up to six minutes to detect that it exceeded the threshold and then stop the service.

Process to stop the cloud service when it exceeds threshold

  1. Set up outbound traffic alerts.

  2. On the Alerts tab of the CMG properties window, enable the option to Stop this service when the critical threshold is exceeded.

To test this feature, temporarily reduce one of the following values:

  • 14-day threshold for outbound data transfer (GB). The default value is 10000.

  • Percentage of threshold for raising Critical alert. The default value is 90.

Next steps

If you need to change the configuration, you can modify the CMG: