Forum Discussion
Multi Tenant Centralize Log Analytics
AzureSensei For me this is just not the right way and I think it is a road that is filled with many obstacles just because when services are designed for cross-tenant setup. Of course you are free to follow your on path. I cannot tell if every single integration in Azure will work in such scenario ( I am sure it will not work in some). For sure you can install Log Analytics agent on a VM located in one tenant and workspace in another tenant. That is possible because the agent connects to the workspace by ID and key so it works even for on-premises setups or in other clouds.
It is important to consider in such scenario overall management of these resources like the workspace. You can set retention per table but not per data. So if one of your customers wants 2 years but all others want default 30 days? What happens if particular customer due to compliance reasons does not want the data to be contained in the same resource? What happens if a customer leaves you as CSP and they want their data to be given to them? What happens if customer asks for certain data to be deleted as there is some performance penalty when data is deleted that will affect all your customers? This is just a small part of the example scenarios that you might meet if you take such decision. So it is good to sit down and consider all the scenarios that might apply to your existing or future customers and take decision based on if you are ready with solutions for those or not.
thanks Stanislav_Zhelyazkov,
Regarding billing, access management and things like data retention will be managed and contained within customer's subscriptions with pre-configured policies or other rulesets when "built".
And depending on which way data is exported from the tenant will depict the extra cost.
- Outbound from the customer tenant will be an extra cost for the customer.
- Initiated data collection from our tenant will be an extra cost for us.
Referring to the where the arrows are pointing in the link I provided.
Maybe I'm over-complicating things. Is it possible for the customer's Microsoft Monitoring Agent to connect to our "management" tenant?
AzureSensei For me this is just not the right way and I think it is a road that is filled with many obstacles just because when services are designed for cross-tenant setup. Of course you are free to follow your on path. I cannot tell if every single integration in Azure will work in such scenario ( I am sure it will not work in some). For sure you can install Log Analytics agent on a VM located in one tenant and workspace in another tenant. That is possible because the agent connects to the workspace by ID and key so it works even for on-premises setups or in other clouds.
It is important to consider in such scenario overall management of these resources like the workspace. You can set retention per table but not per data. So if one of your customers wants 2 years but all others want default 30 days? What happens if particular customer due to compliance reasons does not want the data to be contained in the same resource? What happens if a customer leaves you as CSP and they want their data to be given to them? What happens if customer asks for certain data to be deleted as there is some performance penalty when data is deleted that will affect all your customers? This is just a small part of the example scenarios that you might meet if you take such decision. So it is good to sit down and consider all the scenarios that might apply to your existing or future customers and take decision based on if you are ready with solutions for those or not.
Stanislav_Zhelyazkov you got some valid points there mister. I'll do as advised, and have a think about it.. Again.
