Monitoring Microsoft Azure Cloud Services with vRealize Operations 8.1

The Management Pack for Microsoft Azure is an embedded adapter with diagnostic dashboards for vRealize Operations Manager. The adapter collects metrics from Microsoft Azure.This management pack supports the following services:

  • Virtual Machines
  • SQL Server
  • SQL Database
  • PostgreSQL Server
  • MySQL Server
  • Cosmos DB
  • Network Interface
  • Load Balancer

Configuring the Management Pack for Microsoft Azure

To configure the Management Pack for Microsoft Azure, you must activate it in vRealize Operations Manager and optionally change properties to customize it.

Microsoft Azure is a native management pack. You must activate the management pack if it is deactivated.

After activating the management pack, you must create an application and generate a client secret for the application in the Microsoft Azure portal.

You must use the client secret when you configure the management pack in vRealize Operations Manager and you dont have the option to use Certification.

  • You can install and use the management pack only with an enterprise license of vRealize Operations Manager.
  • The management pack has a default time granularity based on the services that it monitors. You cannot configure this granularity against the metrics. You can increase the collection interval but you must not decrease it. The default interval is 10 minutes.

Generate a Client Secret with Microsoft Azure

Create an Active Directory application and generate a client secret for the application in the Microsoft Azure portal. You must use the client secret when you configure a cloud account for the Management Pack for Microsoft Azure.

Create an Azure Active Directory application

Prerequisites

  • Ensure that you are using Microsoft Azure Cloud.
  • Ensure that you have a valid subscription in the Microsoft Azure portal with an Active Directory integration.

Sign in to your Azure Account through the Azure portal



Choose Azure Active Directory.


And Select App registrations.



if Registration doesnt exist press on New registration.



Name the application. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create.

Enter the URI where the access token is sent to. You can’t create credentials for a Native application. You can’t use that type for an automated application. After setting the values, select Register.


Type a name for your application


You’ve created your Azure AD application and service principal.


Assign a role to the application with Microsoft Azure


To access resources in your subscription, you must assign a role to the application. Decide which role offers the right permissions for the application. To learn about the available roles, see RBAC: Built in Roles.

You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope.

For example, adding an application to the Reader role for a resource group Therefore it can read the resource group and any resources it contains.

In the Azure portal, select the level of scope you wish to assign the application to. For example, to assign a role at the subscription scope, search for and select Subscriptions, or select Subscriptions on the Home page.

Add or remove role assignments using Azure RBAC and the Azure portal

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal


For example, assign a role at the subscription scope


Select the particular subscription to assign the application to.


Select subscription for assignment


If you don’t see the subscription you’re looking for, select global subscriptions filter. Make sure the subscription you want is selected for the portal.

Choose Access control (IAM).

Add role assignment.



For the role you wish to assign to the application. For example, to allow the application to execute actions like rebootstart and stop instances, select the Contributor role. Read more about the available roles By default, Azure AD applications aren’t displayed in the available options. To find your application, search for the name and select it.

Select Save to finish assigning the role. You see your application in the list of users with a role for that scope.

Your service principal is set up. You can start using it to run your scripts or apps. The next section shows how to get values that are needed when signing in programmatically.


Get values for signing in with Microsoft Azure


When programmatically signing in, you need to pass the tenant ID with your authentication request. You also need the ID for your application and an authentication key. To get those values, use the following steps:

Choose Azure Active Directory.

From App registrations in Azure AD, select your application.

Copy the Directory (tenant) ID and store it in your application code.


Copy the directory (tenant ID) and store it in your app code

Copy the Application ID and store it in your application code.

Copy the application (client) ID

Create a new application secret

If you choose not to use a certificate, you can create a new application secret.

  1. Select Certificates & secrets.
  2. Select Client secrets -> New client secret.
  3. Provide a description of the secret, and a duration. select Add.After saving the client secret, the value of the client secret is displayed.
  4. After That Copy this value aside. You will provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.
Copy the secret value because you can't retrieve this later

Add a Cloud Account for the Management Pack for Microsoft Azure

The Management Pack for Microsoft Azure is an embedded adapter, in which each adapter instance has diagnostic dashboards, and collects metrics from Microsoft Azure. You can add a cloud account to configure an adapter instance in vRealize Operations Manager.

Prerequisites

  • If the Management Pack for Microsoft Azure is deactivated, activate it in vRealize Operations Manager
  • Generate a client secret in the Microsoft Azure portal to use in this configuration

Procedure

On the menu, click Administration.



In the left pane, click Solutions > Cloud Accounts.



Click Add Account and select Microsoft Azure.



Enter the cloud account information.



Configure the connection.





Click Test Connection to validate the connection.



If the test connection fails, do not add the cloud account.

If you add the cloud account with a failed test connection, vRealize Operations Manager might not collect data for the adapter instance. To resolve this issue, remove the cloud account and add it again with correct information. If you are using a proxy, ensure that the proxy connection is efficient.


View Objects for the Management Pack for Microsoft Azure


You can use the inventory tree in vRealize Operations Manager to browse and select objects for an adapter instance of the Management Pack for Microsoft Azure. The inventory tree shows a hierarchical arrangement of the objects by cloud account and by region.

  1. On the menu, click Environment.
  2. In the left pane, under Environment Overview, expand VMware vRealize Operations Management Pack for Microsoft Azure.
  3. To view the objects by region, click Azure Resources By Region.
    • To view the objects by cloud account, click Azure Resources By Subscription.
  4. If you are viewing objects by region, select a region. You can click the Azure Region per Subscription tab to view the object information for the region per cloud account.
    • If you are viewing objects by cloud account, select a cloud account. You can also expand the inventory tree for each cloud account and select a resource group.
  5. To view information about each object, select either of the following options:
    • If you are viewing objects by region, expand the inventory tree for a subregion and select an object.
    • If you are viewing objects by cloud account, select an object under a cloud account or expand the inventory tree for a resource group and select an object.You can expand the inventory tree for an SQL Server object and select an SQL Database object to view information about the database object.

Leave a Reply

Your email address will not be published. Required fields are marked *