Azure Quick Start Guide

About

SevOne's Azure plugin allows you to collect metrics for Virtual Machines and Virtual Machine Scale Sets along with device metadata for each Resource type from an Azure environment. The Azure plugin allows you to monitor multiple different geographies for any given subscription. Multiple integrations can be created on a per subscription basis.

Device Creation

SevOne NMS Azure plugin regularly calls Azure APIs to retrieve information about
  • ExpressRoute Circuit
  • ExpressRoute Direct
  • ExpressRoute Gateway
  • Global Load Balancers
  • Load Balancers
  • Storage Account
  • Virtual Machine
  • Virtual Machine Scale Set
  • Virtual Machine Scale Set Instance
  • VPN Gateway
and then automatically create devices for each Azure resource.

Configure Web Proxy for Azure Plugin

Important: Please refer to section Appendix > Web Proxy Setup to set up the proxy using the environment variables in /etc/sevone/nms-collectors.yaml deployment file.

Required Resources in Azure

To monitor an Azure account, the following are necessary.

  • Tenant ID
  • Subscription ID
  • App Registration

App Registration and Client Secret

For the Azure plugin to run, it will need to authenticate with Azure by being registered as an application and using a client secret.

  1. To register an application, please navigate to the Azure Portal, https://portal.azure.com.
  2. Navigate to the App registrations. azureAppRegistrations
  3. Click New registration.
    Important: You may need to request your administrator for access to create a new registration.
    azureNewRegistration
  4. On Register an application page,
    1. Name - enter a name. For example, SevOne NPM.
    2. Under Supported account types, select check box Accounts in this organizational directory only.
    3. Click Register.azureNameAndRegister
  5. Once registered, the Azure portal will navigate to the recently registered App.
    Important: Remember to copy and save the values in fields Application (client) ID and Directory (tenant) ID in the right panel. You will need these to start the Azure plugin in SevOne NMS.
    azureAddCertOrSecret-1
  6. Click Add a certificate or secret or from the left navigation bar, choose Certificates & secrets.azureAddCertOrSecret-2
  7. Click Client secrets tab in the right panel, and then click New client secret.
    1. Description - add a description. For example, Azure NMS Collector secret.
    2. Expires - select an expiry date for the secret. The recommended time is 6 months by Azure. For example, 4/24/2024.
      Important: This procedure for creating a new client secret will need to be repeated when this secret expires after the selected expiry date.
    3. Click Add.azureNewClientExpirationDate
  8. After the secret is added, you should see the new client secret within the Client secrets tab. The Value field is the client secret that the collector needs to authenticate.
    Important: Remember to copy and save the client secret in field Value. You will need this in SevOne NMS to be able to start the Azure plugin.

    azureClientSecret

Assign a Role to the App

For the Azure plugin to be able to retrieve the correct information from Azure, it will need to be assigned a role containing all of the permissions that it needs.

  1. To assign a role to the application you created in the last section, please navigate to the Azure Portal, https://portal.azure.com.
  2. Navigate to Subscriptions.
    azurePortalSubs
  3. Click the name of the subscription that you want to monitor.
    azureSubscriptions
  4. Click Access control (IAM) on the left navigation bar.
    Important: Remember to copy and save the Subscription ID value in the right pane. You will need this in order to start the Azure plugin in SevOne NMS

    azureSubscriptionIDAndAccessControl
  5. Click Add, then click Add role assignment from the dropdown menu.
    azureAddRoleAssignment
  6. In the Add role assignment page > tab Role,
    1. Type Monitoring Reader into the search bar.
    2. Click the Monitoring Reader entry in the table.
    3. Click Next.
      azureAddRoleAssignmentRole
  7. In the Add role assignment page > tab Members,
    1. Click Select members.
    2. In the Select members panel,
      • Type the name of the app you registered into the Select search bar.
      • Click the correct entry for the app you registered in the results.
      • Click Select.
    3. Click Next.
      azureAddRoleAssignmentMembers
  8. In the Add role assignment page > tab Review + assign,
    1. Review the information on the page to make sure everything is correct.
    2. Click Review + assign.
      azureAddRoleAssignmentReviewAndAssign
Note: Repeat steps 3 – 8 above for each subscription that you want to monitor, taking note of each Subscription ID. It is not necessary to create a new app registration for each subscription.

Enable Azure Plugin

Execute the following steps to monitor an Azure account. This will automatically create devices and collect metrics for various Azure resources within selected regions for that account.

  1. To access the Device Manager from the navigation bar, click the Devices menu and select Device Manager.
  2. Either add a device with the Azure plugin or edit an existing device to enable the Azure plugin.
    • Click Add Device to display the New Device page.
    • Click the wrench icon under the Actions column to display the Edit Device page.
  3. Click the plugin drop-down. By default, it is set to SNMP. Select Azure.
    azurePluginDeviceManager
  4. Select the Enable Azure Integration check box.
  5. In the Tenant ID field, enter the ID of the Azure tenant you want to monitor. This is the same as the Directory (tenant) ID value that was noted above.
  6. In the Subscription ID field, enter the ID of the Azure subscription you want to monitor. This is the same as the Subscription ID that was noted above.
  7. In the Application Client ID field, enter the ID of Azure registered application for SevOne. This is the same as the Application (client) ID value that was noted above.
  8. In the Client Secret Value field, enter the value of the secret created for the Azure registered application. This is the same as the value noted in Value above.
  9. Click Save As New to save the current changes as a New Device, or click Save to confirm the changes in the Edit Devicepage.
  10. When the desired changes have been saved, click the Cancel button to return to the Device Manager page.

Create TopN View in SevOne NMS to view Azure resources

SevOne NMS contains a package with Azure-specific TopN views. To import, execute the following command.


$ podman exec -it nms-nms-nms SevOne-import --file /config/azure/topn.spk
Warning: The import will fail unless the Azure collector has run successfully at least once.

OOTB Reports

Once the NMS Azure Plugin integration is setup and Devices and Objects are populated in the Device Manager, the following out-of-the-box (OOTB) reports are available in Data Insight to get insight on the resources.

  • Azure ExpressRoute Circuit - report showing ExpressRoute Circuit metrics.
  • Azure ExpressRoute Direct - report showing Azure ExpressRoute Direct metrics.
  • Azure ExpressRoute Gateway - report showing Azure ExpressRoute Gateway metrics.
  • Azure Load Balancer - report showing Azure Load Balancer metrics.
  • Azure Storage Account - report showing Azure Storage Account metrics.
  • Azure Virtual Machine - report showing Azure Virtual Machine metrics.
  • Azure Virtual Machine Scale Set - report showing Azure Virtual Machine Scale Set metrics.
  • Azure Virtual Machine Scale Set Instance - report showing Azure Virtual Machine Scale Set Instance metrics.
  • Azure VPN Gateway - report showing Azure VPN Gateway metrics.

Appendix

Web Proxy Setup

If you are using Web Proxies for connecting to the Azure environment, you may need to set the web proxy. The proxy URL can be in one of the following two formats.
  1. 
    http://<user>:<password>@<domain name or IP address>:<port>
    
    or
    
    https://<user>:<password>@<domain name or IP address>:<port>
    
    where, <user> and <password> are URL encoded strings.

    These URLs are defined using the environment variables. For example,
    
    HTTP_PROXY=http://user1:password@proxy.corp.com:8080
    
    or 
    
    HTTPS_PROXY=https://user1:password@proxy.corp.com:8080
    
  2. 
    http://<domain name or IP address>:<port>
    
    or
    
    https://<domain name or IP address>:<port>
    
    if there is no username and password associated with the proxy.

    These URLs are defined using the environment variables. For example,
    
    HTTP_PROXY=http://proxy.corp.com:8080
    
    or 
    
    HTTPS_PROXY=https://proxy.corp.com:8080
    

As the Azure collector is running within a pod as a container, the environment variables must be set for that container. Execute the following steps.
  1. Using ssh, log in to SevOne NMS appliance as support user.
    
    $ ssh support@<NMS appliance>
    
  2. Using a text editor of your choice, edit /etc/sevone/nms-collectors.yaml file.
    
    $ sudo vi /etc/sevone/nms-collectors.yaml
    
  3. In this file, look for section spec.containers and find the container that is associated with the Azure collector; it should be referred to as azure-collector. In this section, add the environment variables under env.
    
    "env":
      - "name": "SSL_CERT_DIR"
        "value": "/secrets/nginx"
      - "name": "HTTP_PROXY"
        "value": "http://proxy.corp.com:8080"
      - "name": "HTTPS_PROXY"
        "value": "http://proxy.corp.com:8080"
    "image": "docker.s1artrtp1.s1.devit.ibm.com/cloud-monitoring/azure-nms-collector:3e3f2279"
    "imagePullPolicy": "IfNotPresent"
    "name": "azure-collector"
    
  4. Restart nms-collectors service.
    
    $ sudo systemctl restart nms-collectors;