Azure Quick Start Guide
About
SevOne's Azure plugin allows you to collect metrics for Virtual Machines and Virtual Machine Scale Sets along with device metadata for each Resource type from an Azure environment. The Azure plugin allows you to monitor multiple different geographies for any given subscription. Multiple integrations can be created on a per subscription basis.
Device Creation
- ExpressRoute Circuit
- ExpressRoute Direct
- ExpressRoute Gateway
- Global Load Balancers
- Load Balancers
- Storage Account
- Virtual Machine
- Virtual Machine Scale Set
- Virtual Machine Scale Set Instance
- VPN Gateway
Configure Web Proxy for Azure Plugin
Required Resources in Azure
To monitor an Azure account, the following are necessary.
- Tenant ID
- Subscription ID
- App Registration
App Registration and Client Secret
For the Azure plugin to run, it will need to authenticate with Azure by being registered as an application and using a client secret.
- To register an application, please navigate to the Azure Portal, https://portal.azure.com.
- Navigate to the App registrations.
- Click New registration.Important: You may need to request your administrator for access to create a new registration.
- On Register an application page,
- Name - enter a name. For example, SevOne NPM.
- Under Supported account types, select check box Accounts in this organizational directory only.
- Click Register.
- Once registered, the Azure portal will navigate to the recently registered App.
Important: Remember to copy and save the values in fields Application (client) ID and Directory (tenant) ID in the right panel. You will need these to start the Azure plugin in SevOne NMS. - Click Add a certificate or secret or from the left navigation bar, choose Certificates & secrets.
- Click Client secrets tab in the right panel, and then click New client secret.
- Description - add a description. For example, Azure NMS Collector secret.
- Expires - select an expiry date for the secret. The recommended time is 6 months
by Azure. For example, 4/24/2024.
Important: This procedure for creating a new client secret will need to be repeated when this secret expires after the selected expiry date. - Click Add.
- After the secret is added, you should see the new client secret within the Client secrets tab.
The Value field is the client secret that the collector needs to authenticate.
Important: Remember to copy and save the client secret in field Value. You will need this in SevOne NMS to be able to start the Azure plugin.
Assign a Role to the App
For the Azure plugin to be able to retrieve the correct information from Azure, it will need to be assigned a role containing all of the permissions that it needs.
- To assign a role to the application you created in the last section, please navigate to the Azure Portal, https://portal.azure.com.
- Navigate to Subscriptions.
- Click the name of the subscription that you want to monitor.
- Click Access control (IAM) on the left navigation bar.
Important: Remember to copy and save the Subscription ID value in the right pane. You will need this in order to start the Azure plugin in SevOne NMS
- Click Add, then click Add role assignment from the dropdown menu.
- In the Add role assignment page > tab Role,
- Type Monitoring Reader into the search bar.
- Click the Monitoring Reader entry in the table.
- Click Next.
- In the Add role assignment page > tab Members,
- Click Select members.
- In the Select members panel,
- Type the name of the app you registered into the Select search bar.
- Click the correct entry for the app you registered in the results.
- Click Select.
- Click Next.
- In the Add role assignment page > tab Review + assign,
- Review the information on the page to make sure everything is correct.
- Click Review + assign.
Enable Azure Plugin
Execute the following steps to monitor an Azure account. This will automatically create devices and collect metrics for various Azure resources within selected regions for that account.
- To access the Device Manager from the navigation bar, click the Devices menu and select Device Manager.
- Either add a device with the Azure plugin or edit an existing device to enable the Azure plugin.
- Click Add Device to display the New Device page.
- Click the wrench icon under the Actions column to display the Edit Device page.
- Click the plugin drop-down. By default, it is set to SNMP. Select
Azure.
- Select the Enable Azure Integration check box.
- In the Tenant ID field, enter the ID of the Azure tenant you want to monitor. This is the same as the Directory (tenant) ID value that was noted above.
- In the Subscription ID field, enter the ID of the Azure subscription you want to monitor. This is the same as the Subscription ID that was noted above.
- In the Application Client ID field, enter the ID of Azure registered application for SevOne. This is the same as the Application (client) ID value that was noted above.
- In the Client Secret Value field, enter the value of the secret created for the Azure registered application. This is the same as the value noted in Value above.
- Click Save As New to save the current changes as a New Device, or click Save to confirm the changes in the Edit Devicepage.
- When the desired changes have been saved, click the Cancel button to return to the Device Manager page.
Create TopN View in SevOne NMS to view Azure resources
SevOne NMS contains a package with Azure-specific TopN views. To import, execute the following command.
$ podman exec -it nms-nms-nms SevOne-import --file /config/azure/topn.spk
OOTB Reports
Once the NMS Azure Plugin integration is setup and Devices and Objects are populated in the Device Manager, the following out-of-the-box (OOTB) reports are available in Data Insight to get insight on the resources.
- Azure ExpressRoute Circuit - report showing ExpressRoute Circuit metrics.
- Azure ExpressRoute Direct - report showing Azure ExpressRoute Direct metrics.
- Azure ExpressRoute Gateway - report showing Azure ExpressRoute Gateway metrics.
- Azure Load Balancer - report showing Azure Load Balancer metrics.
- Azure Storage Account - report showing Azure Storage Account metrics.
- Azure Virtual Machine - report showing Azure Virtual Machine metrics.
- Azure Virtual Machine Scale Set - report showing Azure Virtual Machine Scale Set metrics.
- Azure Virtual Machine Scale Set Instance - report showing Azure Virtual Machine Scale Set Instance metrics.
- Azure VPN Gateway - report showing Azure VPN Gateway metrics.
Appendix
Web Proxy Setup
-
where, <user> and <password> are URL encoded strings.http://<user>:<password>@<domain name or IP address>:<port> or https://<user>:<password>@<domain name or IP address>:<port>
These URLs are defined using the environment variables. For example,HTTP_PROXY=http://user1:password@proxy.corp.com:8080 or HTTPS_PROXY=https://user1:password@proxy.corp.com:8080
-
if there is no username and password associated with the proxy.http://<domain name or IP address>:<port> or https://<domain name or IP address>:<port>
These URLs are defined using the environment variables. For example,HTTP_PROXY=http://proxy.corp.com:8080 or HTTPS_PROXY=https://proxy.corp.com:8080
As the Azure collector is running within a pod as a container, the environment variables must be set for that container. Execute the following steps.
- Using ssh, log in to SevOne NMS appliance as support user.
$ ssh support@<NMS appliance>
- Using a text editor of your choice, edit /etc/sevone/nms-collectors.yaml file.
$ sudo vi /etc/sevone/nms-collectors.yaml
- In this file, look for section spec.containers and find the container that is associated
with the Azure collector; it should be referred to as azure-collector. In this section, add
the environment variables under env.
"env": - "name": "SSL_CERT_DIR" "value": "/secrets/nginx" - "name": "HTTP_PROXY" "value": "http://proxy.corp.com:8080" - "name": "HTTPS_PROXY" "value": "http://proxy.corp.com:8080" "image": "docker.s1artrtp1.s1.devit.ibm.com/cloud-monitoring/azure-nms-collector:3e3f2279" "imagePullPolicy": "IfNotPresent" "name": "azure-collector"
- Restart nms-collectors service.
$ sudo systemctl restart nms-collectors;