Configuring Microsoft Azure Virtual Machines in the TrueSight or Central Monitoring Administration console
This topic provides information about configuring PATROL for Microsoft Azure in the Central Monitoring Administration and TrueSight console.
To configure the KM, set the following preferences on the Add Monitoring Configuration dialog.
Monitoring Solution | Monitor Profile | Monitor Type |
---|---|---|
Microsoft Azure Virtual Machines | Microsoft Azure Virtual Machines | Microsoft Azure Virtual Machines |
Configuration details
Click Add to add the Azure Account details.
Field | Description | |
---|---|---|
Azure Accounts | ||
Azure Label | Enter a display name that identifies this set of Azure monitoring configuration. A top-level container is created with this display name. This container holds all the monitored Azure resources. For example, BMC-Prod or BMC-Test. Input must match '^[A-Za-z0-9_-]+$' regular expression pattern. | |
Tenant ID | Enter the Directory ID of the Azure Active Directory. Steps to obtain the directory id from the Microsoft Azure portal
| |
Application ID | Enter the ID of the Web app/API application that you have created in the Microsoft Azure portal. Steps to obtain the application id from the Microsoft Azure portal
| |
Application Key | Enter the key of the Web app/API application that you have created in the Microsoft Azure portal. Steps to obtain the application key from the Microsoft Azure portal
| |
Select Monitors | Corresponding Monitor types | |
Virtual Machine | Select this option to enable Virtual Machine monitoring. The KM monitors memory, disk, process, remote calls, and network usage of the virtual machines. Virtual Machine monitoring is enabled by default. Note: Diagnostic must be enabled for Virtual Machines. Microsoft Azure enables diagnostic Agent for each Resource Manager virtual machine and disables the basic metrics by default. | Note: The Azure Virtual Machine monitor type represents Resource Manager virtual machines. |
VIrtual Machine Scale Set | Select this option to enable Virtual Machine Scale Set monitoring. The KM monitors the network, disk, and CPU usage metrics of the Virtual Machine Scale Set Host and Instance. Virtual Machine Scale Set monitoring is enabled by default. | |
Login Endpoint | Enter the Login Endpoint for the cloud from which you want to monitor the resources. For example, login.microsoftonline.de for German Endpoint. For more information about German Endpoint refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank. | |
Management Endpoint | Enter the Management Endpoint for the cloud from which you want to monitor resources. For example, management.microsoftazure.de for German Endpoint. For more information about German Endpoint, refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank. | |
Storage Endpoint Suffix | Enter the Storage Endpoint Suffix for the cloud from which you want to monitor resources. For example, core.cloudapi.de for German StorageEndpointSuffix. T For more information about German Endpoint, refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank. | |
Object Filtering Details | ||
Subscription Filter | Enter the subscription ID (as seen on the Microsoft Azure portal) or a regular expression to filter subscription IDs. | |
Subscription Filter Type | Select whether to Include or Exclude the subscription ids from monitoring. | |
Resource Group Filter | Enter the resource group name (as seen on the Microsoft Azure portal) or a regular expression to filter the resource groups. | |
Resource Group Filter Type | Select whether to Include or Exclude the resource groups from monitoring. | |
Virtual Machine Filter | Enter the virtual machine name (as seen on the Microsoft Azure portal) or a regular expression to filter the virtual machines. | |
Virtual Machine Filter Type | Select whether to Include or Exclude the virtual machines from monitoring. | |
Enable Debug | ||
Enable Debug | Select this check box to enable KM debug. The log file is created at <PATROL_HOME>\paf\log directory on the PATROL Agent server. | |
OK | Click to save the configuration. | |
Cancel | Click to close the configuration window. |
Enter the administration details before you save the configuration.
Field | Description |
---|---|
JAVA Home | By default, the KM uses Java Runtime Environment (JRE) that is installed in the PATROL_HOME directory. To use your own JRE that is installed in a different location, specify the path for the Java home directory. For example, if your Java executable exists in the /usr/java/jdk1.7.0_71/jre/bin/java path, specify /usr/java/jdk1.7.0_71/jre as the value of this field. |
Enable Device Mapping | Select/clear this check box to enable/disable device creation. By default, device creation is enabled (check box is selected). Note: If you modify this setting after KM discovery, restart the PATROL Agent to apply the changes. |
Proxy Server Configuration | |
Use Proxy Configuration | Select the check box to enable the proxy configuration. Notes:
|
Server Name | Enter the name or the IP address of the proxy server that is being used to route the HTTP request. |
Port | Enter the proxy server port number that is being used to connect specified proxy server. |
User Name | Enter the proxy server username that is being used to log in. |
Password | Enter the proxy server password that is being used to log in. |
Prerequisites for configuring PATROL for Microsoft Azure
Click to view a short video (3:54) of how to use the Service principal based authentication to monitor your Azure accounts.
Monitoring an Azure account by using service principal based authentication
- Log in to the Microsoft Azure portal.
- On the dashboard, in the left navigation menu, select More Services > Azure Active Directory.
- Check if the Active Directory that is associated with your subscriptions is selected.
- Click Properties.
- Copy the Directory ID and enter it in the Tenant ID field.
- Go to App Registrations. Select New Application Registration.
- In Name, enter an application name of your choice. For example, BMCApplication.
- Select the Application Type as Web app/API.
- In the Sign-on URL, enter the REDIRECT URL. For example, https://BMCApplication.
- Click Create. Your application has been created.
- Search the application that you have created and open the application.
- Copy the Application id and use this id in the Application ID field.
- In the Settings panel, select Keys.
- In Description, enter the key description. For example, AppKey.
- In Expires, select the duration.For example, one year. Click Save.
- A value is generated in the Value field. Copy this value and enter it in the Application Key field.
Close this screen. - In the Settings panel, select Required permissions option.
- Click Add.
- Choose Select an API.
- Choose Windows Azure Service Management API.
- Click Select.
- Choose DELEGATED PERMISSIONS. Ensure that the Access Azure Service Management as organization users option is also selected in the delegated permissions.
- Click Select > Done.
- Select Windows Azure Active Directory (Microsoft.Azure.ActiveDirectory) and ensure that theSign in and read user profile permission is selected.
If not, follow steps from #a to #g to add the permission for Sign in and read user profile.
- Close all the panels.
Providing permissions to application that you have created
- On the dashboard, in the left navigation menu, select More Services > Subscriptions.
- Select the subscription that you want to monitor.
- In the Subscription, select Access Control (IAM).
- Click Add.
- In Role field, select Reader from the dropdown list
- In new pane search for Reader role and select it for Role text box.
- In Assign access to keep default value. The default value is Azure AD user, group, or application.
- In the Select text box, search for the application name that you have created. Select the application and click Save.
The Reader access, has been added to your application. - Click Add to add another permission to your application.
- In Role, select Storage Account Contributor from the dropdown list. This step is required only if you are monioring Virtual Machine and Storage Account services.
- Keep the default values in Assign access to field.
- In the Select text box, search for the application name that you have created. Select the application and click Save.
The Storage Account Contributor access, has been added to your application.
Note
If you want to monitor resources from multiple subscriptions, you must repeat steps 1 and 2 for each subscription.
Comments