Configuring Microsoft Azure Virtual Machines in the TrueSight or Central Monitoring Administration console

This topic provides information about configuring PATROL for Microsoft Azure in the Central Monitoring Administration and TrueSight console.

To configure the KM, set the following preferences on the Add Monitoring Configuration dialog.

Monitoring Solution	Monitor Profile	Monitor Type
Microsoft Azure Virtual Machines	Microsoft Azure Virtual Machines	Microsoft Azure Virtual Machines

Configuration details

Click Add to add the Azure Account details.

Field	Description
Azure Accounts
Azure Label	Enter a display name that identifies this set of Azure monitoring configuration. A top-level container is created with this display name. This container holds all the monitored Azure resources. For example, BMC-Prod or BMC-Test. Input must match `'^[A-Za-z0-9_-]+$'` regular expression pattern.
Tenant ID	Enter the Directory ID of the Azure Active Directory. Steps to obtain the directory id from the Microsoft Azure portal Log in to the Microsoft Azure portal. On the dashboard, in the left navigation menu, select More Services > Azure Active Directory. Check if the Active Directory that is associated with your subscriptions is selected. Click Properties. Copy the Directory ID and enter it in the Tenant ID field.
Application ID	Enter the ID of the Web app/API application that you have created in the Microsoft Azure portal. Steps to obtain the application id from the Microsoft Azure portal Log in to the Microsoft Azure portal. On the dashboard, in the left navigation menu, select More Services > Azure Active Directory. Check if the Active Directory that is associated with your subscriptions is selected. Click Properties. Copy the Directory ID and enter it in the Tenant ID field. Go to App Registrations. Select New Application Registration. In Name, enter an application name of your choice. For example, BMCApplication. Select the Application Type as Web app/API. In the Sign-on URL, enter the REDIRECT URL. For example, https://BMCApplication. Click Create. Your application has been created. Search the application that you have created and open the application. Copy the Application ID and enter it in the Application ID field.
Application Key	Enter the key of the Web app/API application that you have created in the Microsoft Azure portal. Steps to obtain the application key from the Microsoft Azure portal Log in to the Microsoft Azure portal. On the dashboard, in the left navigation menu, select More Services > Azure Active Directory. Check if the Active Directory that is associated with your subscriptions is selected. Click Properties. Copy the Directory ID and enter it in the Tenant ID field. Go to App Registrations. Select New Application Registration. In Name, enter an application name of your choice. For example, BMCApplication. Select the Application Type as Web app/API. In the Sign-on URL, enter the REDIRECT URL. For example, https://BMCApplication. Click Create. Your application has been created. Search the application that you have created and open the application. Copy the Application ID and use this ID in the Application ID field. In the Settings panel, select Keys. In Description, enter the key description. For example, AppKey. In Expires, select the duration. For example, one year. Click Save. A value is generated in the Value field. Copy this value and enter it in the Application Key field.
Select Monitors		Corresponding Monitor types
Virtual Machine	Select this option to enable Virtual Machine monitoring. The KM monitors memory, disk, process, remote calls, and network usage of the virtual machines. Virtual Machine monitoring is enabled by default. Note: Diagnostic must be enabled for Virtual Machines. Microsoft Azure enables diagnostic Agent for each Resource Manager virtual machine and disables the basic metrics by default.	Azure VM (PAF_VM_CNTR) Azure Virtual Machine (PAF_VIRTUAL_MACHINE) Note: The Azure Virtual Machine monitor type represents Resource Manager virtual machines.
VIrtual Machine Scale Set	Select this option to enable Virtual Machine Scale Set monitoring. The KM monitors the network, disk, and CPU usage metrics of the Virtual Machine Scale Set Host and Instance. Virtual Machine Scale Set monitoring is enabled by default.	Azure VM Scale Set (PAF_VM_SCALE_SET) Azure VM Scale Sets (PAF_VM_SCALE_SET_CNTR) Azure VM Scale Set Instances (PAF_VM_SCALE_SET_INSTANCE) Azure VM Scale Set Host Metrics (PAF_VM_SCALE_SET_HOST_METRIC) Azure VM Scale Set Instance Host Metrics (PAF_VM_SCALE_SET_INSTANCE_HOST_METRIC)
Login Endpoint	Enter the Login Endpoint for the cloud from which you want to monitor the resources. For example, login.microsoftonline.de for German Endpoint. For more information about German Endpoint refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank.
Management Endpoint	Enter the Management Endpoint for the cloud from which you want to monitor resources. For example, management.microsoftazure.de for German Endpoint. For more information about German Endpoint, refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank.
Storage Endpoint Suffix	Enter the Storage Endpoint Suffix for the cloud from which you want to monitor resources. For example, core.cloudapi.de for German StorageEndpointSuffix. T For more information about German Endpoint, refer to the Microsoft Azure Germany developer guide. Similarly, for information about Endpoint details of other Azure Clouds, refer Microsoft documentation. The KM connects to the default global endpoint if this field is left blank.
Object Filtering Details
Subscription Filter	Enter the subscription ID (as seen on the Microsoft Azure portal) or a regular expression to filter subscription IDs.
Subscription Filter Type	Select whether to Include or Exclude the subscription ids from monitoring.
Resource Group Filter	Enter the resource group name (as seen on the Microsoft Azure portal) or a regular expression to filter the resource groups.
Resource Group Filter Type	Select whether to Include or Exclude the resource groups from monitoring.
Virtual Machine Filter	Enter the virtual machine name (as seen on the Microsoft Azure portal) or a regular expression to filter the virtual machines.
Virtual Machine Filter Type	Select whether to Include or Exclude the virtual machines from monitoring.
Enable Debug
Enable Debug	Select this check box to enable KM debug. The log file is created at <PATROL_HOME>\paf\log directory on the PATROL Agent server.
OK	Click to save the configuration.
Cancel	Click to close the configuration window.

Enter the administration details before you save the configuration.

Field	Description
JAVA Home	By default, the KM uses Java Runtime Environment (JRE) that is installed in the PATROL_HOME directory. To use your own JRE that is installed in a different location, specify the path for the Java home directory. For example, if your Java executable exists in the /usr/java/jdk1.7.0_71/jre/bin/java path, specify /usr/java/jdk1.7.0_71/jre as the value of this field.
Enable Device Mapping	Select/clear this check box to enable/disable device creation. By default, device creation is enabled (check box is selected). Note: If you modify this setting after KM discovery, restart the PATROL Agent to apply the changes.
Proxy Server Configuration
Use Proxy Configuration	Select the check box to enable the proxy configuration. Notes: If the environment permits, the KM can connect to the proxy server using the Server Name and Port fields only. User Name and Password fields are optional. If you select this option and do not provide the Server Name, Port, and user credentials, the KM uses the system proxy configured on the server. If you modify any proxy configuration setting, restart the PATROL Agent to apply the changes.
Server Name	Enter the name or the IP address of the proxy server that is being used to route the HTTP request.
Port	Enter the proxy server port number that is being used to connect specified proxy server.
User Name	Enter the proxy server username that is being used to log in.
Password	Enter the proxy server password that is being used to log in.

Back to top ↑

Prerequisites for configuring PATROL for Microsoft Azure

Click to view a short video (3:54) of how to use the Service principal based authentication to monitor your Azure accounts.

https://youtu.be/TF9mR_N0lQs

Monitoring an Azure account by using service principal based authentication

Log in to the Microsoft Azure portal.
On the dashboard, in the left navigation menu, select More Services > Azure Active Directory.
Check if the Active Directory that is associated with your subscriptions is selected.
Click Properties.
Copy the Directory ID and enter it in the Tenant ID field.
Go to App Registrations. Select New Application Registration.
In Name, enter an application name of your choice. For example, BMCApplication.
Select the Application Type as Web app/API.
In the Sign-on URL, enter the REDIRECT URL. For example, https://BMCApplication.
Click Create. Your application has been created.
Search the application that you have created and open the application.
Copy the Application id and use this id in the Application ID field.
In the Settings panel, select Keys.
In Description, enter the key description. For example, AppKey.
In Expires, select the duration.For example, one year. Click Save.
A value is generated in the Value field. Copy this value and enter it in the Application Key field.
Close this screen.
In the Settings panel, select Required permissions option.
1. Click Add.
2. Choose Select an API.
3. Choose Windows Azure Service Management API.
4. Click Select.
5. Choose DELEGATED PERMISSIONS. Ensure that the Access Azure Service Management as organization users option is also selected in the delegated permissions.
6. Click Select > Done.
7. Select Windows Azure Active Directory (Microsoft.Azure.ActiveDirectory) and ensure that theSign in and read user profile permission is selected.
  If not, follow steps from #a to #g to add the permission for Sign in and read user profile.
Close all the panels.

Providing permissions to application that you have created

On the dashboard, in the left navigation menu, select More Services > Subscriptions.
Select the subscription that you want to monitor.
1. In the Subscription, select Access Control (IAM).
2. Click Add.
3. In Role field, select Reader from the dropdown list
4. In new pane search for Reader role and select it for Role text box.
5. In Assign access to keep default value. The default value is Azure AD user, group, or application.
6. In the Select text box, search for the application name that you have created. Select the application and click Save.
  The Reader access, has been added to your application.
7. Click Add to add another permission to your application.
8. In Role, select Storage Account Contributor from the dropdown list. This step is required only if you are monioring Virtual Machine and Storage Account services.
9. Keep the default values in Assign access to field.
10. In the Select text box, search for the application name that you have created. Select the application and click Save.
  The Storage Account Contributor access, has been added to your application.

Note

If you want to monitor resources from multiple subscriptions, you must repeat steps 1 and 2 for each subscription.