Microsoft Azure - Azure API Extractor

Use the Microsoft Azure - Azure API Extractor to collect configuration and performance data of the virtual machines that are provisioned in the Azure cloud. The collected data is used for analyzing and optimizing the capacity of your Azure infrastructure. To collect data, the Azure API ETL makes API calls to the Azure services.

Depending on your requirement, you can configure the ETL to collect data from the Azure Resource Manager model or the Classic model. For the Azure Resource Manager model, the ETL supports the following subscription types:

PAY-AS-YOU-GO
Azure Government (Supported in TrueSight Capacity Optimization version 11.3.01.001 or later)

If you apply tags to organize your Azure resources by related business services, you can configure the ETL to use these tags to display the Azure metrics by business services.The following video (3:59) provides information about the GovCloud (US) support introduced in the Amazon Web Services and Microsoft Azure API ETL.

https://youtu.be/9ZrJo-y1oeU

Collecting data by using the Azure API ETL

To collect data by using the Azure API ETL, do the following tasks:

I. Complete the preconfiguration tasks.

II. Configure the ETL.

III. Run the ETL.

IV. Verify data collection.

Step I. Complete the preconfiguration tasks

Depending on your Azure deployment model, select a tab and complete the steps:

Step	Details
Get your Azure subscription ID. The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.	Steps to obtain Azure subscription ID Log in to the Azure portal. In the left pane, select Subscriptions. Locate the required subscription from the list of subscriptions, and note down the Azure subscription GUID.
If you want to retrieve data for multiple subscriptions by using a single ETL, create a Subscription list file that contains the Subscription ID of every subscription. The file can be in .txt or .csv format. You need a separate subscription file per tenant.	Steps to create a Subscription list file Open a new .txt or .csv file. Add the subscription ID and click Enter. Repeat step 2 for every subscription. For example: <subscription ID1> <subscription ID2> Save the updates.
Ensure that you have the required permissions to create an application in Azure Active Directory (AAD).	Steps to check Azure Active Directory permissions Log in to the Azure portal. In the left pane, select Azure Active Directory. The Overview page is displayed. In the left pane of Azure Active Directory, click User Settings. In the right pane, review the App registrations setting. Yes - Allows any user in the Azure AD tenant to register AD apps. No - Only admin users can register AD apps. Select Overview and review your user information to verify whether your account is an admin account. If your account is assigned to the User role, contact your administrator to select Yes or assign you an administrator role. For more information about checking the Azure Active Directory permissions, see Check Azure Active Directory permissions .
Create an AAD application to gain access to Azure resources.	Steps to create an AAD application Log in to the Azure portal. In the left pane, select Azure Active Directory. The Overview page is displayed. In the left pane of Azure Active Directory, click App Registrations, and click New registration. Specify the following details and click Register. Name and redirect URI for the application. Supported account types as Accounts in this organizational directory only. For more information about creating the Azure Active Directory application, see Create an Azure Active Directory application .
Obtain the Application ID and generate an authentication key for the application.	Steps to obtain the application ID and authentication key Log in to the Azure portal. In the left pane, select Azure Active Directory. The Overview page is displayed. In the left pane of Azure Active Directory, click App Registrations, and in the right pane, select the application that you created in AAD. Note down the application (client) ID. To generate an authentication key, click Certificates & secrets > Client secrets > New client secret. Provide a description and expiry duration for the key and click Add. Note down the generated authentication key value. For more information about obtaining the application ID and generating the authentication key, see Get application ID and authentication key .
Obtain the Tenant ID, which is the ID of the AAD directory where you created the application. About Tenants A Tenant is a representative of an organization within the Azure Active Directory. It is a dedicated instance of the Azure AD service. An AAD tenant is required for defining an application and assigning permissions to use REST APIs of other Azure services.	Steps to obtain the tenant ID Log in to the Azure portal and select Azure Active Directory. In Azure Active Directory, click Properties. Note down the value of the Directory ID, which is your tenant ID. For more information about obtaining the tenant ID, see Get tenant ID .
Grant API access to the application.	Steps to assign API access to your application Log on to the Azure portal. In the left pane, select Azure Active Directory. The Overview page is displayed. In the left pane of Azure Active Directory, click App Registrations, and in the right pane, select the application that you created in AAD. In the left pane of Azure Active Directory, click API permissions > Add. On the Add permissions page, click Add a permission. On the Request API permissions page, select the Azure Service Management API. Permissions as user_impersonation (Access Azure Service Management as organization users (preview)). Note: If you select the DELEGATE PERMISSIONS check box before selecting the permission, the Select button is not enabled. Click Add permission.
Grant the Reader role to the application. Ensure that the account in your Azure subscription has the Owner or User Access Administration role to manage access to Azure resources. If your account is assigned the Contributor role, you cannot grant roles.	Steps to grant the Reader role to the application Log on to the Azure portal. In the left pane, select Subscriptions. Locate the required subscription and click Access Control (IAM). Click Add > Add role assignment, and select the role as Reader. In Assign access to, select Azure AD user, group, or service principal. Type your application in the search field. Click Save. For more information about granting the Reader role to the application, see Assign application to role .
The ETL needs to access the specific API endpoints. If your setup is behind a firewall, enable the access to these endpoints.	login.windows.net management.azure.com The ETL connects to these endpoints using HTTPS (port 443).

Obtain a subscription ID: The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.
Upload a management certificate to the Microsoft Azure Classic portal: A management certificate is an SSL certificate, which is a small data file that digitally binds a cryptographic key to an organization's details. This certificate is associated with your subscription and is required to authenticate your API calls. Create the management certificate and upload it to the Azure portal.
Steps to create and use a management certificate
Use keytool to create and export the management certificate.

About Keytool

Keytool is a key and certificate management utility that enables users to administer their public or private key pairs and associated certificates. The certificates are used for self-authentication (where the users authenticate themselves to other users or services) or for data integrity and authentication services that use digital signatures.

The keytool.exe file is located in the same folder as the JRE. For example, on a Windows computer, the keytool.exe file is stored in C:\Program Files\Java\jre6\bin.

Creating and using a management certificate
1. Open the command prompt of your operating system, navigate to the directory where keytool.exe is available, and run the following command to create a keystore file:
```
keytool -genkey -keyalg RSA -alias <alias-name> -keystore <keystore-file-name>.jks 
-storepass <keystore-file-password> -keysize 2048
```
  Where,<alias-name> indicates the alias name for the certificate.
  <keystore-file-name> indicates the name of the keystore file that you want to create.
  <keystore-file-password> indicates the password for the keystore file.
  The following example shows the creation of a keystore file called MyAzureKeyStore.jks with P@ssword as the password. By default, the keystore file is stored in the directory from where the utility is run. For example, for JRE7, the file is stored in <C:\Program Files\Java\jre7\bin>.
```
keytool -genkeypair -alias mydomain -keyalg RSA -keystore MyAzureKeyStore.jks 
-storepass P@ssword -keysize 2048 
```
2. Provide additional information, such as your name, organization, and domain name of the server.
3. Run the following commend to export the management certificate:
```
keytool -export -alias <alias-name> -storepass <keystore-file-password> -file <certificate-name> -keystore <ketstore-file-name>
```
  <certificate-name> is the name of the certificate that you want to export.
  
  The following example shows the MyAzureSMAPI.cer certificate, which is created in the E:\ directory of your computer.
```
keytool -export -file E:\MyAzureSMAPI.cer -keystore MyAzureKeyStore.jks -alias mydomain
```
4. Log in to the Microsoft Azure portal , and click Settings > Management Certificates.
5. Browse and upload the management certificate file.
The ETL needs to access the following API endpoints. If your setup is behind a firewall, enable the access to these endpoints.
- management.core.windows.net
- management.azure.com
  The ETL connects to these endpoints using HTTPS (port 443).

You must configure the ETL to connect to Azure for data collection. ETL configuration includes specifying the basic and optional advanced properties. While configuring the basic properties is sufficient, you can optionally configure the advanced properties for additional customization.

A. Configuring the basic properties

Some of the basic properties display default values. You can modify these values if required.

To configure the basic properties:

In the TrueSight Capacity Optimization console, navigate to Administration > ETL & System Tasks, and select ETL tasks.
On the ETL tasks page, click Add > Add ETL. The Add ETL page displays the configuration properties. You must configure properties in the following tabs: Run configuration, Entity catalog, and Microsoft Azure Connection.
On the Run configuration tab, select Microsoft Azure - Azure API Extractor from the ETL module list. The name of the ETL is displayed in the ETL Task name field. You can edit this field to customize the name.
Click the Entity catalog tab, and select one of the following options:
- Shared Entity Catalog: Select if other ETLs access the same entities that are used by the Azure API ETL.
  - From the Sharing with Entity Catalog list, select the entity catalog name that is shared between ETLs.
- Private Entity Catalog: Select if this is the only ETL that extracts data from the Azure resources.

Click the Microsoft Azure Connection tab, and configure the following properties:

Property	Description
Subscription access mode	Depending on your Azure subscription mode, select Single or Multiple. You must use the values that you obtained during the preconfiguration procedure.
Subscription ID	(For single subscription) Specify the ID of the subscription for which you want to retrieve data.
Multiple subscription file path	(For multiple subscriptions) Do one of the following to let the ETL use the file containing the subscriptions IDs. Upload the file from the UI. Copy the file to the server where the ETL Engine runs, and specify its path. For information about creating this file, see Creating the file. When you run the ETL, it retrieves data for all the subscriptions that are specified in the file.
Deployment model	Select the Azure deployment model that you are using, either Resource manager or Classic, or both.
Resource manager	For the Resource manager deployment model, configure the following properties: The Tenant ID from your Azure Active Directory properties The Application ID from the App registrations in the Azure Active Directory The Authentication key that you generated after creating the web application in Azure Active Directory If you are using the Azure Government cloud, select Yes to extract data from it. If you want to create and view Azure data by business services, retain the default selection of Create Business Service hierarchy based on specified tag key. Specify the appropriate tag key name. For example, Service. Otherwise, select Do not create Business Service hierarchy. Example scenario: You have VMs that are tagged as follows: AS1: {user=John, Purpose=Dev, Service=Data Solutions} vl-pub-bco-qa35: {user=Adam, Purpose=Production, Service=Data Solutions} vl-pun-bco-qa20: {user=Jane, Purpose=QA, Service=Data Solutions} When you run the ETL, data is displayed in a hierarchy as follows: If you do not use business services, data is displayed as follows: The Data resolution at which the performance data will be collected from the Azure APIs. Select one of the following options: 15 minutes: Data is collected every 15 minutes (granular level) 1 hour: Data is collected every 1 hour (default) High-mark metrics will continue to be collected with 1 minute resolution. The aggregation will be according to the selected resolution. High mark metrics can be displayed as 15-minute or 1-hour resolution. The 15-minute resolution is applicable only for basic metrics and metrics collected by using the Azure Monitor agent. Important: The Data resolution option is available only when you apply Cumulative Hotfix 5 or later on Patch 2 (20.02.02) of TrueSight Capacity Optimization 20.02.
Is target Azure Government Cloud	If you are using the Azure Government Cloud account, specify Yes to collect data from the Government cloud entities.
Classic	For the Classic deployment model, configure the following properties: The path to the keystore file that is stored on the computer where TrueSight Capacity Optimization is installed. For example, /opt/bmc/BCO/secure/cotruststore.ts The keystore file contains the certificate entry for Azure authentication. The password that is required to access the keystore file.
Use proxy	Specify whether you want to configure a proxy server, and provide the following details. The default selection is No. The fully qualified domain name and the port number of the proxy server host. The protocol for communicating with the proxy server. The default protocol is HTTPS. If the proxy server requires authentication, select Yes, and specify the proxy server user name and password.

The following image shows sample configuration values for the basic properties:

(Optional) Override the default values of properties in the following tabs:

Run configuration

Property	Description
Module selection	Select one of the following options: Based on datasource: This is the default selection. Based on Open ETL template: Select only if you want to collect data that is not supported by TrueSight Capacity Optimization.
Module description	A short description of the ETL module.
Execute in simulation mode	By default, the ETL execution in simulation mode is selected to validate connectivity with the data source, and to ensure that the ETL does not have any configuration issues. In the simulation mode, the ETL does not load data into the database. This option is useful when you want to test a new ETL task. To run the ETL in the production mode, select No. BMC recommends that you run the ETL in the simulation mode after ETL configuration and then run it in the production mode.

Object relationships

Property

Description

Associate new entities to

Specify the domain to which you want to add the entities created by the ETL.

Select one of the following options:

Existing domain: This option is selected by default. Select an existing domain from the Domain list. If the selected domain is already used by other hierarchy rules, select one of the following Domain conflict options:
- Enrich domain tree: Select to create a new independent hierarchy rule for adding a new set of entities, relations, or both that are not defined by other ETLs.
- ETL Migration: Select if the new ETL uses the same set of entities, relations, or both that are already defined by other ETLs.
New domain: Select a parent domain, and specify a name for your new domain.

By default, a new domain with the same ETL name is created for each ETL. When the ETL is created, a new hierarchy rule with the same name of the ETL task is automatically created in the active state. If you specify a different domain for the ETL, the hierarchy rule is updated automatically.

ETL task properties

Property	Description
Task group	Select a task group to classify the ETL.
Running on scheduler	Select one of the following schedulers for running the ETL: Primary Scheduler: Runs on the Application Server. Generic Scheduler: Runs on a separate computer. Remote: Runs on remote computers.
Maximum execution time before warning	Indicates the number of hours, minutes, or days for which the ETL must run before generating warnings or alerts, if any.
Frequency	Select one of the following frequencies to run the ETL: Predefined: This is the default selection. Select a daily, weekly, or monthly frequency, and then select a time to start the ETL run accordingly. Start timestamp: hour\minute: Select the HH:MM start timestamp to add to the ETL execution running on a Predefined frequency. Custom: Specify a custom frequency, select an appropriate unit of time, and then specify a day and a time to start the ETL run. Custom start timestamp: Select a YYYY-MM-DD HH:MM timestamp to add to the ETL execution running on a Custom frequency.

Click Save.
The ETL tasks page shows the details of the newly configured Azure API ETL.

(Optional) B. Configuring the advanced properties

You can configure the advanced properties to change the way the ETL works or to collect additional metrics.

To configure the advanced properties:

On the Add ETL page, click Advanced.

Configure the following properties:

Run configuration

Property	Description
Run configuration name	Specify the name that you want to assign to this ETL task configuration. The default configuration name is displayed. You can use this name to differentiate between the run configuration settings of ETL tasks.
Deploy status	Select the deploy status for the ETL task. For example, you can initially select Test and change it to Production after verifying that the ETL run results are as expected.
Log level	Specify the level of details that you want to include in the ETL log file. Select one of the following options: 1 - Light: Select to add the bare minimum activity logs to the log file. 5 - Medium: Select to add the medium-detailed activity logs to the log file. 10 - Verbose: Select to add detailed activity logs to the log file. Use log level 5 as a general practice. You can select log level 10 for debugging and troubleshooting purposes.
Datasets	Specify the datasets that you want to add to the ETL run configuration. The ETL collects data of metrics that are associated with these datasets. Click Edit. Select one (click) or more (shift+click) datasets from the Available datasets list and click >> to move them to the Selected datasets list. Click Apply. The ETL collects data of metrics associated with the datasets that are available in the Selected datasets list.

Collection level

Property

Description

Metric profile selection

Select the metric profile that the ETL must use. The ETL collects data for the group of metrics that is defined by the selected metric profile.

Use Global metric profile: This is selected by default. All the out-of-the-box ETLs use this profile.
Select a custom metric profile: Select the custom profile that you want to use from the Custom metric profile list. This list displays all the custom profiles that you have created.

For more information about metric profiles, see Adding and managing metric profiles.

Levels up to

Specify the metric level that defines the number of metrics that can be imported into the database. The load on the database increases or decreases depending on the selected metric level.To learn more about metric levels, see Aging Class mapping.

Microsoft Azure Connection

Property	Description
Instance type definition JSON file path	Do one of the following: Upload the JSON file that contains the instance type configuration metrics. Click Choose file and navigate to the directory that contains the file. Click Upload. Specify the path to the directory where the JSON file is saved. For more information about using this JSON file, see Collecting data for additional instance type configuration metrics.
Classic VM OS family definition JSON file path	Do one of the following: Upload the JSON file that contains the OS metrics of virtual machine instances that you want to import. Click Choose file and navigate to the directory that contains the file. Click Upload. Specify the path to the directory where the JSON file is saved.

Additional properties

Property

Description

List of properties

Specify additional properties for the ETL that act as user inputs during run. You can specify these values now or you can do so later by accessing the "You can manually edit ETL properties from this page" link that is displayed for the ETL in the view mode.

Click Add.
In the etl.additional.prop.n field, specify an additional property.
Click Apply.
Repeat this task to add more properties.

Loader configuration

Property	Description
Empty dataset behavior	Specify the action for the loader if it encounters an empty dataset: Warn: Generate a warning about loading an empty dataset. Ignore: Ignore the empty dataset and continue parsing.
ETL log file name	The name of the file that contains the ETL run log. The default value is: `%BASE/log/%AYEAR%AMONTH%ADAY%AHOUR%MINUTE%TASKID`
Maximum number of rows for CSV output	A numeric value to limit the size of the output files.
CSV loader output file name	The name of the file that is generated by the CSV loader. The default value is: `%BASE/output/%DSNAME%AYEAR%AMONTH%ADAY%AHOUR%ZPROG%DSID%TASKID`
Capacity Optimization loader output file name	The name of the file that is generated by the TrueSight Capacity Optimization loader. The default value is: `%BASE/output/%DSNAME%AYEAR%AMONTH%ADAY%AHOUR%ZPROG%DSID%TASKID`
Detail mode	Specify whether you want to collect raw data in addition to the standard data. Select one of the following options: Standard: Data will be stored in the database in different tables at the following time granularities: Detail (configurable, by default: 5 minutes), Hourly, Daily, and Monthly. Raw also: Data will be stored in the database in different tables at the following time granularities: Raw (as available from the original data source), Detail (configurable, by default: 5 minutes), Hourly, Daily, and Monthly. Raw only: Data will be stored in the database in a table only at Raw granularity (as available from the original data source). For more information, see Accessing data using public views and Sizing and scalability considerations.
Remove domain suffix from datasource name (Only for systems)	Select True to remove the domain from the data source name. For example, server.domain.com will be saved as server. The default selection is False.
Leave domain suffix to system name (Only for systems)	Select True to keep the domain in the system name. For example: `server.domain.com` will be saved as is. The default selection is False.
Update grouping object definition (Only for systems)	Select True if you want the ETL to update the grouping object definition for a metric that is loaded by the ETL. The default selection is False.
Skip entity creation (Only for ETL tasks sharing lookup with other tasks)	Select True if you do not want this ETL to create an entity and discard data from its data source for entities not found in Capacity Optimization. It uses one of the other ETLs that share a lookup to create a new entity. The default selection is False.

Scheduling options

Property	Description
Hour mask	Specify a value to run the task only during particular hours within a day. For example, 0 – 23 or 1, 3, 5 – 12.
Day of week mask	Select the days so that the task can be run only on the selected days of the week. To avoid setting this filter, do not select any option for this field.
Day of month mask	Specify a value to run the task only on the selected days of a month. For example, 5, 9, 18, 27 – 31.
Apply mask validation	Select False to temporarily turn off the mask validation without removing any values. The default selection is True.
Execute after time	Specify a value in the hours:minutes format (for example, 05:00 or 16:00) to wait before the task is run. The task run begins only after the specified time is elapsed.
Enqueueable	Specify whether you want to ignore the next run command or run it after the current task. Select one of the following options: False: Ignores the next run command when a particular task is already running. This is the default selection. True: Starts the next run command immediately after the current running task is completed.

Click Save.
The ETL tasks page shows the details of the newly configured Azure API ETL.

Step III. Run the ETL

After you configure the ETL, you can run it to collect data. You can run the ETL in the following modes:

A. Simulation mode: Only validates connection to the data source, does not collect data. Use this mode when you want to run the ETL for the first time or after you make any changes to the ETL configuration.

B. Production mode: Collects data from the data source.

A. Running the ETL in the simulation mode

To run the ETL in the simulation mode:

In the TrueSight Capacity Optimization console, navigate to Administration > ETL & System Tasks, and select ETL tasks.
On the ETL tasks page, click the ETL. The ETL details are displayed.
In the Run configurations table, click Edit to modify the ETL configuration settings.
On the Run configuration tab, ensure that the Execute in simulation mode option is set to Yes, and click Save.
Click Run active configuration. A confirmation message about the ETL run job submission is displayed.
On the ETL tasks page, check the ETL run status in the Last exit column.
OK Indicates that the ETL ran without any error. You are ready to run the ETL in the production mode.
If the ETL run status is Warning, Error, or Failed:
1. On the ETL tasks page, click in the last column of the ETL name row.
2. Check the log and reconfigure the ETL if required.
3. Run the ETL again.
4. Repeat these steps until the ETL run status changes to OK.

B. Running the ETL in the production mode

You can run the ETL manually when required or schedule it to run at a specified time.

Running the ETL manually

On the ETL tasks page, click the ETL. The ETL details are displayed.
In the Run configurations table, click Edit to modify the ETL configuration settings. The Edit run configuration page is displayed.
On the Run configuration tab, select No for the Execute in simulation mode option, and click Save.
To run the ETL immediately, click Run active configuration. A confirmation message about the ETL run job submission is displayed.
When the ETL is run, it collects data from the source and transfers it to the TrueSight Capacity Optimization database.

Scheduling the ETL run

By default, the ETL is scheduled to run daily. You can customize this schedule by changing the frequency and period of running the ETL.

To configure the ETL run schedule:

On the ETL tasks page, click the ETL, and click Edit. The ETL details are displayed.
On the Edit task page, do the following, and click Save:
- Specify a unique name and description for the ETL task.
- In the Maximum execution time before warning field, specify the duration for which the ETL must run before generating warnings or alerts, if any.
- Select a predefined or custom frequency for starting the ETL run. The default selection is Predefined.
- Select the task group and the scheduler to which you want to assign the ETL task.
Click Schedule. A message confirming the scheduling job submission is displayed.
When the ETL runs as scheduled, it collects data from the source and transfers it to the TrueSight Capacity Optimization database.

Step IV. Verify data collection

Verify that the ETL ran successfully and the Azure data is refreshed in the Workspace.

To verify whether the ETL ran successfully:

In the TrueSight Capacity Optimization console, click Administration > ETL and System Tasks > ETL tasks.
In the Last exec time column corresponding to the ETL name, verify that the current date and time are displayed.

If you see a Failed status in the Last exit column, see Microsoft Azure API ETL fails with certificate validation error to resolve the issue.

To verify that the Azure data is refreshed:

In the TrueSight Capacity Optimization console, click Workspace.
Expand (Domain_name_for Azure) > Systems.
In the left pane, verify that the hierarchy displays the new and updated Azure instances that you have provisioned in the Azure cloud.

Resource Manager deployment mode
Classic deployment mode
Click an Azure virtual machine instance, and click the Metrics tab in the right pane.
Check if the Last Activity column in the Configuration metrics and Performance metrics tables displays the current date.

For information about the configuration and performance metrics data that this ETL collects, see the following topics:

Where to go from hereAfter data is collected, you can analyze and manage the capacity of Azure entities from the Azure views.

Microsoft Azure - Azure API Extractor

Collecting data by using the Azure API ETL

A. Configuring the basic properties

(Optional) B. Configuring the advanced properties

A. Running the ETL in the simulation mode

B. Running the ETL in the production mode

Running the ETL manually

Scheduling the ETL run

Related topics

Comments