Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Building service blueprints for an Azure service


This topic provides the caveats and considerations you need to review when creating a service blueprint for Azure services. It also provides links to the applicable service blueprint documentation.

This topic contains the following sections:


Links to service blueprint documentation

The following table provides links to the applicable service blueprint documentation.

Topic

Description

Provides an overview of the service blueprint workspace.

Describes how to add several of the various types of service blueprint objects, and how to define network connections between those objects.

Considerations for creating a service blueprint for Azure Provider

Create service blueprints as described in Building-service-blueprints. The following table identifies the items to consider when creating a service blueprint for the Azure Provider.

Notes

Service blueprint construct

Notes specific to Azure

Service blueprint parameters

Application

When you enable software installation as part of an Azure service offering, you must create a BMC Server Automation Deploy Job or an application component template .

In the Azure service blueprint, click Software Packages, and then select the appropriate software package from a list of available BLPackages. For instructions, see Installing-software-as-a-part-of-an-Azure-service-offering.

Server

  1. Add or select a server in the blueprint and expand the Compute Resources detail panel.
  2. Select the Cloud Platform as Azure, and ensure that the auto-onboarded Definitive Media Library (DML) entry is defined as an Installable Resource in the service blueprint, as shown in the figure below:

    CompRes.png

    Note:
    In Azure Provider, if you are using a custom image as an Installable Resource, the provisioned VMs are placed in the same storage account in Microsoft Azure that was used for creating the custom image.
  3. Add the virtual machines to an availability set to manage the availability of an application that uses multiple virtual machines.
    See Manage the Availability of Virtual Machines in the Microsoft online documentation for details.

    • To specify an availability set, add the AVAILABILITY_SET_NAME#<ServerGroupName for example: Msft2012> parameter to an individual server.
      As a best practice, group two or more servers in an availability set for better fault tolerance and high availability of virtual machines.
    • To add the parameter, select a server item and click Parameters in the edit pane:


        1. In the Parameters table, click New.gif.
        2. For Name, add AVAILABILITY_SET_NAME#<ServerGroupName for example: Msft2012>.
          Note: In multi-tier service blueprint, you must specify the correct <ServerGroupName> only as the AVAILABILITY_SET_NAME parameter.
        3. Enter a Label, such as Azure Availability Set.
        4. (Optional) Add a short Description.
        5. Ensure that the Data Type is set to String.
        6. (Optional) Enter a Default Value for the parameter.
        7. (Optional) Select the User Entry Enabled option. Leave the other options blank.
        8. Click OK to add the parameter.
        9. Click Save to save the definition details.

      The figure below provides an example of adding the parameter to a server group.
      AvlSet1.png

      Note: You can view the Availability Set details of the provisioned server in the server details in My Cloud Services console.

Networks

When you enable VM placement in single or multiple subnets for a Virtual Network, you must define single or multiple subnets for a Virtual Network in a service blueprint and tag them appropriately (as shown in the figure below).

SbntBP.png

For more information, see Tagging-recommendations-and-examples. To create or manage tag groups and tags from the Service Designer workspace, see Managing-blueprint-tags.

Load balancers

When using Azure Resource Manager without templates and BMC Cloud Lifecycle Management 4.6.05 and later, be aware of the following behavior:

  • To create and use a load balancer pool, the AVAILABILITY_SET_NAME parameter must be passed. (See Service-blueprint-parameters-for-Azure for more information.) If this parameter is not passed, then a load balancer with only one virtual machine is created. After that, you cannot associate any other virtual machines with that load balancer.
  • An Internet-facing load balancer is supported. (See https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-get-started-internet-arm-ps.) Creating and using load balancers is based on the load balancer pool configuration specified in the service blueprint.  A probe is created based on the additional parameters holding the probe information. A backend address pool is created and updated based on the load balancer pool's name. A load balancing rule is created based on the configuration of the load balancer pool and load balancer pool entry. Front-end IP configuration is handled internally. Only a primary network interface card is associated with the load balancer.

Load balancer pools

To create a load balancer pool as part of Azure service offering, ensure that you have provided the following values as shown in the figure and specified below:

LBPl_BP.png

  • For Type, specify Define a new Load Balancer Pool.
  • For Load Balancer Pool Name, specify <Name of load balancer pool in range of 3-15 characters>.
  • For Load Balancer Pool Tags, specify <Tag name that is mapped to the Internet Network Type of the Logical Data Center>.
  • For Client Port, specify <Port number that you want to open for the Azure VM>.
  • For Transport Protocol, specify TCP or UDP.

To create a load balancer pool entry as part of Azure service offering, ensure that you have provided the following values as shown in the figure and specified below:

 LBPlEn_BP.png

Note: The name of the load balancer pool created in Microsoft Azure is same as the Load Balancer Pool Name specified here (for example: LBP1).

  • For NIC, specify 0.
  • Click the Enabled check box.
  • For Server Port, specify <Port number that you want to open for the server>.

See "To add and define load balancer pools in a service blueprint" in Creating-copying-or-editing-a-service-blueprint.

IP Endpoints/VLAN

When you enable network path creation as part of an Azure service offering, you must add and define networks and connections in an Azure service blueprint. Follow the instructions for adding service blueprints, except specify the following values under Network Path Details:

  • For Transport Protocol, specify TCP or UDP.
  • For Destination Port, specify Single Port.

    Note

    For a multi-tier blueprint, if you want to enable both the network path and software install operations, do not specify the port for the logical network path as 4750. If the first provisioned VM in the sequence has logical network path open for 4750, the software installation fails for the next VM in the sequence, and the entire provisioning fails.

    The port that you specify in the blueprint is opened at the service level. You cannot open the same port again for a particular service.

  • For Network Traffic, specify Permit.
  • For IP Endpoint/VLAN, specify VLAN (Addr/Mask).

Network security groups (NSGs)

When using Azure Resource Manager without templates and BMC Cloud Lifecycle Management 4.6.05 and later, be aware that Azure Resource Manager supports TCP, UDP protocols, and all other protocols defined in the network path. These are considered custom protocols.

By default, no security rules are applied to a VM's NIC that is provisioned on Azure Resource Manager. After an NSG is associated to the NIC, then a set of default rules is applied.

If the VM contains any network path, explicitly define an RSCD port rule and a load balancer port rule.

Shared NSGs

When using Azure Resource Manager without templates and BMC Cloud Lifecycle Management 4.6.05 and later, be aware that, by default, NSGs for a NIC are shared across service offering instances as long as no NIC-to-NIC network paths are defined.

If an NSG for a NIC is shared and a new network path is added to that NIC, the NSG will be unshared by the creation of a new unshared NSG with all of the rules in the resource group where the NIC exists. Then, a new network path will be created in that unshared NSG.

Where to go from here

Proceed to Populating-the-Service-Catalog-for-the-Azure-provider.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*