Activity testing

Activity feeds are the record of updates made to any ticket, asset, or knowledge article in BMC Helix ITSM. The activity feed displays the type of activity that was performed, the name of the user who made the update, and the time when the update is done. Every ticket and resource has its own activity feed. You can access activity feeds on the Universal Client (UC), Apple iOS, and Google Android devices. For more information on

Microsoft Azure is a cloud service provided by Microsoft. Microsoft Azure enables you to have virtualized computing platforms accessible through the internet. It is divided into a number of regulatory domains around the world so that organizations can store and manage data in countries with particular regulations regarding data in compliance with local laws.  This provides information on what is discovered in Microsoft Azure. 

Services and regulatory domains discovered

You can access and configure all your services in the Azure Public cloud using the Microsoft Azure portal and the other clouds using the appropriate portals. You must do this configuration to enable your users to start using Microsoft Azure. This configuration enables your users to use Microsoft Azure.

The following regulatory domains can be discovered with the latest product content update:

• Azure China 21Vianet
• Azure France
• Azure Germany
• Azure GovCloud
• Azure Public

BMC Helix Discovery enables you to discover your cloud services running in Microsoft Azure. The following set of Microsoft Azure services can be discovered with the latest product content update:

• Azure Virtual Machines (VMs)
• VM Scale sets
• LoadBalancers including linkage from load balancer members to Hosts and Software Instances
• Virtual Hard Disks (VHDs), including linkage from applications consuming the storage
• Managed Disk storage
• Azure SQL Server
• Azure MySQL
• Azure PostgreSQL
• Azure PostgreSQL - Flexible Server
• Resource Groups
• Virtual Network (VNET)
• Azure Redis Cache

More detailed information on the discovery of Microsoft Azure services is contained in the following documentation:

No results.

BMC Helix Discovery enables you to discover your cloud services running in these regions. To do so, you must provide an application ID and authentication key (credential) with which BMC Helix Discovery can access the cloud, you create the access key using the Microsoft Azure portal or the Microsoft Azure Germany portal.

Creating a credential

Creating a credential is a two stage process. In the Microsoft Azure Portal you obtain a Directory ID, Application ID, and authentication key. Then in BMC Helix Discovery, you use this information to add the cloud discovery credential. These two steps are mandatory for setting the Microsoft Azure discovery. 

Finding the Directory ID, Application ID and Authentication Key in the Microsoft Azure Portal

The procedure is outlined here, though the steps to do this are described fully on this Microsoft Azure web page.

1. Use the Microsoft Azure Portal to find a Directory ID for your Microsoft Azure account.
   1. Directory ID—find the Directory ID for your Microsoft Azure account under Azure Active Directory>Properties in the Microsoft Azure Portal.
      The Directory ID is a GUID, also known as the Tenant ID.
2. Find the Application ID and Authentication Key.
   
   1. Continuing in the Microsoft Azure Portal, add an "App registration" for your BMC Helix Discovery appliance in the Azure Active Directory>App registrations section. You must provide a name, for example, "BMC Discovery", an application type, "Web app / API", and a sign-on URL for the appliance. The URL is mandatory, but is not used. Once you have created the application registration for BMC Helix Discovery, obtain the following information for the application.
   2. Application ID–It is shown in the Properties for the application in Azure Active Directory > App registrations in the Microsoft Azure Portal.  The Application ID is a GUID. Ensure that you select the Application ID and not the Object ID.

   3. Application Key–Create the Application Key (press +New client secret) in the Certificates & secrets for the application in Azure Active Directory>App registrations in the Microsoft Azure Portal. You can only copy the key when creating it, so keep it safe. You can create the application key only once.

      Warning

      Note

      If you lose the Application Key, you cannot retrieve it from the Microsoft Azure Portal. You must create a new application key and use the new key in the BMC Helix Discovery cloud credential. It would help if you kept a note of the application key until you have successfully tested the cloud credential.

Assigning the required permissions for the BMC Helix Discovery application registration in the Microsoft Azure Portal

The built-in Reader the role is sufficient to discover everything except size and encryption (D@RE) values for VHDs used by VMs. To discover size and encryption (D@RE) values for VHDs used by VMs, you need the Microsoft.Storage/storageAccounts/listKeys/action permission. If you only need to discover Managed Disks, the built-in Reader role is sufficient.

Grant the application permissions (roles) to your subscriptions.

1. Under More services > Subscriptions, select Access Control (IAM).
2. In the Role Assignments, click +Add and select Add role assignments from the drop-down list.

1. From the Role drop-down list, select Reader.
2. From the Select drop-down list, choose your newly created application.
   
   
   
3. For each additional Subscription you want to be discovered, navigate to More services>Subscriptions, choose the needed subscription, and repeat steps 1-4.
   
   

When the main configuration is done, you can set the optional settings.

Discovering Microsoft Azure storage (Optional)

If you need to discover Microsoft Azure storage, you also need to grant the Microsoft.Storage/storageAccounts/listKeys/action a role for a complete discovery of Azure Storage. You do not need this permission if you are only using managed disks. A JSON template is available here, which is used with the Microsoft Azure command line tools to create a Discovery role that gives the correct permissions. Custom roles are described in the Microsoft Azure documentation. Click the link below to download the JSON template:

BMC Helix Discovery (on-premises) customers can also download the JSON template from the Manage>Discovery Tools page.

1. Edit the JSON file to set the subscription scope. Add your subscription id in the field <SUBSCRIPTION ID HERE>.
2. Rename the template file to azure_discovery_role.json.

3. Run the following command, depending on your Azure cli version:

   az role definition create --role-definition <PATH>azure_discovery_role.json

   or

   az role create --config <PATH>azure_discovery_role.json

4. Ensure the role is created and appears in the Azure Portal roles list.
5. Assign a recently created custom 'Discovery' role to the application registration you used for BMC Helix Discovery

Creating an Azure cloud credential in BMC Helix Discovery

Create the Azure cloud credential in the same way as any other credential. The Azure cloud credential uses the Directory ID, Application ID, and Application Key as the equivalent of a username and password combination. However, no options.

1. From the BMC Helix Discovery Device Credentials page, click Add.
   The Add Credential page is displayed.
2. Click add more to add the cloud provider type. Select Microsoft Azure from the drop-down list.
3. Add the usual credential information:
   • Label
   • Description
4. Add the additional fields with the information that you copied from the Microsoft Azure Portal:
   1. Directory ID
   2. Application ID
   3. Application Key

   4. CyberArk–If the CyberArk integration is enabled, do not enter a key ID and secret, rather, enter a CyberArk search string in this field to extract a CyberArk credential. An example search string is:
      Object=Cloud Service-Azure-keys-fc2636b7-426d-42df-a13f-f45b903bd40a
      See Integrating-with-CyberArk-Enterprise-Password-Vault for more information on the integration.

      Warning

      Note

      The Directory ID and Application ID are both GUIDs, 32 hex digits grouped 8-4-4-4-12. They are easy to transpose; if you do so, your credential will never work, and the problem will be difficult to diagnose.

5. Optionally specify a proxy to use to access. To use a proxy you must specify the folloing:
   • Hostname
   • Port
   • Username (only for authenticating proxies)
   • Password (only for authenticating proxies)

6. 'TLS Certificate Check' option can be disabled if your proxy uses self-signed certificate. 

   Error

   Warning

   If you disable the certificate check, your credentials could be intercepted by a man-in-the-middle attack.

7. Click Apply,

Testing the credential

Once you have created the credential, you should test it to ensure it works.

1. From the credentials page, click Devices.
2. Filter the list to show cloud credentials.
3. Click Actions for the Microsoft Azure cloud credential you added, and then click Test.
4. Select Microsoft Azure from the list.
5. For the Regulatory Domain, select Azure Public or Azure Germany.
6. Click Test.
   The screen below shows a successful test.
   

If the credential test was unsuccessful, ensure you copied the Directory ID and Application ID correctly.

Run a cloud scan

To perform cloud discovery from the Discovery Status page, use the Add New run control.

1. Click Add New run.
   The Add a Cloud Run dialog is displayed.
   
   
   
2. Enter a Label for the cloud discovery run.
3. To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normal scheduled discovery runs.
4. Select Cloud.
5. Select the provider from the drop-down list.  Microsoft Azure should be selected.
   
6. Select the appropriate cloud credential. If none are available, you must add one.
7. Select the regulatory domain to scan, for example, for the public cloud, select Azure Public, or for Azure Germany, select Azure Germany.
8. Click OK.

Scann the hosts running the VMs in the cloud

Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.

Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.

Examining results

Once you have scanned, you can examine the results. The screen below shows a discovered VM running in Microsoft Azure.

Database discovery

Microsoft Azure supports Microsoft SQL Server. The Microsoft Azure API reports the database. If you only need to discover the database, these are reported as part of regular cloud discovery, and no further configuration is required.

If you need deeper database discovery (for example, to report the tables or run queries for application-specific data), ensure that appropriate database credentials are created. For more information, see Adding credentialsin the BMC Discovery documentation.

Database server and database firewalls

Each database server has a firewall, and you can add a rule stating which IP addresses are permitted access.

To do this:

1. From the database server, configure the firewall to enable BMC Helix Discovery to access it.

2. Add the following information

   1. Rule name, for example, Discovery Access.
   2. Start IP, for example, 77.168.1.100.
   3. End IP, for example, 77.168.1.100.

   You can now access the database server from BMC Helix Discovery.

You can also configure rules on a firewall on the database, in addition to the firewall on the server, configured earlier. The server firewall and the database firewall must permit BMC Helix Discovery access.

BMC Helix Discovery database credential

Information about Database credentials is available here in the Database credentials paragraph.

Microsoft Azure discovery patterns

The Microsoft Azure discovery patterns are available on the Manage>Knowledge page. They are located in the Pattern modules list under Cloud>Microsoft Azure.

Azure tags discovery

For detailed information about tags, see Discovering Cloud Tags.

Microsoft Azure is a cloud service provided by Microsoft. Microsoft Azure enables you to have virtualized computing platforms accessible through the internet. It is divided into a number of regulatory domains around the world so that organizations can store and manage data in countries with particular regulations regarding data in compliance with local laws.  This provides information on what is discovered in Microsoft Azure.

Troubleshooting

For more information on

Information sources

For more information, see the following pages:

• Cloud providers
• Microsoft-Azure-Supported-Cloud-Regions

Activity feeds are the record of updates made to any ticket, asset, or knowledge article in BMC Helix ITSM. The activity feed displays the type of activity that was performed, the name of the user who made the update, and the time when the update is done. Every ticket and resource has its own activity feed. You can access activity feeds on the Universal Client (UC), Apple iOS, and Google Android devices. 

Activity feeds are the record of updates made to any ticket, asset, or knowledge article in BMC Helix ITSM. The activity feed displays the type of activity that was performed, the name of the user who made the update, and the time when the update is done. Every ticket and resource has its own activity feed. You can access activity feeds on the Universal Client (UC), Apple iOS, and Google Android devices. For more information on