Cloud Control: Azure Target Setup [Turbonomic 5.9 or later] [Complete Guide]

Document created by fadi.josef Expert on Jun 10, 2016Last modified by fadi.josef Expert on Sep 12, 2018
Version 41Show Document
  • View in full screen mode
This document is a part of the Cloud Control Setup Overview [Start Here]. Targeting Public Cloud providers requires a license key that includes those features. If you are not able to add AWS, Azure or Softlayer with your current license please reach out tosales@turbonomic.com for more information.

In this guide, we are going to go over how we can setup Turbonomic to manage Microsoft Azure. This guide will cover the following:

  • Registering Turbonomic with Azure Active Directory
  • Creating Client Secret Key and Setting Permission
  • Obtaining Tenant Name
  • Obtaining Subscription ID(s)
  • Enabling Turbonomic to Access the Subscription(s)  

 

 

Requirements 

  • Administrator or Co-Administrator on Azure - Only required for initial configuration of Azure and not needed by Turbonomic
  • Access to Azure Portal (portal.azure.com)
  • Firewall configured to allow Turbonomic to access Azure resources 

If you are deploying Turbonomic using Azure Marketplace then you will need to use the username "azureuser" when deploying the VM to get root access.

Registering Turbonomic with Azure Active Directory 

  • Under Manage click on App registrations

  • Now click on the Add button

  • Now enter the required details in the fields and then click Create
    • Name: This can be any name you like. In this example I used Turbonomic.
    • Application/Type: Keep that as Web app/API
    • Sign-on URL: This can be any URL you like. In the example I used the Turbonomic GUI URL however it could even be https://localhost as it will not be actively used

Now we have created the App registration. Make a note of the Application ID.

Make sure you make a note of the Application ID. The application id will be used in Turbonomic later on under Client ID

Creating Client Secret Key & Permissions

Now click on the Settings button.

  • Click on Keys

Now you will see a new Window.

  • Fill in the required fields to generate a key and then click Save
    • Description: Turbonomic
    • Expires: Never expires

Make sure you make a note of the Key. The key will be used used in Turbonomic later on under Client Secret Key.

  • Now click on Required Permissions

 

  • Click Add

  • Add the required API access and then click on Select and then Done

  • Then delegate permission.

  • At the end, you the screen should look like below.

 

Obtaining Tenant ID

  • Navigate to Azure Active Directory

  • Click on Properties

  • Make a note of the Directory ID which is the Tenant ID 

Make sure you make a note of the Directory ID because you will need to enter it under the Tenant Name field in Turbonomic.

Obtaining Subscription ID(s) 

  • Login to your Azure Portal (https://portal.azure.com)

  • Click on Subscriptions. This is located on the left-hand side navigation.

 

  • Now choose the subscription you would like Turbonomic to manage.

Make sure you make a note of the Subscription ID. The Subscription ID will be used as your Username in Turbonomic. You can add multiple Subscriptions to the same Turbonomic instance. 

 

 

Enabling Turbonomic to Access the Subscription(s) 

Now we need to add Turbonomic as a user in the Azure Portal.

  • Click on the subscription.
  • Click on 'Settings'.
  • Click on 'Control Access (IAM)'.

    

  • Click on 'Add' on the top

 

  • Select the role as either 'Owner' OR 'Contributor' OR a combined role of 'Reader' + 'Storage Account Contributor' 
    • The use of a combined 'Reader + Storage Account Contributor' role is the least privileged combination required for Turbonomic to discover and access metrics across your Azure environment. The Storage Account Contributor role is required to access the Storage Account keys and establish a connection in order to retrieve VM memory statistics. Please note, this combined role will not allow Turbonomic to take actions on your Azure environment.
    • Contributor Role is the least privileged role which enables Turbonomic to take actions on your Azure environment, including manually or automatically scaling VMs across instance types or automating VM stop and start. 
    • Owner Role is a higher level of privilege to Contributor and can be used if preferred.

 

  • Where it says "Select" type in the name of the application you created under Registering Turbonomic with Azure Active Directory and then click it from the list below.

  • Click Save

After you assigned the role to the application you should see it as a User in your Users list as shown in the screenshot below.

 

Note, you can use the same application your created under Registering Turbonomic with Azure Active Directory to access multiple subscriptions with diffrent permisions for each. 

 

At the end, you should have the following information to enter in Turbonomic.

  • Tenant Name
  • Username
  • Client ID
  • Client Secret Key

For the Address field, you can use any name. In the screenshot below I used the name of my subscription. To add the subscription as a Target in Turbonomic navigate to Settings > Target Configuration and select Add Target. Azure can be found under Cloud Management. 

 

Note you can add multiple subscriptions to the same Turbonomic instance manually or though a power shell script. Contact support@turbonomic.com to obtain the script. 

 

 

Azure Subscription Addition in Turbonomic Target Set Up

References

TurbonomicMicrosoft Azure
Tenant NameDirectory ID
UsernameSubscription ID
Client IDApplication ID
Client Secret KeyKeys

 

Enabling Basic Metrics

Now that you've added Azure as a target, if you'd like Turbonomic to collect Memory utilisation values for each VM, please enable Basic Metrics.More Details.

 

Firewall Requirements

Please note: where "<StorageAccount>" is specified this can be replaced with "*."  so that it matches all of your storage account names.

5 people found this helpful

Attachments

    Outcomes