In this guide, we are going to go over how we can setup Turbonomic to manage Microsoft Azure. This guide will cover the following:
- Registering Turbonomic with Azure Active Directory
- Creating Client Secret Key and Setting Permission
- Obtaining Tenant Name
- Obtaining Subscription ID(s)
- Enabling Turbonomic to Access the Subscription(s)
- Administrator or Co-Administrator on Azure - Only required for initial configuration of Azure and not needed by Turbonomic
- Access to Azure Portal (portal.azure.com)
- Firewall configured to allow Turbonomic to access Azure resources
If you are deploying Turbonomic using Azure Marketplace then you will need to use the username "azureuser" when deploying the VM to get root access.
Registering Turbonomic with Azure Active Directory
- Login to Microsoft Azure
- Navigate to Azure Active Directory
- Under Manage click on App registrations
- Now click on the Add button
- Now enter the required details in the fields and then click Create
- Name: This can be any name you like. In this example I used Turbonomic.
- Application/Type: Keep that as Web app/API
- Sign-on URL: This can be any URL you like. In the example I used the Turbonomic GUI URL however it could even be https://localhost as it will not be actively used
Now we have created the App registration. Make a note of the Application ID.
Make sure you make a note of the Application ID. The application id will be used in Turbonomic later on under Client ID
Creating Client Secret Key & Permissions
Now click on the Settings button.
- Click on Keys
Now you will see a new Window.
- Fill in the required fields to generate a key and then click Save
- Description: Turbonomic
- Expires: Never expires
Make sure you make a note of the Key. The key will be used used in Turbonomic later on under Client Secret Key.
- Now click on Required Permissions
- Click Add
- Add the required API access and then click on Select and then Done
- Then delegate permission.
- At the end, you the screen should look like below.
Obtaining Tenant ID
- Navigate to Azure Active Directory
- Click on Properties
- Make a note of the Directory ID which is the Tenant ID
Make sure you make a note of the Directory ID because you will need to enter it under the Tenant Name field in Turbonomic.
Obtaining Subscription ID(s)
Login to your Azure Portal (https://portal.azure.com)
Click on Subscriptions. This is located on the left-hand side navigation.
- Now choose the subscription you would like Turbonomic to manage.
Make sure you make a note of the Subscription ID. The Subscription ID will be used as your Username in Turbonomic. You can add multiple Subscriptions to the same Turbonomic instance.
Enabling Turbonomic to Access the Subscription(s)
Now we need to add Turbonomic as a user in the Azure Portal.
- Click on the subscription.
- Click on 'Settings'.
- Click on 'Control Access (IAM)'.
- Click on 'Add' on the top
- Select the role as either 'Owner' OR 'Contributor' OR a combined role of 'Reader' + 'Storage Account Contributor'
- The use of a combined 'Reader + Storage Account Contributor' role is the least privileged combination required for Turbonomic to discover and access metrics across your Azure environment. The Storage Account Contributor role is required to access the Storage Account keys and establish a connection in order to retrieve VM memory statistics. Please note, this combined role will not allow Turbonomic to take actions on your Azure environment.
- Contributor Role is the least privileged role which enables Turbonomic to take actions on your Azure environment, including manually or automatically scaling VMs across instance types or automating VM stop and start.
- Owner Role is a higher level of privilege to Contributor and can be used if preferred.
- Where it says "Select" type in the name of the application you created under Registering Turbonomic with Azure Active Directory and then click it from the list below.
- Click Save
After you assigned the role to the application you should see it as a User in your Users list as shown in the screenshot below.
Note, you can use the same application your created under Registering Turbonomic with Azure Active Directory to access multiple subscriptions with diffrent permisions for each.
At the end, you should have the following information to enter in Turbonomic.
- Tenant Name
- Client ID
- Client Secret Key
For the Address field, you can use any name. In the screenshot below I used the name of my subscription. To add the subscription as a Target in Turbonomic navigate to Settings > Target Configuration and select Add Target. Azure can be found under Cloud Management.
Note you can add multiple subscriptions to the same Turbonomic instance manually or though a power shell script which can be found here: GitHub - turbonomic/azure-target-loader
|Tenant Name||Directory ID|
|Client ID||Application ID|
|Client Secret Key||Keys|
- Outbound Ports:
- TCP: 443
Please note: where "<StorageAccount>" is specified this can be replaced with "*." so that it matches all of your storage account names.