Add an AzureRM Cloud Account


Be aware that the screenshots may change based on the Azure portal changes. They are provided in this section as a point of reference.

Prerequisites

Before adding an AzureRM cloud, verify the following requirements:

  • You have a valid Windows Azure Resource Manager account.

  • Register the required Azure providers from the Azure portal:

    Previously, you could only perform this procedure using Azure CLIs.

    Now, you can use the UI to register (see Steps 1 - 5 indicated in the image) the following Azure providers:

    • Microsoft.Compute (displayed in the following image)

    • Microsoft.Storage (displayed in the following image)

    • Microsoft.Network (displayed in the following image)

    • Microsoft.Resources

    • Microsoft.Authorization

  • In the  Azure Resource ManagerPortal, navigate to Azure Active Directory page:

    1. Select App Registration and click Add.

    2. Provide the NameSign-On URL, and Create the application. This value must be a standard URL and is required by theAzureRM cloud configuration – it is not used by the CloudCenter platform.

      In the following screenshot, the Sign-On URL displays http://www.cliqr.com. This is just an example. Be sure to provide the base URL for your application using the required protocol (HTTP or HTTPS) – for example:
      http://<YourLocalHost or YourAppURL> 

    3. Select the newly created application.

      Note down the Application ID; it is required to create a Cloud Account in CloudCenter – this is the Client ID.

      If you prefer to use Certificate-Based Authentication, see the related bullet further in this section.

    4. Click All Settings.  

    5. Select Required Permission under API Access and click Add. See Cloud Overview > Minimum Permissions for Public Clouds for additional details.

    6. Select Windows Azure Service Management API

    7. Select permissions as Delegated Permission and click Done.  

    8. Select Keys under API Access.

    9. Specify the Description, Expires, and click Save.

      Note down the key after you click save – this key cannot be retrieved later from the portal, and it is used by the Workload Manager as the Client Key when creating the cloud account.

    10. Select App Registration and click Endpoints.

      Note down the Tenant-ID from the OAuth 2.0 Authorization Endpoint – this ID is used by the Workload Manager when creating a cloud account.

  • Certificate-Based Authentication – You can select either key-based authentication or the more secure certificate-based authentication. 

    • The certificate used can either be one of the following options – You can create either type using the openssl command from the command prompt of any Linux system:

      • A self-signed certificate: See the following example.

        Remember this password as you will need to enter it in the CloudCenter Suite UI's Certificate and Password fields when you create or edit the Cloud Account.

        • Generate a key and certificate.

          openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
        • Convert the certificate.pem to PKCS 12 format.

          openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
        • Provide a password to this command when prompted.

      • A Certificate Authority (CA) signed certificate – Generate a key and CSR, send/receive the certificate.csrfile(s) to the signature authority, convert the signed-certificate.pem to PKCS 12format, and provide a password to this command when prompted.

        Remember this password as you will need to enter it in the Workload Manager UI's Certificate and Password fields when you create or edit the Cloud Account.

    • Convert the PKCS formatted certificate (certificate.p12 or signed-certificate.p12) to base64 format using the tool at https://www.base64encode.org/.

    • Enter the base64 formatted certificate, and the export password used to create the PKCS formatted certificate, in the corresponding fields in the Workload Manager  Add or Edit Cloud Account dialog box.

    • Login to Azure Resource Manager Portal to upload the certificate PEM file (Azure Active  Directory > AppRegistrations > Settings > keys > Upload public key) and save.

      The corresponding public key for the certificate must be uploaded to the Azure RM portal for the Application Registration that the user must add to the CloudCenter Suite cloud account.

  • In the Azure Resource Manager Portal, configure the user role settings for your web application:

    1. Select Subscription > Valid subscription (this is the subscription you want to manage).

    2. Click Access control (IAM).

    3. Click the +Add icon at the top right corner of the managed subscription pane.

    4. Click Add users and select the OWNER role. You can also select other roles for more granular management.   

      This role should be able to access and manage AzureRM resources like storage, compute, network, keyvault, and so forth to configure AzureRMfor the CloudCenter Suite.

       

    5. In the User search box, enter the web application name you defined earlier. In this example, it is CliQrCCO.

    6. Click OK to save your settings. 

Configuration Process

To add an AzureRM cloud account, follow this procedure.

  1. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account dialog box  displays as shown in the figure below:

  2. Assign a new cloud account name.

    Tip

    The name should not contain any space, dash, or special characters.

  3. Add the following cloud Credentials associated with your Azure account.

    1. Azure Login ID: The email address used to login to your Azure Resource Manager cloud account

    2. Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Portal Interface as described in the Prerequisites section above and access Settings:

    3. Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.

    4. Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.

    5. Use Cert Based AuthIf you enable Use Cert Based Auth, the Client Key field is hidden and the following fields are displayed: 

      1. Certificate – The certificate in PKCS 12 format as Base64 text as identified in the Certificate-Based Authentication bullet in the Prerequisites section above.

      2. Password – Enter the password used to create the certificate as identified in the Certificate-Based Authentication bullet in the Prerequisites section above.

    6. Client KeyIf you do not enable Use Cert Based Authuse the client key identified in the keys bullet in the Prerequisites section above.

  4. Scroll the dialog box down to reveal the billing fields and enter the Region InfoOffer Id, EA Enrollment Number, and EA API Access Key as shown in the figure below. For information on setting up billing information, see https://docs.microsoft.com/en-us/rest/api/consumption/ and https://docs.microsoft.com/en-us/azure/billing/billing-enterprise-api.

    The Region Info is the two-letter ISO code where the offer was purchased. For example, US.

    The Offer Id is tied to the account. To find the Offer Id for your account, navigate to Azure Portal > Subscriptions page and choose a subscription. The Offer Id is displayed in the Overview section.

    The EA Enrollment Number is displayed in the top left corner when you log in to https://ea.azure.com/.

    The EA API Access Key must be generated as follows: Log in to https://ea.azure.com/ as EA Admin and navigate to Reports > Download Usage > API Access Key > Generate.

  5. Click the Connect button. CloudCenter Suite will now attempt to validate your account credentials.

  6. After the credentials are verified, the Connect button changes to an Edit button and two new fields appear Enable Account For and Enable Reporting By Org Structure, as shown in the figure below.



    1. Set the Enable Account For dropdown per the table below.

      ValueUsage
      ProvisioningWorkload Manager can deploy jobs using this account.
      ReportingCost Optimizer and Workload Manager will track cloud costs for this account. Typical usage: master cloud accounts which are used for billing aggregation.
      Provisioning, ReportingDefault. Account is used for both provisioning and reporting.
    2. For AWS and Google clouds only: Set the Enable Reporting By Org Structure toggle to On to cause Cost Optimizer to import the cost hierarchy created in the cloud provider portal. This saves the time of manually creating a comparable cost hierarchy within Cost Optimizer. See Cost Groups Configuration for more information on cost hierarchies in Cost Optimizer.

  7. Click the Save button when done. 

After you add cloud accounts, they will appear in the Cloud Accounts list in the Accounts tab for the cloud as shown in the figure below.

The cloud account list contains columns for data you entered into the Add Cloud Account dialog box: Account Name, Description, Enabled For; and two additional columns: Billing Units and Actions. The third column, Billing Units, is dual function. If the cloud account contains only one billing unit, the ID for that billing unit is displayed. If the cloud account contains multiple billing units, such as an AWS master account, the number of billing units in that account is displayed followed by the text "Billing Units". 

A billing unit is the most granular level of cloud cost recording in CloudCenter Suite. The definition of billing unit varies by cloud provider as shown in the table below.

Cloud ProviderBilling Unit
AWSAccount ID
AzureRMSubscription ID
GoogleProject ID
vCenterCloud Group Prefix - Datacenter Name
OpenStackProject ID
KubernetesNamespace UID

The last column, Actions, contains links to let you edit or deleted the cloud account, or manage instance types for the cloud account.




  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks