Managing and Configuring Azure Agent

The section introduces you to the Foglight Hybrid Cloud Manager for Azure environment and provides you with essential information.

This section covers the following key areas:

Minimum application privileges

Each Azure Performance Agent monitors the subscriptions inside the same Azure Active Directory (AD). To collect the Azure data, you need register an application in Azure AD, and this application needs be granted the following privileges for all subscriptions to be monitored by Foglight Hybrid Cloud Manager for Azure:

  • Reader
  • Storage Account Key Operator Service Role To use the Optimizer Reclaim action, the Virtual Machine Contributor privilege should be granted to the Azure agent.

API used to collect Cost metrics

Foglight Hybrid Cloud Manager for Azure offers the following two methods to collect Cost metrics, you need to select either of following based upon your environment:

  • Enterprise Agreement Billing API: This approach is used to collect metrics from Enterprise Agreement subscriptions.
  • Usage API and Rate Card API: This approach is used to collect metrics from Pay As You Go subscriptions and Azure In-Open subscriptions.

If you use Enterprise Agreement API to collect Cost Metrics, You need the Enrollment Number and API access key associated with your Azure Enterprise account. You can locate these credentials in your Azure Enterprise account. The Enrollment Number and API access key are available only to your account’s enterprise administrator, the top level administrator of your Azure Enterprise:

Enterprise Agreement Billing API only applies to Enterprise Agreement subscriptions and collects cost metrics directly from the Azure Enterprise Portal. If not, Foglight Hybrid Cloud Manager will use Usage and Rate Card APIs to collect and populate the cost data for subscriptions.

  • Enrollment Number: Indicates the master account used for Enterprise billing.
  • Usage API Access Key: Allows access to the Azure Billing API.
  • Offer ID and Billing Cycle day for Subscriptions: Specifies the subscriptions type and information.

To get the Enrollment Number and Usage API Access Key:

  1. Log in to your Azure Enterprise account at https://ea.azure.com.
  2. Locate your Enrollment Number.
    a. Click the Enrollment tab, then click Manage.
    b. Locate the Enrollment Number in the list of enrollment details.
    c. Copy the Enrollment Number and save it for later use.
  3. Generate an API access key.
    a. Under the Enrollment tab, click Reports.
    b. Click Download Usage.
    c. Click API Access Key.
    d. Click the key icon in the Primary Key text box to generate the API access key.
    e. Copy the entire API access key string into a text file, and save the file.

To get the subscription information:

  1. Log in to your Azure Enterprise account at https://portal.azure.com/.
  2. Click All services, and then enter Subscriptions in the All services text box, and then click Subscriptions.
  3. On the Subscriptions dashboard, select your subscription, and then record the following information:
    • Offer: This value indicates the subscription type, for example, Pay As You Go.
    • Current billing period: This value is used to set the Billing Cycle Day in Editing agent properties. For example, your Current billing period is “6/21/2018-7/20/2018”, then the Billing Cycle Day will be “21”.

Azure monitoring setup

To fully enable the monitoring of Azure environment, Foglight Hybrid Cloud Manager for Azure requires to create an Azure Performance Agent that is to be authenticated using Azure Active Directory ID (Tenant ID), Application ID, and Access Key.

A complete setup includes the following the steps:

  1. Get the authentication information through the Azure portal. For more information, refer to Getting authentication information through Azure portal.
  2. Create an Azure Performance Agent on the Foglight Management Server. For more information, refer to Creating Azure Performance Agent.
  3. If your Azure Performance Agent is installed behind a firewall, configure firewall settings on the machine running the Foglight Agent Manager. For more information, refer to Configuring firewall settings.

Getting authentication information through Azure portal

To get Tenant ID, Application ID, and Access Key through the Azure portal:

  1. Log in to the Azure portal.
  2. On the left navigation panel, select Azure Active Directory. The Azure Active Directory view that belongs to your account opens.
  3. In the Azure Active Directory view, select Manage > Properties, and then copy the Directory ID, that is also known as Tenant ID.
  4. In the Azure Active Directory view, select Manage > App registrations, and then click New registration. The Register an application view opens.
  5. Type the following information, as needed, and then click Register.
    • Name: type the name of the application.
    • Supported account types: select who can use this application or access this API.
    • Redirect URL (optional): type the URL address where users can sign in and use the application. The Register an application view closes and the App registrations list is refreshed automatically.
  6. In the App registrations list, select the application created in Step 5. Keep the Application ID displayed in the Application details view somewhere safe.
  7. In the Application details view, click Manage > Certificates & secrets. The Certificates & secrets view opens on the right.
  8. In the Certificates & secrets view, click + New client secret. The Add a client secret view opens.
  9. In the Add a client secret view, specify the values of Description and Expires field, and then click Add.
  10. Copy the key value.
  11. Click Microsoft Azure on the top left corner, to return the default dashboard that appears once logged into the Azure portal.
  12. On the left navigation panel, click Subscriptions. The Subscriptions view opens.
  13. In the Subscriptions view, click the subscription that you want to monitor, then the Subscriptions details view opens.
  14. In the Subscription details view, click Access control (IAM), then Access control (IAM) view opens on the right.
  15. Click Add and select Add role assignment. The Add role assignment view opens.
  16. In the Add role assignment view, select Reader from the Role drop-down list, search for the application created in Step 5, and then click Save.
  17. Repeat Step 11 to Step 16, to assign the Storage Account Key Operator Service Role to the application created in Step 5.

    Repeat this procedure if there are multiple applications to be monitored.

    Diagnostics settings must be enabled to collect metrics for both ARM-deployed virtual machines and standard Storage Account. For more information, refer to How to enable metrics using the Azure portal.

    For Linux instances only, please install Python 2. For more information, refer to Linux Diagnostic extension to monitor metrics and logs article that explains the Python requirement.

Configuring firewall settings

If your Azure Performance Agent is installed behind the firewall, ensure the following URL addresses and ports are open:

Creating Azure Performance Agent

Each of virtual machine can be monitored only by one Azure Performance agent; otherwise the Management Server topology object changes and the performance issue occurs. Quest strongly recommends that each of the Azure Tenant is monitored by an agent. However in some production environments, you have to create two or more agents for monitoring the same Tenant. Under this condition, implement either of the following for those agents to ensure every agent in the same Tenant monitors different virtual machines:

  • If Monitor All is selected in the Select IaaS Virtual Machines to Monitor dialog box: In the Edit Properties dialog box, select Select Resource Groups to be monitored, and then ensure every agent monitors various Resource Groups.
  • If Monitor All and Automatically Monitor New Virtual Machines are not selected in the Select IaaS Virtual Machines to Monitor dialog box: In the Edit Properties dialog box, ensure every agent monitors various virtual machines.
  • If Monitor All is not selected but Automatically Monitor New Virtual Machines is selected in the Select IaaS Virtual Machines to Monitor dialog box: In the Edit Properties dialog box, select Select Resource Groups to be monitored, and then ensure every agent monitors various Resource Groups.

If you still encounter problems, contact Quest Support.

To create an Azure Performance Agent:

  1. Log in to the Foglight browser interface.
  2. In the navigation pane, click Cloud Manager. The Cloud Manager dashboard opens.
  3. In the Cloud Manager dashboard, click Administration, and then click Add. The Agent Setup Wizard dialog box opens.
  4. In the Agent Manager Host view, select the agent manager on which the new agent is to be deployed, and then click Next.
  5. In the Azure Agent Properties view, specify the following values, as needed, then click Next:
    • Azure Environment: The value of Azure Environment: Azure.com (default value) or Azure.cn(China).
    • Tenant Directory ID : The value of Tenant ID retrieved in Getting authentication information through Azure portal.
    • Tenant Alias Name: The display name that identifies your Tenant.
    • Application ID : The value of Application ID retrieved in Getting authentication information through Azure portal.
    • Access Key : The value of Access Key retrieved in Getting authentication information through Azure portal.
    • Specify an agent name (Optional): Specify the name of agent.
    • Configure Proxy (Optional): Configure the proxy setting when the Agent Host requires a proxy connection to the Internet.
  6. In the Agent Setup Summary view, confirm the agent information, and then click Finish. The new Azure Performance Agent is created, and its data is to be displayed on the Monitoring tab after a few minutes.