Adding Microsoft Azure to vRA and vRB Part #2

/ johannstander

In part 1 I showed how to add Microsoft Azure to vRA.  In this part 2 I will show how to add Microsoft Azure with Non-EA account to vRealize Business which will provide cost information for your MS Azure account.

I have to apologies for taking so long to publish this but I had the blog written and ready to go but it was created with vRB 7.2, which had a lot of bugs with Azure integration  and the documentation was not very thorough and made use of the old Azure portal interface for configuration.  The problem I ran into can be view in the community post here, but with a lot of views and not responses I decided to wait until vRB 7.3 to review this again.

Prerequisites:

  1. You must have a Microsoft Azure Enterprise Agreement (EA) or non-EA account.
  2. If using MS Azure non-EA you must have one of the following credits offers:
    1. Pay-as-you-go
    2. MSDN
    3. Monetary commitment
    4. Monetary credit

To add a non-EA account you will also need the following information during configuration so please make sure you have this available.  I am also providing the steps on how to configure your non-EA account.

  • Client ID
    • When you register a client app, such as a console app, you receive a Client ID. The Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
  • Location of Purchase
  • Tenant ID
    • Value can be retrieved from the Azure default Active directory when you select manage -> properties in menu.
  • Secret Key
    • Value will be defined during app registration.

How to configure your non-EA account Azure account to retrieve Client ID : (This is the tricky part in my opinion)

  1. Login to Azure Portal.
  2. First we need to setup the user account.
    1. Select Azure Active Directory
    2. Screen Shot 2017-07-19 at 9.58.03 AM.png
    3. Verify the the Default Directory is displayed at top of screen.
    4. Select manage -> users and groups
    5. Screen Shot 2017-07-19 at 10.01.04 AM.png
    6. Select manage -> All users
    7. Click “New user”
    8. Screen Shot 2017-07-19 at 10.01.34 AM.png
    9. Enter Name
    10. Enter Username
      • should be in UPN format
    11. Leave rest default
    12. Click Directory Role
      • Change to Global Administrator or Limited Administrator
    13. Check the box to Show Temporary Password
    14. Copy the password
    15. Screen Shot 2017-07-19 at 10.07.58 AM.png
    16. Click Create
  3. Logout of Azure
  4. Login to Azure with newly create username and password
    1. You will receive a prompt to change password, do so and set the password to you company standards.
  5. Select Azure Active Directory from menu
  6. Select Manage -> App Registrations
    • Screen Shot 2017-07-19 at 10.10.48 AM.png
  7. Click New application registration
    • Screen Shot 2017-07-19 at 10.12.51 AM.png
  8. Enter name
    • For instance vRealize Business.
    • This can be anything descriptive
  9. Leave application type as “Web app / API”
  10. Change Sign-on URL to
  11. Screen Shot 2017-07-19 at 10.15.39 AM.png
  12. Click Create
  13. Screen Shot 2017-07-19 at 10.16.40 AM.png
  14. Select the newly created application
    • Screen Shot 2017-07-19 at 10.17.06 AM.png
  15. On the right hand side settings panel, select keys
    • Screen Shot 2017-07-19 at 10.18.26 AM.png
    • Enter Description
    • Pick the expiration
    • Click Save
    • Screen Shot 2017-07-19 at 10.19.33 AM.png
    • Wait for the save to finish and COPY the value that appear since you will not be able to retrieve it later.  (this wil be needed in vRB as the Client Secret)
  16. Scroll to left to show the registered app
    • Screen Shot 2017-07-19 at 10.31.15 AM.png
    • Copy the Application ID (this is needed in vRB as the Client ID)
  17. Under API access, select requirement permissions
    1. Click Add
    2. Screen Shot 2017-10-25 at 12.41.48 PM.png
    3. Click Select an API
    4. Select Windows Azure Service Management API
    5. Click Select
    6. Click Delegate permissions
      • Verify that “Access Azure Service Management as organization users (preview) is enabled
      • Screen Shot 2017-10-25 at 12.43.30 PM.png
    7. Click Select
    8. Click Done
  18. Screen Shot 2017-07-19 at 10.36.52 AM.png
  19. In the left side navigation Select More services.
    • Type Subscriptions in the filter field
    • Select Subscriptions
    • (You can also find it under general -> Subscriptions)
  20. Screen Shot 2017-07-19 at 10.38.18 AM.png
  21. If see message “No subscriptions in <domain> (default directory) then you need to configure permissions first for the AD user.
    1. Login with user that has owner role to subscription.
    2. Select Subscriptions
    3. Select Access Control (IAM)
    4. Screen Shot 2017-07-19 at 10.45.32 AM.png
    5. Click + Add
      • Select role
      • Select the Azure AD user below
      • Click Save
  22. Log out and log back in with Azure AD user.
  23. Select Subscriptions
    1. Select the Subscription
    2. Select Access Control (IAM)
    3. Click + Add
    4. Select role = reader
    5. In select field, TYPE the application name defined earlier.
    6. Screen Shot 2017-07-19 at 10.54.51 AM.png
    7. Select the application.
    8. Click Save

How to configure vRealize Business and manage your non-EA Microsoft Azure account

Login to standalone vRB or to your vRA integrated environment.  In my case I logging into my vRA which has vRB integrated.

  1. Select Administration -> Business management
  2. Screen Shot 2017-03-07 at 4.48.12 PM.png
  3. Select Manage Hybrid Cloud & Public Cloud Accounts
  4. Select Microsoft Azure -> Non-Enterprise Agreement
  5. Click Plus sign to add
    1. Screen Shot 2017-03-07 at 4.49.36 PM.png
    2. Enter Name or Description
    3. Enter the Client ID
      • The application ID value that was copied from the registered app.
    4. Enter Location of Purchase.
      • If not sure review your Azure Profile for this information.
    5. Enter Tenant ID
      • The Directory ID of the Azure default active directory.
    6. Enter Client Secret
      • The value copied from the app registration key.
  6. This should be successful and will start to sync information.
  7. Verify sync status
    • Screen Shot 2017-07-19 at 11.14.45 AM.png
  8. Now you can select Expenses -> Public Cloud (Azure) -> overview & Non-EA VM Stats.
    • Screen Shot 2017-07-19 at 11.12.30 AM.png
    • Screen Shot 2017-07-19 at 11.16.37 AM.png

 

Troubleshooting

VMware has troubleshooting pdf guide of vRealize Business for Cloud.

http://pubs.vmware.com/vrbforcloud-72/topic/com.vmware.ICbase/PDF/vRBforCloud-troubleshoot.pdf   Page 31 – 32 has some Azure troubleshooting.

If you run into problems with Sync, SSH to the vRB appliance and review the log file (/var/log/vrb/itfm-server/itfm-server.log). It provides valuable information.

KB 2146798 provides a solution for when you are unable to successfully collect data from Azure.

 

 

 

2 thoughts on “Adding Microsoft Azure to vRA and vRB Part #2

  1. Hi,

    Many thanks for producing this guide, it’s excellent.
    I’m getting an issue during the login phase, it displays the following error:

    “Invalid credentials: Could not authenticate your account using specified credentials”

    I’m 99% sure I have followed the instructions and verified the details but not sure how to fix this?

    Like

    Reply

    • Hi Paul, my apologies for not reviewing my comment in a reasonable time. I hope you have been able to resolve your problem but if you not then please check back on my blog since I forgot to add my step 17, which is to add API access for the app registration.

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s