Pre-Requisites for Monitoring Microsoft Azure (ARM)
The eG agent collects metrics from the target Microsoft Azure cloud in an agentless manner only.
In order to collect metrics from the target Microsoft Azure cloud, the eG agent communicates with the target Microsoft Azure cloud using Java API calls. To collect the required metrics, the eG agent requires the following:
- Directory ID of the target Microsoft Azure cloud;
- Access token in the form of an Application ID and Client secret.
- Create a Web Application in the Active Directory of the target Microsoft Azure.
- Figure out the Tenant ID, the Application ID and Key value associated with the Application ID.
- Grant the required privileges to the Web Application from the Subscription of the target Microsoft Azure.
Creating a Web Application
To create the Web Application, do the following:
- Login to Microsoft Azure portal using https://portal.azure.com with valid credentials.
Figure 1 : Selecting the Azure Active Directory option
Click the App Registrations in the panel that appears when the Azure Active Directory is clicked. Figure 2 will then appear.
In Figure 3, specify the following:
- The name of the web application in the Name text box,
Select the type of the account from the Supported account types section.
Supported account types Description
Accounts in this organizational directory only
Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory.
This option maps to Azure AD only single-tenant.
This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.
Accounts in any organizational directory
Select this option if you would like to target all business and educational customers.
This option maps to an Azure AD only multi-tenant.
If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.
Accounts in any organizational directory and personal Microsoft accounts
Select this option to target the widest set of customers.
This option maps to Azure AD multi-tenant and personal Microsoft accounts.
If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types.
- Then, select the type of app you are building, Web or Public client (mobile & desktop), and then enter the redirect URl (or reply URL) for your application in the Redirect URl text box. For web applications, provide the base URL of your app. For example, http://localhost:31544 might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application. For public client applications, provide the URL used by Azure AD to return token responses. Enter a value specific to your application, such as https://DocApp.com//auth.
From the Overview page, you can obtain the Application ID and Directory ID (see Figure 4). Copy the Application ID and the Directory ID and paste them against the Client ID and TENANT ID text boxes while configuring the tests associated with Microsoft Azure that is to be monitored.
Obtaining the Client Secret
For the eG agent to obtain metrics from the target Microsoft Azure, it is necessary to provide the client secret associated with the created Web Application. For this, click on the Certificates & secrets option under the Manage node as shown in Figure 4. This will invoke Figure 5.
Clicking on the New client secret button in Figure 5 will invoke Figure 6. Specify the description of the client secret in the Description text box and choose an expiry period from the Expires section as shown in Figure 6.
Note that the Value will disappear once you leave this page, so make sure that you copy the new client secret value in the clipboard by clicking the icon. Otherwise, you may need to generate a new client secret value. The client secret value has to be specified against the Client password field in the test configuration page.
Granting the Reader privilege to the Web Application
Once the web application is created, the web application should be granted Reader privilege on the Subscription associated with the Azure Active Directory. To grant the Reader privilege, do the following:
Click on All services option in the leftmost pane as shown in Figure 9.
- A context-sensitive menu sequence then appears in the right panel. Clicking the Subscriptions label from this panel in Figure 8 opens another context sensitive panel to the right. This will list all the subscriptions associated with your Azure account.
Select the subscription that is associated with the target Microsoft Azure and click the Access Control (IAM). In the next panel, click the Add button (seeFigure 9). In Figure 10 that appears, choose the Reader role from the Role list. In the Select text box, type the first few alphabets of the web application that you have created. Your selection will then appear as shown in Figure 10.
Clicking the Save button in Figure 10 will save your changes.