Pre-Requisites for Monitoring Microsoft Azure (Classic)

To enable the eG agent to monitor the target Microsoft Azure cloud, the following pre-requisites need to be fulfilled:

The Subscription ID of the target Microsoft Azure cloud.

The Management Certificate. This certificate is required to authenticate the REST API calls. Note that the Management Certificate should be associated with the subscription of the target Microsoft Azure cloud. You could either create a management certificate on your own and associate it with your subscription or you could ask Windows Azure platform to create a management certificate for you and associate it with your subscription. If you are creating your own Management Certificate, then you need to follow the below-mentioned steps elaborately:

  • Create a Keystore
  • Export the Management Certificate i.e., Create a Management Certificate
  • Upload the Certificate

Creating a Keystore

In order to create a keystore, a keytool is required. A keytool is a key and certificate management utility. It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.

A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.

The keytool also enables users to administer secret keys used in symmetric encryption/decryption (e.g. DES). The keytool stores the keys and certificates in a keystore.

For example, if you wish to create a keystore with the name WindowsAzureKeyStore.jks, then you have to run the keytoo utility from the command prompt of the target Microsoft Azure. By default, the keytool utility will be available in the <eG_Agent_Install Directory>\java\jre7\bin folder. Follow the steps given below to create a keystore using the keytool utility:

From the command prompt of the eG agent install directory, execute the keytool utility using the following commnd:

<eG_Agent_Install_Directory>\java\jre7\bin>keytool -genkeypair -alias mydomain -keyalg RSA -keystore WindowsAzureKeyStore.jks -keysize 2048 -storepass "test123"

Once you have executed this command, you will be requested to provide your personal details as explained below:

What is your first and last name?

[Unknown]: Sam Jose

What is the name of your organizational unit?

[Unknown]: IT

What is the name of your organiation?

[Unknown]: eG Innovations

What is the name of your City or Locality?

[Unknown]: Chennai

What is the name of your State or Province?

[Unknown]: Tamil Nadu

What is the two-letter country code for this unit?

[Unknown]: IN

Once you have entered all the personal details, you will be prompted to verify if the give credentials are correct.

Is CN=Sam Jose, OU=IT, O=eG Innovations, L= Chennai, ST=Tamil Nadu, C=IN correct?

[no]: yes

If you have confirmed your personal details, you will be prompted to provide the password for the domain.

Enter key password for <mydomain>

(Return if password is same as keystore password):

The keystore is now created successfully and can be used to create a Management Certificate.

Creating a Management Certificate

To export or create a Management Certificate, you would be required to use the keytool command once again. To create a certificate named WindowsAzureSMAPI.cer in the location of your choice say for example, D:\, execute the following command from the command prompt of the eG_Agent_Install_Directory.

<eG_Agent_Install_Directory>\java\jre7\bin>keytool -v -export -file D:\WindowsAzureSMAPI.cer -keystore WindowsAzureKeyStore.jks -alias mydomain

Once this command is executed, you will be prompted to provide the keystore password.

Enter keystore password: ********

The certificate file will be created and stored in the D:\WindowsAzureSMAIP.cer location of the eG_Agent_Install_Directory.

Uploading the Management Certificate

Once the Keystore and the Management Certificate are created, you need to upload this certificate to the Windows Azure Portal. To upload the certificate, do the following:

  • Login into Windows Azure Portal at https://manage.windowsazure.com
  • Click on the SETTINGS tab and then the MANAGEMENT CERTIFICATES tab and upload this WindowsAzureSMAPI.cer file.

Once the Management Certificate is uploaded to the target Microsoft Azure and the keystore is available in your eG_Agent_Install_Directory, then the communication between the eG agent and the target Microsoft Azure cloud will be secure and the metrics will be collected through secure communication. This way, the eG agent can collect the required metrics while monitoring the target Microsoft Azure cloud.