Microsoft Azure Data Collection Prerequisites

Microsoft Azure Data Collection Prerequisites

#410110

Obtaining Azure Account Credentials

Use the following information to create and configure the user name and password for your Azure account. You will then use this information to create a cloud connection from your Densify instance.

This data collection method currently supports Azure Cloud. Azure Stack is not supported.

Additionally only the standalone Azure Active Directory is supported. If you are using a federated (local) Account, see Microsoft Azure Data Collection Prerequisites for a Service Principal for details on obtaining the required keys and IDs from your Azure account.

The account must be assigned the role of "Reader" for each of the subscriptions from which data will be collected. The Reader role is sufficient for both utilization and billing data.

To learn more about the Azure prerequisites for data collection, watch the video: Microsoft Azure Data Collection Prerequisites

 

Collecting Billing Data

When collecting billing data, no additional configuration is required within your Azure subscription. You need to create a cloud connection using the same information used collection of utilization data, as listed above.

Due to limitations when using the Microsoft Azure APIs, only the following types of subscriptions are collected:

  • Enterprise Enrollments;
  • Web Direct Subscriptions.

Currently the following subscriptions are not supported:

  • MS-AZR-0145P (CSP)
  • MS-AZR-0146P (CSP)
  • MS-AZR-159P (CSP)
  • MS-AZR-0036P (sponsored)
  • MS-AZR-0143P (sponsored)
  • MS-AZR-0015P (internal)
  • MS-AZR-0144P (DreamSpark)

The APIs are continually updated to support other types of Azure subscriptions. See Microsoft's Consumption API Overview for details.

Create User Account

  1. Login into your Azure account and click on Azure Active Directory > Users.
  2. Click New user to create the new account.
  3. Enter a name and user name. The user name should be a valid email address. The user name is the identifier that you will use to sign into Azure Active Directory.
  4. Optionally, configure a profile.
  5. Optionally, select the Group(s) to which this user belongs.
  6. Optionally, select a Directory role. By default the directory role is set to user, which is adequate for the purpose of creating a cloud connection through Densify.
  7. The password is auto-generated. Click Show Password to see the password and copy if for later use
  8. Note: Depending on your company's password policy, you may need to change this password before using it to create the Densify cloud connection. If necessary, change the automatically generated password and then create the cloud connection.

  9. Click Create to create the user account. This button only comes visible when you have correctly entered the required information.

Assigning User Access to Subscriptions

The user, created above, now needs access to each of your subscriptions. You need to assign the "Reader" role to the user for each subscription being audited, by doing the following:

  1. Navigate to Subscriptions in the main menu. You may need to click on More services to see Subscriptions.
  2. Click on a subscription to select and open the configuration page.
  3. Click Access Control (IAM).
  4. Click Add.
  5. In the Add Permissions pane select the Role of "Reader".
  6. Ensure Assign Access to is set to Azure AD user, group or application.
  7. Search for or scroll to locate the user that you created. above.
  8. Select the user. It will appear under Selected members.
  9. Click Save to save these changes.
  10. The user account that will be used to create the cloud connection will need access to all subscriptions from which you want to collect data, so repeat this process for each subscription to be included.

Once the account has been configured you can use the user name and password to create the cloud connection as outlined in Using the Public Cloud Connections Wizard.

Configuring the Collection of Memory Metrics

You can configure your VM so that memory metrics can be collected as part of the Densify audit. There are two ways to configure memory metrics for each VM depending on whether the VM is a classic V1 guest or a V2 guest and which OS the VM is running.

Note: Ensure you have the latest version of the diagnostic agent running on each VM.

Table: Versions of Azure VMs and Collection of Memory Metrics

Azure Version

Windows OS

Collected Memory Metric

Linux OS

Collected Memory Metric

Classic Portal

Method B

  • \Memory\Available Bytes

Method B

  • \Memory\UsedMemory
  • \Memory\PercentUsedMemory

Azure Resource Manager

Method A

  • \Memory\Committed Bytes
  • \Memory\Available Bytes

Method B

  • \Memory\UsedMemory
  • \Memory\PercentUsedMemory

Method A - Collection of Memory Metrics

Use the following procedure to configure memory metrics for Azure Resource Manager VMs that are configured with a Windows OS:

  1. Navigate to Virtual machines in the main menu.
  2. Click on the VM to be modified.
  3. In the monitoring section, click on Monitoring > Diagnostics and then select the Basic metrics checkbox.

By default, these metrics are turned on when you create a VM.

Method B - Collection of Memory Metrics

Use the following procedure to configure memory metrics for Azure Classic Portal VMs (Windows and Linux) and Azure Resource Manager VMs configured with a Linux OS:

  1. Navigate to Virtual machines in the main menu.
  2. Click on the VM to be modified.
  3. In the monitoring section, click on Monitoring > Diagnostics Settings and then select Performance Counters from the top menu.
  4. Select the CPU, Memory, Disk and Network metrics check boxes.

Working with Reservations

When you buy an Azure reservation, access is restricted to the user who bought it (e.g. user-adm@IT.on.microsoft.com) and the account administrator (e.g. IT@Densify.com). In order to collect data for this reservation, you will need to add Reader access to the reservation order.

Note Granting access to the Reservation only, is insufficient. Reader access must be granted to the reservation order.

When you give a user permission to manage a reservation, that does not give that user rights to manage the subscription. Allowing Densify to access the subscription does not also allow it to the reservation automatically.

To delegate Reader access for a reservation order:

  1. Login into your Azure portal
  2. Click All services and navigate to Reservations.
  3. In the Reservation pane you will see a list showing all the reservations for which you have the Owner or Reader role. Click a reservation link to open the configuration pane.
  4. Click Reservation order ID to select and open the Reservation order pane.
  5. Click Access Control (IAM) in the left side-menu.
  6. Select Add > Add role assignment
  7. In the Add role assignment pane select Reader. Reader provides the minimum required permissions.
  8. Ensure Assign Access to is set to “User, group, or service principal”
  9. Search or scroll to locate the application (Densify_Connection), that you created previously.
  10. Locate and select your application. It will appear under Selected members.
  11. Click Save to save your changes.
  12. Repeat this process for each reservation order to be included in Densify's data collection.

If the role assignment is done through the reservation order, then Densify can collect data for all reservations in the selected order. At the time of purchase, a reservation order has one Reservation; however, actions such as splitting, merging, obtaining a partial refund, or exchanging create new reservations under the reservation order.

Creating the Cloud Connection in Densify

Once all of the prerequisites are complete, you can create the cloud connection through the Cloud Connection wizard. See Using the Public Cloud Connections Wizard.

Modifying Your Azure Cloud Connection

When you create the Azure cloud connection for the first time, Densify discovers all of the subscriptions, associated with the user or service principal. Upon saving the connection it will schedule data collection from each of the discovered and selected subscriptions.

If subsequently, subscriptions are added, they will not be included in data collection. Additionally, subscriptions that are removed will continue to be included, resulting in wasted time and resources. To add new subscriptions or remove old ones, edit the cloud connection. See Reviewing and Editing a Connection.