This topic describes the steps to add Microsoft Azure (Non-CSP) Cloud Account in HyperCloud™ Platforms.
Anchor | ||||
---|---|---|---|---|
|
- Ensure that Azure account is a pay-as-you-go-subscription or an EA account.
Important Note: Sponsored and CSP Offer subscription can be onboarded for Governance and Service Orchestration. However, these subscriptions are not supported for Azure Cost & Usage & Resource Management.
- Obtain/Configure Azure Subscription Access information
- Obtain the Subscription ID from the Azure Active Directory
- Obtain the Directory ID a.k.a Tenant ID from the Azure Active Directory Properties
- Register a new Application via App Registration which will create an application ID. Record the Application and Assign the following permissions :
- Reader (Required)
- Billing Reader (Required)
- Contributor Role (Required only for Service Orchestration)
- Generate a new secret for the Application and save the key value.
- Ensure App Registration under User Settings is set to no. If not, only Administrators may register these types of applications.
- (Optional) HyperCloud™ periodically queries (default 90 mins) Azure account to obtain state change information. If capturing real time state change is required, then provide the Azure event hub when adding the Azure Account in HyperCloud™.
Important Note: Microsoft Azure allows only 1 active event hub at any given time. In this case, use an existing event hub but create a new Consumer Group with the name HyperGrid.
Important Note: Event hub pricing tier must be Standard pricing since only standard pricing tier allows more than 1 Consumer Group
- Create a new event hub (Skip this step if using existing event hub):
- From the Azure portal{*}, Home Events Hub* Create a new Events Hub Namespace Name
- Create a new event hub (Skip this step if using existing event hub):
Important Note: Must Select Standard Pricing. Rest of the options can be selected as per customer's choice.
- Obtain the Shared access policies (SAS) Policy Name for e.g RootManageSharedAccessKey. Enter this as the Shared Access Signature Key Name in HyperCloud™ Azure Account Configuration
- From the *Event Hub Namespace Share Access Policy* Obtain the Primary Key. Enter this as the Shared Access Signature Key in HyperCloud™ Azure Account Configuration
Important Note: An event hub with the name insights-activity-logs will get created automatically once we enable Activity Monitoring to Export diagnostic settings to Event hub and Storage account
- Use an existing event hub
- Using the steps from the previous step, obtain the Event Hub Namespace Name, Shared Access policy Name and Shared Access Key Name.
- From the Event Hub Namespace, obtain the Primary Key from the Shared access policy.
- Click on Event Hub for e.g. insights-activity-logs Click on Consumer groups Create a new Consumer group with the name HyperGrid. Enter this name in the HyperCloud™ Azure Account Configuration.
- Use an existing event hub
Important Note: A consumer group must be created to use existing event hub.
- Configure a new Storage Account (skip this step if using an existing storage account)
- From Storage Accounts select a storage account or create a new storage account. Click on the storage account select Access Keys select Key 1 Connection String which will be used as the Storage Connection String.
- From Storage Account create a Blob Container Obtain the blob container name which will be used as the Storage Container Name
Using an existing Storage account detailsAnchor _Toc19739834 _Toc19739834 - From Storage Accounts select storage account used when Exporting Activity log to Event Hub select Access Keys select Key 1 Connection String. Enter this in HyperCloud™ Azure Account configuration page.
- From Storage Account select Blob Container Obtain the blob container name. Enter this in HyperCloud™ Azure Account configuration page.
- Configuring Activity Monitoring (Verify if this is already configured)
- From Home Monitor -> Activity Log -> select Diagnostics Settings Click on Add Diagnostic setting
- Enter a Name HyperGrid-Diagnostics
- Under Log Select Administrative & Under Destination Details
- Configure a new Storage Account (skip this step if using an existing storage account)
- Select Archive to a storage account and select an existing storage account.
- Select Stream to an event hub and select an existing event hub
Obtain Event Hub nameAnchor _Toc19739835 _Toc19739835 - Return to Events Hub Namespace locate the even hub with the name insights-activity-logs Select Capture Select ON Select Capture Provider - Azure Storage Select Storage Container and select the blob container created in the previous step Save Changes
- This completes the requirements for Azure Governance and Compliance
Anchor | ||||
---|---|---|---|---|
|
- Login to HyperCloud™ SaaS portal using a valid credential.
- Under the Administration Tab Account Management Select Azure Non-CSP Add Account and populate all the fields as per the information collected in the Prerequisites for managing Microsoft Azure Accounts using HyperCloud™ Platform section.
- This completes the steps to add an Azure EA or Pay-as-you-Go account to HyperCloud™ Platform