Adding an Azure Endpoint to vRealize Automation 7

Adding an Azure Endpoint to vRealize Automation 7

March 20, 2017 7 By Eric Shanks

As of vRealize Automation 7.2, you can now deploy workloads to Microsoft Azure through vRA’s native capabilities. Don’t get too excited here though since the process for adding an endpoint is much different than it is for other endpoints such as vSphere or AWS. The process for Azure in vRA 7 is to leverage objects in vRealize Orchestrator to do the heavy lifting. If you know things like resource mappings and vRO objects, you can do very similar tasks in the tool.

Azure Prerequisite Setup

Before you get going with vRA you’ll have to have some basic things setup in the Microsoft Azure Portal. For this post, I’m expecting that you’ve got the following things setup in Azure already. The list below shows what should already be up and running in your Azure portal and if it isn’t already, will have a link to setting them up from my Azure guide.

Azure Information Gathering

Unfortunately, vRA won’t be our first stop in setting up an Azure endpoint. We’ll need to do some research first on our own Azure portal just to get some IDs and ensure we have the proper names for our networks, storage accounts etc. We’ll also need to setup programmatic access to our Azure subscriptions as well so that vRA can deploy resources. I’m providing a handy PowerShell script here for you to automatically get this information but if you’d rather use the Azure portal then I recommend using Jon Schulman‘s blog , vaficionado.com, on setting this up which is a great resource for this procedure.

Below is a script that I’ve used to do the following things prior to our vRA Setup. Again, it assumes that you’ve already got your subscriptions, VNets, Storage Accounts, Resource Groups and PowerShell Modules installed. To give you a quick overview of what’s happening in it, we’re logging into the Azure Portal and setting up an application registration and granting permissions to your subscription so that vRA may use the API to deploy resources. After it’s done this, the script gathers your VNets, Storage Accounts, Resource Groups, as well as your tenant and subscription IDs which will be needed as part of the vRA Setup later on. Copy the output of the script to a text file so you can enter it into vRA.

#Install-Module AzureRM  #Uncomment this if you need to Install the Azure Module

###############      Variables - Update ME!      ############### 
$subscr = "vRASubscription" #This is the subscription name that you'll be using to deploy vRA workloads
$password = "!QAZxsw23edc"  #This will be your secret access key used for programmatic access to Azure's API
$appname = "vRAApp"         #The application name used to deploy resources in Azure. Make it whatever you want.
$url = "http://blogname.com"    #URL for your application name. Required, but you can make it whatever you want.
Login-AzureRMAccount -SubscriptionName $subscr     #Login to the Azure Portal through PowerShell

###############      DO NOT UPDATE BELOW THIS LINE     ###############
######################################################################

###############      App Registration Information      ###############   
Write-host "Setting up Application Registration" 
$Azure_app = New-AzureRmADApplication -DisplayName $appname -HomePage $url -IdentifierUris $url -Password $password
New-AzureRmADServicePrincipal -ApplicationId $Azure_app.ApplicationId | Out-Null
Write-host "Application Registration Done. Starting to create Azure Role Assignment. Please wait!!!!"
Start-Sleep 60 #Wait a bit to make sure the Application is created 
New-AzureRmRoleAssignment -RoleDefinitionName "Contributor" -ServicePrincipalName $Azure_app.ApplicationId | Out-Null
Write-host "Role Assignment complete"

###############      Gather Information      ###############  
$vnets = Get-AzureRmVirtualNetwork 
$storageaccounts = Get-AzureRMStorageAccount 
$subscription = Get-AzureRMSubscription -SubscriptionName $subscr 
$tenant = Get-AzureRMSubscription -SubscriptionName $subscr 
$resourcegrps = Get-AzureRMResourceGroup

###############      LIST Info for vRA      ############### 
Write-host "Use the following information for vRA Setup" -ForegroundColor Green 
Write-output "`n"
Write-host "Azure Service URI is likely: https://management.azure.com"
Write-host "Azure Login URL is likely: https://login.windows.net"
Write-output "`n"
Write-output "Subscription ID: " $subscription.SubscriptionID
Write-output "`n"
Write-Output "Keys: " $password 
Write-output "`n"
Write-output "Tenant ID: " $subscription.TenantId 
Write-output "`n"
Write-output "Storage Accounts: " $storageaccounts | Select StorageAccountName, Location | FT
write-output "ApplicationID (Also called Client ID): " $Azure_app.ApplicationId 
write-output "Resource Groups: " $resourcegrps | select ResourceGroupName, Location | FT 
write-output "VNETS and Subnets: " $vnets | select Name, Subnets | FT

 

 

vRealize Automation Setup

Now we can move on to setting up some stuff in vRA. The steps in vRA are a bit different from other endpoints so we’ll walk through each piece of this. Before you begin down this road we’ll want to make sure we have the following information so that we can plug it in at the appropriate time:

  • Subscription
  • TenantID
  • ApplicationID
  • Keys
  • ResourceGroups
  • StorageAccount
  • VNet
  • Location

There are also two other pieces of information you might need which should be:

Azure service URI: https://management.azure.com/

Login URL: https://login.windows.net

All of this information should have come out of the PowerShell script.

Creating an Azure Endpoint in vRA

Normally, endpoints are created in the Infrastructure tab under endpoints. In the case of Azure, we go into the Administration tab –> vRO Configuration –> Endpoints. Click the “New” button to add a new endpoint. On the first screen select the Azure plug-in in the drop down.

In the Endpoint tab, give the endpoint a descriptive name and a good description.

Next, we come to the details tab. Here we’ll need to enter a connection name and fill in the information we’ve collected from our work in Azure. Fill in the subscription ID, Tenant ID, Client ID, Client secret (keys) as well as two settings we didn’t get from Azure. This info should be available from the PowerShell script. Note that the ClientID is also called the ApplicationID in the script.

 

Create an Azure Reservation

Now our next step after creating an endpoint is usually to add resources to our fabric groups. With an Azure endpoint we can skip that step and go right to reservations. Go to the Infrastructure tab –> Reservations –> Reservations (yep, I said reservations twice).

Here you’ll need to give the reservation a name, select a business group that it belongs to and add things like reservation policies as appropriate. Be sure to enable it.

Next on the Resources tab, we’ll need some of our information again. Enter the subscription ID that we used earlier when adding the endpoint and then select the drop down from the Location tab that matches your setup in Azure. Click “New” under resource groups and add a resource group that you’ll be using in Microsoft Azure. In the box below that you’ll want to click new and add your storage account you setup in Azure earlier.

Under the Network tab, you’ll need to add your VNet that was setup in Azure. After this, click “Finish” to finalize your reservation setup.

Creating an Azure Blueprint

Now that the infrastructure pieces are setup in vRA we can focus on creating our blueprints. Open the design tab and drag in the Azure Machine object. After that the typical ID and description should be added.

On the Build Information tab you’ll need to add quite a bit of information. The first of which is the Location in which the machine will be deployed as well as how we’ll name the machine.

 

Below this, we’ll have a bit more work to do. We need to specify the image that will used to deploy our server. The “Virtual Machine Image” if set to type “Stock” will be an identifier (called a URN) specified by Microsoft. The format of this image is:

publisher:offer:sku:version

You can get this information through the Azure PowerShell module like I did, with the command:

Install-Module AzureRM  #To Install the Azure Module
Login-AzureRMAccount    #To Login to your Azure Account
Get-AzureRmVMImagePublisher -Location 'East US' | Get-AzureRmVMImageOffer | Get-AzureRmVMImageSku | Get-AzureRMVMImage | Get-AzureRmVMImage | where {$_.PublisherName -eq “Canonical”} | Select PublisherName, Offer, Skus, Version

This command takes a bit to come back but you can modify the publisher and export the data to a text file if you like. You may also use the Azure command line tools like Jon does in his post, if you’d prefer to go that route. If you do, the command to find the same publisher would be:

vm image list --publisher canonical --location eastus

After you’ve entered your URN for the Virtual Machine Image, you’ll need to add some authentication information so that when you deploy your machine, you’ll have a way to login to it. Either SSH or a user/password combination. Lastly, you’ll pick a “Series” and a “Size” which determines how big the new machine will be.

On the Machine Resources tab, you’ll enter what resource group the machine will belong to or you can create a new on on the fly. You’ll also be able to add the machine to an availability set if necessary.

On the Storage tab, enter the storage account we found earlier in the Azure portal and entered into our reservations.

The Network tab lets you specify the VNet, Subnet and additional networking information for the virtual machine. Fill out the desired configuration and save the blueprint.

Summary

Setting up an Azure Virtual Machine through vRealize Automation isn’t quite as simple as a vSphere machine but it can be done. After you’ve built your blueprint, you’ll still need to publish it, add it to a catalog and entitle it appropriately, but this is all standard operating procedures. If you need help with any of those tasks, I’ve got a vRA guide for that as well.  Good luck to you in deploying your own hybrid cloud environments with Microsoft Azure.