CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Configure an Azure RM Cloud

Be aware that these screen captures may change based on the Azure portal changes. They are provided in this section as a point of reference.

Prerequisites

Before mapping an Azure Resource Manager cloud, verify the following requirements:

  • You have a valid Windows Azure Resource Manager account.

  • Login to the Azure CLI's ARM mode and register the required Azure providers:

    You can only perform this procedure using Azure CLI.

    1. Install Azure CLI for your platform. See https://docs.microsoft.com/en-us/azure/cli-install-nodejs for additional context.
    2. Login to the Azure CLI:
      azure login
    3. Verify that you are using the ARM mode:
      azure config mode arm
    4. Register the Azure providers:
      azure provider register Microsoft.Compute Microsoft.Storage Microsoft.Network Microsoft.Resources Microsoft.Authorization

      If using PowerShell, issue the following command:
      Register-AzureProvider

    5. Verify that the Azure providers are registered:
      azure provider list
  • In the  Azure Resource ManagerPortal, navigate to Azure Active Directory page:
      1. Select App Registration and click Add.
      2. Provide the Name, Sign on URL, and Create the application.
      3. Select the newly created application.

        Note down the Application ID, it is required to create a Cloud Account in CloudCenter – this is the Client ID.

      4. Click All Settings.
      5. Select Required Permission under API Access and click Add.
      6. Select Windows Azure Service Management API.
      7. Select permissions as Delegated Permission and click Done
      8. Select Keys under API Access.
      9. Specify the Description, Expires, and click Save.

        Note down the key after you click save – this key cannot be retrieved later from the portal and it is used by CloudCenter as the Client Key when creating the cloud account.

      10. Select App Registration and click Endpoints.

        Note down the Tenant-ID from the OAuth 2.0 Authorization Endpoint – this ID is used by CloudCenter when creating cloud account.

  • In the Azure Resource Manager Portal, configure the user role settings for your web application:

    1. Select Subscription > Valid subscription (this is the subscription you want to manage).
    2. Click Access control (IAM).
    3. Click the +Add icon at the top right corner of the managed subscription pane.
    4. Click Add users and select the OWNER role. You can also select other roles for more granular management.   

      This role should be able to access and manage Azure RM resources like storage, compute, network, keyvault, and so forth to configure AzureRM for the CloudCenter platform.

       

    5. In the User search box, enter the web application name you defined earlier. In this example, it is CliQrCCO.
    6. Click OK to save your settings. 

Configuration Process

To configure the logical mapping for an Azure Resource Manager cloud, follow this procedure.

  1. Access the CCM UI > Admin > Clouds > Add Cloud in the side pane.
     
  2. Select the Microsoft Azure RM option, provide a Name and Description for this cloud, and click Save.
  3. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:

    1. Assign a new cloud name.

      Tip

      The name should not contain any space, dash, or special characters.

    2. Add the following Cloud Credentials associated with your Azure account.

      1. Azure Login ID: The email address used to login to your Azure Resource Manager cloud account

      2. Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Classic Portal Interface as described in the Prerequisites section above and access Settings:

      3. Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.

      4. Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.

      5. Client Key: As identified in the keys bullet in the Prerequisites section above.

    3. Click Save and verify that the newly added cloud account (see Cloud for additional context on terminology) is displayed in the Clouds page.
    4. Click the Configure Cloud link. The Accounts tab in the Cloud Accounts page displays all configured cloud accounts.
  4. Click the Regions tab to add a cloud region.

    1. Click Add Cloud Regions.
    2. Select the required regions for this cloud.
    1. Add the Region Name and an optional Display Name for this cloud region.
    2. Click Save.

      The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.

  5. (Optional) Click the Edit Cloud Settings link to update the required settings for each cloud region.

    Use the default values and avoid making changes unless advised by a CloudCenter expert.

    Caution

    If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.

    If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.

    1. Azure Resource Manager Url: The service endpoint for AzureRM. For non-government cloud and non-China, regions, the URL is https://management.azure.com/.

    2. Azure Active Directory Url: The azure active directory URL provided by Microsoft and used to authenticate credentials. For non-government cloud, or non-China region, the URL is https://login.microsoftonline.com/.

    3. Linux Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.

    4. Windows Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.

    5. Linux Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.

    6. Windows Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.

    7. Instance Naming Strategy, Instance IPAM Strategy, and Node Name Config: The Region-Level Cloud Settings section provides more details on configuring these values.

    8. Delete Boot diagnostic logs on VM termination: Default = False. Change this to True if you want to delete the diagnostic logs when a VM or an application is terminated.

    9. Click Save.

  6. To complete the cloud configuration, you must register the CCO with the CCM.

     Register the CCO with the CCM

    Register the CCO with the CCM


    Cloud Region Nuances

    Once you register a CCO with the CCM, the CCO only works for the registered cloud region.

    CloudCenter

    Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.

    While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.

    Non-HA Mode

    To register the CCO with the CCM, follow this procedure:

    1. In the Configure Orchestrator popup, provide the CCO's IP address that is accessible by CCM and select the cloud account that is used to host the CCO:
    2. If you are not already at this page, verify that you are in the Admin > Clouds > Configure Regions for the required cloud)
      1. Click Configure Orchestrator in the Regions tab.
      2. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
      3. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

      4. Cloud Account: Select the cloud account that you want to use with this CCO.

        Amazon Cloud Nuance

        This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.

    3. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.

    4. Repeat Step 2 and Step 3 to establish a mutual trust between the CCM and other CCOs.

    You have registered the CCO VM and completed your configuration. You have two options at this point:

    HA Mode

    To register the CCO with the CCM, follow this procedure:

    1. Ensure that the Tomcat service is running on the Primary CCO.
    2. Login to the Secondary CCO and Tertiary CCO servers and stop the Tomcat service on both servers.

      /etc/init.d/tomcat stop
    3. Access the CCM UI and register the CCO using the CCO LB IP address.
      1. If you are not already at this page, verify that you are in the Admin > Clouds > Configure Regions for the required cloud)
      2. Click Configure Orchestrator in the Regions tab.
      3. Provide the CCO's IP address that is accessible by CCM and select the cloud account that is used to host the CCO:

        1. Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
        2. Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.

        3. Cloud Account: Select the cloud account that you want to use with this CCO. Be sure to select the cloud account that contains this role.

        4. Click Save. The CCM and CCO have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed CCO.
    4. After a successful registration, log into the Primary CCO server.
    5. Copy the gateway_config.properties file from the Primary CCO's /usr/local/osmosix/etc/ folder to the same location on both the Secondary CCO and the Tertiary CCO servers.
    6. Verify that the ownership and permissions for the copied file in all servers is as follows:
      • Owner = cliqruser
      • Group Permission = read and write
    7. Run the following commands to change settings – if required:

      chown 
      cliqruser:cliqruser /usr/local/osmosix/etc/gateway_config.properties
      chmod 644 /usr/local/osmosix/etc/gateway_config.properties
    8. Start the Tomcat on the Secondary CCO and the Tertiary CCO servers by issuing the following command on each server:

       /etc/init.d/tomcat start
    9. Repeat this procedure for other CCOs in HA mode to establish a mutual trust between the CCM and other CCOs.

    You have registered the CCO VM and completed your configuration. You have two options at this point:

Return to: Configure Cloud(s)

© 2017-2019 Cisco Systems, Inc. All rights reserved