Configure an AzureRM Cloud
Be aware that these screen captures may change based on the Azure portal changes. They are provided in this section as a point of reference.
Before mapping an Azure Resource Manager cloud, verify the following requirements:
You have a valid Windows Azure Resource Manager account.
Register the required Azure providers from the Azure portal:
Previously, you could only perform this procedure using Azure CLIs.
Now, you can use the UI to register (see Steps 1 - 5 indicated in the image) the following Azure providers:
Microsoft.Compute (displayed in the following image)
Microsoft.Storage (displayed in the following image)
Microsoft.Network (displayed in the following image)
In the Azure Resource Manager Portal, navigate to Azure Active Directory page:
Select App Registration and click Add.
Provide the Name, Sign-On URL, and Create the application. This value must be a standard URL and is required by the AzureRM cloud configuration – it is not used by the CloudCenter platform.
In the following screenshot, the Sign-On URL displays
http://<YourLocalHost or YourAppURL>
Select the newly created application.
Note down the Application ID, it is required to create a Cloud Account in CloudCenter – this is the Client ID.
If you prefer to use Certificate Based Authentication, see the related bullet further in this section.
Click All Settings.
Select Required Permission under API Access and click Add.
- Select Windows Azure Service Management API.
- Select permissions as Delegated Permission and click Done.
Select Keys under API Access.
Specify the Description, Expires, and click Save.
Note down the key after you click save – this key cannot be retrieved later from the portal and it is used by CloudCenter as the Client Key when creating the cloud account.
Select App Registration and click Endpoints.
Note down the Tenant-ID from the OAuth 2.0 Authorization Endpoint – this ID is used by CloudCenter when creating cloud account.
Certificate Based Authentication – In earlier CloudCenter releases, the CloudCenter platform only supported client key authentication for AzureRM environments. Effective CloudCenter 4.9.1, users can select either key-based authentication or the more secure certificate-based authentication.
The certificate used can either be one of the following options – You can create either type using the openssl command from the command prompt of any Linux system:
A self-signed certificate: See the following example.
Remember this password as you will need to enter it in the CloudCenter UI's Certificate and Password fields when you create or edit the Cloud Account.
Generate a key and certificate.
Convert the certificate.pem to PKCS 12 format.
Provide a password to this command when prompted.
A Certificate Authority (CA) signed certificate – Generate a key and CSR, send/receive the certificate.csr file(s) to the signature authority, convert the signed-certificate.pem to PKCS 12 format, and provide a password to this command when prompted.
Remember this password as you will need to enter it in the CloudCenter UI's Certificate and Password fields when you create or edit the Cloud Account
Convert the PKCS formatted certificate (certificate.p12 or signed-certificate.p12) to base64 format using the tool at https://www.base64encode.org/.
Enter the base64 formatted certificate, and the export password used to create the PKCS formatted certificate, in the corresponding fields in the CloudCenter Add or Edit Cloud Account dialog box.
Login to Azure Resource Manager Portal to upload the certificate PEM file (Azure Active Directory > AppRegistrations > Settings > keys > Upload public key) and save.
The corresponding public key for the certificate must be uploaded to the Azure RM portal for the Application Registration that user must add to the CloudCenter cloud account.
Select Subscription > Valid subscription (this is the subscription you want to manage).
Click Access control (IAM).
Click the +Add icon at the top right corner of the managed subscription pane.
Click Add users and select the OWNER role. You can also select other roles for more granular management.
This role should be able to access and manage AzureRM resources like storage, compute, network, keyvault, and so forth to configure AzureRM for the CloudCenter platform.
In the User search box, enter the web application name you defined earlier. In this example, it is CliQrCCO.
Click OK to save your settings.
To configure the logical mapping for an Azure Resource Manager cloud, follow this procedure.
Select the Microsoft AzureRM option, provide a Name and Description for this cloud, and click Save.
Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account pop-up displays:
Assign a new cloud account name.
The name should not contain any space, dash, or special characters.
Add the following Cloud Credentials associated with your Azure account.
Azure Login ID: The email address used to login to your Azure Resource Manager cloud account
Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Portal Interface as described in the Prerequisites section above and access Settings:
Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.
Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.
If you enable Use Cert Based Auth, the Client ID field is hidden and the following fields are displayed:
Certificate– The certificate in PKCS 12 format as Base64 text as identified in the Certificate Based Authentication bullet in the Prerequisites section above.
Password – Enter the password used to create the certificate as identified in the Certificate Based Authentication bullet in the Prerequisites section above.
Client Key: As identified in the keys bullet in the Prerequisites section above.
Click Save and verify that the newly added cloud account (see Cloud for additional context on terminology) is displayed in the Clouds page.
Click the Regions tab to add a cloud region.
Click Add Cloud Regions.
Select the required regions for this cloud.
Add the Region Name and an optional Display Name for this cloud region.
The Instance Types, the Storage Types, and the Image Maps sections are automatically populated with as soon as you add the region.
(Optional) Click the Edit Cloud Settings link to update the required settings for each cloud region.Use the default values and avoid making changes unless advised by a CloudCenter expert.
If you Edit Cloud Settings, you must save the changes to the CCO to ensure that these changes are also propagated to CCOs inside a firewall configuration.
If your CCO is already configured, you must re-register the CCO for these Cloud Settings to take effect.
Azure Resource Manager Url: The service endpoint for AzureRM. For non-government cloud and non-China, regions, the URL is https://management.azure.com/.
Azure Active Directory Url: The azure active directory URL provided by Microsoft and used to authenticate credentials. For non-government cloud, or non-China region, the URL is https://login.microsoftonline.com/.
Linux Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.
Windows Custom Script Extension Version: The custom script extension provided by Microsoft to perform dynamic bootstrapping. Specify the version to be used.
Linux Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.
Windows Diagnostics Extension Version: The diagnostics extension provided by Microsoft to perform metrics monitoring. Specify the version to be used.
To complete the cloud configuration, you must register the CCO with the CCM.Register the CCO with the CCM
Register thewith the
Cloud Region Nuances
Once you register a CCO with the CCM, the CloudCenter platform considers this cloud region to be active and you can only delete the cloud region from the CloudCenter platform under specific conditions. See Cloud Region Configuration > Delete Cloud Region for additional details.
While the example provided references the AWS cloud, be aware that the screen captures may differ for each cloud.
To register thewith the , follow this procedure:
In the Configure Orchestrator popup, provide theIP address that is accessible by and select the cloud account that is used to host the :
If you are not already at this page, verify that you are in the Configure Regions page (Admin > Clouds > Configure Regions for the required cloud).
Click Configure Orchestrator in the Regions tab.
Orchestrator IP or DNS: Provide the IP or DNS address for the CCO server.
Remote Desktop Gateway DNS or IP: The IP address of the Guacamole server (enables browser-based access to the VMs). If the Guacamole component resides in the AMQP server, provide the IP address of the AMQP server.
Cloud Account: Select the cloud account that you want to use with this CCO.
Amazon Cloud Nuance
This setting is important if you have configured an IAM Role. Be sure to select the cloud account that contains this role.
Click Save. Theand have now established a mutual trust relationship. The CloudCenter platform now manages the cloud region with the deployed .
If in HA mode while registering, provide the IP or DNS of the CCO_LB server in the Orchestrator IP or DNS field and the AMQP_LB server IP or DNS in the Remote Desktop Gateway DNS or IP field.
You have registered theVM and completed your configuration.
You have the following options at this point:
Add other cloud regions and register a CCO for each of these clouds. See Per Cloud Region (Required) for additional context.
Map your images. See Map Images for additional context.
If you need to grant permissions to launch images for your cloud account, see Image Launch Permissions.
Model, Deploy, and Manage Applications. See Application Profile for additional context.
Return to: Configure Cloud(s)