Configure an AzureRM Cloud

Configuring an AzureRM cloud is a four-step process:

Add an AzureRM Cloud

To add an AzureRM cloud follow these steps.

  1. Navigate to Admin > Clouds. This brings you to the Clouds page. If you, or another tenant admin in your tenant, have already added clouds to your tenant, they will be listed here. Click the Add Cloud link in the upper right.

  2. After clicking Add Cloud, the Add Cloud dialog box is displayed. Enter the cloud name and select the cloud provider.

  3. After clicking Next, the second page of the Add Clouds dialog box, Connectivity Settings, appears. Set the toggle switches to configure the Cloud Connectivity Settings.

    • When adding a public VM cloud in the CloudCenter Suite UI, the Cloud Connectivity Settings page, the second page of the Add Cloud dialog box, appears with a single toggle displayed: Worker VMs Directly Connect with CloudCenter Suite.

    • Setting this toggle to No implies you will install Cloud Remote for each region of this cloud. This also causes a second toggle to appear: CloudCenter Suite Directly Accessible from Cloud Remote. 

    • Follow the table below for guidance on setting these toggles.

      Toggle settingsUse case

      Diagram

      Worker VMs Directly Connect with CloudCenter Suite = YesUnimpeded connectivity exists between the CloudCenter Suite cluster and the cloud region API endpoint
      AND
      Unimpeded connectivity exists between the CloudCenter Suite cluster and worker VMs

      Cloud Remote is not required



      Worker VMs Directly Connect with CloudCenter Suite = No
      AND
      CloudCenter Suite Directly Accessible from Cloud Remote = Yes

      Worker VMs need to communicate to the CloudCenter Suite cluster through Cloud Remote
      AND
      Cloud Remote can initiate the connection to the CloudCenter Suite cluster


      Worker VMs Directly Connect with CloudCenter Suite = No
      AND
      CloudCenter Suite Directly Accessible from Cloud Remote = No

      Worker VMs need to communicate to the CloudCenter Suite cluster through Cloud Remote
      AND
      the CloudCenter Suite cluster cannot receive a connection initiated by Cloud Remote

      Note

      The connectivity toggle settings set at the cloud level are inherited by each region you add to this cloud. However, it is possible to override these toggle settings on a per region basis from the Regions tab for each region.

  4. Click Done to save the configuration and close the dialog box.  This brings you back to the Clouds page and the cloud you just created will be added to the bottom of the list on the left side of the page.

Add an AzureRM Region

After creating an AzureRM cloud, the next step is to create the first region for the cloud. Follow these steps.

  1. Navigate to the Clouds page and select the cloud you created on the left side of the screen. Then click the Add Region button on the right side of the screen.
  2. After clicking the Add Region button, the Add Region dialog box is displayed. Select a region from the list and click Save.
  3. After clicking Save you are brought back to the Clouds page with the region you added shown on the right side of the page.

Configure an AzureRM Region

To configure a region you added to your AzureRM cloud, follow this procedure.

  1. Navigate to Clouds page: Admin > Clouds. Find your AzureRM cloud from the cloud list on the left half of the screen and click its Configure Cloud link. This displays the Regions tab for this cloud as shown in the figure below with the Cloud Settings section displayed first.

    After you have added multiple regions to your AzureRM cloud, the Regions tab will show multiple individual region tabs on the left side of the screen. Click the tab of the region you want to configure.

  2. Click the Edit Cloud Settings link in the upper right of the Cloud Settings section. This opens the Configure Cloud Settings dialog box. The Cloud Settings section contains fields that are unique to AzureRM and settings that are common to all cloud providers. Adjust these field values per the instructions in the following tables.

    AzureRM Specific Cloud Settings

    Field

    Usage

    Azure Environment

    Automatically set by CloudCenter Suite based on the region you selected but it can be overridden by using the dropdown list.

    Linux and Windows extension versions

    The custom script extensions are provided by Microsoft to support dynamic bootstrapping. The diagnostics extension are provided by Microsoft to support metrics monitoring.  These four fields are set to recommended values by default by CloudCenter Suite but they can be overridden by you.

    Delete Boot Diagnostic Logs On VM Termination

    AzureRM will store VM boot diagnostic logs after a VM terminates. CloudCenter Suite sets this value to False by default but you can change the value to True using the dropdown.

    Cloud Agnostic Cloud Settings

    Field

    Usage

    Exclude these special characters for Windows password

    When the Workload Manager agent is installed on a Windows worker VM, a special user account, called cliqruser, is created to support RDP sessions that may be initiated by the user through the Workload Manager UI. A Workload Manager process running on the CloudCenter Suite cluster creates a random password and passes it to the agent for creating the cliqruser account. Because some Windows deployments may restrict using certain characters for Windows passwords, this field is provided to tell the Workload Manager to exclude these special characters in the generation of the password for the cliqruser account.

    Agent Bundle URL

    If you plan to use a local repository to host the bundle store, you need to enter the URL of the local bundle store here. Otherwise, leave blank.

    Agent Custom Repository

    If you plan to use a local repository to host the package store, you need to enter the URL of the local package store here. Otherwise, leave blank.

    HTTP/HTTPS proxy fields (host, username, password)

    If you require VMs in your region to access public addresses through a web proxy, enter the URL and credentials of the HTTP and HTTPS proxy servers in these fields.

    No Proxy Hosts

    If you have specified an HTTP or HTTP proxy using the above fields, you can specify that managed VMs in the region should bypass the proxy and connect directly to certain hosts. Use this field to create a comma-separated list of IP addresses or URLs that should be accessed directly. This field is ignored if an HTTP or HTTPS proxy is not specified.

    Important information on proxy settings

    In CloudCenter Suite it is possible to specify proxy settings at the region level, as described here, and at the suite level. To understand the expected behavior when proxy settings are specified at both levels, see Precedence of Proxy Settings.

    Download Configuration and Encryption Key

    After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you can download them to your local computer and then upload them to other conditional components such as Cloud Remote.

    Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the following screenshot.\

    Clicking Download Configuration causes two things to happen:

    • An encrypted zip file named artifacts.zip is downloaded by your browser. Make note of the location of this zip file as you will need if you are using Cloud Remote.

    • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in the following screenshot.

    Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to conditional components like Cloud Remote.

    If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

    When you are done editing the settings in the dialog box, click Save.

  3. Determine if you need Cloud Remote for this region. Scroll down to the Region Connectivity section for the region and click on the Configure Region link in the upper right to open the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. If all of the connectivity toggles in the Region Connectivity dialog box are set to Yes, then Cloud Remote is NOT needed for this cloud region. In this case, you would normally leave all region connectivity settings at their current values and continue to the next settings section. 

    The exception to this guidance is when a NAT firewall or proxy server exists between the CloudCenter Suite management cluster and worker VMs, or between the CloudCenter Suite management cluster and users that would use Workload Manager to initiate a Guacamole remote connection to a worker VM. In either of these cases, override the address fields in the Region Connectivity dialog box as explained below.

    Networking Constraint

    Field

    Value

    Worker VMs must use a proxy server or NAT firewall to access the "local" AMQP server running in the CloudCenter Suite cluster.Worker AMQP IP AddressIP address and port number that the firewall or proxy server presents to the worker VMs on behalf of the "local" AMQP server running in the CloudCenter Suite cluster.
    Users must use a proxy server or NAT firewall to access the Guacamole server running in the CloudCenter Suite cluster.Guacamole Public IP Address and PortIP address and port number that the firewall or proxy server presents to users on behalf of the Guacamole server running in the CloudCenter Suite cluster.
    Worker VMs must use a proxy server or NAT firewall to access the Guacamole server running in the CloudCenter Suite cluster.Guacamole IP Address and Port for Application VMsIP address and port number that the firewall or proxy server presents to the worker VMs on behalf of the Guacamole server running in the CloudCenter Suite cluster.

    Click OK to save the changes and dismiss the dialog box. You can now proceed to the next region settings section: VM Naming and IPAM Strategy.

  4. If any of the connectivity toggles in the Region Connectivity dialog box are set to No, then you must install and configure Cloud Remote for this region

     Steps to configure Cloud Remote in an AzureRM cloud region

    Cloud Remote for AzureRM

    Follow these steps to obtain, launch and configure Cloud Remote for an AzureRM region.

    Download and Launch the Cloud Remote Appliance in AzureRM

    1. Download the Cloud Remote appliance for AzureRM as zip file from software.cisco.com and then unzip it to reveal the VHD file.

    2. Upload the Cloud Remote appliance VHD file to AzureRM using the AzureRM CLI, then launch the appliance from the AzureRM console web UI. This process is similar to uploading and launching the CloudCenter Suite installer appliance for AzureRM.

      You must use the AzureRM CLI to perform this upload.

    3. Optional but recommended for production environments: Deploy two additional instances of the appliance to form a cluster for HA. Cloud Remote includes support for clustering of multiple nodes. You will "add" these two additional instances to the first instance after the first instance is configured.  See Cloud Remote (Conditional) > Scaling for details.

    4. Once the first instance of the appliance has been launched, use the AzureRM console to note its IP public and private addresses. You will need this information later on in order login to the Cloud Remote web UI and to complete the Region Connectivity settings in the CloudCenter Suite Web UI. Also, note the IP addresses of any other appliances you launch.

    Setup Cloud Remote Firewall Rules for a VM-based Cloud Region

    After you deploy the Cloud Remote appliance, you will need to open various ports on each instance of the appliance. To do this, use the tools provided by the cloud provider to create a new security group for your Cloud Remote cluster; then, associate each appliance in the cluster with that security group. Use the tables below for guidance on what port rules should be added to that security group.

    Port rules for a single node Cloud Remote deployment:

    PortProtocolSourceUsage
    22TCPLimit to address space of users needing SSH access for debugging and changing default portsSSH
    443TCPLimit to address space of users needing access to the Cloud Remote web UI for setup and scalingHTTPS (Cloud Remote web UI)
    8443TCPLimit to address space of users needing SSH or RDP access to their managed VMsUser to Guacamole
    5671TCPLimit to address space of the managed VMs and the address of the CloudCenter Suite cluster's local AMQP serviceAMQP
    15671TCPLimit to address space of users needing web access for debugging the remote AMQP serviceHTTPS (AMQP Management)
    7789TCPLimit to address space of the managed VMsWorker VM to Guacamole

    The Cloud Remote web UI, User-to-Guacamole, and AMQP ports listed above are the defaults used by Cloud Remote. You may change these port numbers using the Change Ports shell script (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)) once the appliance is fully configured and communicating with the CloudCenter Suite cluster. If you plan to modify any of these three port numbers, update the firewall rules accordingly.

    For a multi-node Cloud Remote cluster deployment, these additional port rules should be added to the same security group used for the single node configuration:

    PortProtocolSource
    2377TCP<cr_sec_group> *
    25672TCP<cr_sec_group>
    7946UDP<cr_sec_group>
    4369TCP<cr_sec_group>
    9010TCP<cr_sec_group>
    4789UDP<cr_sec_group>

     * <cr_sec_group> represents the security group that all Cloud Remote nodes are joined to.

    Specify AMQP and Guacamole Addresses for Supporting Cloud Remote

    From the CloudCenter Suite UI, for the cloud region requiring Cloud Remote, navigate to the corresponding Regions or Details tab. Click the Configure Region link in the upper left of the Region Connectivity section to bring up the Configure Region dialog box. The toggle settings should be the same as when you set them in the connectivity page of the Add Cloud dialog box. You must update some of the address fields in the dialog box according to the scenarios summarized in the table below.

    Toggle SettingsFieldValue

    Worker VMs Directly Connect with CloudCenter = No
    AND
    CloudCenter Directly Accessible from Cloud Remote = Yes

    Local AMQP IP Address

    Pre-populated with the address and port number of the "local" AMQP server running in the CloudCenter Suite cluster. This address must be accessible to Cloud Remote

    If Cloud Remote is accessing the CloudCenter Suite cluster through a user-supplied proxy server or NAT firewall, overwrite this field with the corresponding local AMQP IP address and port number provided by the user-supplied proxy server or NAT firewall and accessible to Cloud Remote.

    Worker VMs Directly Connect with CloudCenter = No
    AND
    CloudCenter Directly Accessible from Cloud Remote = No
    Remote AMQP IP Address

    Enter <Cloud_Remote_IP>:<amqp_port>, where
    <Cloud_Remote_IP> = the IP address Cloud Remote which is accessible to the CloudCenter Suite cluster, and
    <amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) >
    Custom Port Numbers (Conditional)).

    If there is no user-supplied NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, the IP address would be the public IP address of Cloud Remote.

    If there is a NAT firewall or proxy server between the CloudCenter Suite cluster and Cloud Remote, instead, enter the corresponding public IP address and port number that the firewall or proxy server presents to the internet on behalf of the "remote" AMQP server running in Cloud Remote.


    Worker VMs Directly Connect with CloudCenter = NoWorker AMQP IP Address

    Enter <Cloud_Remote_IP>:<amqp_port>, where
    <Cloud_Remote_IP> = the Cloud Remote IP address accessible to the worker VMs, and
    <amqp_port> = 5671 OR the custom AMQP port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).

    Worker VMs Directly Connect with CloudCenter = NoGuacamole Public IP and PortEnter <Cloud_Remote_IP>:<guac_port>, where
    <Cloud_Remote_IP> = the Cloud Remote IP address accessible to CloudCenter Suite users, and
    <guac_port> = 8443 OR the custom Guacamole port number you would later set with the Change Ports shell script on the Cloud Remote appliance (see Cloud Remote (Conditional) > Custom Port Numbers (Conditional)).
    Worker VMs Directly Connect with CloudCenter = NoGuacamole IP Address and Port for Application VMsEnter <Cloud_Remote_IP>:<guac_port>, where
    <Cloud_Remote_IP> = the Cloud Remote IP address accessible to worker VMs, and
    <guac_port> = 7789

    When done, click OK to save the setting and dismiss the dialog box.

    Download Region Connectivity Settings and Upload to Cloud Remote

    Cloud Remote uses the region connectivity settings set in the Workload Manager or Cost Optimizer UI. After saving the Region Configuration settings in the Workload Manager or Cost Optimizer UI, you must download them and to your local computer and then upload them to Cloud Remote as follows.

    Click the Download Configuration link in the upper right of the Region Connectivity section, as shown in the figure below.

    Clicking Download Configuration causes two things to happen:

    • An encrypted zip file named artifacts.zip will be downloaded by your browser. Make note of the location of this zip file as you will need to upload it to Cloud Remote through the Cloud Remote web UI (see below).

    • The Region Connectivity section header updates to display a Copy Encryption Key link, as shown in figure below. 

    Click the Copy Encryption Key link to save the key to your clipboard. A success message will be display temporarily above the Region Connectivity section header. Make sure not to overwrite the clipboard with other data. You will need the key when you upload the configuration zip file to Cloud Remote.

    If you change the connectivity settings in the CloudCenter Suite UI and need to again download the zip file, a new encryption key is automatically created and can be copied to the clipboard by clicking the Copy Encryption Key link again.

    After you have downloaded the zip file and copied the encryption key to your clipboard, login to Cloud Remote web UI.

    1. Open another browser tab and login to https://<Cloud Remote_ip> with the default credentials: admin / cisco. 
    2. You will immediately be required to change your password. Do so. 
    3. You are now brought to the Cloud Remote home page as shown in the figure below.
    4. Click the Apply Configuration button in the page header. This prompts you to select a configuration file and enter the encryption key as shown in the figure below.
    5. Paste the encryption key that was copied to the clipboard into the Encryption Key field in the dialog box.
    6. Click Select File and browse to the artifacts.zip file that you downloaded through the CloudCenter Suite web UI and select it.
    7. Click Confirm.
    8. Once the zip file is successfully transmitted and accepted, the Cloud Remote appliance attempts to establish communication with the CloudCenter Suite cluster and the Cloud Remote web UI home page is updated to show the name of the region it is connecting to in the upper right (see figure below).

    Switch your focus back to the Region Connectivity section of the target cloud region in the CloudCenter Suite web UI. The status indicator in the Region Connectivity section header will change from Not Configured to Running once connectivity between  Cloud Remote and the CloudCenter Suite cluster is completely established (see figure below).

    After completing these steps, Workload Manager and Cost Optimizer can use Cloud Remote for communicating with the target cloud region.


  5. VM Naming and IPAM Strategy (conditional): Configure any VM naming strategy in the Strategy section as explained in VM Naming and IPAM Strategies. CloudCenter Suite currently does not support an IPAM strategy for AzureRM. If you leave the settings at the defaults, the default VM naming strategy is applied.

  6. External Lifecycle Actions (conditional): Specify any external lifecycle actions to be performed on all VMs launched by Workload Manager in this region as explained in External Lifecycle Actions Settings

  7. Instance Types (informational): CloudCenter Suite automatically syncs instance types for public cloud regions on a daily basis. This data includes published pricing for each instance type. It is possible to edit AzureRM region instance types, but only the changes in the cost are used by CloudCenter Suite. See Instance Types Settings for more details.

  8. Storage Types (conditional): CloudCenter Suite automatically syncs storage types for public cloud regions on a daily basis. This data includes the cloud provider published pricing for each storage type. It is possible to edit AzureRM region storage types, but only the changes in the cost are used by CloudCenter Suite. See Storage Types Settings for more details.

  9. Image Mappings: Image mappings allow services based on Workload Manager logical images to be deployed using the appropriate physical image stored on the target cloud region. Workload Manager automatically maps the OOB logical images to public cloud region physical images when you add the region to your cloud. Cisco periodically updates these mappings when new versions of OS physical image are uploaded by the cloud provider. To apply these updates to your region after it is added to your cloud, click the Sync Image Mappings link in the upper right of this section. If you create any custom logical images, you must manually import the corresponding physical images into your region and then map the corresponding logical images to these physical images. See Images for more context.

Add an AzureRM Cloud Account

Be aware that the screenshots may change based on the Azure portal changes. They are provided in this section as a point of reference.

Prerequisites

Before adding an AzureRM cloud, verify the following requirements:

  • You have a valid Windows Azure Resource Manager account.

  • Register the required Azure providers from the Azure portal:

    Previously, you could only perform this procedure using Azure CLIs.

    Now, you can use the UI (All Services > Subscriptions) to register the following Azure providers:

    • Microsoft.Compute (displayed in the following image)

    • Microsoft.Storage (displayed in the following image)

    • Microsoft.Network (displayed in the following image)

    • Microsoft.Resources

    • Microsoft.Authorization

  • In the  Azure Resource ManagerPortal, navigate to Azure Active Directory page:

    1. Select App Registration and click Add.

    2. Provide the NameSign-On URL, and Create the application. This value must be a standard URL and is required by theAzureRM cloud configuration – it is not used by the CloudCenter platform.

      In the following screenshot, the Sign-On URL displays http://www.cliqr.com. This is just an example. Be sure to provide the base URL for your application using the required protocol (HTTP or HTTPS) – for example:
      http://<YourLocalHost or YourAppURL> 

    3. Select the newly created application.

      Note down the Application ID; it is required to create a Cloud Account in CloudCenter – this is the Client ID.

      If you prefer to use Certificate-Based Authentication, see the related bullet further in this section.

    4. Click All Settings.  

    5. Select Required Permission under API Access and click Add. See Cloud Overview > Minimum Permissions for Public Clouds for additional details.

    6. Select Windows Azure Service Management API

    7. Select permissions as Delegated Permission and click Done.  

    8. Select Keys under API Access.

    9. Specify the Description, Expires, and click Save.

      Note down the key after you click save – this key cannot be retrieved later from the portal, and it is used by the Workload Manager as the Client Key when creating the cloud account.

    10. Select App Registration and click Endpoints.

      Note down the Tenant-ID from the OAuth 2.0 Authorization Endpoint – this ID is used by the Workload Manager when creating a cloud account.

  • Certificate-Based Authentication – You can select either key-based authentication or the more secure certificate-based authentication. 

    • The certificate used can either be one of the following options – You can create either type using the openssl command from the command prompt of any Linux system:

      • A self-signed certificate: See the following example.

        Remember this password as you will need to enter it in the CloudCenter Suite UI's Certificate and Password fields when you create or edit the Cloud Account.

        • Generate a key and certificate.

          openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
        • Convert the certificate.pem to PKCS 12 format.

          openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
        • Provide a password to this command when prompted.

      • A Certificate Authority (CA) signed certificate – Generate a key and CSR, send/receive the certificate.csrfile(s) to the signature authority, convert the signed-certificate.pem to PKCS 12format, and provide a password to this command when prompted.

        Remember this password as you will need to enter it in the Workload Manager UI's Certificate and Password fields when you create or edit the Cloud Account.

    • Convert the PKCS formatted certificate (certificate.p12 or signed-certificate.p12) to base64 format using the tool at https://www.base64encode.org/.

    • Enter the base64 formatted certificate, and the export password used to create the PKCS formatted certificate, in the corresponding fields in the Workload Manager  Add or Edit Cloud Account dialog box.

    • Login to Azure Resource Manager Portal to upload the certificate PEM file (Azure Active  Directory > AppRegistrations > Settings > keys > Upload public key) and save.

      The corresponding public key for the certificate must be uploaded to the Azure RM portal for the Application Registration that the user must add to the CloudCenter Suite cloud account.

  • In the Azure Resource Manager Portal, configure the user role settings for your web application:

    1. Select Subscription > Valid subscription (this is the subscription you want to manage).

    2. Click Access control (IAM).

    3. Click the +Add icon at the top right corner of the managed subscription pane.

    4. Click Add users and select the OWNER role. You can also select other roles for more granular management.   

      This role should be able to access and manage AzureRM resources like storage, compute, network, keyvault, and so forth to configure AzureRMfor the CloudCenter Suite.

    5. In the User search box, enter the web application name you defined earlier. In this example, it is CliQrCCO.

    6. Click OK to save your settings. 

Configuration Process

To add an AzureRM cloud account, follow this procedure.

  1. Locate the newly-added cloud and click the Add Cloud Account link. The Add Cloud Account dialog box displays as shown in the figure below:

  2. Assign a new cloud account name.

    Tip

    The name should not contain any space, dash, or special characters.

  3. Add the following cloud Credentials associated with your Azure account.

    1. Azure Login ID: The email address used to login to your Azure Resource Manager cloud account

    2. Azure Subscription ID: To retrieve the Subscription ID, toggle to the Azure Portal Interface as described in the Prerequisites section above and access Settings:

    3. Tenant ID: The UUID identified in the VIEW ENDPOINTS bullet in the Prerequisites section above.

    4. Client ID: The UUID identified in the blue icon bullet in the Prerequisites section above.

    5. Use Cert Based AuthIf you enable Use Cert Based Auth, the Client Key field is hidden and the following fields are displayed: 

      1. Certificate – The certificate in PKCS 12 format as Base64 text as identified in the Certificate-Based Authentication bullet in the Prerequisites section above.

      2. Password – Enter the password used to create the certificate as identified in the Certificate-Based Authentication bullet in the Prerequisites section above.

    6. Client KeyIf you do not enable Use Cert Based Authuse the client key identified in the keys bullet in the Prerequisites section above.

  4. Scroll the dialog box down to reveal the billing fields and enter the Region InfoOffer Id, EA Enrollment Number, and EA API Access Key as shown in the figure below. For information on setting up billing information, see https://docs.microsoft.com/en-us/rest/api/consumption/ and https://docs.microsoft.com/en-us/azure/billing/billing-enterprise-api.

    The Region Info is the two-letter ISO code where the offer was purchased. For example, US.

    The Offer Id is tied to the account. To find the Offer Id for your account, navigate to Azure Portal > Subscriptions page and choose a subscription. The Offer Id is displayed in the Overview section.

    The EA Enrollment Number is displayed in the top left corner when you log in to https://ea.azure.com/.

    The EA API Access Key must be generated as follows: Log in to https://ea.azure.com/ as EA Admin and navigate to Reports > Download Usage > API Access Key > Generate.

  5. Click the Connect button. CloudCenter Suite will now attempt to validate your account credentials.

  6. After the credentials are verified, the Connect button changes to an Edit button and two new fields appear Enable Account For and Enable Reporting By Org Structure

    1. Set the Enable Account For dropdown per the table below.

      ValueUsage

      Provisioning

      Workload Manager can deploy jobs using this account.

      Reporting

      Cost Optimizer and Workload Manager will track cloud costs for this account. Typical usage: master cloud accounts that are used for billing aggregation.

      It is recommended that you do not add a Reporting account to the same tenant through different cloud groups.

      Enabling a public cloud account for Reporting may incur expenses to retrieve cost data. These expenses are proportional to the number of configured cloud accounts and regions.

      Provisioning, Reporting

      Default. Account is used for both provisioning and reporting.

    2. For AWS and Google clouds only: Set the Enable Reporting By Org Structure toggle to On to cause Cost Optimizer to import the cost hierarchy created in the cloud provider portal. This saves the time of manually creating a comparable cost hierarchy within Cost Optimizer. See Cost Groups Configuration for more information on cost hierarchies in Cost Optimizer.

    3. Click the Save button when done. 

Cloud Accounts Tab

After you add cloud accounts to a cloud, they will appear in the Accounts tab for the cloud as shown in the figure below.

The Accounts tab contains columns for data entered when creating an account: Account Name, Description, Enabled For; and two additional columns: Billing Units and Actions. Billing Units is a dual function:

  • If the cloud account contains only one billing unit, the ID for that billing unit is displayed.

  • If the cloud account contains multiple billing units, such as an AWS master account, the number of billing units in that account is displayed followed by the text Billing Units

A billing unit is the most granular level of cloud cost recording in CloudCenter Suite. The definition of a billing unit varies by a cloud provider as shown in the table below.

Cloud ProviderBilling Unit
AWSAccount ID
AzureRMSubscription ID
GoogleProject ID
IBM CloudAccount ID
vCenterCloud Group Prefix - Datacenter Name
vCDOrganization Name
OpenStackProject ID
KubernetesNamespace UID

The last column, Actions, contains links to let you edit or deleted the cloud account, or manage instance types for the cloud account.




  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved