Azure Express Scan
Overview Copied
AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.
Azure Express Scan provides a configuration wizard to guide you through and quickly discover Microsoft Azure objects (Hosts) within a given Azure Subscription and automatically import them into Opsview Monitor.
Azure Express Scan Copied
Virtual Machine discovered by the Azure Scan will be imported into the following Host group Structure:
Opsview > Automonitor > Azure Express Scan > {Subscription Name} > {Resource Group Name} > {Resource Name / HostName}
Health Availability Status for Azure Resource Groups will be imported into the following Host group Structure:
Opsview > Automonitor > Azure Express Scan > {Subscription Name} > Azure_RGs_Health_{Subscription Name} > Azure_RGs_Health_{Subscription Name}
The Scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:
- Cloud - Azure - Virtual Machines
- Cloud - Azure - Linux VMs
- Cloud - Azure - Windows VMs
- Cloud - Azure - VM Backups
- Cloud - Azure - Storage Accounts
- Cloud - Azure - Health Availability Status
- Cloud - Azure - Virtual Machines Scale Sets
- Cloud - Azure - Virtual Machines Scale Sets VM
See more information about Host Templates within the Cloud - Azure Opspack.
Prerequisites Copied
In order to access the AutoMonitor Application and run an Azure Express Scan, the following permissions are required:
Note
Depending on your organisation structure, you may prefer to not give user permissions to CONFIGUREHOSTGROUPS and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > Azure Express Scan > {Subscription Name}) and provide access only to the Subscription Name Host Group to the user(s) running an Azure AutoMonitor Scan.
Azure Credentials required:
- Tenant ID / Directory ID
- Subscription ID
- App ID / Client ID
- Secret Key
Information about Where to Find Azure Credentials can be found at the bottom of this page.
Your Microsoft Azure App/Client needs to have the following Roles assigned
- Monitoring Contributor
- Network Contributor
- Storage Contributor
- Backup Contributor
Note
If your Microsoft Azure App DOES NOT have the right permissions, Azure Express Scan will fail.
Running a Scan Copied
AutoMonitor Azure Express Scan feature is accessible from the Configuration > AutoMonitor menu. When selecting this option will be presented with the following screen:
Select Azure to start with the AutoMonitor Azure Express configuration wizard.
In the configuration wizard (Azure > Input your Azure Credentials), as per the screen shown below, you need to enter Tenant ID
, Subscription ID
, App ID
and Secret Key
to be able to discover Microsoft Azure Resources. (Information about Where to Find Azure Credentials can be found at the bottom of this page).
Once you have entered the relevant information for the required fields, the Start Scan button will be enabled for you to proceed when you are ready to start the scan.
If the credentials are invalid or fail to be authorised, the following error message will be displayed:
Upon successful authorisation, the Scan starts by interrogating Microsoft Azure for a list of Resource Groups, Virtual Machines, Scale Sets and Storage Accounts to scan. Once the scan has started the progress bar will be displayed which indicates how many of the discovered resources have been scanned:
As the scan is being carried out, it can be aborted by hovering over the Abort button which displays a panel to confirm the aborting of the scan. Once the Yes
button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.
If an unrecoverable error occurs during the scan, the following error page will be displayed:
A Sorry there was an error that we can't identify
message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than one hour the scan will time out and show this error message.
If such errors occur, you can click Try again to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.
When the scan completes the following screen will be displayed:
At this point, you can click on Apply changes to trigger a system reload and start monitoring the scanned hosts. Clicking on New will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:
Clicking View log will display a detailed list of the steps completed by the scan:
If the scan fails for some reason, View log is a good way to help diagnose the problem.
Once the scan has finished, you can see the pending hosts by clicking the Host Settings link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check.
Host Check Command associated to Virtual Machines Copied
In order for the scan results to be more useful to the user, the scan will try to associate the appropriate host check command for each host. For that the scan will retrieve the Network Security Group (NSG) rules associated to that Virtual Machine and will assign the more secure one (TCP port 443 (HTTP/SSL), TCP port 22 (SSH), TCP port 80 (HTTP), TCP port 25 (SMTP), TCP port 21 (FTP), TCP port 161 (SNMP), TCP port 135 (MS RPC), TCP port 5900 (VNC)).
Choosing a collector to monitor Azure Resources Copied
AutoMonitor will automatically determine which collector cluster has the best connection to Microsoft Azure (using the URL https://login.microsoftonline.com) and will set the imported hosts to be monitored by that collector. If no collector can connect to Microsoft Azure, then the scan will fail.
Variables Copied
Automonitor will attempt to populate the variables as appropriate for the host checks added by the scan. To ensure that all service checks can run correctly, populate the AZURE_CREDENTIALS
global variable manually (in Configuration > Variables), as described below, before or after running the scan. If a subset of hosts require a different set of credentials, the AZURE_CREDENTIALS
variable can be applied at the host level where needed to override the global variable.
Where to find Azure credentials Copied
Follow the steps below to retrieve this information.
-
Find the Subscription ID. The Subscription ID can be found in the Subscriptions section under the All services section in the Azure dashboard.
-
Find the Tenant/Directory ID. The Tenant/Directory ID can be found in the Azure Active Directory section under the Properties section in the Azure dashboard.
-
Find the Client/Application ID for your application. You need to create and register your application if you haven’t already. For more information, refer to: Create an Azure Active Directory application
The Client/Application ID can be found in the Azure Active Directory section under the App registrations section in the Azure dashboard.
- Generate the Secret Key for your application. You will need to create a Secret Key for your application, once this has been created its value will be hidden, so save the value during creation.
To create the Secret Key, select your application from the list, select the Certificates and secrets section and then click on New client secret. Specify a description and expiration date for your key and then click Add.
Troubleshooting Copied
After importing Hosts from an Azure Express Scan, some service checks may report UNKNOWN state with an unknown error message. This issue can be due to a missing credentials variable - ensure the AZURE_CREDENTIALS
variable is populated correctly at either the global variable level (in Configuration > Variables), or on the specific host with the UNKNOWN check.
These failing checks may take 15 minutes or more to resolve after applying this fix due to caching to speed this process up you can restart the opsview-cachemanager
component, see Cache Manager Configuration.