Drawer content here
Knowledge Base  /  Cloud Application Manager  /  Deploying Anywhere
Knowledge Base  /  Cloud Application Manager  /  Deploying Anywhere

Using Microsoft Azure

Updated by Guillermo Sanchez & Sergio Quintana on Jun 03, 2022
Article Code: kb/265

In this article:

Overview

There are two different flavors of Azure and Cloud Application Manager has providers for both.
This document is in reference to Microsoft Azure or Azure Resource Manager deployment model.

Name URL of Portal Name of Provider KB article
Classic Azure https://manage.windowsazure.com Classic Azure Using Classic Azure (1)
Microsoft Azure https://portal.azure.com Microsoft Azure This document

(1) Please note that Microsoft no longer recommends the usage of the Classic Azure deployment model, which has been superseded by the Resource Manager model. For more information see this Microsoft article.

Audience

All Cloud Application Manager users who want to deploy workloads into Microsoft Azure.

Prerequisites

  • Access to Cloud Application Manager Management site.
  • The user must have an existing Microsoft Azure account or should be an Administrator of the organization in Cloud Application Manager to create or bring a Microsoft Azure account to be managed by Lumen.

Connect your Microsoft Azure Account in Cloud Application Manager

Each of Cloud Application Manager's Microsoft Azure Providers gives you the option of setting it up either for an existing or a new Azure Customer Account. Existing accounts are your responsibility and will continue to be billed to you by Azure. New Accounts will automatically be generated on your behalf and the credentials pulled into the Provider via Cloud Optimization, allowing you to hand off platform-level support and billing to Lumen.

If you want to learn how to use the New Account feature, please visit Partner Cloud: Getting Started With a New Azure Customer. The rest of this article assumes you will be using an existing, Azure Customer Account without any integration with Lumen.

Creating your own Azure Subscription

If you want to create your own Azure subscription, follow these steps:

  1. Sign in to your account.

  2. Open Subscriptions.

  3. Click on Add subscription.
    Azure add new subscription

  4. You can use the free trial version or select and purchase a payment plan.

    • Note: Cloud Application Manager is not responsible for any costs incurred through deploying to Azure. For more information, see Azure pricing.

Access to Microsoft Azure Services console with a Microsoft Azure subscription

Login to the Microsoft Azure portal using your Microsoft Azure Account.

If you already have a Microsoft Azure Provider in your Cloud Application Manager, the Lumen support staff can access your subscription by clicking on the Portal Access button located in the Microsoft Azure Provider details page.

Microsoft Azure Portal Access from CAM

Note: This button is only available when provider has been sychronized.

Then, if the user has permissions, a temporary credentials dialog will be displayed to allow the user to login in Microsoft Azure portal. Be sure to logout from previous session in this portal first. These temporary user credentials only lasts for one hour, then the user needs to run this process again.

Application ID (Client) and Directory ID (Tenant)

Once in Microsoft Azure Portal you can reach different sections using the upper search tool or navigating through menus.

MS Azure Services menus

  1. Go to Azure Active Directory in the left menu, and then Properties in the Manage segment of the second menu pane.
  2. Copy and take note of the Directory ID field for later. It is known as Directory (tenant) ID
  3. Next select App registrations, within the Azure Active Directory menu pane
  4. Create a New Application Registration with the following values:
    • Name: Lumen-CAM
    • Supported account types: My organization only
    • Redirect URL: web - https://localhost/logon
  5. Upon registering a line with this applicattion will be added to list. Click on it and see its details.
  6. Copy and take note of Application (Client) ID that have been generated.

Roles and Permissions

  1. For allowing the support personnel to access with a temporary user to your account in case they need to troubleshoot any support issue, you need to grant some permissions on the application you just created.
    To do so, on the details page fo the application you just created, click on API permissions > Add a permission

    MS Azure Services add permission

    In Microsoft APIs tab, in the Commonly used Microsoft APIs section, select the Microsoft Graph

    MS Azure Services Microsoft Graph API

    Now choose the Application permissions type and select in the Directory segment:

    * Read and write directory Data      (Directory.ReadWrite.All)
    

    MS Azure Services API application permissions

    Finally, click Add permissions to apply them to your application.

The following screenshot shows all the permissions that should be granted. Use the above guidance to add anyone else that might be still missing:

MS Azure Services Microsoft Graph API

Subscriptions

Navigate to Subscriptions panel. Use search tool and introduce "Subscriptions"

  1. Select in the Subscriptions list the subscription item for your provider in Cloud Application Manager.

  2. In the Overview tab, a Subscription ID is listed. Copy and take note of this value for later.

    MS Azure Services legacy APIs

  3. Select Access Control (IAM) tab and then select the Add button at the top of screen.

  4. When creating the new role, do so with the following values:

    • Role: Owner (If you do not see the Owner role, you will need to talk to your administrator.)
    • Assign Access to: Azure AD user, group or application
    • Select: Lumen-CAM
  5. Now select Resource providers tab (dowm in the Settings Tabs segment) in your subscription and Register the following providers:

    • Microsoft.Compute
    • Microsoft.Network
    • Microsoft.Storage

    For more information about Resource providers, please refer to Microsoft Azure help

Secret

Return to the Azure Active Directory panel, select App Registrations then Lumen-CAM and finally Certificates & Secrets.

  1. Add a new client secret
  2. Set a Key with the following values:
    • Description: CAM-App-Key
    • Expires: Never
  3. Upon saving a Client secret value will be generated. Copy and keep the key (aka the Secret) value as you won't see it anymore once you navigate away.

Microsoft Azure Provider credentials

Input your Microsoft Azure Provider for an existing account as listed below:

  • Subscription ID: Azure Subscription ID
  • Application ID: Application (Client) ID
  • Secret: Secret Key value
  • Tenant: Active Directory (Tenant) ID or Domain

If you cannot find a specific template that you are looking for in Cloud Application Manager be sure to check out the Azure github quickstart templates.

Creating a new Microsoft Azure provider in Cloud Application Manager

Registering Your Microsoft Azure Subscription (ARM) in Cloud Application Manager is performed with next steps:

  1. In Cloud Application Manager, go to Providers > New Provider and select Microsoft Azure.

    Microsoft Azure - Add Provider

  2. Fill the form with Subscription ID, Application ID, Secret and Tenant obtained in previous section and save.

    Microsoft Azure - Credentials

Once pressed the save button our new provider starts to synchronize with our azure account from which you will get the following information:

  • VM images of windows family operating systems.
  • VM images of operating systems of Linux family.
  • Region list which we can deploy the mentioned services as well as the templates of Microsoft Azure.
  • List of deployed Virtual Machines that are currently not being managed from Cloud Application Manager.

During synchronization, we can get warnings about locations may be ignored because there are no associated virtual networks to them. This is because Cloud Application Manager does not create virtual networks but requires one in the deployment operation of one virtual machine.

Microsoft Azure - During sync

The result of the synchronization process will be the creation of one ARM template box and two policy boxes (Windows and RHEL respectively) in case of exist a virtual network in our account.

Samples and management appliance deployment policy could be installed too.

Enabling services

Services tab is the right place where services such as Managed Services Anywhere, Automatic Discovery of Resources and Analytics can be enabled or disabled attending to your needs. Note that the number of active services will be shown next to the tab's name.

Services tab

Deploying Instances in Azure

You can deploy to the following services in Azure:

  • Windows based virtual machines
  • Linux based virtual machines
  • Microsoft Azure templates

Azure OS Images Available to Deploy in Cloud Application Manager

As part of the result of synchronization process you can find a list of available operative systems that you can use in your policy boxes. You can check this list in Providers page > Configuration.

Microsoft Azure - OS images available to deploy

This images are what we show in image list from policy box edition.

In addition, if you don't find the right image in that list, you could add a new image from the Azure Marketplace clicking in the "New" button at the top right corner and defining the following image properties:

Microsoft Azure - Add OS image to deploy

Option Description
Publisher The organization that created the image.
Offer A group of related images created by a publisher.
SKU An instance of an offer, such as a major release of a distribution.
Image Description Name of the new image. If blank, a default value is set.

On the other hand, you could remove it from available images using the "Trash" icon.

Microsoft Azure - Delete OS image

Some publishers require that you accept their own terms and conditions before you deploy their images from Azure Marletplace. These terms may be accepted directly on the Azure portal after a first deployment, so they will appear as already approved if the image is added to CAM after that. The terms apply whether you deploy the image as an individual CAM instance or though an ARM template.

Images with required, not yet accepted legal terms will have an icon and the text not accepted next to their description.

Microsoft Azure - Marketplace image with pending legal terms

To accept the legal terms, click on the icon and review the terms on the dialog (you may need to download a file containing the terms). If you decide to accept the terms, click on the checkbox, then click Accept.

Microsoft Azure - Accept publisher terms dialog

Once the legal terms are accepted, a green check will appear next to the image description.

Microsoft Azure - Marketplace image with approved legal terms

Removing these images does not revert the agreement. If they are later re-added to CAM, they will show the status of the agreement at that point.

Microsoft Azure Compute Deployment Options

To deploy a virtual machine with compute services you can edit one of windows or RHEL policy boxes or create a new one. Then you can save your changes and click Deploy.

Microsoft Azure - Compute deployment options

If you can't create any policy box on Windows Azure provider probably you have to create a virtual network from Azure portal or you may deploy a new one with a template as we describe in following section. If you choose to use a new Azure provider optimized by Lumen we will create a default network for you.

Resources

Microsoft Azure Deployment Options - Resources

Option Description
Location Select the region where you want to deploy the virtual machine. Each location has available its own images, networks and sizes so is the first parameter you have to choose.
Only locations with networks available are shown.
OS Image Select the guest OS to run in the worker role instance. Note that Windows 2008 images are not synced at this time because the Cloud Application Manager agent doesn’t work on them.
Size Select a size to set the number of CPU cores, memory, and disk size to store your OS files, process temporary memory, and store application data. For more information, see the Azure help. Note that D-Series sizes use solid-state drive disks.
Username Specify a username to be able to RDP or SSH into the instance directly.
Password Specify a password to be able to RDP or SSH into the instance directly.
SSH Certificate Only in Linux machines you can specify a certificate to access via ssh.
Instances Specify the number of instances to spawn. If you increase it to a value higher than 1, a High Availability toggle will appear below that you can enable to use Azure availability sets for high availability support.
ScaleSet Specify if the instance/s should be created into a ScaleSet resource. When switched on, it will enable auto-scaling and load-balancer sections (see below). It will also create a managed Availability Set.
Delegate Management Delegate management to Lumen.

When you increase the number of instances, and if you have not enable Scale Set, the High Availability toggle appears:

High Availability toggle visible

For more information, see the Azure help

Network

Microsoft Azure Deployment Options - Network

Option Description
Virtual Network Choose the network to deploy to among the list of available networks.
Subnet This subnet is the resource related to the virtual machine's network interface. Actually a virtual network is not used at deployment time.
Security Group Filter incoming and outgoing traffic for the virtual machine based on a set of rules. Multiple security groups in a zone can be selected for a virtual machine. For more information, see Security Groups. This option will not appear if you choose to use a ScaleSet feature above, but all restrictions associated with the network and subnet above will be applied.
Public IP Address The public IP Address exposes our server to the public internet where other applications can access it. If loadbalancing is configured, a public IP will be automatically associated with it, so this option will be hidden because there is no need to associate public IPs directly with the instances.

Proxy

Proxy section of deployment policy

Option Description
Host The hostname or domain of the proxy that the agent will use to connect back to Cloud Application Manager, once it has been installed in the deployed instance.
Port The port of the proxy that the agent will use to connect back to Cloud Application Manager, once it has been installed in the deployed instance.

Disks

Microsoft Azure Deployment Options - Disks

Option Description
Storage Account Select the Storage Account to use among the existing ones or Automatic (it will create a new one)
Local Disk When Managed toggle is ON it will use managed disks
Data Disk Storage size for data volume in addition to the Local Disk. This option will not appear if you choose to use a ScaleSet feature above.

Autoscaling

Once you have enabled the ScaleSet switch, you can switch on Autoscaling feature, in which you can also configure the following options:

Microsoft Azure Deployment Options - Autoscaling

Option Description
Min. Instances Minimum number of instances
Max. Instances Maximum number of instances
Scale Out CPU Threshold CPU threshold to fire a scale out event
Increased by Number of instances to add when a scale out event occurs
Scale In CPU Threshold CPU threshold to fire a scale in event
Decreased by Number of instances to remove when a scale in event occurs

The number of instances launched by the autoscaling feature is limited to the maximum number specified under Instances.

LoadBalancer

Once you have enabled the ScaleSet switch, you can switch on Loadbalancer feature, in which you can also configure the following options:

Microsoft Azure Deployment Options - LoadBalancer

Option Description
New Load Balancer Create a new load balancer resource
Use App Gateway Use an existing Application Gateway. It must be available in a subnet other than the instance
Protocol TCP or UDP
Port Load balancer port
Instance Port Instance port to redirect to

When we add a port to the load balancer, apart from the load balancing rule that will be created, it will also configure the necessary probes and NAT rules to be able to access the backend instanctes through the load balancer.

Setting up all these configuration we would deploy a set of instances with their corresponding availability set, autoscaling rules, load balancing, public IP, jump server and healthchecks with just a single click.

Microsoft Azure ARM Template Deployment Options

Azure ARM Templates are supported on Cloud Application Manager with Microsoft Azure provider. You can deploy whatever you want with the same syntax you use on Azure APIs and portal. For this purpose you can create a custom deployment policy and deploy it with an ARM Template box together.

Steps

  1. Create Deployment Policy:

    • Go to Boxes > New > Deployment Policy.
      Microsoft Azure - Create new deployment policy
    • Select Microsoft Azure on the menu.
      Microsoft Azure - Select ARM new deployment policy box
    • Select provider, name and description fields.
      Microsoft Azure - Select provider name
    • Click Save.
  2. Edit Deployment Policy.

    • Go to Template > Code and press Edit.
    • Put your own template and click Save.
  3. Deploy Template.
    Microsoft Azure - Deploy template

    • From Template click Deploy.
    • Select one ARM Template Box.
    • Choose a name and description for the new instance.
    • Press Deploy.

Registering Existing Instances from your Azure Account

You can import existing Virtual Machines into you workspace only in one click. The list of available instances you can import come with your Microsoft Azure provider synchronization.

Available Instances

As part of the result of synchronization process you can find a list of available virtual machines or scalesets that already exist in your account but not used yet in Cloud Application Manager. You can import an existing one clicking Import button.

Microsoft Azure - Available instances

You should first synchronize your Azure provider before trying to register the virtual machine in order to get the current available instances that can be registered along with their statuses.

Azure Native Resources

After the synchronization process, you will also find in the Instances page a list of Azure resources that already exist in your account. You can also register virtual machine type instances from here.

Microsoft Azure - Unregistered instances

These resources can be filtered by the following types and subtypes:

  • Compute
    • ScaleSet
    • Virtual machine
  • Network
    • Load balancer
    • Security groups
    • Network interface
    • Virtual networks
    • IP address
    • VPN
    • Application gateway
    • Local gateway
    • Express gateway
  • Storage
    • File
    • BLOB
    • Table
    • Queue
  • Database
    • Sql Server
    • Managed Sql Server
    • MySQL
    • PostgreSQL
    • CosmosDB

Shutdown and Terminate Instances in Azure

Shutdown Instance

When a shutdown operation is executed from Cloud Application Manager, the virtual machine is stopped on Azure but not deallocated, in order to maintain the VM configuration and not loose the IP address. This means that the virtual machine will continue billed.

To deallocate a virtual machine stopped, you have to enter on Azure portal and click again on Stop.

Terminate Instance

When a terminate operation is executed from Cloud Application Manager, this operation execute the dispose scripts from your box instance and then deletes the virtual infrastructure. You can't revert the action and since you can lose data, be sure you want to perform this action in the first place.

Contacting Cloud Application Manager Support

We’re sorry you’re having an issue in Cloud Application Manager. Please review the troubleshooting tips, or contact Cloud Application Manager support with details and screenshots where possible.

For issues related to API calls, send the request body along with details related to the issue.

In the case of a box error, share the box in the workspace that your organization and Cloud Application Manager can access and attach the logs.

  • Linux: SSH and locate the log at /var/log/elasticbox/elasticbox-agent.log
  • Windows: RDP into the instance to locate the log at /ProgramData/ElasticBox/Logs/elasticbox-agent.log