Getting Started with Azure in ControlUp

ControlUp provides out-of-the-box integration with your Azure environment into the Real-Time Console and Solve, making it easy to monitor and troubleshoot your Azure resources like virtual machines or logical disks. This guide shows you the preparation steps you need to take to start managing and troubleshooting your Azure environment with ControlUp. At the end of this article, you will be up and running with our new Azure integration and have a good knowledge of how to configure the different ControlUp components. 

Related topics:

• Azure in Solve
• Data collection
• Collecting cost metrics
• Administration of virtual machines

Prerequisites

• ControlUp version 8.6 or higher
• The ControlUp Data Collector must have access to https://management.azure.com
• An active Azure subscription. If you don't have a subscription yet, you need to create an Azure account here
• If you have an Azure Enterprise Agreement, make sure to allow Account Owners and Department Administrators to view charges in your Azure subscription
• Make sure the Microsoft.ResourceHealth provider is Registered for the Azure subscription you want to integrate with ControlUp

Benefits of monitoring your Azure environment with ControlUp

• Easier management of your Azure resources
• A comprehensive view of your Azure costs
• Automating actions on your Azure resources

Which resources can we monitor?

We provide metrics for different Azure resources. You can monitor the following Azure resources in the Real-Time Console and Solve:

• Subscriptions
• Resource groups
• Virtual machines
• Virtual disks
• Azure Virtual Desktop (new in 8.8)
  • Host Pools
  • Session Hosts
  • Workspaces
  • Application Groups

Getting Started

To take the first steps on your journey into the ControlUp integration with Azure, you need to create a Service Principal and generate a ClientID and Secret Key, which represent a username and password. Refer to Microsoft's official documentation to learn how to create a service principal. You need to provide the following information to connect ControlUp with Azure:

• Tenant ID
• Application ID
• Secret Key

Mandatory Roles for ControlUp

Make sure you assign the following roles or custom roles to all Service Principals you want to use for ControlUp:

• Reader
• Virtual Machine Contributor. Necessary to perform actions on your Azure virtual machines

If you are unable to use Azure's built-in roles, then create a custom role with these permissions and assign your service principal:

• Microsoft.Resources/subscriptions/resourceGroups/read
• Microsoft.ResourceGraph/resources/read
• Microsoft.ResourceGraph/resourcesHistory/read
• Microsoft.Subscription/aliases/read
• Microsoft.Resources/subscriptions/read
• Microsoft.Resources/subscriptions/resourceGroups/deployments/read
• Microsoft.AzureActiveDirectory/b2ctenants/read
• Microsoft.Compute/virtualMachines/vmSizes/read
• Microsoft.Compute/locations/vmSizes/read
• Microsoft.CostManagement/query/read
• Microsoft.CostManagement/forecast/read
• Microsoft.CostManagement/forecast/action
• Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read
• Microsoft.Compute/virtualMachineScaleSets/read
• Microsoft.ResourceHealth/AvailabilityStatuses/read
• Microsoft.Compute/virtualMachines/read
• Microsoft.Compute/disks/read
• Microsoft.Compute/virtualMachines/instanceView/read
• Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read
• Microsoft.Compute/virtualMachines/powerOff/action
• Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action
• Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action
• Microsoft.Compute/virtualMachines/deallocate/action
• Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action
• Microsoft.Compute/virtualMachines/restart/action
• Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action
• Microsoft.Compute/virtualMachines/reapply/action

Learn more about assigning roles to a service principal in the official documentation.

Create the Azure Connection in ControlUp

You completed the preparation needed for ControlUp to connect to your Azure environment. Now that you have the Tenant ID, Application ID, and Client Secret, you can connect your the console to Azure.

To add a new Azure Cloud Connection:

1. Open the Real-Time DX Console and click Add Cloud Connection
   
2. In the Type field, select Microsoft Azure.
3. Under Credentials, click the drop-down list and select <Add New Cloud Credentials...>
   
4. Enter the Access Key (Application ID), Secret Key (Client Secret), and a Friendly Name that helps identify the shared credential. For tracking purposes, we recommend using the credential name as the Friendly Name. Click OK to confirm your input.
   
5. After you add the credentials, you can see the Friendly Name with the Access Key (in parentheses) in the Credentials field.
   
   New in 8.8:

   For large environments, we recommend adding more than one Service Principal to the Credentials List. Find more information here.
   Note: The credentials must be shared credentials. See Configuring Shared Credentials for more information about shared credentials.
6. Under Tenant ID, enter the ID of your Azure Tenant.
   
7. Next, set up a Data Collector. This is a machine in your ControlUp environment that will make the Azure API calls and therefore must be connected to the internet. Click +Add to add a new Data Collector.
   
8. In the Add data collection agent wizard, select a machine that you want to promote to a Data Collector. Click OK to confirm the selection.
   
9. The machine name appears and you can verify the Azure credentials by clicking Test Connection or the green checkbox that appears next to the Data Collector.
   If the Data Collector establishes a successful connection to your Azure account, a green confirmation icon appears in the Status column.If the Data Collector fails to connect to your Azure account, a red icon is shown. Hover over the red icon to see the reason for the error. To continue, you need to fix the error.
   
10. Click OK. Following this step, ControlUp checks how many subscriptions are associated with your Azure Tenant. The following popups are displayed based on the number of subscriptions:
    1 subscription found:
    2 or more subscriptions found:
    In the Subscriptions List tab, all subscriptions associated with the Azure tenant are displayed. From here, you can select up to 5 subscriptions that will be added to ControlUp.
    Note

    Each Cloud Connection can handle a maximum of 5 subscriptions. If you want to use more than 5 subscriptions, you have to add another Cloud Connection. 
    Mark the checkbox beside each subscription you wish to add to ControlUp in the Use column:
    
11. ControlUp automatically connects to the selected subscriptions, as shown in the screenshot below:
    
12. You can view Resource Groups under a specific subscription by clicking the + button next to the subscription:
    
    

In this chapter, you learned about the prerequisites for using our new Azure integration, the benefits from using this feature, and how to add a new Azure subscription to ControlUp. In the next section, we give you an overview of configuration options that you will need to understand if you want to benefit from all capabilities of the Azure integration.

Azure Integration in Solve

In Solve, subscriptions, and resource groups are displayed in our new navigation hierarchy that you can find in the Discovery panel.

You can find more information about how Azure can be used in Solve in the Azure Integration: Solve article.

Best Practice for Data Collectors

In the previous section, you have learned how to add your Azure subscription to ControlUp and to assign a dedicated ControlUp Data Collector to the subscription. We strongly recommend using a different Data Collector for each subscription due to throttling limits. You can learn more about Azure's throttling limit here. 

Configuration Options

In the previous chapter, you added your Azure subscription to ControlUp. For now, this is enough to start monitoring your Azure resources with ControlUp. However, there are more configuration options that we want to explain in this section. Let's look at each configuration option to help you understand what additional options you have to configure ControlUp. Articles with more information are linked in the corresponding section. 

Changing the Data Collection Intervals

ControlUp provides great granularity for aggregating data from your Azure environment. This gives you the possibility to refresh data in the Real-Time Console and Solve more frequently and to benefit from a better real-time experience. You can define time intervals in seconds for which data is aggregated. Refer to the Azure Integration: Data Collection Intervals article to learn more about data collection intervals. 

Displaying Azure Cost Types in ControlUp

You can make use of the different Azure cost types in the Real-Time Console and Solve to streamline your Azure cost management. To learn more about how to configure cost types, refer to the Azure Integration: Collecting Cost Metrics.