Home > CCS > Configuring Cloud Cruiser > 01 Collections > Microsoft Azure

Microsoft Azure

Cloud Cruiser's Microsoft Azure collection retrieves usage, cost, and performance data from Azure, Microsoft's public cloud platform.

Cloud Cruiser supports EA enrollments for Azure China for collection of billing information, but not for collection of performance metrics and other information described in Understanding connection to your subscriptions in this topic.

Cloud Cruiser has observed that Azure China, which is operated by 21Vianet, does not behave as predictably as the global Azure service operated by Microsoft. We have attempted to compensate in Cloud Cruiser for known anomalies of Azure China, but cannot predict every such anomaly. You might find that in Cloud Cruiser an Azure collection for an EA enrollment in China behaves differently than an Azure collection for an EA enrollment in another country.

We do not support Azure Germany, another independently operated Azure system introduced in April 2017.

Cloud Cruiser also collects your Azure tags, and for reporting purposes displays them in the Other group of the All Fields field package. The Azure collection automatically collects resource-level tags for resources deployed using the Azure Resource Manager (ARM) deployment model. If you add Azure subscriptions to your collection, Cloud Cruiser can also collect group-level tags. For more information about how Cloud Cruiser maps source provider data to Cloud Cruiser normalized fields, see Field mapping.

Cloud Cruiser collects Azure data through the following APIs:

  • Azure EA Billing: Usage, charges, and resource tags
  • Azure Resource: Resource Group name, and tags for resource groups
  • Azure Diagnostics: Performance metrics

 

Video example

The following video shows you how to configure collection from a Microsoft Azure cloud, so you can see your Azure cost and usage data in Cloud Cruiser charts and reports:

Before you begin

Before creating an Azure collection, complete the following tasks:

  • Gather your Azure credentials, see Credential information.
  • If you want to collect subscription information, make sure:
    • Your Azure account is assigned the right administrator roles for the subscriptions associated with your Enterprise account. For more information, see Account roles for your subscriptions.
    • Subscriptions are Active. Cloud Cruiser cannot collect from disabled subscriptions.
    • Subscriptions are registered with the microsoft.insights resource provider.
  • If you want to collect performance data, make sure you have the correct diagnostic setting configured for each virtual machine. For more information about enabling and managing diagnostics, see Managing diagnostics for Azure VMs.

Credential information

Before creating an Azure collection, gather the following credential information, which you need to create an Azure collection in Cloud Cruiser:

  • Enrollment Number: Your Microsoft Enterprise Agreement enrollment ID. You can locate this at the top of the Microsoft Azure Enterprise Portal (EA portal).
  • Access Key: A string of characters (approximately 700 in number) used to authenticate access to the Microsoft Azure API. This key is the primary key. To obtain this key, go to EA portal, select Reports > Download Usage > API Access Key and view the value in the Primary Key field. Your key must be an Enrollment Access Key as shown below. This is a long string. To copy the entire value, we recommend using the Expand Key button to copy and paste the string from the EA portal to the Cloud Cruiser Access Key field.

    Keys expire every 6 months by default. Therefore, you need to update your collection periodically. If data collection fails with an "HTTP/1.1 401 Unauthorized" error when connecting to the Microsoft Azure endpoint, investigate whether you need to generate a new API key in the EA portal.

Only an enrollment-level access key will allow Cloud Cruiser to collect Azure data. To check your level of access, look at the heading above your keys in the EA portal as shown here. It must say Enrollment Access Keys. If it says Department Access Keys, Subscription Access Keys, or something else, then you do not have access to your organization's entire EA enrollment. You must get help from someone with enrollment-level keys to create your Azure collection in Cloud Cruiser.

Understanding connection to your subscriptions

To supplement the usage and billing data Cloud Cruiser collects using your Enterprise Agreement credentials, Cloud Cruiser can also collect resource details (such as metrics, tags, and resource group names) available through your Azure subscriptions. Cloud Cruiser collects that data per resource, but the permission do so is set at the subscription level in Azure. For this reason, if you want to collect subscription-level data, when you create the collection in Cloud Cruiser you must use an Azure account to connect that collection to each of your Azure subscriptions.

The user account you use must have either the Service Administrator or Co-Administrator role for each subscription you want to connect to the collection. Cloud Cruiser uses this role to establish Reader-level access in the subscription to be used for data collection, and does not maintain Service Administrator or Co-Administrator access after the temporary login session ends.

If you have multiple subscriptions and multiple subscription administrators, use one of the following strategies to ensure that Cloud Cruiser can discover and collect from your subscriptions:

  • Centralize subscription administrator roles with a single Azure user account. With this strategy:
    • Designate a single Azure user account to collect data in Cloud Cruiser.
    • Subscription Service Administrators then add that centralized user as a Co-Administrator of each subscription.

The benefit of this strategy is simplicity, since you need only only one user to administer the Azure collection in Cloud Cruiser. Note that as new subscriptions are added in Azure, the Service Administrators of those subscriptions must add the centralized user as a Co-Administrator before that user can discover the new subscriptions in Cloud Cruiser. For more information about Azure administrator roles and how to add them to subscriptions, see How to add or change Azure administrator roles in the Microsoft Azure documentation.

  • Allow multiple Azure users to manage the Azure collection in Cloud Cruiser. With this strategy:
    • Spread responsibility for managing the Azure collection in Cloud Cruiser among several people (the Service Administrators of your subscriptions).
    • After you create the Azure collection in Cloud Cruiser, each subscription Service Administrator must add his or her subscriptions to the collection, as described in Updating a collection with additional subscriptions.

If you use this strategy, note that each subscription Service Administrator must have a Cloud Cruiser user account with the Manage Data capability. For more information, see Permissions.

Connecting a subscription to a Cloud Cruiser collection creates a service principal user in Azure named Cloud Cruiser. That user represents the Cloud Cruiser application in that subscription, and has only the Reader role. This allows Cloud Cruiser to view data but not make any changes, as Service Administrator or Co-Administrator access ends with the login session used to connect the subscription. The following image shows an example of that Cloud Cruiser user in the Azure Preview Portal:

Managing diagnostics for Azure VMs

Cloud Cruiser can collect performance and utilization metrics for VMs that have diagnostics enabled and not enabled in Microsoft Azure. Diagnostics captures system data on the virtual machines and virtual machine instances that run a cloud service. Memory utilization metrics are collected for ARM VMs with diagnostics enabled. For ARM VMs with diagnostics not enabled, all metrics are collected. For a list of the specific Cloud Cruiser metrics fields collected from Azure and other providers, see Performance and utilization metrics.

To enable diagnostics for an Azure VM

  1. Go to the Azure Preview portal (https://portal.azure.com), select Virtual Machines.
  2. Click the VM you want to modify.
  3. Navigate to Monitoring, and select Diagnostics settings.
  4. To enable diagnostics:
    • For Windows VMs:
      • Select Performance counters.
      • Select Basic and then select the following Performance Counter check boxes: 
        • CPU
        • Memory
        • Disk 
        • Network
    • Note: To disable diagnostics, select None.
    • For Linux VMs:Linux_ diagnostics.jpg
      • Under Status, select On.
      • Select the storage account to store metrics.
      • Select the Basic Metrics check box.
      • Click Save.

Note: To disable diagnostics, select Off.

  1. Repeat this procedure as needed to enable diagnostics for other VMs.

Creating a Microsoft Azure collection

Creating a Microsoft Azure collection in Cloud Cruiser enables you to collect usage and cost data from your Microsoft Azure Enterprise Account. The Azure collection automatically collects resource-level tags for resources deployed using the Azure Resource Manager (ARM) deployment model. If you add Azure subscriptions to your collection, Cloud Cruiser can collect group-level tags, as well as performance metrics for resources that have diagnostics enabled in Microsoft Azure.

To create an Azure collection

  1. On the Data > Collections screen, click Create New . The New Data Collection screen appears.
  2. Click Microsoft Azure. The Credentials screen appears.
  3. Enter your Microsoft Enterprise Account Enrollment Number and Access Key, and then click Next. Cloud Cruiser validates your credentials. The Subscriptions screen appears.
  4. (Optional) If you want to add subscriptions to your account, complete the following sub-steps. Otherwise, click Next.
    1. Click Add Subscriptions ().
    2. In the Enter Directory Name field, enter the name of your Azure Active Directory and then click Sign in with Microsoft. Note you can find the directory name in your account menu in the top right corner of the Azure Portal. The Active Directory you enter must be the full name format. For example, mydirectory.onmicrosoft.com.
    3. A new window opens, prompting you to sign in to your Microsoft account.
    4. Using your Personal or Work/School account, sign in to Microsoft with an account. You must be a Co-Administrator or a Service Administrator of the subscription. For more information about assigning administrator roles to Azure subscriptions, see How to add or change Azure administrator roles in the Microsoft documentation.

      Cloud Cruiser connects to the subscriptions in the Active Directory you entered, and adds them to the collection. Subscriptions must be set to active (connected) in the Azure Portal for Cloud Cruiser to connect to the subscription. The Status column shows whether subscriptions are connected, connecting, or not connected. You can view the total number of subscriptions per status in the Total Subscriptions section. Connected subscriptions appear in green, connecting subscriptions appear in blue, and not connected subscriptions appear in red. Subscriptions that are not connected are either canceled or disabled in the Azure Preview portal.
    5. By default, the Collect check box is selected for all subscriptions. For any subscriptions you do not want to use in this collection (such as subscriptions with a status of not connected), clear the Collect check box.
    6. Click Next.
  5. On the Data Collection Options screen, enter the following information:
    • Name: Enter a unique name for the collection. The character limit is 40.
    • Comments: (Optional) Enter additional information about the collection. For example, you might describe the types of data you are collecting.
    • Earliest Date to Collect: Select the first day of data you want to collect. Cloud Cruiser collects data from that date forward. For example, if you had your cloud in a pre-production mode for a short time while you fine-tuned the services you offer, consider setting the date to the first day your cloud was in production.
    • Source Currency: Select the currency in which your cloud provider reports your charges. If the Source Currency and your Display currency do not match, Cloud Cruiser converts collections with a different Source Currency and displays the selected Display Currency. For information about changing currency and locale settings, see Currency and locale:
  6. Click Finish. Cloud Cruiser begins collecting data from Microsoft Azure.
    The new collection appears in your list of collections. To view the status of the collection, click the gear icon and click Status. Any errors or warnings related to your collection appear on the Health Checks page. For more information, see Health checks.

Updating a collection with additional subscriptions

You can add subscriptions to an Azure collection you already created. For example, you might have added subscriptions in Azure and you want to collect their metrics in Cloud Cruiser.

Microsoft stores utilization data for 14 days only. It is stored permanently in Cloud Cruiser once collected, but you will see only the most recent 14 days of data following the next collection after you add a subscription. From that point forward data will be collected and stored daily.

To add subscriptions to an Azure collection

  1. In the Collections list, select the collection you want to edit. The Editing Data Collection dialog box appears.
  2. Select Manage Subscriptions.
  3. Click Add Subscriptions ().
    enterDirectory.jpg
  4. In the Enter Directory Name field, enter the name of your Azure Active Directory you want to add, and then click Sign in with Microsoft. Note you can find the directory name in your account menu in the top right corner of the Azure Portal. The Active Directory you enter must be in the full name format. For example, mydirectory.onmicrosoft.com.
  5. A new window opens, prompting you to sign in to your Microsoft account.
  6. Using your Personal or Work/School account, sign in to Microsoft with an account. You must be a Co-Administrator or a Service Administrator of the subscription. For more information about assigning administrator roles to Azure subscriptions, see How to add or change Azure administrator roles in the Microsoft documentation.

    Cloud Cruiser connects to the subscriptions in the Active Directory you entered, and adds them to the Subscriptions list. The Status column shows whether subscriptions are connected, connecting, or not connected. Subscriptions that are not connected are either canceled or disabled in the Azure Preview portal.
  7. In the Collect column. select any subscriptions you do not want to use in this collection (such as subscriptions with a status of not connected), and then click Save.
    The collection is saved, and you return to the Collections list. Cloud Cruiser will collect historical data for your new subscription at its next daily collection.
Last modified

Tags

Classifications

This page has no classifications.