Account Onboarding Process – Azure

In this section, we will look at how you can associate your cloud accounts with CoreStack to make cloud monitoring and governance simpler and effective.

Steps to add cloud accounts to CoreStack

1. Log into CoreStack with your credentials
2. Navigate to Cloud Accounts

3. The Cloud Accounts screen appears. Select the Public/Private Cloud Service Provider from the list. To add a single cloud account, click New Account and select the Single option from the drop down, as shown:

4. A new screen appears with four sections – Authentication, Activation, Configuration and Authorization. Let’s begin with the Authentication section.

Authentication

This is where you first associate your cloud account, by providing the relevant application ID, secret key and tenant ID, and selecting the type of configuration settings.

These are the fields in the Authentication section that must be filled in order to proceed further:

Field Description
Account Name Enter the name of the Account. For example, Azure_Dev.
Description Provide a short description about the account.
Settings Here, you can select the configuration settings for your cloud account. There are three options to choose from – None, Express and Custom.

  • None – Select None if you do not want any governance automation for this cloud account.
  • Express – Express is like a quick setup wizard, wherein the best practice configurations will be automatically setup for the cloud account.
  • Custom – If you want to tailor the configurations for the cloud account, select custom. All the options will be selected by default and you can uncheck them individually in the Configurations section.
Environment Select the appropriate environment for your cloud account as it determines the governance settings. For example, if the cloud account is for development, then select that from the list. The Environment list consists of – Production, Staging, QA and Development.
Scope Select the scope for your account. That is:

Private – Select Private if the cloud account is to be used only by you

Tenant – Select tenant if account will be shared across tenants associated.

Account – Select Account to share with entire team

Tenant ID Enter the unique tenant ID associated with the account. Tenant ID is a string.
Application ID Enter the application ID.
Application Secret Enter the Application Secret Key.
Subscription Select a subscription option from the drop down list that appears.

Click Next to proceed to the next section.

Activation

5. In the Activation section you can select the Compute, Storage, Network, Database, and Web cloud resource types that can be managed by CoreStack.

Cloud Products that can be added to be monitored by CoreStack are:

Cloud Products Types
Compute
  • Images – VM Images Publishers, Images
  • Virtual Machines – VM Scale Sets, VMs, VM Sizes
  • Container Instances – Container Groups, Registry, Container Options
  • Container Services
  • Others – Availability Sets
Storage
  • Storage Disks – Disks, Snapshots
  • Accounts – Operations, Storage Accounts
Network
  • Routes – Route Table
  • Virtual Networks – Virtual Network, Network Security Group, Public IP Address, Network Interface
  • Load Balancers
  • Application Gateways – Application Gateway, Available SSL Policy
Database
  • Servers
Web
  • Sites –  App Services

Here’s how the Activation screen looks:

Click on a cloud resource to select/deselect a resource type fo be managed using CoreStack. An example of how it works – you can select the type of Storage your cloud account must be associated with – Snapshot, Disks or Both.

Note: By default, all the resource types will be selected.

Here’s how the Activation screen looks:

Click Next to proceed to the Configuration section.

Configuration

6. Under Configuration, we can provide the requisite settings to manage the 4Cs of governance – CloudOps, Compliance, Consumption and Cost.

CloudOps

This section handles all the configuration settings associated with alerts, notifications and reports.

Alerts and Notifications

Alert Configuration

CoreStack issues alerts in the situation where set threshold limits are exceeded for the associated cloud account.The alerts set here appear in the CloudOps Dashboard under the Threshold Alerts section.

 

Let us take the example of CPU alert under Compute –  Virtual Machines. You can set an alert stating that a CPU Utilization above a threshold limit of say, 90%, is to be flagged. This alert will be sent as an email as well as flash in the CloudOps Dashboard.

Here’s where you can set the threshold limit:

Field Description
Threshold This is where the numerical value can be provided.
Operator Greater than, Greater than or equal, Lesser than or equal, Lesser than
Aggregation This section determines how the actual performance value should be compared with the threshold for example. That is, should the average monthly CPU utilization be compared to the threshold or the maximum value hit at a specific time be compared to the threshold.
Window Size The time interval to check if the actual metric is crossing the threshold set. For example, the comparison should be made every 30 minutes or every 4 hours or every day. The value is shown as PT1H45M, where:

PT stands for Period Time

1H stands for 1 hour

45M stands for 45 minutes.

Activity Notifications

You can select the activities for which notifications should be sent as an email to you. The activity list is populated based on the Environment selected in the Authentication section.

Since we have selected Development in our example, these are some of the activities listed:

Notifications

This section enables you to add the email and webhook using which notifications can be sent to you. Enter a valid email address and webhook in the respective fields.

Reports

Here, you can select the reports that will be sent to the user account at the end of the day. The two reports available are:

Daily Cost by Cloud Accounts

This shows breakup of daily costs incurred by the cloud account.

Template Execution Summary

This report shows the number of templates executed during the day, how many of them were successful and how many failed.

Compliance

Compliance is one of the pillars of good cloud governance. It is vital to configure the requisite settings right at the start to ensure compliance. This section is split into two sections: Governance Rules and Schedules.

Governance Rules

Tags

Tags help to organize Azure cloud resources, and simplify the billing process.

Append Tags

Using CoreStack, you can add tags and the corresponding values will be appended for all the resources provisioned hereafter either through the Azure portal or through CoreStack.

For example, click Add to append Release as Tag Key and 4.5 as Tag Value.

Enforced Tags

Enforced tags refer to those tags, the resources associated with which will be actively monitored and any non-compliance be reported in the Compliance dashboard.

Policies

Here, select the policies that you want to be applicable for your cloud account. There are different types of policies you can select from – Standards, Security, Cost Optimization and Availability.

Schedules

This is to provide rules for scheduling auto shutdown of the virtual machine associated with the cloud account.

The options available are:

Field Description
Shutdown Details The frequency of the shutdown must be mentioned here. For example, Daily.
Shutdown Time Select the time at which the VM shutdown must be initiated.
Restart Time Select the time at which the VM should get restarted.
Applicable Tags Add tags to specify which VMs should be auto showdown.
Exclude Resource Groups Select Resource Groups, the VMs tagged to which should not be auto shutdown.

Another key scheduling feature that CoreStack offers is the AutoBackup. Follow these steps to activate the backup:

  1. Check the Virtual Machine Backup and Retention option.
  2. A set of fields appears, to help you provide the backup details:
Field Description
Backup Details The frequency of the backup must be mentioned here. For example, Daily or Weekly.
Backup Frequency Select the time at which the backup must be initiated.
Retention Period This field decides the number of days the backup files will be stored on the cloud.
Applicable Tags Add tags to specify which resources the backup should be taken for.
Exclude Resource Groups Select those resource Groups, whose backup you don’t want to be taken.

Consumption

This section highlights the settings for VMs specific to this cloud account in the Self Service Catalog. Here you can select the Operating Systems, Resource Groups, Preferred Regions and Compute Sizes for VMs.

Fill these fields:

Field Description
Operating System Select the OS that should be made available to VMs associated with this account.
Resource Group Resource Group is referred by CoreStack for any configuration and storage account required to store the monitoring and insight data temporarily. Resource Group names only allow alphanumeric characters, underscores, hyphens and parentheses. You can also use periods, but you cannot end the name with it.
Preferred Region Select the region to provision the resource.
Preferred Compute Size Select the preferred compute size for the VM.

Cost

You can configure the budget for this specific cloud account in this section. The budget displayed here is taken into account when computing the cost analytics and display accordingly in the Cost Analytics Dashboard. You can specify the Daily, Weekly and Monthly budget here.

User Defined 

User can define their own budget and enter it in User Defined Section manually.

Auto Calculated Auto Calculated Cost which is suggested is derived by the system based on the usage trends of the account currently reviewed. 

Authorization

This is the last step in the Onboarding Process, wherein the user levels are to be defined. That is, here, you can define which roles can work with this cloud account.

You can change the role permissions in Settings > Roles.


View onboarded account details

Already onboarded a cloud account on CoreStack? Here’s how you can view the details:

  1. Navigate to Cloud Accounts.
  2. Select the cloud account for which you want to view the details. For exampleif you want to look at an Azure account, click on AzureRM available on the left side, a list will appear on the right. From that list, click on the Account Name or select “View Settings” to view more options.

The complete account details, including the configuration settings, appear as shown:

This shows a summary of all the information provided during the four-step onboarding process: Authentication, Activation, Configuration and Authorization.