Set up integration with Azure Monitor
The following instructions are used to connect DESK to your Azure environment to enable cloud infrastructure monitoring.
Before you begin
The following are required to connect to your Azure environment:
- Sufficient permissions to register an application with your Azure AD tenant, and assign the application to a role in your Azure Subscription. Make sure you have the right permissions to perform these steps.
- An Azure Service Principal to access Azure APIs.
- Minimum DESK version 1.144
- Minimum Environment ActiveGate version 1.161 (GA)
- To get the latest enhancements and capabilities, see the DESK release notes. It's recommended that you keep your versions up-to-date.
Create an Azure Service Principal
To create a Service Principal, you must register your application in the Azure Active Directory.
-
Go to the Azure Management Portal and click Azure Active Directory.
-
Click App registrations in the navigation pane of the selected Active Directory.
-
Click New application registration at the top of the App registrations blade, then type the name of your application. Make sure that Web app / API is selected as the application type.
-
Type the Sign-on URL based on your application name. This does not have to be an actual sign-on page (for example,
http://mydesk.com
). -
Click Create. When the application is created, copy the Application ID, and place it where you can easily retrieve it. This becomes your Client ID once you've set up your connection, and is required to configure DESK to connect to your Azure Subscription.
-
Click Settings to display the Settings pane, then click Keys to display the Keys blade.
-
Type a Key description, then select a key duration in the Expires list.
-
Click Save at the top of the Keys blade. This saves the key and displays the key value in the Value field. Highlight the value and copy it, and place it where you can easily retrieve it (along with your Client ID).
Important: This is your only chance to copy this value. You can't retrieve the key value after you leave the Key blade.
Find your Azure Tenant ID
With the Active Directory blade open, you can now get your Tenant ID. Click Properties in the navigation pane of the Azure Active Directory blade and copy the Directory ID. This is your Azure Tenant ID, which is needed to configure DESK to connect to your Azure Subscription. Keep this ID with your Client ID and Key value.
Alternatively you can also create your Service Principal using Powershell
Alternatively you can also create your Service Principal using Azure Cli
Grant access permissions for your Service Principal
With the Azure Active Directory RBAC, you have full control on which scope DESK can access your environment.
- Directory
- Subscriptions
- Resource Groups
- Resources
At a minimum, "reader" permissions are required for DESK to monitor your services.
Grant access to an Azure Subscription
As an example, you can see how to grant permission for a single subscription.
You need the subscription name and Client ID to complete the service endpoint and connect DESK to your Azure Subscription.
To get the subscription name and Client ID
-
Click All services > General > Subscriptions.
-
In the Subscriptions blade, select the subscription you're using.
-
Copy the subscription ID at the top of the Subscription blade. Keep this ID with your Client ID, Key value, and Azure Tenant ID. Then click Access control (IAM) in the subscription navigation pane.
-
Click Add, then select Reader as the role.
-
In the Select field, paste the Client ID (Application ID) you saved to find the application you created in Create an Azure Service Principal.
-
Select the application and click Save to grant the Service Principal access to your subscription.
Create a new service principal using the following command:
az ad sp create-for-rbac --name YourServicePrincipalName
As of Azure CLI 2.0.68, a strong random password is automatically created. The password key is returned in the output. Make sure you copy this value - it can't be retrieved. If you forget the password, you have to reset the service principal credential.
For more details see - Microsoft Documentation: Create an Azure service principal with Azure CLI
Configure DESK to connect to your Azure Subscription
To properly map the Azure monitoring metrics and Azure Resource Manager metadata to DESK, you must connect your Azure account to DESK for monitoring. This includes providing either the Client ID or Tenant ID and the Secret Key from your Azure Management Portal for access.
-
In the desired DESK environment, click Settings > Cloud and virtualization > Azure.
-
Type a descriptive name for the connection.
-
Enter the Client ID you obtained when creating the Create an Azure Service Principal.
-
Enter the Tenant ID, which is the Directory ID in the properties for the Active Directory in the Azure Management Portal.
-
Enter the Secret Key, which is the key value obtained when creating the Create an Azure Service Principal.
-
Click Connect to add the connection information to the list of Azure connections. You can edit connection information at any time.
My Azure environment is successfully connected - What's next?
Once you have configured DESK to connect to your Azure environment, DESK immedieatly starts investigating your deployed services and starts monitoring them using Azure Monitor.
Estimate Azure consumption for metric queries from Azure Monitor
The table below shows the number of metrics captured for your Azure Services supported through the integration of DESK with Azure Monitor.
Azure service | Monitoring entity | Additional dimensions | Number of metrics |
---|---|---|---|
Loadbalancer | Loadbalancer Loadbalanced Virtual Machine |
7 5 |
|
Application Gateway | Application Gateway Application Gateway - Backend Pool Application Gateway - HTTP Status Group |
2 4 1 |
|
Cosmos DB | Cosmos DB | Azure region, Database name, Collection name | 2 |
Event-Hub | Event-Hub Event-Hub Namespace |
13 3 |
|
IOT-Hub | IOTHub | 25 | |
Redis Cache | Redis Cache | 13 | |
ServiceBus | ServiceBus Namespace ServiceBus Queue ServiceBus Topic |
13 10 10 |
|
Azure SQL | Azure SQL Database Azure SQL ElasticPool |
15 12 |
|
Azure Storage account | Azure Storage account Azure Storage account |
Type (blob, table, etc.), Tier |
3 9 |
Virtual machines | Virtual machines | 7 | |
Virtual machines scale sets | Virtual machine scale sets | 7 | |
Azure AppServices | Azure AppService | AppService plan instances | 14 |
Azure Functions | Azure Functions | AppService plan instances1 | 12 |
1Functions based on Consumption Plan measure as 1 instance.
Metrics queries
Query interval is 5 minutes with a resolution of 1-minute. Azure Resource Manager may throttle API requests which will increase interval to 10 or 15 minutes. For more details on request limits see [Throttling Resource Manager requests] (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-request-limits)
For more details on how Azure Monitor metric queries are metered and priced see Azure Pricing.
Advanced Configuration
The integration accesses the following Azure API endpoints:
- https://*.management.azure.com/
- https://login.microsoftonline.com/
Known limitations
- Azure Monitor integration is only available for the public cloud, not the sovereign clouds (such as Azure Government) or Azure Stack.