Azure is Microsoft’s public cloud offering. Offering a full range of services and features across the globe in various datacenters. It is the equivalent of AWS for Microsoft running primarily on the Hyper-V based hypervisor. While it is a great public cloud offering, it can be somewhat difficult to get integrated with which is what this guide aims to cover.
- Virtual Machine Provisioning
- Azure SQL Database
- Backups / Snapshots
- Resource Group Sync & Selection
- Network Sync & Selection
- Security Group Sync & Selection
- Storage Account Sync & Selection
- Marketplace Search and Provisioning
- Azure Marketplace Custom Library Item Support
- Remote Console
- Periodic Synchronization
- Lifecycle Management and Resize
- Availability Set Support
- Azure Load Balancers
- Azure Storage
- Docker Host Provisioning & Management
- Service Plan Sync
- Pricing Sync with markup options
- Cost Estimator
Combine these features with on premise solutions like Azure-Stack and Morpheus can provide a single pane of glass and self service portal for managing instances scattered across both public Azure and private Azure Stack offerings.
Morpheus even supports integrating with CSP based accounts in Azure (typically used by managed service providers).
- Azure Active Directory Application & Credentials
- Client ID (old portal) / Application ID (new portal)
- Client Secret (old portal) / Key Value (new portal)
- Tenant ID (old Portal) / Directory ID (new portal)
- Azure Subscription ID
- Above Active Directory App added as owner of this Azure Subscription
- Existing Azure Resources
- Network Security Group(s)
* Typical Inbound ports open from Morpheus Appliance: 22, 5985, 3389
- Typical Outbound to Morpheus Appliance: 80, 443
- These are required for Morpheus agent install, communication, and remote console access for windows and linux. Other configurations, such as docker instances, will need the appropriate ports opened as well.
- Typical Outbound to Morpheus Appliance: 80, 443
- Virtual Network(s)
- Public IP assignment required for instances if Morpheus Appliance is not able to communicate with Azure instances private ip’s.
- Resource Group(s)
- Storage Account(s)
- Network Security Group(s) * Typical Inbound ports open from Morpheus Appliance: 22, 5985, 3389
Morpheus v2.10.3 added support for multiple Resource Groups and Storage Accounts per cloud, making our Azure integration more capable and easier to configure. Prior versions of Morpheus supported one resource group and one storage account per cloud, with the security group and network selection limited to the scoped Resource Group. If you are on an earlier version of Morpheus , please note you will need to add an Azure cloud integration for each Resource Group and Storage Account you would like to use.
Azure Active Directory Credentials¶
If you do not already have the Azure Active Directory credentials required to add an Azure cloud to Morpheus , use the steps below to obtain them.
Microsoft recently added support for Active Directory application configuration in the new Azure portal. Previously, users had to use the old portal to get the required credentials to integrate Azure with Morpheus . The instructions below are updated for the new portal. Microsoft also changed the naming conventions of the credentials:
Old and New Portal Naming Conventions:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——-+ |Old Azure Portal Name | New Azure Portal Name | +======================+=======================+ |Tenant ID |Directory ID | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——-+ |Client ID |Application ID | +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~——-+
Creating an Azure Active Directory Application¶
If you do not have an existing Azure Active Directory application for Morpheus , you will need to create a new on by:
Log into the Azure portal
Select “Azure Active Directory”
Select “App Registrations”
Select “New Application Registration”
Next, give your new AD app a name, specify Web app / API for the type (default) and enter any url for the Sign-on URL:
Click Create and your new Azure Active Directory Application will be created.
Now that we have (or already had) our AD app, we will gather the credentials required for the Morpheus Azure integration.
Tenant ID/Directory ID¶
While still in the Active Directory Section:
Copy the Directory ID
Store/Paste for use as the Tenant ID when Adding your Azure cloud in Morpheus
Client ID/Application ID¶
Select App Registrations
Select your Active Directory Application
Copy the Application ID
Store/Paste for use as the Client ID when Adding your Azure cloud in Morpheus
Client Secret/Key Value¶
While still in your Active Directory Application:
Select Keys in the Settings pane
Enter a name for the key
Select a duration
Copy the Key Value
Store/Paste for use as the Client Secret when Adding your Azure cloud in Morpheus
Copy the key value. You won’t be able to retrieve after you leave this blade.
You now have the 3 Active directory credentials required for Morpheus Azure cloud integration.
The last credential required for the Morpheus Azure cloud integration is the Azure Subscription ID
Select Resource Groups
Select a Resource Group (instruction below if you do not have an existing resource group)
Copy the Subscription ID
Store/Paste for use as the Subscription ID when Adding your Azure cloud in Morpheus
Make Azure Active Directory Application owner of Subscription¶
The Active Directory Application used needs to be an owner of the subscription used for the Azure Morpheus cloud integration.
In the Subscription pane, select “Access Control (IAM)”
Click “+ Add”, in the pane to the right, select “1 Select a role” and then select “Owner”
Select “2. Add Users” and in the search box begin to type the name of the AD Application created earlier.
the AD Application will not display by default and must be searched for.
Select the Application, then click “Select” at the bottom of the Add Users pane, and the select “OK” at the bottom of the Add Access pane.
Be sure to select “OK” at the bottom of the Add Access pane or the user addition will not save.
You now have the required Credentials to add an Azure cloud integration into Morpheus .
You will also need to have existing Network Security Group(s), Virtual Networks(s) and Storage Accounts(s). Instructions for creating these can be found later in this article.
Add Azure cloud in Morpheus¶
Azure is now ready to be added into Morpheus . Ensure you have the noted Subscription ID, Tenant ID, Client ID, and Client Secret accessible.
In Infrastructure - Clouds, select “+ Create Cloud” and select Azure from the cloud widget.
In Infrastructure, Groups- you can select the Clouds tab of a Group and click “+ ADD” next to Azure in the Public Cloud section
Enter the following:
- Location (optional)
- Domain (if not localdomain)
- Scale Priority
- Subscription ID (from step 18)
- Tenant ID (from step 16)
- Client ID (from step 13)
- Client Secret (from step 13)
If everything is entered correctly, the Location dropdown will populate.
Select the Location/Region to scope the cloud to (additional Clouds can be added for multiple regions)
Select All or specify a Resource Group to scope this cloud to
Optionally select “Inventory Existing Instances” (This will inventory your existing vm’s in Azure and list them in Morpheus as unmanaged instances.)
Click “Save Changes”
Your Azure Cloud will be created.
Creating Resources in Azure¶
If you do not have existing Network Security Groups, Virtual Networks, or Storage Accounts, you can create them by following the steps below:
Create a Network Security Group¶
In the main Azure toolbar, select the right arrow at the bottom of the toolbar (if collapsed) and search for and select Network Security Groups.
Click “+ Add” at the top of the Network security groups pane
Enter a unique name for the security group, select the correct subscription, and either select the resource group being used, or create a new one as shown below. Also verify the Location is the same, and then click “Create” at the bottom of the pane.
Configure inbound and outbound rules for the security group. Ports 80 (http), 443 (https) 22 (ssh) and 5985 (winrm) need to be open to and from the Morpheus appliance.
Create a Virtual Network¶
In the main Azure toolbar, select the right arrow at the bottom of the toolbar (if collapsed) and search for and select Virtual Networks.
Click “+ Add” at the top of the Virtual Networks pane
Enter a unique name for the virtual network, the correct subscription, select “Use existing” and select the same resource group as the Network Security Group. Also verify the Location is the same, and then click “Create” at the bottom of the pane.
Create a Storage Account¶
In the main Azure toolbar, select the right arrow at the bottom of the toolbar (if collapsed) and search for and select Storage Accounts.
Click “+ Add” at the top of the Storage accounts pane
Enter a unique name for the storage account, select “Locally-redundant storage (LRS) for Replication, select the correct subscription, select “Use existing” and select the same resource group as the Network Security Group and Virtual Network. Also verify the Location is the same, and finally click “Create” at the bottom of the pane.
So far this document has covered how to add the Azure cloud integration and has enabled users the ability to provision virtual machine based instances via the Add Instance catalog in Provisioning. Another great feature provided by Morpheus out of the box is the ability to use Docker containers and even support multiple containers per Docker host. To do this a Docker Host must first be provisioned into Azure (multiple are needed when dealing with horizontal scaling scenarios).
To provision a Docker Host simply navigate to the Cloud detail page or Infrastructure?Hosts section. From there click the + Container Host button to add a Azure Docker Host. This host will show up in the Hosts tab. Morpheus views a Docker host just like any other Hypervisor with the caveat being that it is used for running containerized images instead of virtualized ones. Once a Docker Host is successfully provisioned a green checkmark will appear to the right of the host marking it as available for use. In the event of a failure click into the relevant host that failed and an error explaining the failure will be displayed in red at the top.
Some common error scenarios include network connectivity. For a Docker Host to function properly, it must be able to resolve the Morpheus appliance url which can be configured in Admin|Settings. If it is unable to resolve and negotiate with the appliance than the agent installation will fail and provisioning instructions will not be able to be issued to the host.
A very common scenario for Managed Service Providers is the need to provide access to Azure resources on a customer by customer basis. With Azure several administrative features have been added to ensure customer resources are properly scoped and isolated. For Azure it is possible to assign specific Networks, and Resource Groups to customer accounts or even set the public visibility of certain resources, therefore allowing all sub accounts access to the resource.
Azure Scale Sets¶
Auto-scaling Azure instances can be done with the native Morpheus scaling service or Azure Scale Sets. When using Azure Scale Sets, Morpheus will configure the scale sets and thresholds, but Azure will be responsible for scaling the instances. The Instances nodes that are added and removed by Azure will be synced in by Morpheus as the instance scales up and down.
Instances can only be added to Azure Scale Sets at provision time.
Adding an Instance to a Scale Set¶
Provisioning - Instancesselect + ADD
Select an Instance Type that has scaling enabled (Advanced section when editing an Instance Type in Provisioning - Library)
Configure the Instance as desired
In the AUTOMATION section under Scale - Scale Type select Azure Scale Set
Select a default Threshold. Threshold pre-sets can be added in Provisioning - Automation- Scale Thresholds (requires Instances - Thresholds permission)
Complete the instance configuration and provision the instance.
A Virtual Machine scale set will be created in Azure with the selected threshold and min/max node settings.
Create Threshold Presets¶
Provisioning - Automationselect the SCALE THRESHOLDS tab
Access to the SCALE THRESHOLDS section requires Instances - Thresholds Role permissions.
Select + ADD
Configure Threshold settings.
Select SAVE CHANGES
The new Threshold will be available for selection in the SCALE section during provisioning or when configuring an App Blueprint.
Edit Thresholds on an Instance¶
Provisioning - Instancesselect the target Instance.
Select the SCALE tab below the VM’s section
In the THRESHOLDS section of the SCALE tab, click EDIT
Update the threshold settings.
Morpheus will sync in changes to a scale sets threshold settings if the settings are edited in Azure.