Azure (Public)

Overview

Morpheus offers a complete Integration with Microsoft Azure including the following:

  • Virtual Machine Sync, Create, Delete, Manage, RBAC, Tenant Permissions, Policies
  • Resource Group Sync, Create, Delete, RBAC, Tenant Permissions
  • Network Sync, Create, Delete, RBAC, Tenant Permissions
  • Subnet Sync, Create, Delete, RBAC, Tenant Permissions
  • Security Group Sync, Create, Delete, Tenant Permissions
  • Security Group Rule Sync, Create, Delete, Tenant Permissions
  • ARM Blueprints, Spec Templates, Deployment Logs Sync, Git/GitHub Integration
  • MSSQL Service Sync, Create, Delete, Manage, RBAC, Tenant Permissions
  • AKS Sync, Sync, Create, Delete, Manage, RBAC, Tenant Permissions
  • Backup Create, Delete, Manage, RBAC, Policies
  • Storage Sync, Create, Delete, Manage, Browse, RBAC, Tenant Permissions, Policies
  • Marketplace Sync
  • Private Image Sync & Upload
  • Azure Marketplace Custom Library Item Support
  • Remote Console (SSH & RDP)
  • Lifecycle Management
  • Availability Set Support
  • Scale Set Sync, Create, Assign, Manage, Delete
  • Azure Load Balancer Create, Assign, Manage, Delete, RBAC, Tenant Permissions
  • Docker (VM) Cluster Sync, Create, Delete, Manage, RBAC, Tenant Permissions
  • Kubernetes (VM) Cluster Sync, Create, Delete, Manage, RBAC, Tenant Permissions
  • Service Plan Sync, Tenant Permissions, RBAC
  • Pricing Sync RBAC, Tenant Permissions, Markup
  • Costing Sync, Reporting, Invoicing
  • Reservations Sync, Guidance Recommendations
  • Azure Stack Support
  • Tag Bi-Directional Sync, Creation, Deletion Policy Enforcement
  • Cost Estimator
  • Azure US Gov Support
  • Azure China Support
  • Azure Germany Support
  • CSP Account Support

Requirements

Morpheus Azure Integration requires Owner or Contributor access to subscription via App Registration. Adding an Azure Cloud or Clouds to Morpheus will require the following:

  • Azure Subscription ID
  • Directory (tenant) ID
  • Application (client) ID
  • Application (client) Secret
  • Application (client) must be Owner or Contributor of Subscription

CSP Accounts require the additional following input:

  • CSP Directory (tenant) ID
  • CSP Application (client) ID
  • CSP Application (client) SECRET

Credentials & Permissions

Morpheus authenticates with Azure via an App Registration with an Owner or Contributor Role on a Subscription. Use the steps below to create and collect the required credentials and assign the required permissions to integrate Azure with Morpheus.

Warning

Using an App Registration (service principal) that has selective resource permissions and is not an Owner or Contributor of the Subscription is not supported and will cause failures/issues. Please confirm the App Registration you use to integrate Azure with Morpheus has Owner or Contributor permissions on the specified Subscription before contacting support.

Create an App Registration

If you do not have an existing Azure Active Directory App Registration, or you wish to use an new one for Morpheus , you will need to create one.

  1. Log into the Azure portal

  2. Select “Azure Active Directory”

  3. Select “App Registrations”

  4. Select “New Registration”

    ../../../_images/Default_Directory_App_registrations_Microsoft_Azure.png
  5. Next, give app a name, specify Web app / API for the type (default) and enter any url for the Sign-on URL:

  6. Click Create and your new App Registration will be created.

    ../../../_images/Register_an_application_Microsoft_Azure.png

Now that we have (or already had) our App Registration, we will gather the credentials required for the Morpheus Azure integration.

Copy Directory (tenant) and Application (client) IDs

The App Registration Directory (tenant) and Application (client) ID are required for the Morpheus Azure integration. Both can be found in the overview section of the App Registration.

  1. Go to the Overview section of your App Registration
  2. Copy the Directory (tenant) ID
  3. Store/Paste for use as the Tenant ID when Adding your Azure cloud in Morpheus
  4. Copy the Application (client) ID
  5. Store/Paste for use as the Client ID when Adding your Azure cloud in Morpheus
../../../_images/morpheusAppReg_Microsoft_Azure.png

Generate a Client Secret

While still in your App Registration:

  1. Select Certificates & secrets in the Manage Section

  2. Select + New client secret

    ../../../_images/morpheusAppReg_Certificates_secrets_Microsoft_Azure.png
  3. The “Add a client secret” modal will come up

  4. Add a description to help identify the secret in the future

  5. Select a duration

  6. Select Add

    ../../../_images/morpheusAppReg_Certificates_secrets_Add.png
  7. Copy the newly generated Client Secret Value. It is important to copy the Client Secret Value now as it will not be displayed/available

    Important

    Copy the key value before continuing as it will not be displayed/available again.

    ../../../_images/morpheusAppReg_Certificates_secrets_Copy.png
  8. Store/Paste for use as the Client Secret when Adding your Azure cloud in Morpheus

You now have 3 or the 4 credentials required for Morpheus Azure cloud integration. The last credential required is the Azure Subscription ID.

Subscription ID

To get the Azure Subscription ID:

  1. Navigate to the main Subscriptions section. One way is to search for “Subscriptions” and select Subscriptions in the search results

    images/clouds/azure/azuresubscriptionssearch.png
  2. In the main “Subscriptions” section, copy the Subscription ID

    ../../../_images/Subscriptions_Microsoft_Azure.png
  3. Store/Paste for use as the Subscription ID when Adding your Azure cloud in Morpheus

Make App Registration owner or contributor of Subscription

The App Registration created/used needs to be an owner of the Azure Subscription used for the Morpheus cloud integration. If lesser permissions are given or permissions are assigned at individual resource levels, Morpheus will not be able to properly inventory/sync, create and/or remove resources.

  1. In the main “Subscriptions” section in Azure, select the Subscription

  2. In the Subscription pane, select “Access Control (IAM)”

  3. Either Click “+ Add”, and the “Add Role Assignment”, or simply select “Add a role assignment”

    ../../../_images/Azure_subscription_1_Access_control_IAM_Microsoft_Azure.png
  4. In the right pane, select “Owner” or “Contributor” Role type

  5. Search for the name of the App Registration used for the Morpheus integration

  6. Select the App Registration in the search results

  7. Select “Save”

    ../../../_images/Add_role_assignment_save.png

You now have the required Credentials and permissions to add an Azure Cloud Integration(s) into Morpheus.

Add an Azure Cloud Integration

To add a new Azure Cloud integration into Morpheus using the credentials created/collected from the previous section, perform the following:

  1. In Morpheus, navigate to Infrastructure -> Clouds and select + ADD

    ../../../_images/Clouds_Morpheus_Add.png
  2. Select “AZURE (PUBLIC)” from the Cloud Types list and click NEXT

    ../../../_images/Clouds_Morpheus.png
  3. Populate the Following

    NAME

    Name of the Cloud in Morpheus

    CODE

    Optional, code is useful for the API/CLI and can be useful for Naming Policies

    LOCATION

    Optional field for additional details such as locaiton

    CLOUD TYPE
    • Standard (Azure Cloud)
    • US Gov (Azure US Government)
    • German (Azure German Cloud)
    • China (Azure China Cloud)
    SUBSCRIPTION ID

    The target Azure Subscription ID obtained from the previous section

    TENANT ID

    The Directory (tenant) ID obtained from the previous section

    CLIENT ID

    The Application (client) ID obtained from the previous section

    CLIENT SECRET

    The Application (client) Secret obtained from the previous section

    LOCATION

    Once valid credentials are populate above and Morpheus is able to successfully authenticate with Azure, the available locations/regions will populate.

    RESOURCE GROUP
    • Select “All” to scope the Cloud to all available Resource Groups in the specified location/region.
    • Select a single Resource Group to limit Morpheus resource creation, selection and discovery to just this Resource Group.
    INVENTORY EXISTING INSTANCES

    Check to enable discovery/inventory of existing VM’s in the scoped Region and Resource Group(s)

    INVENTORY LEVEL
    Basic

    Morpheus will sync information on all resources in the selected Resource Group(s), including Name, IP Addresses, Platform Type, Power Status, and overall resources sizing for Storage, CPU and RAM, every 5 minutes. Inventoried VM’s will appear as Unmanaged VM’s.

    Full (API Heavy)

    In addition to the information synced from Basic Inventory level, Morpheus will gather Resource Utilization metrics for Memory, Storage and CPU utilization per VM when available.

    Off

    Existing VM’s will not be inventoried

    ACCOUNT TYPE

    Standard, EA or CSP

    Note

    For CSP Accounts, also enter CSP TENANT ID, CSP CLIENT ID and CSP CLIENT SECRET in the Advanced Options section.

    ../../../_images/addAzureCloudMorphuesS1.png
  4. Once done configuring the Cloud, select NEXT. Note all specified values except the Subscription ID can be changes after the Cloud is created.

  5. Next select an existing Group to add the Azure Cloud to, or create a new Group, then select NEXT

    ../../../_images/Clouds_MorpheusAddGroup.png
  6. Review the configuration and then select COMPLETE

    ../../../_images/Clouds_MorpheusComplete.png

Your new Azure Cloud integration will be created and begin to sync.

Note

The initial sync of an Azure Cloud can take some time due to Marketplace data sync.

../../../_images/Clouds_MorpheusNewCloudAdded.png