You must gather some information and complete an appropriate configuration in order to use a Microsoft Azure instance with a Automation Assembler cloud account.

This task describes the process of configuring Microsoft Azure at a high level. Because Microsoft Azure is a third party product, the interface can be changed or updated at any time independently of VMware Aria Automation Assembler, the accuracy of specific steps might vary. You should regard this procedure as representative rather than definitive.

You will need the following to complete this procedure:
  • Subscription ID - Click the Subscriptions icon on the left toolbar in your Azure portal to view the subscription ID.
  • Tenant ID - Click the Help icon and select Show Diagnostics in your Azure portal. Search for tenant and record the ID when you have located it.
  • Client Application ID - You can locate this under App registrations on the Manage menu.
  • Client Application Secret Key - The Client Application Secret Key functions like a password that Automation will use to authenticate with Azure. You must generate a secret key when you set up Azure. See Step 7 below for specific instructions.

Procedure

  1. Locate and record your Microsoft Azure subscription and tenant IDs as well as the Client Application ID and appropriate Client Application Secret Key.

    Note that the location and configuration procedures related to these components may change with different versions of Azure. See the Microsoft Azure documentation for the latest information.

  2. Now you can add permissions to the account. Select API permissions in the Azure interface and add a permission. Then you can use the Select an API page, select Azure Service Management under Commonly used Microsoft APIs. Select Delegated permissions to select Delegated permissions and add the user_impersonation permission.
  3. After you create an account to connect to Azure, you must give it the required permissions to the subscription. Navigate back to Subscriptions, select the subscription you are adding to Automation Assembler and on the menu, select Access control (IAM).
  4. You can create a new storage account and a resource group at this point. Alternatively, you can create these in blueprints later.
    • Storage Account - Use the following procedure to configure an account.
      1. In your Microsoft Azure portal, locate the Storage Accounts icon, currently located on the sidebar. Make sure the correct subscription is selected and click Add. You can also, search for storage account in the Azure search field.
      2. Enter the required information for the storage account. You will need your subscription ID.
      3. Select whether to use an existing resource group or create a new one. Make note of your resource group name, as you will need it later.
    Note: Save the location of your storage account as you will need it later.
  5. Create a virtual network. Alternatively, if you have a suitable existing network, you can select that one.
    If you are creating a network, you must select Use an Existing Resource Group and specify the group that you created in the preceding step. Also, select the same location that you specified previously. Microsoft Azure will not deploy virtual machines or other objects if the location doesn't match between all applicable components that the object will consume.
    1. Locate the Virtual Network icon on the left panel and click it, or search for virtual network. Make sure to select the correct subscription and click Add.
    2. Enter a unique name for your new virtual network and record it for later.
    3. Enter the appropriate IP address for your virtual network in the Address space field.
    4. Ensure that the correct subscription is selected and click Add.
    5. Enter the remaining basic configuration information.
    6. You can modify the other options as necessary. For most configurations, you can leave the defaults.
    7. Click Create.
  6. Set up an Azure Active Directory application so that VMware Aria Automation can authenticate.
    1. Locate the Active Directory icon on the Azure left menu and click it.
    2. Click App Registrations and select Add.
    3. Type a name for your application that complies with Azure name validation.
    4. Leave Web app/API as the Application Type.
    5. The Sign-on URL can be anything that is appropriate for your usage.
    6. Click Create.
  7. Create a secret key to authenticate the application in Automation Assembler.
    1. Click the name of your application in Azure.
      Make note of your Application ID for later use.
    2. Click All Settings in the next pane and select Keys from the settings list.
    3. Enter a description for the new key and choose a duration.
    4. Click Save and make sure to copy the key value to a safe location as you will be unable to retrieve it later.
    5. On the left menu, select API Permissions for the application and click Add a Permission to create a new permission.
    6. Select Azure Service Management on the Select an API page.
    7. Click Delegated Permissions.
    8. Under Select permissions select user_impersonation and then click Add Permissions.
  8. Authorize your Active Directory application to connect to your Azure subscription so that you can deploy and manage virtual machines.
    1. In the left menu, click the Subscriptions icon, and select your new subscription.
      You may need to click on the text of the name to get the panel to slide over.
    2. Select the Access control (IAM) option to see the permissions to your subscription.
    3. Click Add under the Add a Role Assignment heading.
    4. Choose Contributor from the Role drop down.
    5. Leave the default selection in the Assign Access to drop down.
    6. Type the name of your application in the Select box.
    7. Click Save.
    8. Add additional roles so that your new application has Owner, Contributor, and Reader roles.
    9. Click the Save.

What to do next

It is highly recommended that you install the Microsoft Azure command line interface tools. These tools are freely available for both Windows and Mac operating systems. See the Microsoft documentation for more information about downloading and installing these tools.

When you have the command line interface installed, you can use it to authenticate your new subscription.

  1. Open a terminal window and type your Microsoft Azure login. You will receive a URL and a shortcode that will allow you to authenticate.
  2. In a browser, enter the code that you received from the application on your device.
  3. Enter your Auth Code and click Continue.
  4. Select your Azure account and login.

    If you have multiple subscriptions, ensure that the correct one is selected using the azure account set --subscription <subscription-name> command.

  5. Before you proceed, you must register the Microsoft.Compute provider to your new Azure subscription using the azure provider register --namespace "Microsoft.Compute" command.

    If the command times out and generates an error the first time your run it, run it again.

When you have completed configuration, you can use the azure vm image list command to retrieve available Azure virtual machine marketplace image names. You can choose the desired image and record the URN provided for it and later use it in blueprints.

You must manually accept the agreement terms of the image using the Azure command line interface as shown: 
“az vm image terms accept --urn jetware-srl:postgresql:postgresql96-ubuntu-1604:1.0.170503”
The following example shows how you might sign in a specific subscription using the Azure command line. 
az account list
az login --identity --username <client_id|object_id|resource_id>

Automation Assembler allows any subscription user to map a marketplace image. This does not indicate that the user has access to the image. The user account used to accept all Azure image term agreements must be the same one that was used to create the Automation Assembler cloud account.