You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment.
An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines. If you use multiple Azure subscriptions, you need endpoints for each subscription ID.
As an alternative, you can create an Azure connection directly from vRealize Orchestrator using the Add an Azure Connection command located under in the vRealize Orchestrator workflow tree. For most scenarios, creating a connection through the endpoint configuration as described herein is the preferred option.
Azure endpoints are supported by vRealize Orchestrator and XaaS functionality. You can create, delete, or edit an Azure endpoint. Note that if you make any changes to an existing endpoint and do not execute any updates on the Azure portal through the updated connection for several hours, then you must restart the vRealize Orchestrator service using the
service vco-service restart command. Failure to restart the service may result in errors.
Configure a Microsoft Azure instance and obtain a valid Microsoft Azure subscription from which you can use the subscription ID. See http://www.vaficionado.com/2016/11/using-new-microsoft-azure-endpoint-vrealize-automation-7-2/ for more information about configuring Azure and obtaining a subscription ID.
Verify that your vRealize Automation deployment has at least one tenant and one business group.
Create an Active Directory application as described in https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal.
Make note of the following Azure related information, as you will need it during endpoint and blueprint configuration.
storage account name
resource group name
virtual network name
client application ID
client application secret key
virtual machine image URN
There are unique settings required for creating and deploying cloud applications for Azure in the China environment. For related information, see https://docs.microsoft.com/en-us/azure/china/china-get-started-developer-guide. When creating a vRealize Automation Azure endpoint for China, the service URL, login URL, and storage URL must be specified as follows:
Service URL: https://management.chinacloudapi.cn
Login URL: https://login.chinacloudapi.cn/
Storage URL: https://storage_account_name.blob.core.chinacloudapi.cn/
Log in to the vRealize Automation console as a tenant administrator.
- Select .
- Click the New icon ().
- On the Plug-in tab, click the Plug-in drop-down menu and select Azure Plug-in.
- Click Next.
- Enter a name and, optionally, a description.
- Click Next.
- Populate the text boxes on the Details tab as appropriate for the endpoint.
Unique name for the new endpoint connection. This name appears in the vRealize Orchestrator interface to help you identify a particular connection.
Azure subscription id
The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access.
Resource manager settings
Azure service URI
The URI through which you gain access to your Azure instance. The default value of https://management.azure.com/ is appropriate for many typical implementations.
The Azure tenant ID that you want the endpoint to use.
The Azure client identifier that you want the endpoint to use. This is assigned when you create an Active Directory application.
The key used with an Azure client ID. This key is assigned when you create an Active Directory application.
The URL used to access the Azure instance. The default value of https://login.windows.net/ is appropriate for many typical implementations.
If your company uses a proxy Web server, enter the host name of that server.
If your company uses a proxy Web server, enter the port number of that server.
- (Optional) Click Properties and add supplied custom properties, property groups, or your own custom property definitions.
- Click Finish.
What to do next
Create appropriate resource groups, storage accounts, and network security groups in Azure. You should also create load balancers if appropriate for your implementation.
Create an Azure resource group
Create an Azure storage account
Create an Azure network security group