You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment.

Before you begin

About this task

An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines. If you use multiple Azure subscriptions, you need endpoints for each subscription ID.

As an alternative, you can create an Azure connection directly from vRealize Orchestrator using the Add an Azure Connection command located under Library > Azure > Configuration in the vRealize Orchestrator workflow tree. For most scenarios, creating a connection through the endpoint configuration as described herein is the preferred option.

Azure endpoints are supported by vRealize Orchestrator and XaaS functionality. You can create, delete, or edit an Azure endpoint. Note that if you make any changes to an existing endpoint and do not execute any updates on the Azure portal through the updated connection for several hours, then you must restart the vRealize Orchestrator service using the service vco-service restart command. Failure to restart the service may result in errors.

Procedure

  1. Select Administration > Endpoints > OrchestratorEndpoints.
  2. Click the New icon (Add).
  3. On the Plug-in tab, click the Plug-in drop-down menu and select Azure Plug-in.
  4. Click Next.
  5. Enter a name and, optionally, a description.
  6. Click Next.
  7. Populate the text boxes on the Details tab as appropriate for the endpoint.

    Parameter

    Description

    Connection settings

    Azure Connection

    Connection name

    Unique name for the new endpoint connection. This name appears in the vRealize Orchestrator interface to help you identify a particular connection.

    Azure subscription id

    The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access.

    Resource manager settings

    Azure service URI

    The URI through which you gain access to your Azure instance. The default value of https://management.azure.com/ is appropriate for many typical implementations.

    Tenant Id

    The Azure tenant ID that you want the endpoint to use.

    Client Id

    The Azure client identifier that you want the endpoint to use. This is assigned when you create an Active Directory application.

    Client secret

    The key used with an Azure client ID. This key is assigned when you create an Active Directory application.

    Login URL

    The URL used to access the Azure instance. The default value of https://login.windows.net/ is appropriate for many typical implementations.

    Proxy Settings

    Proxy host

    If your company uses a proxy Web server, enter the host name of that server.

    Proxy port

    If your company uses a proxy Web server, enter the port number of that server.

  8. Click Finish.

What to do next

Create appropriate resource groups, storage accounts, and network security groups in Azure. You should also create load balancers if appropriate for your implementation.

Action

Options

Create an Azure resource group

  • Create the resource group using the Azure portal. See the Azure documentation for specific instructions.

  • Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group.

  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the resource group after attaching it to the service and entitlements. Note that the Resource Group resource type is not supported or managed by vRealize Automation.

Create an Azure storage account

  • Use Azure to create a storage account. See the Azure documentation for specific instructions.

  • Use the appropriate vRealize Orchestrator workflow found under Library/Azure/Storage/Create storage account.

  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the storage account after attaching it to the service and entitlements.

Create an Azure network security group

  • Use Azure to create a security group. See the Azure documentation for specific instructions.

  • Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Network/Create Network security group .

  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the security group after attaching it to the service and entitlements.