You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment.

An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines. If you use multiple Azure subscriptions, you need endpoints for each subscription ID.

As an alternative, you can create an Azure connection directly from vRealize Orchestrator using the Add an Azure Connection command located under Library > Azure > Configuration in the vRealize Orchestrator workflow tree. For most scenarios, creating a connection through the endpoint configuration as described herein is the preferred option.

Azure endpoints are supported by vRealize Orchestrator and XaaS functionality. You can create, delete, or edit an Azure endpoint. If you change an existing endpoint and do not execute any updates on the Azure portal through the updated connection for several hours, problems may occur. You must restart the vRealize Orchestrator service using the service vco-service restart command. Failure to restart the service may result in errors.

Prerequisites

  • Configure a Microsoft Azure instance and obtain a valid Microsoft Azure subscription from which you can use the subscription ID. See Microsoft Azure Endpoint Configuration for more information about configuring Azure and obtaining a subscription ID.
  • Verify that your vRealize Automation deployment has at least one tenant and one business group.
  • Create an Active Directory application as described in https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal.
  • Make note of the following Azure related information, as you will need it during endpoint and blueprint configuration.
    • subscription ID
    • tenant ID
    • storage account name
    • resource group name
    • location
    • virtual network name
    • client application ID
    • client application secret key
    • virtual machine image URN
  • The vRealize Automation Azure implementation supports a subset of the Microsoft Azure supported regions. See Azure Supported Regions.

  • Log in to vRealize Automation as a tenant administrator.

Procedure

  1. Select Administration > vRO Configuration > Endpoints.
  2. Click the New icon (Add).
  3. On the Plug-in tab, click the Plug-in drop-down menu and select Azure.
  4. Click Next.
  5. Enter a name and, optionally, a description.
  6. Click Next.
  7. Populate the text boxes on the Details tab as appropriate for the endpoint.
    Parameter Description
    Connection settings
    Connection name Unique name for the new endpoint connection. This name appears in the vRealize Orchestrator interface to help you identify a particular connection.
    Azure subscription id The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access.
    Azure Environment The geographic region for the deployed Azure resource. vRealize Automation supports all current Azure regions based on the subscription ID.
    Resource manager settings
    Azure service URI The URI through which you gain access to your Azure instance. The default value of https://management.azure.com/ is appropriate for many typical implementations. This box is auto-populated when you select an environment.
    Tenant Id The Azure tenant ID that you want the endpoint to use.
    Client Id The Azure client identifier that you want the endpoint to use. This is assigned when you create an Active Directory application.
    Client secret The key used with an Azure client ID. This key is assigned when you create an Active Directory application.
    Azure storage URI The URI through which you gain access to your Azure storage instance. This box is auto-populated when you select an environment.
    Proxy Settings
    Proxy host If your company uses a proxy Web server, enter the host name of that server.
    Proxy port If your company uses a proxy Web server, enter the port number of that server.
  8. (Optional) Click Properties and add supplied custom properties, property groups, or your own custom property definitions.
  9. Click Finish.

What to do next

Create appropriate resource groups, storage accounts, and network security groups in Azure. You should also create load balancers if appropriate for your implementation.

Action Options
Create an Azure resource group
  • Create the resource group using the Azure portal. See the Azure documentation for specific instructions.
  • Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group.
  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the resource group after attaching it to the service and entitlements.
    Note: The Resource Group resource type is not supported or managed by vRealize Automation.
Create an Azure storage account
  • Use Azure to create a storage account. See the Azure documentation for specific instructions.
  • Use the appropriate vRealize Orchestrator workflow found under Library/Azure/Storage/Create storage account.
  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the storage account after attaching it to the service and entitlements.
Create an Azure network security group
  • Use Azure to create a security group. See the Azure documentation for specific instructions.
  • Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Network/Create Network security group .
  • In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow. You can request the security group after attaching it to the service and entitlements.