You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment.
An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines. If you use multiple Azure subscriptions, you need endpoints for each subscription ID.
As an alternative, you can create an Azure connection directly from vRealize Orchestrator using the Add an Azure Connection command located under in the vRealize Orchestrator workflow tree. For most scenarios, creating a connection through the endpoint configuration as described herein is the preferred option.
Azure endpoints are supported by vRealize Orchestrator and XaaS functionality. You can create, delete, or edit an Azure endpoint. If you change an existing endpoint and do not execute any updates on the Azure portal through the updated connection for several hours, problems may occur. You must restart the vRealize Orchestrator service using the
service vco-service restart command. Failure to restart the service may result in errors.
Configure a Microsoft Azure instance and obtain a valid Microsoft Azure subscription from which you can use the subscription ID. See http://www.vaficionado.com/2016/11/using-new-microsoft-azure-endpoint-vrealize-automation-7-2/ for more information about configuring Azure and obtaining a subscription ID.
Verify that your vRealize Automation deployment has at least one tenant and one business group.
Create an Active Directory application as described in https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal.
Make note of the following Azure related information, as you will need it during endpoint and blueprint configuration.
storage account name
resource group name
virtual network name
client application ID
client application secret key
virtual machine image URN
The vRealize Automation Azure implementation supports a subset of the Microsoft Azure supported regions. See Azure Supported Regions.
Log in to vRealize Automation as a tenant administrator.
- Select .
- Click the New icon ().
- On the Plug-in tab, click the Plug-in drop-down menu and select Azure.
- Click Next.
- Enter a name and, optionally, a description.
- Click Next.
- Populate the text boxes on the Details tab as appropriate for the endpoint.
Unique name for the new endpoint connection. This name appears in the vRealize Orchestrator interface to help you identify a particular connection.
Azure subscription id
The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access.
The geographic region for the deployed Azure resource. vRealize Automation supports all current Azure regions based on the subscription ID.
Resource manager settings
Azure service URI
The URI through which you gain access to your Azure instance. The default value of https://management.azure.com/ is appropriate for many typical implementations. This box is auto-populated when you select an environment.
The Azure tenant ID that you want the endpoint to use.
The Azure client identifier that you want the endpoint to use. This is assigned when you create an Active Directory application.
The key used with an Azure client ID. This key is assigned when you create an Active Directory application.
Azure storage URI
The URI through which you gain access to your Azure storage instance. This box is auto-populated when you select an environment.
If your company uses a proxy Web server, enter the host name of that server.
If your company uses a proxy Web server, enter the port number of that server.
- (Optional) Click Properties and add supplied custom properties, property groups, or your own custom property definitions.
- Click Finish.
What to do next
Create appropriate resource groups, storage accounts, and network security groups in Azure. You should also create load balancers if appropriate for your implementation.
Create an Azure resource group
Create an Azure storage account
Create an Azure network security group