Managing Microsoft Azure public providers

Last updated 6 February, 2019

About Microsoft Azure accounts

Microsoft Azure Enterprise Agreement and Identity and Access Management (IAM) subscriptions

HPE OneSphere interacts with Microsoft Azure through two separate accounts:

HPE OneSphere account Relationship Microsoft Azure account
Azure Public Billing Account connects to Azure Enterprise Agreement account
Azure provider public account connects to Azure IAM subscriptions
  • You must have an Azure Enterprise Agreement account before adding an Azure Public Billing Account in HPE OneSphere.

  • You must have an Azure IAM subscription before connecting an HPE OneSphere individual provider public account. Connecting a provider public account to an Azure subscription allows HPE OneSphere to display cost information about Azure services on the Insights screen.

    NOTE:

    For each new provider public account you connect to an Azure subscription, it will take approximately 24 hours to populate all relevant cost data to reflect the most recent changes to any Azure services.

Azure subscriptions have a 1-to-1-to-1 relationship with public accounts and projects in HPE OneSphere (similar to AWS). One project can be associated with only one of each type of provider public account. For example, you can associate a single project with one AWS public account and one Azure subscription account.

Permissions

For each new Azure subscription added to HPE OneSphere, a new "Reader" role is granted to the HPE OneSphere application. If this new role is deleted in Azure, you must add a new provider public account in HPE OneSphere. The HPE OneSphere "Reader" role in Azure is read-only.

HPE OneSphere uses the standard Microsoft role based consent framework for adding Azure subscriptions to public provider accounts. The specific Azure permission that allows HPE OneSphere to onboard an Azure subscription is Microsoft.Authorization/roleAssignments/Write. This is the default permission in accounts where the user role is listed as "Owner."

IMPORTANT:

Adding Public Billing Accounts requires HPE OneSphere administrator privileges. Provider public accounts can be added by HPE OneSphere administrators or project owners that have been enabled to connect providers to Azure subscriptions. This person must have his or her own account in Microsoft Azure.

The Azure subscription owner must grant the HPE OneSphere administrator or enabled project owner's account in Azure the proper permissions. If the HPE OneSphere administrator or enabled project owner does not already have the "Owner" role for the subscription in Azure, they will need the specific Microsoft.Authorization/roleAssignments/Write permission before adding that subscription to a provider public account in HPE OneSphere. The current subscription owner can grant this role or privilege from the Access control (IAM) screen in the Azure subscription.

About resource usage in Microsoft Azure public accounts

When managing a hybrid cloud, you will want to understand and manage the utilization of your cloud resources.

HPE OneSphere provides you with cloud analytics, which is information about your hybrid cloud consumption. Cloud analytics tell you who is using how much of which services.

Understanding resource usage from the Providers screen

On the Providers screen, under Public Accounts, you can select a public cloud provider to see utilization and performance information about virtual machine deployments and hosts.

  • Click on a Microsoft Azure public cloud provider name to see scores for the virtual machine deployments in the provider.

Each graph shows a score from 0 to 1000, where 1000 is the highest score. The score is an abstract value that represents the relative state of the virtual machine deployment. Clicking an individual category in the bar graph displays details specific to each category. Click the information icon  to display more information about the Rating Breakdown.

  • Rating

    Overall score computed from the Availability, Utilization, and Performance scores. The score is weighted as follows:

    • Availability: 50%

    • Utilization: 30%

    • Performance: 20%

  • Availability

    Score computed from the proportion of time that the virtual machine or host is available for use.

  • Utilization

    The score is measured against the target utilization rate of 75%. A high score means you are using a large percentage of the target utilization.

    • Public cloud: Number of CPU cores used out of the total number of cores. For Azure, the score is computed from raw consumption metrics as an aggregation of Microsoft.Compute/virtualMachines and Microsoft.Compute/virtualMachineScaleSets instances deployed to the Azure subscription assigned to this provider.

  • Performance

    The score computed from raw performance metrics that measure network congestion and overall network performance.

    • For Azure, the score computed by dividing the current Disk Input/Output per second (IOPs) bandwidth with the maximum peak Disk IOPs to date. Peak historical IOPs measured is used to estimate IOPs limits for VMs. As VMs approach their estimated IOPs limit the score begins to drop. This drop in reported score starts to happen as the current IOPs reaches 75% of peak.

Configuring an Enterprise Agreement account in Microsoft Azure

Before you add a Microsoft Azure Public Billing Account to HPE OneSphere, you will need to access your Azure Enterprise Agreement enrollment number, generate or retrieve an Enterprise Admin Key, and locate your Active Directory Name.

Prerequisites
  • A Microsoft Azure Enterprise Agreement enrollment account.

  • Enterprise Administrator privileges in Azure.

Procedure
  1. Log in to your Microsoft Azure Enterprise account portal.
     
  2. From the Manage tab, locate the Enrollment Account Number for the account you want to configure in the list of current Enrollments.
  3. To generate or retrieve an API key, navigate to Reports > Download Usage > API Access Key.
     
    NOTE: The API Access Key in Azure is referred to as the Enterprise Admin Key in the HPE OneSphere portal.
  4. To locate the Active Directory Name, log into your Microsoft Azure Portal and click on the Azure Active Directory tab from the main menu. The Active Directory Name will appear above the account name on the resulting screen.
     
    NOTE: The Active Directory Name will always include the domain onmicrosoft.com. For example: hpe.onmicrosoft.com.

Adding a Public Billing Account for Microsoft Azure

After you configure an Enterprise Agreement account in Azure, add a Public Billing Account to connect HPE OneSphere to the Enterprise account. This allows HPE OneSphere to collect billing information about your Azure subscriptions.

After you add a Public Billing Account, you can add a public account to connect to an Azure subscription.

NOTE:

If you change or rotate the Enterprise Reporting API key for your Enterprise Agreement account in Azure, you must update the key for the billing account in the HPE OneSphere portal.

Prerequisites

Your administrator provided:

  • An Enrollment number for your Microsoft Azure Enterprise Agreement account.

    NOTE:

    If you use a subscription account key instead of an Enterprise Enrollment key, the key will be accepted but costs related to the account will not display on the Insights screen.

  • An Azure Enterprise Reporting API key.

  • You must be an HPE OneSphere administrator to add a Public Billing Account for Azure.

Procedure
  1. From the HPE OneSphere main menu, click Settings.
  2. From the Settings screen, click Public Billing Accounts.
  3. From the Public Billing Accounts screen, click the green plus icon.
  4. Click the Microsoft Azure logo on the resulting screen.
  5. Fill in the required information from your Microsoft Azure Enterprise Agreement account and click Add Billing Account.

Adding a provider to connect to your Microsoft Azure subscription

Adding a public account to connect HPE OneSphere to your existing Microsoft Azure subscription allows you to:

Prerequisites
  • You are an HPE OneSphere administrator or a project owner that has been enabled to add public providers and regions.

  • The HPE OneSphere administrator or project creator added a project that will be associated with your new public account.

  • The HPE OneSphere administrator added a Microsoft Azure Public Billing Account in HPE OneSphere for the Enterprise Enrollment that contains the subscription you want to connect.

  • You have "Owner" privileges for the Azure subscription you want to connect to your public account in HPE OneSphere.

    NOTE:

    In the Microsoft Azure user portal, navigate to the Subscriptions screen, select the subscription you want to onboard, and click Access control (IAM). Verify that the name of an HPE OneSphere administrator or project owner enabled to add provider accounts has "Owner" privileges in the Azure subscription.

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. From the Projects screen, choose the project you want to add your Azure public provider account to, or create a new project for your account.

    NOTE:

    Each public account must be associated with a project. A project can be associated with only one of each type of public account. For example, you can associate a single project with one AWS public account and one Azure subscription.

    If a project has not been added for your subscription, the administrator or project creator will need to add a new project.

  3. From the resulting screen, click Public Accounts and select the Microsoft Azure logo.
  4. From the drop down menu, select the Azure Public Billing Account associated with the subscription you are connecting to your public account, and click Submit.

    NOTE:

    When you select your Public Billing Account, the default Directory URI for the account will also be displayed. You can change the Directory URI to any other URI, as long as it is also associated with the same Public Billing Account.

  5. You will be redirected to a prompt asking you to select the Microsoft account connected to your Azure account. Select the appropriate account.
  6. The resulting screen describes how the HPE OneSphere application will connect to your Azure account. Read the prompt then click Accept.
  7. After you are redirected to HPE OneSphere, click Select Subscription to choose the Azure subscription you want to connect to your public account.
  8. From the drop down menu, select your Azure subscription.
  9. (Optional) If you plan to deploy an Azure Resource Manager (ARM) template into Azure, enter an application ID and authentication key. You can also add or update these values later.
  10. Click Add Subscription.

    For each new Azure subscription added to HPE OneSphere, a new "Reader" role is granted to the HPE OneSphere application. If this new role is deleted in Azure, the old provider public account will have to be deleted and a new provider public account will have to be added in HPE OneSphere.

Updating and deleting Azure public billing accounts

If you change or rotate the Enterprise Reporting API key in your Azure Enterprise Agreement account, you must update the key in the HPE OneSphere portal.
Prerequisites
Procedure
  1. From the HPE OneSphere main menu, click Settings.
  2. From the Settings screen, click Public Billing Accounts.
  3. Click the Azure Public Billing Account you want to update or delete.
  4. From the resulting screen, click Update Billing Account.
  5. Update your account information as needed, then click Update Billing Account.
  6. To delete the public billing account, scroll down to the bottom of the screen and click the Delete Billing Account trash icon,  then click Yes, Delete Billing Account.

    NOTE:

    Before attempting to delete a public billing account, make sure to delete all underlying public accounts associated with the billing account.

Updating and deleting Azure public providers

If your Microsoft Azure account information changes or you want to delete an Azure public account, you can update the key information in your public provider account or delete it all together.
Prerequisites

The administrator added a public billing account for Microsoft Azure and an Azure provider public account.

Procedure
  1. From the HPE OneSphere main menu, click Projects.
  2. From the Projects screen, choose the project associated with the public account you want to update or delete.
  3. From the resulting screen, click Public Accounts.
  4. From the Public Accounts screen, click the account you would like to update or delete.
  5. From the resulting screen, click Update Public Account.
  6. Update your account information as needed, then click Update Provider.
  7. To delete the provider account, scroll down to the bottom of the screen and click the Delete Provider trash can icon, then click Yes, Delete Provider.

    Deleting a provider removes the settings for the connection between HPE OneSphere and the provider; it does not delete any virtual machines, services, or data. 

    NOTE:

    If there are active regions or zones in a provider, you must delete the regions and zones before you can delete the provider. Deleting a region in a public provider will automatically delete the zone associated with that region.

Viewing resource usage in Microsoft Azure public cloud providers

View scores for provider availability, utilization, and performance for Microsoft Azure public cloud providers from the HPE OneSphere Providers screen.

For detailed information, see About resource usage.

Procedure

  1. From the HPE OneSphere main menu, select Providers.
  2. Select Public Accounts.
  3. Select the Microsoft Azure public account you want to view, then click the graph to see the overall rating, and the utilization, availability, and performance scores. Click the individual categories for details specific to each category.

    Scores range from 0 to 1000, where 1000 is a perfect score. The score is an abstract value that represents the relative state.

    You can click the information icon  to see a detailed explanation of the Rating Breakdown.

    NOTE:

    It may take up to an hour for resource metrics to appear.