Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo 4.7

Skip to end of metadata
Go to start of metadata

Azure ARM Features table

See Azure ARM features table

Configure Microsoft Azure ARM in Abiquo

Before you create the public cloud region, you can configure the provider in Abiquo. The screenshots below are to give you an indication of the Azure features but you will not be able to access these features until you create a public cloud region and add credentials.

Filter templates

Azure has a very large number of templates and template publishers, which means it may take a considerable amount of time to perform template operations, such as listing templates or taking snapshots.

To improve performance, Abiquo uses a set of predefined publishers as shown in the following screenshot.


To configure the predefined publishers, set the following jclouds property in the abiquo.properties file on the Remote Services server:

PropertyDescriptionProfile
jclouds.azurecompute.arm.publishersPublishers to use for filtering Azure ARM templates as a comma-separated list. Display only templates from these publishers to improve performance
Default: Canonical,RedHat,MicrosoftWindowsServer
jclouds property in Remote Services

After you create a region, and add credentials for an enterprise, users can access the Apps library to import templates. 

  • To add publishers, you can start typing the name and select from the pull-down list. You can remove publishers by clicking on the x to the left of the publisher name.
  • After you select the publishers, you can search for templates as in other public cloud providers.


Optionally configure VSM

As for other public cloud providers, you can optionally configure the VSM polling frequency.

See Abiquo Configuration Properties#vsm

Obtain Microsoft Azure ARM credentials and add to Abiquo

To obtain details of your Azure subscription, do the following steps.

  1. Log in to the Azure portal
  2. In the search box in the top menu bar, enter Subscriptions. Then select Subscriptions

  3. Click on your subscription

    Troubleshooting

    If the subscription does not display, check that you have selected the correct directory. Click on the directory name in the top right corner. From here you can switch directory

  4. Save the Subscription ID to enter in the Abiquo credentials.

  5. If you purchased the subscription directly from Azure, you can also save the Offer ID for the pricing credentials.  

Create an ARM application using Azure Portal

To create an ARM application using the Azure Portal and obtain details of the application, do these steps.

  1. Log in to the Azure portal
  2. In the search box, enter Azure Active Directory. Select Azure Active Directory

  3. Click App registrations
  4. Click New registration
  5. To register the application, enter a Name, select the Supported account types, and enter a URL. The value of the URL will not be used, so it could be any URL. Click Register

  6. Save the Application (client) ID and the Directory (tenant) ID, because you will need to configure them in Abiquo. Then click Certificates & secrets

  7. To configure the password for the application, click New client secret, which will open the Add a client secret section. Enter a Description and an Expiry duration, then click Add

    The Azure portal will display the password ONCE ONLY. You must use this password in Abiquo, so make sure to save it, because Azure will not display it again.

  8. Go to the Subscriptions menu, select the subscription you want to associate the application with, and add a new permission for it with these steps.

    1. Select Access control (IAM)

    2. Click Add

    3. Click Add role assignment
    4. In the dialog, select the Contributor role, and in the Select box, enter the name of the application. Then click Save

  9. Go to the Subscriptions menu and select Resource providers

    1. Search for the Microsoft.Compute provider and click Register to add it for the subscription if it is not already added

    2. Search for the Microsoft.Network provider and click Register to add it for the subscription if it is not already added

Add the Azure ARM compute credentials to Abiquo

Before you add credentials, an administrator must create at least one compatible public cloud region in Azure ARM, and allow your enterprise to access this region. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region.

To do this, edit the Enterprise and enter the credentials for the Azure ARM provider in the following format:To connect Abiquo to your Azure ARM account, add the Azure ARM credentials obtained in the above step to Abiquo.

  • Identity: 

    subscription-id#app-id#tenant-id

    This means you should enter the Subscription ID, Application ID and Tenant ID, as a single string and separate each element with a '#'. For example: 

    566058dd-80bc-4ccc-8d6e-e9ac00c4b4a1#8927a710-4f4d-4d11-811c-94c36e9b2c3f#fbb96b71-f92c-4f78-acf7-cd88bdee36b1
  • Credential: Enter the password for the Application.

Add the Azure Pricing credentials to Abiquo

Before you add credentials, your administrator must create at least one compatible public cloud region in Azure ARM, and allow your enterprise to access this region. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region

Standard accounts

For Azure, the format of the pricing credentials identity for standard Azure accounts is as follows.

  • Identity

    normal#subscription-id#app-id#tenant-id#offer-durable-id

    The text string "normal#" indicates a standard account. We recommend that you specify the "normal#" text string, even though it is the default option.

    The Offer-Durable-ID is the Offer ID from the Azure portal. See Display Azure billing data for billing dashboard instructions.  

  • Credential: Enter the password for the Application

CSP accounts

For CSP accounts, the main tenant should add the pricing credentials in the following format:

csp#tenantId#clientId#accessToken#refreshToken

The customer tenants do not need to add pricing credentials. The platform will use the CSP credentials for the customer tenants in the hierarchy.

How Abiquo works with Microsoft Azure ARM

Abiquo creates virtual datacenters and virtual networks in Azure ARM.

Diagram of correspondence between Abiquo entities and Azure ARM entities

In Azure ARM, users will be able to allocate and assign public IPs as in AWS.

Diagram of how Abiquo creates a VDC in Azure ARM

Deallocate or Power off a VM in Azure 

To power off a VM in ARM, select the Power off option. To deallocate a VM in ARM, select the Deallocate option. 

A deallocated VM has a state of "OFF" and the "deallocated" attribute set to true. The UI displays the text "(Deallocated)" on the VM label.


Azure firewalls

The following conditions apply to VM firewall policies in Azure:

  • Azure allows users to create deny rules in their VM firewalls. Abiquo synchronizes firewall policies with deny rules but it does not display the deny rules, and it will not allow you to edit the firewall rules. 
  • Abiquo does not synchronize Azure firewalls that use application security groups.

Azure VPNs

To create a VPN in Abiquo between a private cloud virtual datacenter and Azure, you will need the following Azure ARM configuration for the enterprise:
  • A Gateway Subnet in the Virtual Network that represents the VPC
  • A Virtual Network Gateway (VNG) using this Gateway Subnet - if this does not exist, Abiquo will try to create it in the virtual network with the supplied netmask
  • A Local Network Gateway (LNG) that will represent the remote VPN site, which is not managed by Azure ARM
  • A Virtual Network Gateway Connection that relates the VNG to the LNG
    • All address spaces from the Virtual Network will be exposed through the Virtual Network Gateway.

To create the Azure VPN configuration, set the following properties in each enterprise that will use Azure VPNs.

NameDescription
azurecompute-arm.vpn.virtualnetworkgateway.type

Type of routing to use by the Virtual Network Gateway. See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways. To create a VPN from Azure to Azure, set to PolicyBased
Range: RouteBased, PolicyBased
Default: RouteBased

azurecompute-arm.vpn.gatewaysubnet.mask

The Virtual Network Gateway requires a 'gateway subnet'. If this does not exist, the plugin will try to create it in some available range of the virtual network, using the mask given by this property
Default: 29

azurecompute-arm.vpn.virtualnetworkgateway.sku.nameName of the Virtual Network Gateway SKU. See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Default: Basic

azurecompute-arm.vpn.virtualnetworkgateway.sku.tier

Tier of the Virtual Network Gateway SKU. See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Default: Basic
azurecompute-arm.vpn.virtualnetworkgateway.sku.capacity

Capacity of the Virtual Network Gateway SKU. See https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Default: 1

azurecompute-arm.vpn.virtualnetworkgatewaycheck.timeoutTimeout for the creation of the Virtual Network Gateway. In the units specified by the timeunit property. Expected creation time is around 40 minutes.
Default: 45
azurecompute-arm.vpn.virtualnetworkgatewaycheck.periodInterval between checks for the creation of the Virtual Network Gateway. In the units set by the timeunit property.
Default: 1
azurecompute-arm.vpn.virtualnetworkgatewaycheck.maxperiodMaximum interval in minutes between checks to back off to for the creation of the Virtual Network Gateway. In the units set by the timeunit property
Default: 2
azurecompute-arm.vpn.virtualnetworkgatewaycheck.timeunit

Time unit for the timeout and intervals of checks for Virtual Network Gateway creation
Default: minutes

Storage

In Azure, you can work with volumes that are Managed Disks.

  • Users can onboard and create volumes, and attach them to VMs. 
  • When you onboard disks, the platform will make them available to users that can access All virtual datacenters in the tenant
  • After users detach volumes from VMs or delete VMs, the synchronization process will make the volumes available in the public cloud region. Users can move volumes between virtual datacenters and release them to the region. 
  • In Azure the VM instance functionality to take a snapshot of a VM has been disabled pending further development.

Related links:

 

  • No labels