Azure Monitoring Options - Adaptive Applications - BlueCat Gateway - 23.3.2

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.3.2

The Monitoring Options section of the Microsoft Azure Setup page lets you configure monitoring settings for importing changes to network resource data into Address Manager. Here, you configure what network data you want made visible for monitoring, and how you want to look for it.

Attention: Monitoring is supported only for incremental changes to virtual networks, virtual machines, load balancers, DNS zones, private endpoints, and Kubernetes Services.

You can choose from two monitoring options:

  • Scheduled Discovery: Cloud Discovery & Visibility (CDV) performs discovery and rediscovery jobs on Azure resources at specified times and intervals. Discovery parameters are based on those defined in the Discovery Options section.

    Attention: When you select Scheduled Discovery, CDV also selects the Remove Deleted Resources during Rediscovery Discovery option and the Override Configuration Configuration option (which is also disabled to prevent users from clearing it). These selections are made to avoid failures during subsequent scheduled discovery jobs. For more details on these options, see Azure Discovery Options and Azure Configuration Options.
  • Visibility: Cloud Discovery & Visibility creates visibility jobs and Visibility Managers to continuously monitor changes made to Azure resources, based on the configuration settings in the Discovery Options section.

    Tip: A Visibility Manager is a collection of visibility jobs that were created during Discovery when the Azure Monitoring Options are set to Visibility. The jobs that a Visibility Manager contains depend on the subscription and/or resource groups that you specify in the Azure Credentials page. When you perform actions on a Visibility Manager (Start, Stop, and so on), CDV performs those actions on all jobs within that Visibility Manager. For more details, see About Azure Visibility jobs and Visibility managers.

    When using the Visibility option with Discovery jobs on an entire subscription (or on all subscriptions), CDV will also start new Discovery jobs for any new resource groups it finds.

Schedule Options

The Schedule Options section appears only if you select Scheduled Discovery as your monitoring option.

Field/Option Description
Run Once

Cloud Discovery & Visibility runs discovery on Azure resources a single time, based on the configuration settings in the Discovery Options section.

Tip: To instead run this discovery configuration multiple times at regular intervals, simply clear this checkbox and enter the desired interval in the Interval field.
Interval Enter the interval time between discovery jobs. The interval indicates the amount of time, in seconds, that Cloud Discovery & Visibility waits after the previous discovery job finishes before starting the next discovery job.

Address Manager User options

Field/Option Description

Address Manager Username

Address Manager Password

The account details for the user account that CDV should use for monitoring the Azure network.

By default, the Address Manager Username field is populated with the current user that is logged into Gateway. If required, you can update the username to another Address Manager user.
Note: This user should be an Address Manager administrative API user with full permissions.
In the Address Manager Password field, enter the password for the Address Manager user.

Visibility System Locations options

The Visibility System Locations section appears only if you select Visbility as your monitoring option.

The method that CDV uses to choose the resource group required to set up CDV's Service Bus and Event Grid resources when running CDV on all resource groups in all subscriptions.

This can be the following:

  • Default: You specify the resource group individually for each existing subscription. The first valid resource group will be used for new subscriptions that were added since the last discovery or visibility job.

    CDV will list the available subscriptions and let you select the resource group for each one.

  • Custom: You specify a single resource group to use for all subscriptions. When performing visibility on all subscriptions (or all resource groups for a subscription), CDV will use the specified resource group. If the resource group doesn't exist, CDV will create it if it has permissions (and fail otherwise).

    You can select or enter the resource group in the Specify Resource Group field. This field is available only if CDV has access to the Azure system.

    Note: This feature requires users to have the following permissions:
    Microsoft.Resources/subscriptions/resourceGroups/write 
    Microsoft.Resources/subscriptions/resourceGroups/read
Note: If you are configuring a custom resource group for all subscriptions, make sure that you configure the correct permissions for your role in the Actions list. For more information, refer to Custom visibility system location permissions.
Field/Option Description

Address Manager Username

Address Manager Password

The Address Manager Username field is populated with the current user that is logged into Gateway. If required, you can update the username to another Address Manager user.

Note: This user should be an Address Manager administrative API user with full permissions.

In the Address Manager Password field, enter the password for the Address Manager user.

Other options

Field/Option Description

Override Queue and Notification Default Names

Service Bus Namespace Name

Service Bus Queue Name

Event Grid Subscription Name

(These fields do not appear for jobs that apply to All Subscriptions.)

Select the Override Queue and Notification Default Names checkbox to specify custom queue and notification names to be created in the cloud where you have specific naming requirements for those resources, instead of using the default generated names.

Selecting this checkbox displays the following fields:

  • Service Bus Namespace Name: Enter the name of the Service Bus Namespace that will be used to retrieve data from Azure.

    This name must have 6-50 characters using letters, numbers, and hyphens ("-"). It must start with a letter and end with a letter or number. It must not end with "-sb" or "-mgmt" and cannot contain consecutive hyphens.

  • Service Bus Queue Name: Enter the name of the Service Bus Queue that will be used to retrieve data from Azure.

    It can have up to 260 characters using letters, numbers, periods ("."), hyphens ("-"), and underscores ("_"). It must start and end with a letter or number.

  • Event Grid Subscription Name: Enter the name of the Event Grid Subscription that will be used to retrieve data from Azure.

    This name must have 3-64 characters using letters, numbers, and hyphens ("-")

If you enter a name that already exists in the resource group, you'll be asked if you want to reuse the same name. Click Cancel (and choose a different name) if you think your Visibility jobs will affect other Visibility jobs using the same name. Click Reuse to confirm use of the same name (that is, if you're sure that your jobs will not impact other Visibility jobs with the same name).

Attention:

When overriding queue and notification default names:

  • If you reuse the existing Event Grid Subscription name, any changes any changes in the filter will update it within your Azure environment. If you do not have permissions to update the Event Grid Subscription name, contact your administrator to modify it to the existing Event Grid Subscription name.

  • The filter will update if you modify any Discovery Options within the same Visibility job.

  • If errors occur due to modifications of the filter, older information will be used and the following errors appear in the UI:

    [AZURE :: Visibility] : Cannot update filters of types virtual machine, private endpoint in the event subscription named test-sub.
    [AZURE :: Visibility] : Cannot remove filters of types loadbalancer, kubernetes in the event subscription named test-sub
  • To avoid conflicts, do not use the same Service Queue and Event Grid Subscription names in multiple Visibility jobs. As a best practice, do not reuse names of Service Bus Namespaces, Service Bus Queues, or Event Grid Subscriptions that you do not own or control.