While editing a Microsoft Azure Schedule manager or Visibility manager (that is, Discovery or Visibility), Discovery options let you specify in detail the information that Cloud Discovery & Visibility (CDV) imports from the Azure infrastructure.
While setting up a new discovery, these settings are available only if you choose Advanced setup. If you use Basic setup, CDV chooses a set of default Discovery options.
Discover Azure Resources options
| Field/Option | Description |
|---|---|
| Azure Virtual Networks/subnets | Tick this checkbox to import all Azure virtual networks and subnets. Private virtual networks and subnets are converted into IPv4 and IPv6 blocks and networks on Address Manager. |
| Allocate Azure reserved IP addresses | Tick this checkbox to import IPv4 addresses reserved by the Azure platform in each subnet range. Azure reserves the first four addresses and the last address of each subnet. Within Address Manager, reserved IP addresses are stored as IP addresses with corresponding types in a BlueCat Address Manager (BAM) network. |
| Azure Virtual WANs, Hubs, and Firewalls | Tick this checkbox to import Virtual WAN, Virtual Hub, Firewall, and Virtual Network Connections information as network resources. These are imported into Address Manager as follows:
|
| Azure public IP ranges | Tick this checkbox to imports Azure public address space
information of virtual machines and load balancers within the region.
Public virtual networks are converted into IPv4 and IPv6 blocks and
networks on Address Manager. Note: When this checkbox is cleared, virtual
machine and load balancer information is still imported into Address
Manager. However, the IP ADDRESSES of
Public virtual machine and load balancer devices within
Address Manager will be blank.
|
| Azure private
endpoints Endpoint view |
Tick the Azure private endpoints
checkbox to import private endpoint DNS record information. Private
endpoints are converted into private endpoint DNS records on Address
Manager, with the prefix defined in the BlueCat Target Zone
for Private Endpoints field. Also, in
Endpoint View (available only if Azure
private endpoints is ticked), enter the name of the view that will
be created in Address Manager, or select an existing view in Address
Manager that will contain the Azure private endpoint information.
|
| Azure Virtual Machines |
Tick this checkbox to import all Azure Virtual Machine (VM) information. VMs are converted into devices on Address Manager. CDV will discover all VMs under Virtual Machine Scale Set (VMSS) management. |
| Azure Load Balancers |
Tick this checkbox to import all Azure load balancer information. This is converted into the load balancer device type on Address Manager. |
| Azure provided name resolution
(internal) Provided name resolution view (internal) |
(Available only if either Azure Virtual Machines or Azure Load Balancers is ticked.) Tick this checkbox to import internal DNS record information.Also, in Provided name resolution view
(internal), either enter the name of the view that
will be created in Address Manager, or select an existing view in
Address Manager that will contain the internal Azure provided name
resolution information.
|
| Azure provided name resolution
(external) Provided name resolution view (external) |
Tick this checkbox to import external DNS record information. Also, in Provided name resolution view (external), enter the name of the view that will be created in Address Manager or select an existing view in Address Manager that will contain the external Azure provided name resolution information.
|
| Azure DNS zones (private) Private DNS zone view |
Tick this checkbox to import all private DNS zone record information.
This is converted into private DNS records in Address Manager. Also,
in Private DNS zone view, enter the name of
the view that will be created in Address Manager or select an
existing view in Address Manager that will contain the private view
records for the DNS Zones.
|
| Azure DNS zones
(public) Public DNS zone view |
Tick this checkbox to import all public DNS zone record
information. This is converted into public DNS records in Address
Manager. Also, in Public DNS Zone View, enter
the name of the view that will be created in Address Manager or
select an existing view in Address Manager that will contain the
public view records for the DNS Zones.
|
| Skip Creating Default Internal Zone | Tick to skip creation of the default internal zones for virtual machines and load balancers. |
Azure Kubernetes
| Field/Option | Description |
|---|---|
| Azure Kubernetes Service |
Tick this checkbox to import all Azure Kubernetes Service Clusters information of the resource group. Each Azure Kubernetes Service Cluster is converted into devices on Address Manager. The devices are imported into a separate BAM Configuration (including related Kubernetes resources such as Load Balancers and virtual machines from VM Scale Sets) and tagged with respective tags. |
| Azure internal resources within Kubernetes Engine |
Tick this checkbox to also discover Kubernetes pod and service resources within Azure Kubernetes Service Clusters. CDV will place those pod and service resources in the same BAM Configuration that holds discovered Azure Kubernetes devices. Note:
In order to perform discovery and visibility jobs on Azure Kubernetes Service Clusters, CDV must access Azure infrastructure as a user whose Azure Role has the following permission: |
| Kubernetes view | Select the Address Manager View that will contain the discovered Kubernetes resources. To use the default View name, select Azure Kubernetes view. |
Address Manager Target Zone options
| Field/Option | Description |
|---|---|
|
Target Zone for private endpoints Auto create zones for private endpoints |
(These fields are available only if Azure Private Endpoints is selected as an Azure resource to discover.) In Target Zone for Private Endpoints, enter the name of the DNS zone on BAM that will contain resource records from Azure Private Endpoints. CDV will create a zone in BAM based on the entered zone name. Select the Auto Create Zones for Private Endpoints checkbox to create separate subzones for each private endpoint region under the specified Target Zone for Private Endpoints. If cleared, information will be stored in a single zone. |
|
Target zone for Virtual Machines and Load Balancers Auto create zones for Virtual Machines and Load Balancers |
(These fields are available only if Azure Virtual Machines or Azure Load Balancers is selected as an Azure resource to discover.) In Target Zone for Virtual Machines and Load Balancers, enter the name of the DNS zone on BAM that will contain Azure name resolution DNS records. Select the Auto Create Zones for Virtual Machines and Load Balancers checkbox to embed Azure availability information for Virtual Machines and load managers into the provided name resolution. Clear the checkbox otherwise. |
| Remove deleted resources (tag deleted views/zones during rediscovery) |
Tick this checkbox to automatically delete resources (except for DNS Views and Zones) that currently exist in Address Manager, but were not found upon rediscovery. Missing View and Zone resources will be tagged for manual inspection and removal. For more details on viewing and manually deleting these tagged resources, see Deleting resources flagged as missing during rediscovery. Note: If you are using Scheduled discovery to monitor
networks for further changes (specified in the job's Monitoring
options), this option is automatically ticked and cannot be
changed.
|
| Remove IP and MAC addresses of deleted devices |
(This option is available only when connecting to Address Manager v9.4.0 or later.) Tick this checkbox to automatically delete IP addresses if (and only if) they are not associated with any other host records (such as manually-created host records pointing to the device's IP address). CDV will also delete MAC addresses if (and only if) they are not linked to any other IP addresses (such as IP addresses that do not belong to a deleted device). |
| Update existing blocks/networks in Address Manager | If ticked, if imported device, view, and zone resources have the same name as existing resources in Address Manager, CDV will try to reuse blocks and networks that already exist in Address Manager instead of dropping (not importing) the duplicate resources. |
| Dynamic update of DNS resource records |
(This option is available only when connecting to Address Manager v9.4.0 or later.) Select this checkbox to update the DNS records in Address Manager and automatically deploy the changes to the primary BDDS of that zone using selective deployment. This checkbox is disabled by default and only available if you select Real time updates as your Monitoring mode. Attention:
You must perform a full DNS deployment to the managed BDDS before any subsequent selective deployments can be performed. If you are configuring the managed BDDS to exclusively manage the cloud infrastructure, you can run a Discovery to import the cloud infrastructure into your Address Manager.
|
Azure exclusion filters
Under Azure exclusion filters, users can configure the following filters:
Exclude networks based on tags—exclude networks by specifying a list of associated Azure tags. For more details about setting up a Virtual Network filter, see Setting up Azure Virtual Network tag filters.
Exclude networks based on CIDRs—exclude networks by specifying one or more IPv4/IPv6 CIDR exclusion ranges.
| Field/Option | Description |
|---|---|
|
Exclude networks based on tags |
Azure Discovery and Visibility jobs will exclude Virtual Networks with tags that match one of the specified tag keys and tag values. Discovery and Visibility will not run on excluded accounts. To exclude accounts with a specific Azure tag key and tag value:
Tag keys and values can use only alphanumeric characters. If you
enter a tag key but leave the value blank, the filter will exclude
accounts that have an empty value for that tag. To include an empty
value in a list of multiple tag values, use an empty space between
commas: Tags and values that you exclude from Discovery are listed below the Tag key and Tag value fields, grouped by tag key. To remove a tag from the list, click the Remove (x) button next to it. |
| Exclude networks based on CIDRs |
Azure Discovery and Visibility will exclude any address spaces or subnets that overlap with the specified CIDR range(s) and are equal to or smaller than the specified CIDR range(s). Excluded address space and subnet items will be displayed in the Dropped resources section of each Discovery job. To exclude networks based on CIDRs:
Exclusion CIDRs are listed below the CIDR field. To remove a CIDR from the list, click the remove (X) button next to it. Note: Devices such as virtual machines, load balancers, private endpoints, and kubernetes clusters
will be imported if they have any private IP address
belonging to a non-excluded CIDR range (block or network).
Otherwise, if all the private IP addresses of the device match
the excluded list, the device will not be imported into Address
Manager. The host record of the device will be imported whenever
the device is imported, along with the device (if user enables
the corresponding options).
DNS resources, such as zones and resource records, will always be imported. However, A and AAAA resource records are now imported as a Generic type resource record if their subnet is excluded by the Exclude networks based on CIDRs filter. Kubernetes clusters of Azure (AKS) are still imported even when linked to an excluded address space/subnet, as they are in independent configurations. |