Manually configuring Azure Event Grid, Service Bus namespace, and Service Bus queue - Adaptive Applications - BlueCat Gateway - 23.3.2

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
23.3.2

If an Event Subscription, Service Bus queue, and Service bus namespace do not yet exist in your Microsoft Azure environment, and your Azure user account has write permissions for them, Cloud Discovery & Visibility (CDV) will automatically create them when you enable visibility. (On the Azure Visibility Options page, select the Enable Visibility after Discovery option.)

If your Azure user account does not have the correct write permissions, to enable visibility, you must manually configure the subscription, queue, and rules yourself.

To determine the MD5 hash string for your objects

Names for the Event Subscription, Service Bus queue, and Service bus namespace that CDV uses include an MD5 hash string of details that identify the account, region, and configuration. Before you manually create the Azure subscription, queue, and namespace, you'll need to generate this hash string in order to create the names that CDV expects.

To determine the hash string, you can use the md5sum command from the command line or use the POST /visibility/default-queue-names-generator Cloud Discovery & Visibility REST API endpoint. For more information about using CDV's REST API endpoints, see REST API endpoints.

To determine the CDV hash string using the md5sum command:

  1. Append the Address Manager username, the Address Manager URL, the configuration name, the Azure subscription ID, and the Azure resource group together into a single string, separated by underscore characters (_).

  2. Use the following command to generate an MD5 hash of that string:

    echo -n <string> | md5sum
For example, say the system has the following details:
  • Address Manager username: api
  • Address Manager URL: http://192.168.57.103/Services/API?wsdl
  • Configuration name: (empty)
  • Azure subscription ID: 0df76cb1-4f69-17c5-b73a-18e5f04d4769
  • Azure resource group: rg-1

The string that the MD5 hash should be based on is api_http://192.168.57.103/Services/API?wsdl_0df76cb1-4f69-17c5-b73a-18e5f04d4769_rg-1. The hash string that CDV expects (generated with the md5sum command) is 0fc68bb65daaabb158956db7dbe485d8.

To create and configure the Azure namespace, queue, and subscription:

Note: Manual creation of the namespace, queue, and subscription require use of an account that has write permissions for those objects. If you don't have write permissions yourself, contact an Azure administrator to grant you temporary write access, or ask them to configure the Event Subscription, Service Bus queue, and Service Bus namespace as described below.
In Microsoft Azure, create the objects as follows:
  • Service Bus namespace: If you selected Override Queue and Notification Default Names in the Visibility options, create a Service Bus namespace with the custom name that you configured in the Service Bus Namespace Name field.

    If you did not enter a custom Service Bus namespace name, create a Service Bus namespace in your resource group with the following name: BC-CDV-SB-NS-<hash string>.

    For example, with the sample hash used earlier, the name would be BC-CDV-SB-NS-0fc68bb65daaabb158956db7dbe485d8. The new namespace would look like this:

  • Service Bus queue: If you selected Override Queue and Notification Default Names in the Visibility options, create a Service Bus queue with the custom name that you configured in the Service Bus Queue Name field.

    If you did not enter a custom Service Bus queue name, create a Service Bus queue in your resource group with a name in the following format: BC-CDV-SB-QUEUE-<hash string>

    For example, with the sample hash used earlier, the name would be BC-CDV-SB-QUEUE-0fc68bb65daaabb158956db7dbe485d8:

  • Event Subscription: Create an Event Subscription in your resource group that uses the Service Bus Queue you created earlier.

    In the Basic tab of the subscription settings use the following values for each field:

    Event Subscription Details
    Name

    If you selected Override Queue and Notification Default Names in the Visibility options, enter the Event Grid subscription name with the custom name that you configured in the Event Grid Subscription Name field.

    If you did not enter a Event Grid subscription name, enter a name in the following format: BC-CDV-EV-SUBSCRIPTION-<hash string>

    For example, with the sample hash used earlier, this would be BC-CDV-EV-SUBSCRIPTION-0fc68bb65daaabb158956db7dbe485d8

    Event Schema Event Grid Schema
    Topic Details
    Topic Type Resource Group
    System Topic Name Use the value of Source Resource, already defined.
    Event Types
    Filter to Event Types Select the following (and clear the others):
    • Resource Write Success
    • Resource Delete Success
    • Resource Action Success
    Endpoint Details
    Endpoint Type Service Bus Queue
    Endpoint Use the Service Bus Queue you created earlier.
    Use system assigned identity Unchecked
    For example, with the sample hash used earlier, settings in the Basic tab would look like this:

    In the Filters tab of the subscription, select the following Advanced Filters:
    Type Value
    Virtual Network Microsoft.Network/virtualNetworks
    Virtual Machine Microsoft.Compute/virtualMachines
    Load Balancer Microsoft.Network/loadBalancers
    Private DNS Zone Microsoft.Network/privateDnsZones
    DNS Zone Microsoft.Network/dnszones
    Private Endpoint Microsoft.Network/privateEndpoints
    Kubernetes Service Microsoft.ContainerService/managedClusters

After the objects have been created in Microsoft Azure, you can select the Enable Visibility after Discovery option. If you were granted temporary write access in order to create these objects, your Azure administrator can revert your Azure account permissions after the visibility task has run once and the namespace, queue, and subscription are defined in Azure.