Cloud Provider Account Support for Microsoft Azure

Document created by DPM Admin Employee on Jul 21, 2017Last modified by Lance Tyler on Jan 16, 2018
Version 8Show Document
  • View in full screen mode

These instructions describe the steps to add a new application in Microsoft Azure, and how to add this new application to a Cloud Provider Account.

 

Prerequisites

 

Note: As of CloudTest version 58.09, the only authentication workflow supported is Azure Service Principal Authentication. Please see section 
Using Azure Service Principal Authentication.  

  1. Ensure you have access to the Microsoft Azure Active Directory, and you are at least a co-administrator on the Microsoft Azure subscription.

  2. It is highly recommended you deploy your CloudTest instance using a reserved IP address. If your CloudTest environment IP address changes, you will need to adjust the redirect URI by following steps 1-4 (under To add new application in Microsoft Azure). However, this time you will select your soastacloudtest app, then change the IP address of the redirect URI to your current CloudTest instance.

  3. Request the following from Microsoft Azure Tech Support:

    • Additional CPU cores for Azure Resource Manager ("Classic Compute" core quota not applicable). Specifcally, CloudTest Load Generation servers will use two cores for the common large server, and four cores for the extra large variety (this quota is per each region).

    • Additional Public IP addresses. One for each Load Generator/Results server you plan to deploy.

 

To add a new application in Microsoft Azure using OAuth authentication

 

  1. Open a browser window and go to https://portal.azure.com.

  2. Click Azure Active Directory on the left hand menu. Or, if not already in your favorites, navigate on the bottom-left corner and select More Services > and navigate to Azure Active Directory.

 

  1. Use the Default Directory or any choose or create any directory in which to create the CloudTest App.  Select App registrations.

 

  1. Click the + New application registration, which is located at the top of the screen in the new panel.

 

  1. Provide a Name and choose Application type Native.  Switch over to CloudTest to create the redirect URI.

 

 

To add a Microsoft Azure application as a Cloud Provider Account using OAuth authentication

 

  1. Open a new browser window without closing the current one and log into CloudTest.

 

Note: Now you have two browser windows, one with Microsoft Azure and another with CloudTest.

 

  1. Select Central > Cloud Provider Accounts, and click New to launch the Cloud Provider Account dialog box.

  2. Select Azure Resource Manager (ARM) in the Type field, and then click the redirect URL (grey background) to copy it.  As noted above, you should use an reserved IP for your CloudTest instance so that the URL does not change.  

 

  1. Switch your browser to Microsoft Azure and paste the URL in the Redirect URI field. Click Create at the bottom of the screen to continue.

 

  1. Select your new application from the list.  This will open up a panel to the right.  If the Settings panel does not also open, click on the All Settings -> link as shown below.  Click on Required permissions on the Settings Panel.

  1. Select + Add at the top of the Required permissions panel, and then 1 Select an API.  Click the Windows Azure Service Management API and click on Select at the bottom of the screen.
  1. Check Delegated Permissions which will also check the appropriate box below and click on Select at the bottom of the screen.  Click on Done at the bottom of the screen and close the Settings panel.

  1. Copy the Application ID from the Registered app panel.  

    • Switch your browser to CloudTest.
    • Paste into the Client ID field in the Cloud Provider Account.
    • Find your subscription. You can go to https://manage.windowsazure.com and in the bottom left of your screen, click the Settings button, then grab the Subscription ID you want to use.  Paste into the Subscription ID field in the CPA
  2. Switch back to Microsoft Azure, close the Registered app panel and choose Endpoints at the top of the screen

10. Copy OAuth 2.0 Token endpoint located at the bottom. Then:

    • Switch your browser to CloudTest.
    • Paste the end point into their appropriate boxes in the Cloud Provider Account creation window.
    • Do the same with the Oauth 2.0 Authorization endpoint
    • Ensure you completed the Cloud Provider Account creation screen by giving it a name and checking the box Can launch grids. Add permissions, as appropriate
    • Click the Authorize button.  This will create a pop up window, so be sure you can accept that, and it may ask you to accept the change.

11.  Click OK.

 

 

Note: This will retrieve an Azure access token, so that CloudTest may launch servers on your behalf. Should your token ever get revoked by Azure, or expire, you will need to return to the “Cloud Provider Account” creation window screen, and re-authorize your client.

 

Using Azure Service Principal Authentication 

 

Note: Back up your existing Azure RM Cloud Provider Account (CPA) before proceeding, the conversion process is one-way and it's not possible to go back. To restore an OAuth Azure CPA, simply re-import the backup with overwrites. 

Create Azure Service Principal

 

  1. To create an Azure service principal, install Azure CLI first, by following this link.
  2. After installing Azure CLI, open up a new terminal and log in using the following command in your terminal window: az login

    If your account has access to multiple subscriptions, ensure you are creating the service principal in the correct subscription with 

    az account set

  3. Follow the instruction prompt to grant the terminal access to your Azure account.

  4. After logging in, run the script azure.sh to create the service principal. To download azure.sh, please scroll to the bottom of the page and find the attached file. 

  5. After logging in, run the script azure.sh to create the service principal. The following information are returned by the script:

    • App ID: the ID of the service principal, needed for entering into CloudTest as well as deletion

    • Tenant ID: the ID of the current Azure tenant

    • Secret: also known as service principal secret, it is the authentication password for your service principal

      Azure.sh output

 

Switching over the CPA

 

  1. Double click on your CPA entered into the Cloud Provider Account window, you’ll see a new button called “Switching to Service Principal”. 

    Click on the button to start the process.

    Azure RM window associated with an existing CPA
  2. Enter in the values from the azure.sh script. See "Create Azure Service Principal" section above. Azure RM CPA using SP Auth
  3. Click "OK", an alert dialogue will appear with a warning. To proceed click "OK" in the dialogue. 
  4. The Azure RM CPA is now using Service Principal authentication. 

 

Creating A New Azure RM CPA with Service Principal Authentication

 

  1. Select Central > Cloud Provider Accounts, and click New to launch the Cloud Provider Account dialog box. Select Azure Resource Manager (ARM)
  2. Enter in the values from the azure.sh script. See "Create Azure Service Principal" two sections above. 

 

Removing Azure Service Principal 

 

  1. Open a new terminal and find the application ID referenced above. It is needed to remove the service principal.

  2. Login to Azure account through the terminal.

  3. Use the following command to remove service principal:

    az ad sp delete --id <application_ID>

 

Check out our blog for more information on Azure!

Attachments

Outcomes