Gather the Resources Required for VM Monitoring on Azure

Know the system requirements and details of the Microsoft® Azure® resources that you want to monitor with the VM Monitoring script.
The following table lists the resources needed to deploy this VM Monitoring solution for Microsoft® Azure®.
What you needDescription
  • System Requirements for the virtual machine.
    Only one instance of the VM Monitoring script can run on a virtual machine instance.
The VM Monitoring solution on Azure requires a system with:
  • Operating System—Red Hat Enterprise Linux (RHEL) 7.4
  • Python Version—2.7.5
  • Disk Size—60GB minimum
Because the VM Monitoring script uses the Azure API to collect the attributes for your Azure deployment, you need to set up an Active Directory application and a Service Principal to assign permissions. When you follow the instructions in the preceding link, you must assign an IAM role with a minimum privilege of reader when prompted to Assign application to role.
The workflow will provide you with various keys and IDs that are required to generate an Azure Bearer Token used in the header of the API call. Ensure that you collect the following information, which you must enter as input in the parameters.json file:
  • Application ID
  • Authentication Key—Make sure to jot down this secret key. You cannot view this key again.
  • Directory ID
  • Collect the details required for the parameters.json file that the script invokes to monitor your Azure deployment.
{"parameters":{"clientId":{"value":"e12a3fb1-cef2-0000-abf8-7a9cee0dd55f"},
"clientSecret":{"value":"jEWXJcNswGWv9VmpJCR80S
2GQl/eDQq3W6Yu7yjN2/c="},
"tenantId":{"value":"77a9116e-edcc-44b6-84c4-4f19fdda335b"},
"subscriptionId":{"value":"0123402e-4559-4b1a-b645-92fa1234f4b8"},
"targetIps":{"value":"172.30.161.201,
172.30.161.202"},
"resourceGroupName":{"value":"vmscript5RG",
"vnetName":{"value": "vpn5vnet5"},    "targetApiKeys":{"value":"LUFRPT14MW5xOEo
1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM
JHUGVhRlNiY0dCR0srNERUQT09,00000000
000ZNnpnemh0VHRBOWl6TGM9bXcwM3JHUG
hRlNiY0dCR0sra"},
"targetVsys":{"value": "vsys1,vsys3"}}}
You must have the following information to fill out the parameters.json file:
  • Client ID—The Application ID that you copied earlier.
  • Secret Key—The authentication key you copied earlier when you set up the Active Directory application. To to log in as the application, the key value with the Application ID are required.
  • Tenant ID—The Directory ID you copied earlier.
  • Azure Subscription ID—The Azure subscription you want to monitor.
  • Target IPs—A comma separated list of IP addresses of the next-gen firewalls to which you want to register the IP address-to-tag mapping. You can then configure the firewalls that receive the VM information to enforce policy.
    If the firewalls are in an HA configuration, include the IP address for both HA peers. The script will register tags to the active peer only.
  • Vsys—The virtual system that you want to set as the destination for registering the IP address-to-tag mapping that the script retrieves.
  • Resource Group Name—(Optional, but recommended if you have overlapping IP addresses across your Resource groups and VNets within your subscription) Enter (only) one resource group name that you want to monitor.
  • VNet Name—(Optional, but recommended if you have overlapping IP addresses in your resource group) Enter the name of a single VNet that you want to monitor.
  • API Keys—Comma separated list of the API keys for the administrative user account on each firewall.
For all comma separated values—Target IPs, API keys, and Vsys—you should not have space between the comma and the value.

Related Documentation