2.4.2 Microsoft Azure Integration & Importing Devices

microsoft azure integration & importing devices the azure device import configurations allow single connect to automatically detect active instances in a given region and assign the discovered instances to relevant device groups based on custom azure tags the following configuration is required in order to add/discover devices from azure cloud integration configuration for importing azure device log in to the single connect web gui navigate to administration > system config man set the following parameters parameter name parameter value encryption device import azure client id azure authentication client id must be set as “yes” device import azure tenant id azure authentication tenant / domain id must be set as “yes” device import azure secret key azure authentication secret must be set as “yes” device import azure resource groups comma separated list of resource groups (multiple resource groups should be added with a comma ex azure kron rg 1;azure kron rg 2) add/edit element type properties for azure devices define the "element type" properties shown below, so that single connect can identify the os of the discovered instances log in to the single connect web gui navigate to device management > element type click the “options” button of the related element type and click “show properties” set the “device import azure element type pattern”, “device import azure access protocol”, and “device import azure ssh username” properties parameter name parameter value device import azure element type pattern mandatory the pattern can be defined as multiple in one element this pattern is checked against the “ami id” description of the instance in order to determine the os type device import azure access protocol mandatory this property is used to determine the default access method for the discovered instances note it is required to define a new element type for each os type in order for single connect to auto detect ex centos linux, ubuntu linux, etc add device groups for azure devices single connect imports azure instances based on their tags if an azure instance is to be imported into single connect, that instance must have all the tags specified in at least one device group to create a group with azure tags log in to the single connect web gui navigate to device management > device groups create a new device group, or use an existing device group right click on the device group, and select “show properties” select the azure tag property that matches with the devices to be imported note tag values can be written in regex format enable azure device import job importing azure instances requires a single connect job for synchronization the job will update the information on single connect periodically depending on the cron expression log in to the single connect web gui navigate to device administration > job scheduler click “fire job” select “azuredeviceimportjob” as the job fill the, “trigger name”, “fire date”, “cron expression” fields click on the “save job” button to trigger the job manually, after the job has been fired follow the steps below log in to the single connect web gui navigate to device administration > job scheduler click “trigger list” and then click on “trigger as simple trigger” for the defined “azuredeviceimport” job azure device list to list of imported devices navigate to device management > device inventory azure devices with specified tags will appear inside the device group recently created note azure instances are automatically synchronized with single connect but the device realm and the policy realm should be set manually for user accessibility to the devices as well as for policy enforcement (see also managing devices and policy management) configurations for ssh azure devices if devices imported from azure have the required configuration to log in via an ssh key, single connect can provide seamless connection to the device via the ssh key otherwise, the global username and password need to be defined for each device group to use an ssh key for azure devices, follow the steps below get the ssh key name that is stored in the device properties for each device log in to the single connect web gui navigate to device management > device inventory right click on an azure device, and select “show properties” (the ssh key name of the device is stored in “sshkeyname” property) write down the value of this property to be used for the secret data vault module enable ssh key connection to device groups log in to the single connect web gui navigate to device management > device groups right click on the device group in which azure devices are imported, and select “show properties” select the “adddevicesshkeytouserselection” property and set the value as “true” uploading ssh key to single connect and enabling connection to the device log in to the single connect web gui navigate to secret data vault > secret data vault fill the required fields (the “name” field must be exactly equal to the value of “sshkeyname” in the device property) select “ssh key” for the type field copy the contents of the ssh key into the secret data field note the ssh keys must be in the openssh key format this means that the value you put into the secret data field should start with the “ begin ssh2 public key ” and end with the “ end ssh2 public key ” indicators ssh proxy tag configuration please ask consultation from kron technical support https //sc support\@kron com epdestek\@kron com tr