Cloud Integrations

AWS

This section of the document explains the procedure to integrate AWS with OpsRamp. After successful integration, you can manage and monitor AWS instance in OpsRamp.

Install Integration

1. Log into OpsRamp.

2. Click All Clients and from the displayed list, select a client.

3. From the options in the drop-down menu, click Setup.

4. From the left pane, navigate to Integrations menu, click Integrations. Integrations list appears.

5. From Available Integrations, click Public Cloud and then click AWS.

6. Click Install. The Install AWS Integration page is displayed.

7. Provide the following details and click Install.

   • Name: Provide a name for the Integration.

   • Account Number: Provide AWS master/payer account number.

   • Region(s): Select the AWS region. The resources that belong to the selected region are on-boarded via the integration. You can select multiple regions to onboard resources.

     Note: If you select two regions A and B, and if you are not authorized to access region A, then onboarding fails for both regions A and B.

   • AWS Type

     • IAM: An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

     • IAM (with AssumeRole): (IAM) (IAM with AssumeRole) Returns a set of temporary security credentials are used to access AWS resources you might normally do not have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole for cross-account access or federation. Refer to Creating an AWS Account Number, Access Key, and Security Key for more information. Refer to Appendix -1 to read about configuring AWS Linked Accounts.

Cloud Discovery

Once the installation is done, the configuration window is displayed, where you can view the Account Number and Access Key.

Access to OpsRamp is required for discovery and to collect metrics for creating a discovery profile. Refer AWS permission policy for OpsRamp access.

1. Click Add to add a discovery profile.

2. Provide Profile Name.

3. Filter Criteria: Select the criteria for the device discovery. Select All Resources to discover all the resources available in the cloud.

4. Perform Actions: Select actions to perform on the selected devices. You can perform the following actions on the resources.

   1. Manage Device: Select the device to manage.

      • Refer access required to manage AWS instances

      • Refer access required to process AWS alarms and CloudTrail events

   2. Stream CloudWatch Alarms

      • Provide SQS URL to consume alarms. Refer instructions configuring CloudWatch alarms.

      • CloudWatch is monitored by cloud and alarms generated are collected by OpsRamp through the Stream Alarm in SQS URL.

   3. Process unmanaged resource alarms: Processes all un-managed resource alarms.

   4. Stream CloudTrail Messages:

      1. Provide SQS URL to consume events. Refer instructions for configuring CloudTrail.

      2. CloudTrail generates events when there is a change (example: instance launch, terminate) and OpsRamp would capture events through the CloudTrail SQS URL. This is benefited over periodic discovery as the cloud changes are immediately notified to OpsRamp.

   5. Stream AWS Events: Provide SQS URL to consume events. Refer instructions for configuring AWS Events.

   6. Collect Cost Analytics – Collects projects cost details of the services and resources utilized.

      • To Collect Cost Analytics,

        • Step 1: Use the S3 bucket in AWS. If you do not have S3 bucket, create an S3 bucket.

        • Step 2: Setup S3 bucket for collecting AWS billing data.

      • Note: You need to have a master account to configure the S3 account. In the screenshot below, bill-by-resource is the S3 bucket name.

   7. Assign Credentials Matching with Fingerprint: Checks if credentials set of EC2 instance matches with the credential set of the keypair.

   8. Assign Gateway Management Profile: Select the Gateway management profile from the drop-down list.

   9. Install OpsRamp Agent (Linux): Select if OpsRamp Agent needs to be installed on the device.

   10. Install Agent through Gateway: Select the Gateway through which instances can be accessed to install Agent. Linux Agent only.

5. In Discovery Schedule section, select Enable Schedule and select the preferred Recurrence pattern and then click Save.

6. The discovered resources are now visible in the AWS resource folder in the device tree on Infrastructure page.

Supported Resource Integrations, Availability and Performance Metrics

OpsRamp Resource	Availability	Performance Metrics
API Gateway	N/A	Yes
Application Load Balancing	Yes	Yes
Classic Load Balancing	Yes	Yes
Cloud Front	Yes	Yes
Direct Connect	Yes	Yes
DynamoDB	Yes	Yes
EBS Instances	N/A	Yes
EC2	Yes	Yes
EC2 Autoscaling	N/A	Yes
ECS	N/A	Yes
Elastic Beanstalk	Yes	Yes
Elastic Container Service	N/A	Yes
Elastic Transcoder	Yes	Yes
ElastiCache	Yes	Yes
Elasticsearch Service	N/A	Yes
EMR	Yes	Yes
Key Management Service	N/A	N/A
Kinesis	Yes	Yes
Kinesis Firehose	Yes	Yes
Lambda	N/A	Yes
Lightsail	Yes	N/A
Machine Learning	Yes	Yes
Network Load Balancing	Yes	Yes
RDS	Yes	Yes
Redshift	Yes	Yes
Route 53	N/A	Yes
Simple Notification Service (SNS)	N/A	Yes
Simple Queue Service (SQS)	N/A	Yes
Storage Gateway	Yes	Yes
Virtual Private Network	Yes	N/A
WAF	N/A	Yes
WorkSpaces	Yes	Yes

Refer Recommended Templates for AWS.

Azure

This section of the document explains the procedure to integrate Azure with OpsRamp. After successful integration, you can manage and monitor Azure instance in OpsRamp.

Install Integration

Integrate Microsoft Azure with OpsRamp.

1. Log into OpsRamp.

2. From the options in the drop-down menu, click Setup.

3. From the left pane, click Integrations>Integrations.

4. From Available Integrations, click Public Cloud>Azure.

5. Click Install to configure the integration. The Install Azure Integrations window is displayed.

6. To get subscription ID,

   1. Log into Azure.

   2. From the left pane, click Subscription.

   3. On the Subscription page, you can view the Subscription ID.

7. Azure Type: Select ARM or ASM Type.

   • If ARM is selected, then provide Tenant ID, Client ID, and Secret Key. See create Azure Tenant ID, Client ID, and Secret Key.

   • If ASM is selected, then provide Management Certificate and Keystore Password.

Cloud Discovery

Once the installation is done, the configuration window is displayed, where you can view the Account Number and Access Key. To create a discovery profile:

1. Click Add to add discovery profile.

2. Provide Profile Name.

3. Filter Criteria: Select the criteria for the device discovery. Select All Resources to discover all the resources available in the cloud.

4. Perform Actions: Select what actions need to be performed on the devices.

   1. Manage Device: Select the device to manage.

   2. Collect Cost Analytics: Collects projects cost details of the services and resources utilized. Once you select Collect Cost Analytics, in the text box enter the OfferID.

   3. Stream Azure Events: Provide Azure connection string primary key. See instructions for configuring Connection String.

   4. Assign Gateway Management Profile: Select the Gateway management profile from the drop-down list.

   5. Install OpsRamp Agent (Linux): Select if OpsRamp Agent needs to be installed on the device.

   6. Install Agent through Gateway: Select the Gateway through which instances can be accessed to install Agent. Linux Agent only.

5. In Discovery Schedule section, select Enable Schedule and select the preferred Recurrence pattern and then click Save.

6. The discovered resources are now visible in the Azure resource folder in the device tree on Infrastructure page.

Supported Resource Integrations, Availability and Performance Metrics

OpsRamp Resource	Availability	Performance Metrics
AnalysisService servers	N/A	Yes
API Management Service	N/A	Yes
Application Gateway	N/A	Yes
App Service – MultiRole Pools	N/A	Yes
App Service – Website slots	N/A	Yes
App Service – Worker Pools	N/A	Yes
Database for MySQL	N/A	Yes
Database for PostgreSQL	N/A	Yes
Batch Accounts	N/A	Yes
CDN Profiles	Yes	N/A
Cognitive Services	Yes	Yes
Container Service	Yes	N/A
Customer Insights Hub	N/A	Yes
Data Lake Analytics	Yes	Yes
Data Lake Store	Yes	Yes
Device Provisioning Service	N/A	Yes
Devices IoT Hubs	N/A	Yes
DocumentDB Accounts (Cosmos DB)	Yes	Yes
Elastic Pools	Yes	Yes
Event Hubs namespaces	Yes	Yes
ExpressRoute circuits	Yes	Yes
Load Balancer	Yes	Yes
Notification Hubs – NotificationHubs Namespaces	Yes	Yes
Public IP Addresses	N/A	Yes
Redis Cache	Yes	Yes
SearchServices	Yes	Yes
Server Farms	Yes	Yes
Service Bus	Yes	Yes
Service Fabric Clusters	Yes	N/A
SQL Servers	N/A	Yes
Storage Accounts	Yes	Yes
StreamAnalytics streamingjobs	Yes	Yes
Traffic Profile Manager	Yes	Yes
Virtual Machine Scale Sets – Virtual Machine Scale Sets	N/A	Yes
Virtual Machine Scale Sets – Insights Autoscale Settings	N/A	Yes
Virtual Machines – Virtual Machines	Yes	Yes
VPN Gateways	N/A	Yes
Web Apps	Yes	Yes
Azure Workflows	N/A	Yes

Assign Access to the Azure Subscription

• To get access to the Azure subscription, the user needs to have Reader role.

• Refer Assign Access to Azure Subscription

• Refer Recommended Templates for Azure.

Google

This section of the document explains the procedure to integrate Google instance with OpsRamp. After successful integration, you can manage and monitor Google instance in OpsRamp.

Install Integration

Step 1: Create Credentials.

1. Log into OpsRamp.

2. From the options in the drop-down menu, click Setup.

3. From the left pane, click Integrations>Integrations.

4. From Available Integrations, click Public Cloud>Google.

5. Click Install to install the Google integrations. The Install Google Integration page is displayed.

6. Provide Name, Service Account Email, Project ID, Service Account Management Certificate, and Management Certificate PassPhrase, and then click Install to install the Google integration.

Cloud Discovery

Once the installation is done, the configuration window is displayed, where you can view the Service Account Email and Project ID.

1. Click Add to add discovery profile.

2. Provide Profile Name.

3. Filter Criteria: Select the criteria for the device discovery.

   • Select All Resources to discover all the resources available in the cloud.

   • Select Instances to discover cloud instances.

4. Perform Actions: Select what actions need to be performed on the devices.

   • Manage Device: Select if the device needs to be managed.

   • Collect Cost Analytics: Collects projects cost details of the services and resources utilized.

   • Assign Gateway Management Profile: Select the Gateway management profile from the drop-down list.

   • Install OpsRamp Agent (Linux): Select if OpsRamp Agent needs to be installed on the device.

   • Install Agent through Gateway: Select the Gateway through which instances can be accessed to install Agent. Linux Agent only.

5. In Discovery Schedule section, select Enable Schedule and select the preferred Recurrence pattern and then click Save.

6. The discovered resources are now visible in the Google resource folder in the device tree on Infrastructure page.

Supported Resource Integrations, Availability and Performance Metrics

OpsRamp Resource	Availability	Performance Metrics
Compute Engine – Virtual Machine Instances	Yes	Yes
Container Engine – Container Cluster	Yes	Yes
Storage – Cloud SQL	Yes	Yes
Storage – Buckets	N/A	Yes
Storage – Cloud Functions	Yes	Yes
Networking – Cloud VPN	N/A	Yes
Networking – Cloud Router	N/A	Yes
Networking – Cloud Load Balancing	N/A	Yes
Big Data – Cloud Pub/Sub Topic	N/A	Yes
Big Data – Cloud Pub/Sub Subscription	N/A	Yes
AppEngine (Standard/Flex) – Version	N/A	Yes
AppEngine (Standard/Flex) – Instance	Yes	N/A
Machine Learning Engine – Version	Yes	Yes
Machine Learning Engine – Job	Yes	Yes
Dataflow – Cloud Dataflow Job	Yes	Yes
Big Query – Google BigQuery Public Datasets	N/A	Yes
Big Query – Table	N/A	Yes
Data Proc – Cluster	Yes	N/A

See Recommended Templates for Google Compute Engine.

Uninstall Integrations

To uninstall integrations, follow the below mentioned steps.

1. Log into OpsRamp.

2. Click All Clients and from the displayed list, select a client.

3. From the options in the drop-down menu, click Setup.

4. From the left pane, click Integrations>Integrations. The installed and available integration page of the selected client is displayed.

5. From Installed Integrations section, click Public Cloud. The list of installed Public Cloud Integrations is displayed.

6. Select the checkbox of desired integration and from the top pane, click the settings icon to expand and click UNINSTALL. The system displays a confirmation message for uninstalling the selected integration.

   1. Provide Reason for uninstalling the integration. Reason is mandatory.

   2. To retain the agent installed resources in the system, select the Keep agent installed resources checkbox. If this checkbox is not selected, all the resources installed by agent gets deleted along with the integration.

   3. Click Ok to uninstall the integration. The integration gets uninstalled.

Appendix -1: Install All Linked Accounts

Install All Linked Accounts option helps you in quick and auto-onboard of new accounts provisioned through AWS Landing Zone into OpsRamp without user intervention.

OpsRamp automatically discovers any new accounts added under a master/payer account. All such newly discovered accounts will be auto-onboarded as separate AWS integrations into the same tenant with same access keys and IAM with AssumeRole option. Account number in Role ARN of linked account is replaced with the account number of the respective linked account.

Prerequisites:

• The option must be selected only from Master/Payer account.

• The master/payer account must be onboarded into OpsRamp with the following options selected:

  • IAM Assume Role

  • Install All Linked Accounts

• The same credentials on the onboarded master/payer account must be authorized to list out all linked accounts.

• Roles must be created in the linked accounts with the same name as provided in the master account.

• Roles on each linked account must be authorized to discover all the resources.

Note:

The following actions are NOT inherited to linked accounts, you need to configure in each linked account.

• Stream AWS Alarms

• Collect Cloud Trail Events

• Process AWS Events

• The master account needs to be rescanned every time a new linked account is added.