Monitor any Azure services using SolarWinds Orion API polling

This article was published by me in SolarWinds THWACK community

https://thwack.solarwinds.com/product-forums/server-application-monitor-sam/f/forum/93220/how-to-monitor-any-azure-services-using-api-polling

Introduction

This article will explain how to monitor any Azure service via Orion API Polling. Orion inbuild Azure PaaS monitoring does not support Azure kay vault monitoring. So we will use one of the Azure API poller templates to amend and get monitoring success.

We will use the mechanism of Azure REST API to get the metrics from Azure

refer to these articles for more information

https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftkeyvaultvaults
https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/rest-api-walkthrough#retrieve-metric-definitions
https://docs.microsoft.com/en-us/rest/api/monitor/metric-definitions/list

https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-template-guide-intro.htm

only below API pollers are available in Orion

Instructions

Configure Azure App Registration

1. login to https://portal.azure.com/

2. Search App Registration and click on it.

3. click new registration

4. Enter in the name of the Application and leave other values default

5. Once into the Overview page of the application. Take note of the "Application (Client) ID" value, which will be used later in this article.

6. Click "Certificates & secrets" under Manage in the left column

7. Under Client Secrets, click "New client secret."

8. Take note of the "Value" as it will only show once. This value will be used later in the article.

9. Click API permissions under Manage on the left column. This is where we will allow what can be accessed by this application when it is polled via API.

10. For this example, we will use the Azure App Service API Poller, which comes out of the box within SolarWinds. The link below shows what permissions are needed for the Azure API pollers.

https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-authorization.htm

11. Click Add permission to bring a window up on the right.

12. Click Microsoft Graph

13. Click "Application Permissions."

14 . select report.read.all

15. Select ServiceHealth.Read.All

16. click Add Permissions

17. you will see "User Not granted permission."

18. if you want to grant organization-wide permissions. please click "Grant Admin Consent."

19. Next, we will need to grab the Tenant ID. This is the GUID for the Azure tenant.

20. Search "tenant properties" in the Azure search bar and click Tenant Properties.

21. Copy the value under "Tenant ID."

Configure API pollers in Solarwind Orion

1. Go into the Node details page of the node you would like to assign this API poller to

2. In the management pane. Click API Poller Management, then Assign.

3. select "Azure App Service" API Poller and click next

4. Select Authorization as OAuth 2.0

5. Click create new credentials

6. Enter the description of the credential. (For example, I am monitoring Azure Key Vault)

7. Copy/paste the Client ID value from step 5 above.

8. Copy/paste the Client secret value from step 8 above.

9. The Access Token URL will be in this format. Copy the Tenant ID notated in step 22 above and enter in place of <tenant id>. Then copy-paste into the Access Token URL field https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token

10. scope is https://management.azure.com/.default

(refer this article for more information: https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm)

11. Click Assign Pollers

12. once it is successfully applied, click Microsoft Azure App Services link

Provide permission to Key vault

1. Go to the Azure key vault you want to monitor

2. Click Access control

3. Click Add >> Add role assignment

4. select reader and click next

5. select User, Group, or Service principle and choose the Members

6. Search the App registration name you created before

7. review and assign the app permission

Configure Azure Key Vault Metrics in Orion API Pollers (As an example, I will show you how to monitor Azure Key Vault)

1. Edit the name as "Microsoft Azure Key Vault Monitor."

2. remove the request URL

3. remove all default created monitoring values

3. provide the new request URL as edited below

(refer https://documentation.solarwinds.com/en/success_center/sam/content/sam-api-poller-microsoft-azure-app-service.htm to how to get {SUBSCRIPTION_ID}, {USERGROUP_ID} and {APP_NAME})

providers/Microsoft.KeyVault/vaults/${APP_NAME} : change the provider as per your monitoring requirement

https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames={Metric1},{Metric2},{Metric3},{Metric4},{Metric5},{Metric6},{Metric7}=Average,Total&api-version=2018-01-01

add Metric values as per your monitoring requirement. (refer: docs.microsoft.com/.../metrics-supported

example URI:

https://management.azure.com/subscriptions/${SUBSCRIPTION_ID}/resourceGroups/${USERGROUP_ID}/providers/Microsoft.KeyVault/vaults/${APP_NAME}/providers/microsoft.insights/metrics?interval=PT5M&metricnames=Availability,ServiceApiHit,ServiceApiLatency,ServiceApiResult&aggregation=Average,Total&api-version=2018-01-01

4. Monitoring Parameters:

Availability

ServiceApiHit

ServiceApiLatency

ServiceApiResult