Azure Express Scan
Overview of AutoMonitor Azure Express Scan
Overview
AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.
Azure Express Scan provides a configuration wizard to guide you through and quickly discover Microsoft Azure objects (Hosts) within a given Azure Subscription and automatically import them into Opsview Monitor.
Azure Express Scan
Virtual Machine discovered by the Azure Scan will be imported into the following Host group Structure:
Opsview > Automonitor > Azure Express Scan > {Subscription Name} > {Resource Group Name} > {Resource Name / HostName}
Health Availability Status for Azure Resource Groups will be imported into the following Host group Structure:
Opsview > Automonitor > Azure Express Scan > {Subscription Name} > Azure_RGs_Health_{Subscription Name} > Azure_RGs_Health_{Subscription Name}
The Scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:
- Cloud - Azure - Virtual Machines
- Cloud - Azure - Linux VMs
- Cloud - Azure - Windows VMs
- Cloud - Azure - VM Backups
- Cloud - Azure - Storage Accounts
- Cloud - Azure - Health Availability Status
- Cloud - Azure - Virtual Machines Scale Sets
- Cloud - Azure - Virtual Machines Scale Sets VM
See more information about Host Templates within the Cloud - Azure Opspack
Pre-Requisites
In order to access the AutoMonitor Application and run an Azure Express Scan, the following permissions are required:
Depending on your organisation structure, you may prefer to NOT give user permissions to
CONFIGUREHOSTGROUPS
and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > Azure Express Scan > {Subscription Name}
) and provide access only to the Subscription Name Host Group to the user(s) running an Azure AutoMonitor Scan.
Azure Credentials required:
- Tenant ID / Directory ID
- Subscription ID
- App ID / Client ID
- Secret Key
Information about Where to Find Azure Credentials can be found at the bottom of this page
Your Microsoft Azure App/Client needs to have the following Roles assigned
- Monitoring Contributor
- Network Contributor
- Storage Contributor
- Backup Contributor
If your Microsoft Azure App DOES NOT have the right permissions, Azure Express Scan will fail
Running a Scan
AutoMonitor Azure Express Scan feature is accessible from the Configuration > AutoMonitor
menu. When selecting this option will be presented with the following screen:

Select Azure to start with the AutoMonitor Azure Express configuration wizard
In the configuration wizard (Azure | Input your Azure Credentials
), as per the screen shown below, you need to enter Tenant ID
, Subscription ID
, App ID
and Secret Key
to be able to discover Microsoft Azure Resources. (Information about Where to Find Azure Credentials can be found at the bottom of this page).

Once you have entered the relevant information for the required fields, the Start Scan
button will be enabled for you to proceed when you are ready to start the scan.

If the credentials are invalid or fail to be authorised, the following error message will be displayed:

Upon successful authorisation, the Scan starts by interrogating Microsoft Azure for a list of Resource Groups, Virtual Machines, Scale Sets and Storage Accounts to scan. Once the scan has started the progress bar will be displayed which indicates how many of the discovered resources have been scanned:

As the scan is being carried out, it can be aborted by hovering over the Abort
button which displays a panel to confirm the aborting of the scan. Once the Yes
button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.

If an unrecoverable error occurs during the scan, the following error page will be displayed:

A Sorry there was an error that we can't identify
message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than one hour the scan will time out and show this error message.
If such errors occur, you can click Try again
to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.
When the scan completes the following screen will be displayed:

At this point, you can click on Apply changes
to trigger a system reload and start monitoring the scanned hosts. Clicking on New
will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:
Clicking "View log` will display a detailed list of the steps completed by the scan:

If the scan fails for some reason, View log
is a good way to help diagnose the problem.
Once the scan has finished, you can see the pending hosts by clicking the Host Settings
link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check.
Host Check Command associated to Virtual Machines
In order for the scan results to be more useful to the user, the scan will try to associate the appropriate host check command for each host. For that the scan will retrieve the Network Security Group (NSG) rules associated to that Virtual Machine and will assign the more secure one (TCP port 443 (HTTP/SSL), TCP port 22 (SSH), TCP port 80 (HTTP), TCP port 25 (SMTP), TCP port 21 (FTP), TCP port 161 (SNMP), TCP port 135 (MS RPC), TCP port 5900 (VNC)).
Choosing a collector to monitor Azure Resources
AutoMonitor will automatically determine which collector cluster has the best connection to Microsoft Azure (using the URL https://login.microsoftonline.com) and will set the imported hosts to be monitored by that collector. If no collector can connect to Microsoft Azure, then the scan will fail.
Variables
Automonitor will attempt to populate the variables as appropriate for the host checks added by the scan. The following global variable will be populated if it is not already: AZURE_CREDENTIALS
If this global variable is already populated before the scan is run, then the variable will be set on each monitored host, unless the values in the global variable are applicable to the new hosts.
Where to Find Azure Credentials
Follow the steps below to retrieve this information.
Step 1: Find the Subscription ID
The Subscription ID can be found in the Subscriptions section under the All services section in the Azure dashboard.


Step 2: Find the Tenant/Directory ID
The Tenant/Directory ID can be found in the Azure Active Directory section under the Properties section in the Azure dashboard.

Step 3: Find the Client/Application ID for your application
You need to create and register your application if you haven't already. For more information, refer to: Create an Azure Active Directory application
The Client/Application ID can be found in the Azure Active Directory section under the App registrations section in the Azure dashboard.

Step 4: Generate the Secret Key for your application
You will need to create a Secret Key for your application, once this has been created its value will be hidden, so save the value during creation.
To create the Secret Key, select your application from the list, select the Certificates and secrets section and then click on New client secret.
Specify a description and expiration date for your key and then click Add.

Updated almost 4 years ago