Home Orlando IT Operations Management IT Operations Management ITOM Visibility Discovery Cloud Discovery Azure Cloud Discovery

Azure Cloud Discovery

If your cloud resources are in an Azure cloud, you must create a user identity called a service principal that grants permissions to the MID Server to access selected resources.

A service principal for Azure cloud services is similar to a Microsoft Windows service account that enables Windows processes to communicate with each other within an Active Directory domain.

To create the Azure service principal in your ServiceNow instance, copy the service principal credential values from the Azure portal into a text editor, and then transfer those values into the instance. The text file that you generate during this procedure might look something like this:

Text file that temporarily holds Azure service principal credential values

This table shows you the location in Azure where you can find the values you need for the credentials.


Cloud Management setting	Location of the Azure value
Tenant ID	Azure Active Directory > Properties > Directory ID
Client ID	Azure Active Directory > App registrations > Registered App.Application ID
Secret Key	Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
Account ID	Azure Active Directory > Subscriptions > Subscription ID

Create Azure cloud credentials

If your cloud resources are in an Azure cloud, create credentials that can access the Azure account. This procedure requires configuration in your Azure account.

Before you begin

Roles required:

Operations on the Microsoft Azure portal require one of the following roles:
- Azure or Azure AD (Active Directory) Administrator
- Application Administrator
- Application Developer
- Cloud Application Administrator
and the Resource Policy Contributor role to create or modify resource policies.
Enable internal network connection between the MID Servers and the Azure Cloud API endpoints: management.azure.com

Procedure

Navigate to the App registrations section and click New application registration. Enter the following information for your application:


Field	Description
Name	Unique name for the application and its integration credentials. For example, `ServiceNow Integration`.
Supported account types	Specify who can use the application.
Redirect URI (Optional)	URL that accesses Azure. Typically the URL of the ServiceNow instance.

Select Register to complete the app registration.
When registration completes, hover over the Application ID and click Copy to clipboard.
Paste the Application ID into the text editor and label it Application ID.

In the Azure portal, navigate to the Certificates & secrets section and New client secret then specify the following values:


Field	Description
Key description	Description for the key.
Duration	The default is Never Expires. Note: Your organization may apply policies to restrict key durability. Select the appropriate duration.

Click Add.
Copy and paste the key value into the text editor and label the value Application key.
To enable the service principal to work with various Azure subscriptions, navigate to Subscriptions. To manage multiple subscriptions, you must perform the following procedure for each subscription:
1. Paste the subscription ID into the text editor and label it Subscription ID.
2. Navigate to the subscription and select Access Control (IAM) from the menu.
3. Click + Add at the top of the screen then Add role assignment.
4. Select the value reader from the Role field. Let the default value User, group, or service principal remain as is in the Assign access to field.
  
  Note: The contributor role is only required for provisioning.
5. Select the name you created in step 2 in the Select field and click Save.
In the Discovery Manager, click the plus icon (+) and then select Azure Service Principal from the list.

Specify the following values on the Azure Service Principal form:


Field	Value
Name	Name of the service principal to register with the instance. For example, `Azure service principal credentials`.
Authentication Method	Select Client secret. The Secret key field appears when you select Client secret. Note: Client assertion is not supported.

Copy and paste values from the temporary text file into the remaining fields.


Credentials form field	Azure Service Principal value
Tenant ID	Azure Directory ID value from the text file.
Client ID	Azure Application ID value from the text file.
Secret key	Azure Application key value from the text file.

Click Save to create the Azure service principal.
Click the Discover Subscriptions related link to find all subscriptions for the Azure service principal.
The instance creates a service account for each discovered subscription. The Azure Subscriptions related list displays all subscriptions for the Azure service principal.
Click a subscription to view the service account created for the subscription.
Click a Discovery status entry in the Credential Discovery Status list to view the Discovery log.
Each time you click Discover Subscription, the instance generates a new Discovery status and displays it in the Credential Discovery Status list.

Data collected for Azure Cloud Discovery

Discovery collects information about cloud resources in Azure datacenters.

How Discovery finds Azure resources

Discovery uses the Cloud Management API and patterns to find cloud resources.

Table 1. Default patterns
Pattern	Description
Azure Database	Retrieves Azure databases, including MSSQL, MySQL, Redis, and Documentum, and populates the [cmdb_ci_cloud_database] table.
Azure LoadBalancer TD	Retrieves Azure load balancers and populates the cmdb_ci_lb_service table. This pattern is only used by Service Mapping for top-down discovery, not by the Discovery application for horizontal discovery.
Azure WebSite	Retrieves Azure web servers and populates the Cloud WebServers [cmdb_ci_cloud_webserver] and IP address [cmdb_ci_ip_address] tables.

Data collected

Table 2. Azure Datacenter [cmdb_ci_azure_datacenter]
Label	Field Name
Name	name
Region	region
Object ID	object_id

Table 3. Availability Zone [cmdb_ci_availability_zone]
Label	Field Name
Name	name

Table 4. Virtual Machine Instance [cmdb_ci_vm_instance]
Label	Field Name
Name	name
State	state
Object ID	object_id
CPUs	cpus
Disks	disks
Disks size (GB)	disks_size
Memory	memory
Network adapters	nics
VM Instance ID	vm_inst_id

Table 5. Compute Security Groups [cmdb_ci_compute_security_group]
Label	Field Name
Name	name
Object ID	object_id
State	state

Table 6. Images [cmdb_ci_os_template]
Label	Field Name
Name	name
Object ID	object_id
Guest OS	guest_os
Root device type	root_device_type
Image source	image_source
Image type	image_type

Table 7. Hardware Type [cmdb_ci_compute_template]
Label	Field Name
Name	name
vCPUs	vcpus
Memory MB	memory_mb
Local Storage GB	local_storage_gb

Table 8. Storage Volume [cmdb_ci_storage_volume]
Label	Field Name
Name	name
State	state
Object ID	object_id
Storage type	storage_type
Size	size

Table 9. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
Label	Field Name
Name	name
State*	state
CIDR*	cidr

*Not found on VMware vCenter networks.

Table 10. Cloud Subnets [cmdb_ci_cloud_subnet]
Label	Field Name
Name	name
Status	status
CIDR	cidr

Table 11. Cloud Management Network Interfaces [cmdb_ci_nic]
Label	Field Name
Name	name
Netmask	netmask
MAC Address	mac_address
MAC Manufacturer	mac_manufacturer
Status	install_status

Table 12. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
Label	Field Name
Name	name
Object ID	object_id
State	state

Table 13. Azure Deployments [cmdb_ci_azure_deployment]
Label	Field Name
Name	name
Provisioning state	provisioning_state

Note: This table is only available for Discovery when the Cloud Management plugin is activated.

Table 14. Resource Groups [cmdb_ci_resource_group]
Label	Field Name
Name	name
Object ID	object_id
State	state
Operational Status	operational_status
Install Status	install_status

Note:

When a resource group is discovered for the first time, the State field is set to Available. The following fields are also set to default values operational_status= Operational, and Status= Installed; based on the response mapping.
When a resource group is terminated on Azure, the CMPReconciler scripts sets the State field to Terminated, and operational_status= Non-Operational andStatus= Absent.

Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
Label	Field Name
Name	name
Object ID	object_id
Public IP address	public_ip_address
Public DNS	public_dns

Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
Label	Field Name
Name	name
Object ID	object_id
Sku Name	sku_name
State	state

Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
Label	Field name
DNS Alias [cmdb_ci_dns_alias]
Name	name
Category	category
Status	status
DNS name [cmdb_ci_dns_name]
Name	name
IP address	ip_address

Table 18. Cloud Databases [cmdb_ci_cloud_database]
Label	Field Name	Description
Name	name	The name of the database that you created in Azure.
Object ID	object_id	This is also the name of the database.
Type	Type	The type of database you created.
Fully qualified domain name	fqdn	The FQDN that Azure assigned to your database.
State	state	The state of the database: whether it is Available or Terminated.
TCP port(s)	tcp_port	The TCP port that the database communicates through.
Category	category	The instance class of the database, for example: db.t2.micro.

Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
Label	Field Name
Name	name
Install status	install_status
Vendor	vendor
Fully qualified domain name	fqdn
Operational status	operational_status
State	state

Previous topic

Next topic

Release version

Azure Cloud Discovery

If your cloud resources are in an Azure cloud, you must create a user identity called a service principal that grants permissions to the MID Server to access selected resources.

A service principal for Azure cloud services is similar to a Microsoft Windows service account that enables Windows processes to communicate with each other within an Active Directory domain.

This table shows you the location in Azure where you can find the values you need for the credentials.


Cloud Management setting	Location of the Azure value
Tenant ID	Azure Active Directory > Properties > Directory ID
Client ID	Azure Active Directory > App registrations > Registered App.Application ID
Secret Key	Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
Account ID	Azure Active Directory > Subscriptions > Subscription ID

Create Azure cloud credentials

If your cloud resources are in an Azure cloud, create credentials that can access the Azure account. This procedure requires configuration in your Azure account.

Before you begin

Roles required:

Operations on the Microsoft Azure portal require one of the following roles:
- Azure or Azure AD (Active Directory) Administrator
- Application Administrator
- Application Developer
- Cloud Application Administrator
and the Resource Policy Contributor role to create or modify resource policies.
Enable internal network connection between the MID Servers and the Azure Cloud API endpoints: management.azure.com

Procedure

Navigate to the App registrations section and click New application registration. Enter the following information for your application:


Field	Description
Name	Unique name for the application and its integration credentials. For example, `ServiceNow Integration`.
Supported account types	Specify who can use the application.
Redirect URI (Optional)	URL that accesses Azure. Typically the URL of the ServiceNow instance.

Select Register to complete the app registration.
When registration completes, hover over the Application ID and click Copy to clipboard.
Paste the Application ID into the text editor and label it Application ID.

In the Azure portal, navigate to the Certificates & secrets section and New client secret then specify the following values:


Field	Description
Key description	Description for the key.
Duration	The default is Never Expires. Note: Your organization may apply policies to restrict key durability. Select the appropriate duration.

Click Add.
Copy and paste the key value into the text editor and label the value Application key.
To enable the service principal to work with various Azure subscriptions, navigate to Subscriptions. To manage multiple subscriptions, you must perform the following procedure for each subscription:
1. Paste the subscription ID into the text editor and label it Subscription ID.
2. Navigate to the subscription and select Access Control (IAM) from the menu.
3. Click + Add at the top of the screen then Add role assignment.
4. Select the value reader from the Role field. Let the default value User, group, or service principal remain as is in the Assign access to field.
  
  Note: The contributor role is only required for provisioning.
5. Select the name you created in step 2 in the Select field and click Save.
In the Discovery Manager, click the plus icon (+) and then select Azure Service Principal from the list.

Specify the following values on the Azure Service Principal form:


Field	Value
Name	Name of the service principal to register with the instance. For example, `Azure service principal credentials`.
Authentication Method	Select Client secret. The Secret key field appears when you select Client secret. Note: Client assertion is not supported.

Copy and paste values from the temporary text file into the remaining fields.


Credentials form field	Azure Service Principal value
Tenant ID	Azure Directory ID value from the text file.
Client ID	Azure Application ID value from the text file.
Secret key	Azure Application key value from the text file.

Click Save to create the Azure service principal.
Click the Discover Subscriptions related link to find all subscriptions for the Azure service principal.
The instance creates a service account for each discovered subscription. The Azure Subscriptions related list displays all subscriptions for the Azure service principal.
Click a subscription to view the service account created for the subscription.
Click a Discovery status entry in the Credential Discovery Status list to view the Discovery log.
Each time you click Discover Subscription, the instance generates a new Discovery status and displays it in the Credential Discovery Status list.

Data collected for Azure Cloud Discovery

Discovery collects information about cloud resources in Azure datacenters.

How Discovery finds Azure resources

Discovery uses the Cloud Management API and patterns to find cloud resources.

Table 1. Default patterns
Pattern	Description
Azure Database	Retrieves Azure databases, including MSSQL, MySQL, Redis, and Documentum, and populates the [cmdb_ci_cloud_database] table.
Azure LoadBalancer TD	Retrieves Azure load balancers and populates the cmdb_ci_lb_service table. This pattern is only used by Service Mapping for top-down discovery, not by the Discovery application for horizontal discovery.
Azure WebSite	Retrieves Azure web servers and populates the Cloud WebServers [cmdb_ci_cloud_webserver] and IP address [cmdb_ci_ip_address] tables.

Data collected

Table 2. Azure Datacenter [cmdb_ci_azure_datacenter]
Label	Field Name
Name	name
Region	region
Object ID	object_id

Table 3. Availability Zone [cmdb_ci_availability_zone]
Label	Field Name
Name	name

Table 4. Virtual Machine Instance [cmdb_ci_vm_instance]
Label	Field Name
Name	name
State	state
Object ID	object_id
CPUs	cpus
Disks	disks
Disks size (GB)	disks_size
Memory	memory
Network adapters	nics
VM Instance ID	vm_inst_id

Table 5. Compute Security Groups [cmdb_ci_compute_security_group]
Label	Field Name
Name	name
Object ID	object_id
State	state

Table 6. Images [cmdb_ci_os_template]
Label	Field Name
Name	name
Object ID	object_id
Guest OS	guest_os
Root device type	root_device_type
Image source	image_source
Image type	image_type

Table 7. Hardware Type [cmdb_ci_compute_template]
Label	Field Name
Name	name
vCPUs	vcpus
Memory MB	memory_mb
Local Storage GB	local_storage_gb

Table 8. Storage Volume [cmdb_ci_storage_volume]
Label	Field Name
Name	name
State	state
Object ID	object_id
Storage type	storage_type
Size	size

Table 9. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
Label	Field Name
Name	name
State*	state
CIDR*	cidr

*Not found on VMware vCenter networks.

Table 10. Cloud Subnets [cmdb_ci_cloud_subnet]
Label	Field Name
Name	name
Status	status
CIDR	cidr

Table 11. Cloud Management Network Interfaces [cmdb_ci_nic]
Label	Field Name
Name	name
Netmask	netmask
MAC Address	mac_address
MAC Manufacturer	mac_manufacturer
Status	install_status

Table 12. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
Label	Field Name
Name	name
Object ID	object_id
State	state

Table 13. Azure Deployments [cmdb_ci_azure_deployment]
Label	Field Name
Name	name
Provisioning state	provisioning_state

Note: This table is only available for Discovery when the Cloud Management plugin is activated.

Table 14. Resource Groups [cmdb_ci_resource_group]
Label	Field Name
Name	name
Object ID	object_id
State	state
Operational Status	operational_status
Install Status	install_status

Note:

When a resource group is discovered for the first time, the State field is set to Available. The following fields are also set to default values operational_status= Operational, and Status= Installed; based on the response mapping.
When a resource group is terminated on Azure, the CMPReconciler scripts sets the State field to Terminated, and operational_status= Non-Operational andStatus= Absent.

Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
Label	Field Name
Name	name
Object ID	object_id
Public IP address	public_ip_address
Public DNS	public_dns

Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
Label	Field Name
Name	name
Object ID	object_id
Sku Name	sku_name
State	state

Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
Label	Field name
DNS Alias [cmdb_ci_dns_alias]
Name	name
Category	category
Status	status
DNS name [cmdb_ci_dns_name]
Name	name
IP address	ip_address

Table 18. Cloud Databases [cmdb_ci_cloud_database]
Label	Field Name	Description
Name	name	The name of the database that you created in Azure.
Object ID	object_id	This is also the name of the database.
Type	Type	The type of database you created.
Fully qualified domain name	fqdn	The FQDN that Azure assigned to your database.
State	state	The state of the database: whether it is Available or Terminated.
TCP port(s)	tcp_port	The TCP port that the database communicates through.
Category	category	The instance class of the database, for example: db.t2.micro.

Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
Label	Field Name
Name	name
Install status	install_status
Vendor	vendor
Fully qualified domain name	fqdn
Operational status	operational_status
State	state

How search works:

Topics are ranked in search results by how closely they match your search terms

Azure Cloud Discovery

Azure Cloud Discovery

Create Azure cloud credentials

Data collected for Azure Cloud Discovery

How Discovery finds Azure resources

Data collected

On this page

Azure Cloud Discovery

Azure Cloud Discovery

Create Azure cloud credentials

Data collected for Azure Cloud Discovery

How Discovery finds Azure resources

Data collected

Log in to personalize your search results and subscribe to topics