We're aware of an issue causing "Access Denied" errors when using this site. This may occur because multiple tabs are in use. As a potential workaround, try using one single tab and refreshing the page. Thank you for your patience as we work to resolve the issue.

Azure Cloud Discovery using Service Principal with SSH Certificates

Watch

Save as PDF

Share this page

Feedback

IT Operations Management

HomeXanadu IT Operations ManagementIT Operations ManagementITOM VisibilityDiscoveryExploring Cloud DiscoveryAzure Cloud DiscoveryAzure Cloud Discovery using Service Principal with SSH Certificates

Table of Contents

Azure Cloud Discovery using Service Principal with SSH Certificates

Release version:
Xanadu
Yokohama
Washington DC
Vancouver
UpdatedAug 1, 2024
2 minutes to read

Xanadu
Discovery

Discover Linux virtual machines on Azure using Service Principal (SP) with short-lived SSH certificates. Using these certificates circumvents the need for passwords or public and private key-pairs.

Before you begin

Role required: admin

Before creating a Cloud Discovery credentials, Service Principles must be set up on the Azure Portal. See the Microsoft Azure documentation site for more information. After creating a Linux VM with Azure AD login enabled, be sure to verify the requirements for login with Azure AD using OpenSSH certificate-based authentication for Linux VMs. Configure suitable role assignments for the Service Principle and Resource Group.

Before creating credentials, the External Credential Storage plugin is required to connect Azure VM using OpenSSH certificates.

Procedure

On the instance, navigate to Discovery > Credentials and select New.
For the type of credential, select Azure Service Principal.
Fill in the form with the required info and submit.
Navigate to Discovery > Credentials and select New.
For this type of credential, select Azure SSH Certificate Credential.
Fill in the form with the necessary information, including linking the Service Principle credential created in Step 3.
The Azure Service Provider and SSH Certificate credentials have been created and linked. Continue the procedure to create the Cloud Discovery schedule.
Navigate to the Cloud Discovery Workspace home page and select Cloud discovery.
Select New discovery schedule.
Provide a name for the schedule and select Azure as the cloud provider.
Create a new subscription with the Azure Service Principal credential created in Step 3.
Select data centers.
Enable the option to discover virtual machines.
Complete the schedule creation by selecting Finish and run.

Result

The discovery schedule should start, and the Cloud Operations homepage should show the running status for the newly created schedule. After some time, the scheduled discovery should be completed and a new schedule for the VM discovery is then created and run. The new VM discovery schedule utilizes the SP we created for the generation of SSH certs to authenticate with the VMs. You can observe this in the Discovery IP Affinity section for the credential.

Was this topic helpful?

Yes No

Create Azure cloud credentials

Microsoft Azure Alert driven discovery

Create Azure cloud credentials

Microsoft Azure Alert driven discovery

Xanadu IT Operations Management

Filters

Versions

Products