Microsoft Azure Integration
To integrate with Compute Software, complete Parts 1, 2, and 3 below to set up your subscriptions and provide access to your reservations and billing account.
Part 1: Register an Application and Set Up a Subscription in Compute Software
Steps
-
Log in to the Azure Management Portal using Admin credentials. If you have an Enterprise Agreement (EA), log in as Enterprise Admin, using Admin credentials.
-
Go to Azure's Active Directory service.
-
In Azure's Active Directory service click on App registrations.
-
Click New Registration.
-
Give the application a name. No need to specify a "Redirect URI." Click Register.
-
Once your application is ready, copy the Application ID (client ID) and save it.
-
Inside the created app registration, click Certificates & Secrets.
-
Create a new client secret.
-
Set description and an expiration.
-
Make sure to copy the Client Secret and set it aside. It will not appear again after you leave the Key settings.
-
Under your Active Directory's main menu, go to Properties, copy the Directory ID (a.k.a Tenant ID), and set it aside.
-
Now that you have created an Active Directory Application you will provide it with permissions. Under All Services, select Subscriptions. Choose the subscription you would like to provide Compute Software with a role in. In the Subscription menu select Access Control (IAM). Click Add and choose “Add role assignment.” Depending on the level of integration, select either the Contributor or Reader Role. Leave "Assign access to" as is. Search for the name of the Active Directory Application you created in Step 4 and click Save.
Note: If your application does not appear in the Select autocomplete list enter the application name there anyway.
-
Navigate to your Subscription Overview page. Copy the Subscription ID and set it aside.
-
Go to https://app.computesoftware.com and navigate to the Integrations page under Settings. Click on Add Integration.
-
Enter a Name for your integration, and select “Azure” as the Source. Paste your Tenant ID (a.k.a. Directory ID), Client ID, Subscription ID, and Client Secret.
-
Click Add Integration, and your subscription will be set up on Compute Software.
Part 2: Set Up Access to Reservations
Access to reservations is needed to get information about a specific reservation and to list all reservations so the Compute Software Platform can incorporate your discounts in its optimization algorithms.
There are three options for providing access to your reservations. Option 1 is preferred, but you may choose any of the three options.
Option 1: Assign a Reservation Administrator role at the tenant level
Note: The Reservation Administrator role will allow Compute Software to obtain information about each reservation and to list all reservations. Compute Software will not be managing - modifying or purchasing - reservations with the Reservation Administrator role.
Use the following Azure PowerShell script to add a Reservation Administrator role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.
Import-Module Az.Accounts
Import-Module Az.Resources
Connect-AzAccount -Tenant
New-AzRoleAssignment -Scope "/providers/Microsoft.Capacity" -PrincipalId -RoleDefinitionName "Reservations Administrator"
Option 2: Assign a Reader Role at the tenant level
To provide access to the enterprise application, you may assign a Reader role at the tenant level.
Use the following Azure PowerShell script to assign the Reader role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.
Import-Module Az.Accounts
Import-Module Az.Resources
Connect-AzAccount -Tenant
New-AzRoleAssignment -Scope "/" -PrincipalId -RoleDefinitionName "Reader"
Option 3: Assign a Reservation Reader role and Assign Reader role to all reservations at the tenant level
To provide access to the enterprise application, you may assign a Reader role on each of the reservation orders present at a specific point in time and assign a Reservation Reader role at the tenant level. If new reservation orders are added in the future, this script must be rerun to ensure Compute Software has read access to new reservations.
-
Use the following Azure PowerShell script to assign the Reservation Reader role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.
Import-Module Az.Accounts Import-Module Az.Resources Connect-AzAccount -Tenant
New-AzRoleAssignment -Scope "/providers/Microsoft.Capacity" -PrincipalId -RoleDefinitionName "Reservations Reader" -
Use the following Azure PowerShell script to assign Reader role to all reservations orders in the Azure AD tenant (directory). Use the Tenant ID and Object ID for the app previously registered.
Import-Module Az.Accounts Import-Module Az.Resources Connect-AzAccount -Tenant
$response = Invoke-AzRestMethod -Path /providers/Microsoft.Capacity/reservations?api-version=2020-06-01 -Method GET $responseJSON = $response.Content | ConvertFrom-JSON $reservationObjects = $responseJSON.value foreach ($reservation in $reservationObjects) { $reservationOrderId = $reservation.id.substring(0, 84) Write-Host "Assigning Owner role assignment to "$reservationOrderId New-AzRoleAssignment -Scope $reservationOrderId -ObjectId -RoleDefinitionName Owner }
Part 3: Set Up Access to Azure Billing Account
Steps
-
Sign in to the Azure portal as an Azure AD administrator.
-
In the left pane, select Azure Active Directory.
-
Under Manage, select Users.
-
Select New guest user.
-
On the New user page, select Invite user and then add the guest user's information.
a) Name. The first and last name of the guest user. Use "Compute Software"
b) Email address (required). The email address of the guest user. Use "access@computesoftware.com"
c) Personal message (optional) Include a personal welcome message to the guest user.
d) Groups: You can add the guest user to one or more existing groups, or you can do it later.
e) Role Assignment: Select the Billing Reader role. -
Select Invite to automatically send the invitation to the guest user. A notification appears in the upper right with the message Successfully invited user.
-
After you send the invitation, the user account is automatically added to the directory as a guest.