Tags :  

How to Monitor Multiple Azure Subscriptions in a Single Dashboard

Last updated on: April 10, 2020

Introduction

In a typical enterprise, there would be multiple Azure subscriptions managed across various tenants. Each tenant would have multiple subscriptions for respective environments. This blog focuses on managing the multiple Azure Subscriptions with Serverless360. Let us take a simple scenario to have a better understanding on how Serverless360 helps you overcome the challenges faced in the Azure portal with the help of Business Application.

Free download this blog as a PDF document for offline read.

Scenario

Let us consider a scenario where an organization named Fly Wheel Cab, with multiple systems like Vehicle Management, Driver On-Board Management, Booking Management, and these systems possess multiple environments like Dev, Staging, and production that has respective subscriptions on every tenant.

fly wheel cab scenario

Considering the above scenario, there is no single place to manage and monitor all the subscriptions of multiple tenants. When there are multiple resources interacting with other resources in another tenant, it is not possible to group and manage all resources in a single place. Below are some common challenges that most of the Azure users would face with the Azure portal

  • No Application Visibility
  • No Consolidated Monitoring
  • No Deep Integrated tooling
  • No Application-level security

In this article, we will see how Serverless360 can solve the above challenges with the help of the Business Application.

   

What is a Business Application?

Manage your Azure resources from different Azure subscriptions and tenants in a logical container, Business Application. User will get an Application-level view of your Azure Serverless business orchestration with the help of Business Application.

  1. Logically group all your siloed entities that participate in your business solution into a Serverless Business Application.
  2. Entities can be from different Azure Resource Groups, Azure Subscriptions, and Azure Regions.
  3. Access all your business orchestrations at one place, Business Application dashboard. This dashboard offers a comprehensive view of the current state of all entities that constitute business orchestrations.
  4. Get immediate feedback on the entity status based on the configured monitors at the entity dashboard.

To make a connection between Business Applications and Azure Subscriptions, Service Principal can be used in Serverless360. Service Principal is an Azure active directory application that requires a contributor level of access.

Business Applications and Azure subscriptions
A Business Application can have multiple dashboards. Each dashboard consisting of different types of customizable widgets which can be configured and arranged to meet the user need.

Is It Possible to Merge Subscriptions into a Single Subscription in Azure?

Yes, technically with some work around you can merge Azure subscription by shifting the resource group from one subscription to another within the same tenant. Once you have successfully moved all the resource groups, you can delete the empty subscription. Once you move the resource group from one subscription to another, all the access control in user level and application level will be removed.

How Do I Manage Multiple Subscriptions in Azure?

Serverless360 has support to handle multiple subscriptions and tenants within the same portal. So, by just providing different service principal for different subscription, you can effectively manage and monitor multiple subscriptions in Azure from Serverless360.

Can a Single Microsoft Account Be Used to Manage Multiple Azure Subscriptions?

Yes, a single Microsoft account can be used to manage multiple Azure subscriptions. Normally large-scale organizations having a huge foot print in Azure will provide two or more subscriptions for a single user as they may be part of different projects or applications.

Providing Access to Azure Subscription

A Service Principal is an application within Azure Active Directory, which is authorized to access resources or resource groups in Azure. Serverless360 uses the authentication tokens of the Service Principal to manage the resources.

User can assign permissions to the Service Principal that are different than your own Azure account permissions. Typically, these permissions are restricted to exactly what Serverless360 can do.

User needs the following parameters to associate the Service Principal into Serverless360

To associate the Service Principal, user need to create the Service Principal

Steps to create Service Principals

  1. Log in to the Azure portal and navigate to the “Azure Active Directory”-> App Registrations
  2. Click on the “New registration” and create the Service Principal
Create Service Principal Create Service Principal ClientID

Once the App is created, get Client ID, Subscription ID, Tenant ID, Client Secret to associate it to Serverless360.

To Authorize the Service Principal to Access the Resource Groups

  1. Navigate to the “Subscriptions” and click on that.
  2. In the left panel find the “Access Control IAM” and click Add ->Add role Assignment.
  3. Select the application created and click save.
Access Resource groups

Associating Service Principal into the Serverless360

Sign up into the Serverless360 and associate the Service principal on clicking the associate Service Principal

Enter the following credentials in Serverless360 and click save

  1. Subscription Id
  2. Tenant Id
  3. Client Id
  4. Client Secret
Associate Service Principal in Serverless360

In the Service Principal section, the user can add multiple Service Principals of the same tenant or different tenants

Business Applications

Once the Service Principal is associated, create the Business Application to group all the resources of multiple subscriptions and tenants into a single container. Now users can leverage various operational and support capabilities offered by Business Applications. Below described some of the key capabilities of Business Applications.

Service Map

Service Map will help users visualize how the entities in a business application relate to each other. This serves as a physical representation of the architecture, the user can derive relationships between the entities that constitute the business application. It provides a clean dashboard with a full application view and displays the state of each entity based on its monitoring configuration.

Free download this blog as a PDF document for offline read.

Bring the Entities to the Board

In the service map section of the Business Application, the entities associated with the Business Application are listed on the left side menu. It is also possible to include a component that is not in the scope of Serverless360 but will be a part of the solution. The required entities can be selected from the left section (palette), which will add the representation of the entity in the right section (diagram pane).

Connect the Entities to Define the Flow

A connection can be made between the entities by clicking and dragging from the center of the representation

Save the Diagram

Once the diagram is saved, the entities will be displayed with the current monitoring status. Access detailed Error.

Edit If Required

The diagram can be edited by clicking the edit option. The issues list will not be displayed while in edit mode.

Composite Application Service Map

Infer Entity Status 

Service Map indicates the health of the entity with the following color coding

  • Healthy- Green
  • Warning- Amber
  • Error- Red

Click on the entity in warning or error state to fetch the details of the issue as below.

Service Map Infer Entity Status

Serverless360 Live Dashboards

Dashboards in Serverless360 can be useful to know more about Azure resources in an application. With the variety of widgets available, users can analyze the azure resources on key metrics from various perspectives.

To know more about the Serverless360 dashboards refer to the blog” https://www.serverless360.com/blog/live-dashboard-azure-serverless-applications”.

Serverless360 live dashboard

Monitoring Capability in Serverless360

Serverless360 helps enterprises by providing an out-of-the-box monitoring solution that enables administrators to monitor distributed azure services from different subscriptions and tenants.

Monitor settings

Status report

If a user requires a health report every two hours, they can set up a status report and specify the hours and notification channels. By configuring the required hours, the status report can be configured to automate the daily health check.

Serverless360 status report

Performance monitor

Performance monitor that offers an extensive set of metrics for every azure resource with which the performance, latency and memory consumptions can be monitored and alerted when there is a violation.

  • Evaluate availability of Service Bus Queue / Topic by monitoring on a combination of metrics ‘Server Errors’, ‘User Errors’ and ‘Size’.
  • Check on the efficiency of Service Bus Queue / Topic by verifying if you are processing the right number of messages in the specified time window hence ensuring that you meet your business requirements.
  • Check on reliability of the Logic App by monitoring the number failed runs ‘Runs Failed’ every hour.
  • Get alerted on the consumption of the Logic App, by monitoring if the ‘Total Billable Executions’ exceeds a certain volume, etc. This feature can be of help to Azure portal administrators to ease tasks that an administrator is forced to do on a daily basis, and it is a monotonous/repetitive task. This feature can also be used by Azure developers to understand if the applications that interact with Azure Service Bus Queue / Topic handle them the right way, by monitoring the User Errors generated.
Serverless360 performance monitor

Conclusion

Using Serverless360 user can manage and monitor the multiple subscriptions across tenants in a single place and it also offers

  • Monitoring for Azure resources at the application-level
  • Operational capabilities for developers to manage Azure resources.
  • Service Map to view whole orchestration that enables support person to identify the issue easily
  • Dashboards for better analysis of the Azure resources

2 thoughts on “How to Monitor Multiple Azure Subscriptions in a Single Dashboard”

Comments are closed.