In a typical enterprise, there would be multiple Azure subscriptions managed across various tenants. Each tenant would have multiple subscriptions for respective environments. This blog focuses on managing the multiple Azure Subscriptions with Serverless360. Let us take a simple scenario to have a better understanding on how Serverless360 helps you overcome the challenges faced in the Azure portal with the help of Business Application.
Let us consider a scenario where an organization named Fly Wheel Cab, with multiple systems like Vehicle Management, Driver On-Board Management, Booking Management, and these systems possess multiple environments like Dev, Staging, and production that has respective subscriptions on every tenant.
Considering the above scenario, there is no single place to manage and monitor all the subscriptions of multiple tenants. When there are multiple resources interacting with other resources in another tenant, it is not possible to group and manage all resources in a single place. Below are some common challenges that most of the Azure users would face with the Azure portal
- No Application Visibility
- No Consolidated Monitoring
- No Deep Integrated tooling
- No Application-level security
In this article, we will see how Serverless360 can solve the above challenges with the help of the Business Application.
What is a Business Application?
Manage your Azure resources from different Azure subscriptions and tenants in a logical container, Business Application. User will get an Application-level view of your Azure Serverless business orchestration with the help of Business Application.
- Logically group all your siloed entities that participate in your business solution into a Serverless Business Application.
- Entities can be from different Azure Resource Groups, Azure Subscriptions, and Azure Regions.
- Access all your business orchestrations at one place, Business Application dashboard. This dashboard offers a comprehensive view of the current state of all entities that constitute business orchestrations.
- Get immediate feedback on the entity status based on the configured monitors at the entity dashboard.
To make a connection between Business Applications and Azure Subscriptions, Service Principal can be used in Serverless360. Service Principal is an Azure active directory application that requires a contributor level of access.
A Business Application can have multiple dashboards. Each dashboard consisting of different types of customizable widgets which can be configured and arranged to meet the user need.
Is It Possible to Merge Subscriptions into a Single Subscription in Azure?
Yes, technically with some work around you can merge Azure subscription by shifting the resource group from one subscription to another within the same tenant. Once you have successfully moved all the resource groups, you can delete the empty subscription. Once you move the resource group from one subscription to another, all the access control in user level and application level will be removed.
How Do I Manage Multiple Subscriptions in Azure?
Serverless360 has support to handle multiple subscriptions and tenants within the same portal. So, by just providing different service principal for different subscription, you can effectively manage and monitor multiple subscriptions in Azure from Serverless360.
Can a Single Microsoft Account Be Used to Manage Multiple Azure Subscriptions?
Yes, a single Microsoft account can be used to manage multiple Azure subscriptions. Normally large-scale organizations having a huge foot print in Azure will provide two or more subscriptions for a single user as they may be part of different projects or applications.
Providing Access to Azure Subscription
A Service Principal is an application within Azure Active Directory, which is authorized to access resources or resource groups in Azure. Serverless360 uses the authentication tokens of the Service Principal to manage the resources.
User can assign permissions to the Service Principal that are different than your own Azure account permissions. Typically, these permissions are restricted to exactly what Serverless360 can do.
User needs the following parameters to associate the Service Principal into Serverless360
To associate the Service Principal, user need to create the Service Principal
Steps to create Service Principals
- Log in to the Azure portal and navigate to the “Azure Active Directory”-> App Registrations
- Click on the “New registration” and create the Service Principal
Once the App is created, get Client ID, Subscription ID, Tenant ID, Client Secret to associate it to Serverless360.
To Authorize the Service Principal to Access the Resource Groups
- Navigate to the “Subscriptions” and click on that.
- In the left panel find the “Access Control IAM” and click Add ->Add role Assignment.
- Select the application created and click save.
Associating Service Principal into the Serverless360
Sign up into the Serverless360 and associate the Service principal on clicking the associate Service Principal
Enter the following credentials in Serverless360 and click save
- Subscription Id
- Tenant Id
- Client Id
- Client Secret
In the Service Principal section, the user can add multiple Service Principals of the same tenant or different tenants
Once the Service Principal is associated, create the Business Application to group all the resources of multiple subscriptions and tenants into a single container. Now users can leverage various operational and support capabilities offered by Business Applications. Below described some of the key capabilities of Business Applications.
Service Map will help users visualize how the entities in a business application relate to each other. This serves as a physical representation of the architecture, the user can derive relationships between the entities that constitute the business application. It provides a clean dashboard with a full application view and displays the state of each entity based on its monitoring configuration.
Bring the Entities to the Board
In the service map section of the Business Application, the entities associated with the Business Application are listed on the left side menu. It is also possible to include a component that is not in the scope of Serverless360 but will be a part of the solution. The required entities can be selected from the left section (palette), which will add the representation of the entity in the right section (diagram pane).
Connect the Entities to Define the Flow
A connection can be made between the entities by clicking and dragging from the center of the representation
Save the Diagram
Once the diagram is saved, the entities will be displayed with the current monitoring status. Access detailed Error.
Edit If Required
The diagram can be edited by clicking the edit option. The issues list will not be displayed while in edit mode.
Infer Entity Status
Service Map indicates the health of the entity with the following color coding
- Healthy- Green
- Warning- Amber
- Error- Red
Click on the entity in warning or error state to fetch the details of the issue as below.
Serverless360 Live Dashboards
Dashboards in Serverless360 can be useful to know more about Azure resources in an application. With the variety of widgets available, users can analyze the azure resources on key metrics from various perspectives.
To know more about the Serverless360 dashboards refer to the blog” https://www.serverless360.com/blog/live-dashboard-azure-serverless-applications”.
Monitoring Capability in Serverless360
Serverless360 helps enterprises by providing an out-of-the-box monitoring solution that enables administrators to monitor distributed azure services from different subscriptions and tenants.
If a user requires a health report every two hours, they can set up a status report and specify the hours and notification channels. By configuring the required hours, the status report can be configured to automate the daily health check.
Performance monitor that offers an extensive set of metrics for every azure resource with which the performance, latency and memory consumptions can be monitored and alerted when there is a violation.
- Evaluate availability of Service Bus Queue / Topic by monitoring on a combination of metrics ‘Server Errors’, ‘User Errors’ and ‘Size’.
- Check on the efficiency of Service Bus Queue / Topic by verifying if you are processing the right number of messages in the specified time window hence ensuring that you meet your business requirements.
- Check on reliability of the Logic App by monitoring the number failed runs ‘Runs Failed’ every hour.
- Get alerted on the consumption of the Logic App, by monitoring if the ‘Total Billable Executions’ exceeds a certain volume, etc. This feature can be of help to Azure portal administrators to ease tasks that an administrator is forced to do on a daily basis, and it is a monotonous/repetitive task. This feature can also be used by Azure developers to understand if the applications that interact with Azure Service Bus Queue / Topic handle them the right way, by monitoring the User Errors generated.
Using Serverless360 user can manage and monitor the multiple subscriptions across tenants in a single place and it also offers
- Monitoring for Azure resources at the application-level
- Operational capabilities for developers to manage Azure resources.
- Service Map to view whole orchestration that enables support person to identify the issue easily
- Dashboards for better analysis of the Azure resources