Share via

System Center Orchestrator 2016: Connecting to Microsoft Azure

  • Article

Introduction

With System Center Orchestrator we can create, configure and automatize many things. In Microsoft Azure there are available runbook activities that can be used once we have successfully created a connection between our Orchestrator and Microsoft Azure.

 

Requirements

  • A certificate used by Orchestrator to access Microsoft Azure
  • Configure Microsoft Azure to trust the Orchestrator certificate

 

Creating a self signed certificate in Orchestrator

To start off we will need to create a self-signed certificate used by Orchestrator to access Microsoft Azure.

 

  1. On our Orchestrator server, click on Start and type IIS, our search should now find the Internet Information Services (IIS) Manager, click to open it.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch01.png

  2. We should now have Internet Information Services (IIS) Manager open.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch02.png

  3. Now select the Orchestrator server connection which can be found in the left pane.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch031.png

  4. We should now see many different features on the middle of our IIS Manager, double click on Server Certificates.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch061.png

  5. Now in the pane on the right side, click on Create Self-Signed Certificate to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch81.png

  6. We will now specify a name for our certificate and make sure it is stored in the Personal certificate store, click OK once done.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch91.png

  7. Our self-signed certificate should now be shown in the IIS Manager.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch101.png

 

Exporting the self signed certificates

Now that we have created the self-signed certificates we will need to export two copies of it.

  • The first copy of the self-signed certificate will not include the private key, as it will be used in Microsoft Azure to make the certificate trusted.
  • The second copy of the self-signed certificate will include the private key, it will be used by Orchestrator to communicate with Microsoft Azure.

 

Exporting the self signed certificate without private key

  1. Make sure that we are on the Orchestrator server, now right click on  https://thesystemcenterblog.com/wp-content/uploads/2018/05/start.png and choose Run in the list of options.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch1.png

  2. Run window will open up, type **mmc ** in the Open field and click OK.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch2.png

  3. We should now have the Microsoft Management Console (mmc) in front of us .

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch3.png

  4. Now go to File and choose Add/Remove Snap-in... 

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch4.png

  5. An Add or Remove Snap-ins window will appear.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch44.png

  6. Select Certificates under the Available snap-ins* ***which is found in the left pane, then click Add >

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch9.png

  7. Now click OK to continue, we will be asked which account we want to the snap-in to manage.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch6.png

  8. Select the Computer account and click Next.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch7.png

  9. We will now be asked yet again which computer we want the snap-in to manage, go with the default option here, Local computer.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch8.png

  10. We should now see the Certificates **(Local Computer) **snap-in in our MMC console.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch10.png

  11. Expand **Certificates (Local Computer) **which can be found in the left pane.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch102.png

  12. Next expand Personal and select Certificates, we should see the certificate we created previously.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch103.png

  13. To export the certificate right click the certificate, go to All Tasks and click Export.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch104.png

  14. A Certificate Export Wizard will open, click Next to continue with the certificate exporting.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch105.png

  15. We will export the first certificate without a private key, make sure the 

    No, do not export the private key check box is checked, click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch106.png

  16. We will go with the default file format, DER encoded binary X.509 (.CER), click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch107.png

  17. In the next window, select a location where the certificate will be saved and a name for it. In this guide I will save it to C:\Certificates\

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch108.png

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch109.png

  18. We should now see the save path and file name in our Certificate Export Wizard, click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch110.png

  19. We will now see a summary of your certificate export, click Finish to export your certificate.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch111.png

  20. Once the exporting is completed we will see a window saying The export was successful, click OK to finish.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch112.png

    Note: Don't close the MMC window as we will be needing it the next step.

 

Exporting the self signed certificate with private key

We just exported the Orchestrator self-signed certificate without a private key, now we will export the same certificate with a private key.

  1. We should still have the MMC window open from the previous step.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch103.png

  2. Now right click the Orchestrator certificate, go to All Tasks and choose Export once again.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch104.png

  3. In the Certificate Export Wizard, click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch105.png

  4. We will now export the second certificate with a private key, make sure the 

    Yes, export the private key check box is checked, click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch113.png

  5. For the second certificate we will only have one file format option, the Personal Information Exchange - PKCS #12 (.PFX).** **We will not need to include all certificates in the certification path if possible so we can uncheck that,

    click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch115.png

  6. In the next step we will need to protect this certificate by either giving a security principal or a password, we will go with a password.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch116.png

  7. Now check the Password check box and give our certificate a password, click Next once we've entered a password and confirmed the password.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch117.png

  8. Select once again a location where the certificate will be saved and give it a name. I will save it again in the C:\Certificates folder.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch108.png

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch118.png

  9. We will now see the save path and file name in our Certificate Export Wizard, click Next to continue.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch119.png

  10. We will once more see a summary of our certificate export, click Finish to export our certificate. Wait for the exporting to complete, we will see a window saying The export was successful, click OK to finish. 

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch122.png

 

Configuring Microsoft Azure to trust the Orchestrator certificate as a Management certificate

We will now configure Microsoft Azure to trust the Orchestrator self-signed certificate as a so called Management certificate.

  1. Open a web browser and head to: https://azure.microsoft.com/en-us/features/azure-portal/

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/DPM_Azure_2.0.png

  2. Sign in to Microsoft Azure by first entering either Email, phone or Skype, afterwards enter your password and then click Sign in.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/DPM_Azure_1.png

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/DPM_Azure_1.11.png

  3. We should now be seeing our Microsoft Azure dashboard.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch123.png

  4. At the bottom of the left pane click on https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch124.png

  5. We will now see a window with billing information and our current subscriptions.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch126.png

  6. Now select our subscription in the center of our screen.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch127.png

  7. Now click on https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch128.png which is found in the left pane under Settings, we should now see the Management certificates window.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch129.png

  8. Now we will want to upload our Orchestrator certificate (without private key), to upload click on  https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch130.png.

  9. An *Upload Certificates *window will open up on our right side.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch131.png

  10. Now click https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch132.png under .Cer Certificate File to upload your certificate.

  11. A browse window will now open, navigate to the folder where we exported our Orchestrator certificates.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch133.png

  12. Select our self-signed Orchestrator certificate that was exported with no private key and click Open.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch135.png

  13. We should now be ready to upload our self-signed Orchestrator certificate, click https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch137.pngto continue.

  14. The certificate will now be uploaded to Microsoft Azure.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch138.png

  15. Once the certificate has been uploaded successfully we should get the following notification:

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch139.png

  16. Our Orchestrator certificate will now be shown under our Management certificates in Microsoft Azure.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch140.png

 

Configuring a connection between Orchestrator and Microsoft Azure

We will now head on with the last step which will be connecting Orchestrator to Microsoft Azure.

  1. Open the Runbook Designer  https://thesystemcenterblog.com/wp-content/uploads/2018/05/runbook_designer.png console.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch141.png

  2. Now head to Options in the upper left corner of our Runbook Designer console, then click on Windows Azure.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch142.png

  3. A Windows Azure prerequisite configuration window will open up.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch143.png

  4. Since we have no Azure configuration from before, we will want to add a new configuration by clicking Add...

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch145.png

  5. First we need to specify a name for our connection.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch147.png

  6. Next we will select the connection type.

  7. Click on the radio button to choose the available connection types, a new Item Selection* **window *will open.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch148.png

  8. Choose Azure Management Configuration Settings and click OK.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch149.png

  9. Now we will fill the properties of our Azure connection.

  10. The Azure Endpoint can be left as it is.

  11. Next insert the password of our Orchestrator certificate (PFX certificate) with a private key.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch150.png

  12. Now in the PFX File Path field click on the radio button and locate our Orchestrator certificate (PFX certificate) with a private key.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch151.png

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch152.png

  13. Lastly we will add our Microsoft Azure Subscription ID.

  14. To find our Microsoft Azure subscription ID, go to your Microsoft Azure Portal at https://portal.azure.com.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch123.png

  15. On the left pane click on https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch124.png.

  16. We should now see our subscription ID(s) in the center of the Microsoft Azure Portal screen.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch126.png

  17. Select the subscription and copy the Subscription ID, then paste the Subscription ID into the Subscription ID field in the Add Configuration window found in the Runbook Designer.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch153.png

  18. Now click OK to finish adding our Azure connection.

    https://thesystemcenterblog.com/wp-content/uploads/2018/05/Azure_scorch154.png

 

We have now successfully set up a connection to Microsoft Azure from our System Center Orchestrator 2016!