HYMDL Getting Started Azure
Overview
HYMDL uses a multi-tenant application called HYMDL Bifrost to connect to clients' Azure platforms. This setup allows HYMDL to securely and efficiently gather data from multiple Azure tenants, providing a comprehensive view of the cloud environment. This guide will explain the process and best practices for setting up the HYMDL Bifrost application to ensure a secure and smooth integration.
Security, Compliance, and FinOps Modules: For the Security, Compliance, and FinOps modules, HYMDL typically requires read-only privileges to the client's Azure Subscriptions and/or Storage Accounts. This allows HYMDL to gather necessary information and perform analysis without making any changes to the client's resources.
Governance and Landing Zone Module: The HYMDL Governance and Landing Zone module is responsible for creating new subscriptions for the client and managing lifecycle of key resources. This module operates within the client's own Azure subscription, and HYMDL triggers its functionality through a secure API. The Landing Zone module streamlines the process of provisioning new subscriptions while maintaining the client's control over their Azure environment.
Connecting to Azure Subscriptions
Prerequisites
- An active Azure account with administrative privileges.
- Access to the Azure Portal.
Steps to Connect
-
Admin Consent for Hymdl Bifrost:
- Click on Hymdl Consent Link
- Log in with ID which has privileges to provide Tenant wide consent for the Application.
- Carefully review the access requested and provide consent.
- HYMDL Bifrost only needs access to login to your tenant. Rest of the privileges will be managed in the following steps with Azure RBAC.
-
Configure Enterprise Application:
- Navigate to Azure Entra ID > Enterprise applications
- Select the newly created Application for Hymdl Bifrost
- Go to Properties and
- Ensure Enabled for users to sign-in? is set to Yes.
- Ensure Assignment Required is set to Yes.
- Go to Security > Permissions in the newly created Enterprise app.
- Review Permissiona and ensure these permissions are granted admin consent.
-
Assign Roles:
- Navigate to Subscriptions and select the subscription to which HYMDL Bifrost needs access.
- Go to Access control (IAM) > Add role assignment.
- Assign the following roles to the HYMDL Bifrost app:
- Global Reader at the tenant level to read metadata for resources and user objects.
Setting Up Data Exports for Cost Management
HYMDL Bifrost requires access to Azure Cost Management data to provide comprehensive cost analysis and optimization recommendations.
Steps to Export Cost Data
-
Configure Cost Management Data Export:
- Navigate to the Cost Management + Billing section in the Azure Portal.
- Select Cost Management > Exports > Add.
- Define the export settings:
- Export Type: Daily export of cost data.
- Storage Account: Specify an existing storage account or create a new one to store the exported data.
- Save the export configuration.
-
Grant Access to HYMDL Bifrost:
- Go to the storage account where the cost data is exported.
- Navigate to Access control (IAM) > Add role assignment.
- Assign the Storage Blob Data Reader role to the HYMDL Bifrost app to allow it to read the exported cost data.
Subscription Types and Setup Differences
Azure subscriptions come in various types, such as Pay-As-You-Go, Enterprise Agreement, and CSP subscriptions. While the setup process is generally similar, here are some key points to note:
- Enterprise Agreement (EA): Ensure EA-specific settings are configured to allow access to cost data and resources across multiple subscriptions.
- CSP Subscriptions: Work with your Cloud Solution Provider to ensure that HYMDL Bifrost has the necessary permissions.
Summary
By following these steps, you will enable HYMDL Bifrost to effectively manage and optimize your Azure environment, providing visibility, security, compliance, and cost management. For detailed documentation and support, refer to the official Microsoft Azure documentation and the HYMDL Documentation.
For additional assistance, please reach out to HYMDL Support.