Has someone used azure-vm-monitoring script to query VM-information from more than one subscription?
The case is that we have many subscriptions and willing state is to use single instance of vm-monitoring script to query all the VM's from the all subscriptions and push that info to firewalls.
What are the options?
One instance of the VM Monitoring script can monitor one Azure subscription, and it must target a set of firewalls in a device group. Even when you deploy multiple instances of the script to monitor mutliple Azure subscriptions, you can’t have multiple script instances targeting the same DG (or set of firewalls). The reason is that you may have unexpected results with which tags are registered to the firewalls in the event that you have the same IP address across subscriptions. There can also be a race condition between multiple instances of the script as each script attempts to determine the delta of tags between what is on the firewall and what is in the azure subscription.
Ok, so then it seems that's not the solution for us. The case is basically that we have Hub&Spoke setup in Azure with several subscriptions and the firewalls are in that HUB and should be updated with VM info from all the peered VNETs in other subscriptions. ...it was working so nice with single subscription. Would it be the same with Panorama, so it can query VM's only from single subscription?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!