TOI: BYOL License Key value population for AWS, Azure and GCP - Support and Troubleshooting

TOI: BYOL License Key value population for AWS, Azure and GCP Summary Problem Statement Enhance the existing patterns to discover the License for AWS RHEL AMIs and Azure RHEL VMs Add new support to discover the License for GCP Compute Instances - Windows, RHEL, and SQL servers License strings are populated within the cmdb_key_value table in the following manner OS Type

Key Value

BYOL/BYOS Resource

Value

PAYG Resource

Windows Windows_OS_License_Type_automatic BYOL License Included RHEL RHEL_OS_License_Type_automatic BYOL License Included SQL SQL_Server_License_Type_automatic BYOL License Included If the AMIs, Azure VMs, or GCP VMs are not categorized as the mentioned types (Windows, RHEL, SQL), please avoid populating the license key-value pair.

Prerequisites This feature is available in SR - ITOM - Discovery and Service Mapping - 202309 Content AWS: AWS EC2 instances running RHEL and Windows AMIs(Amazon Machine Image), there are two pricing options available: BYOL(Bring Your Own License) and PAYG(Pay-as-You-Go).

Pattern changes The “ Image License ” shared library is an extension pattern for the " Amazon AWS - Executable Template (LP)" , " Amazon AWS - Owned Template (LP)" patterns.

API calls 1. Pattern: Amazon AWS - Executable Template (LP) discovers Private Images

URL: /?Action=DescribeImages&Version=2016-11-15&ExecutableBy.1=self"

Method: GET

2. Pattern: Amazon AWS - Owned Template (LP) discovers shared images

URL: /?Action=DescribeImages&Version=2016-11-15&Owner.1=self"

Method: GET

Make modifications to the existing extension pattern “Image License” to populate License in Key Values table(cmdb_key_value).

Windows AMIs: Identity if the AMI is Windows: In the AWS AMI response, check if the platformDetails field starts with " Windows " Determine whether the AMI uses a BYOL license or not In the AWS AMI response, if the platformDetails is "Windows BYOL" and the usageOperation is " RunInstances:0800" , then it is a BYOL license. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, BYOL) Otherwise, it is a PAYG license. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, License Included) RHEL AMIs: Identity if the AMI is RHEL: In the AWS AMI response, check if the platformDetails field starts with "Red Hat" Determine whether the AMI uses a BYOL license or not In the AWS AMI response, if the platformDetails is "Red Hat BYOL Linux” and the usageOperation is "RunInstances:00g0" , then it is a BYOL license. In this case, the key value should be populated as (RHEL_OS_License_Type_automatic, BYOL) Otherwise, it is a PAYG license. In this case, the key value should be populated as (RHEL_OS_License_Type_automatic, License Included) Other AMIs: Do not populate the license key-value pair.

Reference: AWS License Strings - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/billing-info-fields.html

Note: 1. Currently, OOTB Windows license discovery is limited to private and owned AMIs and does not cover the discovery of public AMIs. Therefore, the addition of RHEL license support will also be limited to private and owned images.

2. Not Supporting event discovery

Azure: Windows and RHEL virtual machine instances using licenses either BYOL and PAYG

Pattern changes " Azure Virtual Machine License " shared library is an extension pattern for " Azure - Virtual Machine (LP)" pattern.

Graph API call Pattern : Azure Virtual Machine License

URL: https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2019-04-01

Method: POST

Body: {"query": "where type == 'microsoft.compute/virtualmachines' | project name, resourceGroup, location"}

Make the modifications to the existing extension pattern " Azure Virtual Machine License" to populate the License in Key Values table(cmdb_key_value) for Windows and RHEL VMs.

Windows VMs Identity if the VM is a Windows VM In the Azure VM response, check if properties.storageProfile.imageReference.offer is set to " WindowsServer" or begins with " Windows- " (For WIndwos clients, example is Windows-10 (Windows- )) Determine if the VM using a BYOL or PAYG license In Azure VM response, if the properties.licenseType is "Windows_Server" or "Windows_client" then it is using a BYOL license. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, BYOL) if properties.licenseType is not present or not set to either "Windows_Server" or "Windows_client" , then it is using a PAYG License. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, License Included) RHEL VMs Identity if the VM is a RHEL VM In the Azure VM response, check if properties.storageProfile.imageReference.offer is set to “ RHEL ” Determine if the VM using a BYOL or PAYG license In Azure VM response, if properties.licenseType is “ RHEL_BYOS ” then it is using a BYOL license. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, BYOL) if properties.licenseType is not present or not set to “RHEL_BYOS”, then it is using a PAYG License. In this case, the key value should be populated as (Windows_OS_License_Type_automatic, License Included) Other Vms: Do not populate the license key-value pair.

Note: 1. The License Key values for Azure SQL VMs are populated using a different pattern: "Azure - SQL Server (LP)"

2. In Azure VM response, VM lacks offer details under the storageProfile -> imageReference, the key value is not populated. This is because the OS type of the image cannot be determined.

3. Not supporting Event discovery

GCP: Licenses on Compute instances are one of the following types.

Free licenses On-demand/Pay-as-you-go (PAYG) Bring your own license (BYOL)/Bring your own subscription (BYOS)

Pattern Changes Create a new shared library " Google Cloud Platform (GCP) – VM license " and it is an extension to the existing " Google Cloud Platform (GCP) - Virtual Server" pattern.

REST API call Pattern : Google Cloud Platform (GCP) - Virtual Server

URL: https://www.googleapis.com/compute/v1/projects/{project}/aggregated/instances

Method: GET

This newly introduced extension pattern " Google Cloud Platform (GCP) – VM license" will populate License in Key Values table(cmdb_key_value) according to the following conditions

1. Popualte Licenses only from Boot disks:

In the VM response, “ disks.boot ” attribute is set to true. Determine the type of VM, whether it is a Windows server, RHEL, or SQL Server: In VM response contains the “disks.licenses” array and which contains license information. The License name can be found after the “/licenses/” string in the license information. If the license name begins with “windows-server” then it indicates that the VM is a Windows server.

If the license name begins with “rhel” then it indicates that the VM is a RHEL

If the license name begins with “sql-server” then it indicates that the VM is a SQL server.

Reference - https://cloud.google.com/compute/docs/images/os-details

3. Determine whether the VM is using a BYOL or PAYG license:

If the License name ends with "byol" or "byos," it indicates a BYOL license. If License is Windows Server then the key value should be populated as (Windows_OS_License_Type_automatic, BYOL) If License is RHEL then the key value should be populated as (RHEL_OS_License_Type_automatic, BYOL) If License is SQL server then the key value should be populated as (SQL_Server_License_Type_automatic, BYOL) Otherwise, it is considered a PAYG license. If License is Windows Server then the key value should be populated as (Windows_OS_License_Type_automatic, License Included) If License is RHEL then the key value should be populated as (RHEL_OS_License_Type_automatic, License Included) If License is SQL server then the key value should be populated as (SQL_Server_License_Type_automatic, License Included) 4. If the VM license does not fall under the categories of Windows Server, RHEL, or SQL Server then Do not populate the license key-value pair.

Note: 1. GCP will only support License type for Windows, RHEL, SQL servers, either PAYG or BYOL.

2. In the case of SQL BYOL VMs, the VM API response does not include the SQL Server BYOL license details.

Data Collected During Discovery The license key values will be populated in the key value (cmdb_key_value) table

The key will belong to one of the following: Windows_OS_License_Type_automatic , RHEL_OS_License_Type_automatic , SQL_Server_License_Type_automatic . The value will either be BYOL or License Included . For configuration items: In AWS, the configuration item is Images (cmdb_ci_os_template) or Cloud Images (cmdb_ci_cloud_os_image). In Azure, the configuration item is Virtual Machine Instances (cmdb_ci_vm_instance). In GCP, the configuration item is Virtual Machine Instances (cmdb_ci_vm_instance). Results 1. AWS: Windows AMIs Key = Windows_OS_License_Type_automatic Key Search =Windows_OS_License_Type_automatic Value: BYOL (3) Windows_OS_License_Type_automatic Windows_OS_License_Type_automatic Windows_OS_License_Type_automatic Value: License Included (31) Windows_OS_License_Type_automatic Windows_OS_License_Type_automatic Windows_OS_License_Type_automatic Windows_OS_License_Type_automatic Value D Search BYOL BYOL BYOL License Included License Included License Included License Included Configuration item Search import-ami-0845681ef7a6af2b3 import-ami-067eec873be2b2378 import-ami-04ade82dea0132303 Windows Discoverylmage windows 2016 vpn-edge - 1222" width="721" height="291" />

Key Value record

RHEL AMIs

2. Azure VMs Key = Windows_OS_License_Type_automatic .or. Key = RHEL_OS_License_Type_automatic Key Key: RHEL_OS_License_Type_automatic (2) RHEL_OS_License_Type_automatic RHEL_OS_License_Type_automatic Key: Windows_OS_License_Type_automatic (4) Windows OS_License_Type_automatic Windows OS_License_Type_automatic Windows OS_License_Type_automatic Windows OS_License_Type_automatic Value License Included BYOL License Included License Included License Included BYOL Configuration item VM01-RHEL-Without-byol VM02-RHEL-With-BYOL AzureMid001 AzureMid002 VM01-Winodws-without-byol VM02-Windows-with-byoI" width="729" height="274" />

Key Value Record

3. GCP VMs

Key Value record

Known Issues: 1. DEF0367462 - Stale Key value records are not cleaned from CMDB

Release This feature is available in SR - ITOM - Discovery and Service Mapping - 202309