To create an Azure virtualization client in the CommCell Console, you will need to set up an application and tenant for the Azure Resource Manager.
An application is a specific cloud service associated with your Azure account, and the tenant is a client or organization that manages an instance of the cloud service. The application and tenant are associated with your subscription through Azure Active Directory, which provides identity and access management for the Azure cloud.
To complete the setup of the Azure virtualization client in the CommCell Console, you need the following:
-
Application name
-
Application ID
-
Subscription ID
-
Tenant ID (Directory ID)
-
Application key.
Before You Begin
-
Collect the following information for your Azure account:
-
Subscription ID for the Azure account
-
User credentials with Service Administrator capabilities, for logging in to your Azure account.
-
Procedure
Use the following steps to create the application and tenant.
-
Log on to the public Azure portal with service administrator credentials.
-
From the All services menu, select the App registrations tab, and click on New registration.
-
Enter the appropriate values for the following:
-
Name: Name of the application to be created on Azure Active Directory.
-
Account type: Select one from the following:
-
Accounts in this organizational directory only
-
Accounts in any organizational directory
-
Accounts in any organizational directory and personal Microsoft accounts.
-
-
Redirect URI: Optional. https://app_name (URL including the application name you specify). For example: MyWebApp and https://MyWebApp.
-
-
Click Register.
Once created, the application will be listed on the App Registration tab. Note down the Application ID.
-
Go to the API permissions blade.
-
Click Add a permission to add the required API permissions:
-
Select the Microsoft API: Azure Service Management.
-
Select the option to provide delegated permissions to Access Azure Service Management as organization users.
-
Click Add permissions.
-
-
Go to Certificates & secrets blade.
-
Click on New client secret. Provide the key description and expiration date. Click Save.
This will generate a unique secret key for the application.
Important
Save the key value. The key value will be your application password. You will not be able to retrieve the key after you leave the Certificate & secrets tab/blade.
-
From the All services menu, click the Subscriptions tab, and then select the subscription ID for which the virtualization client needs to be created.
Optional: Define a Custom Role
You can use the predefined Contributor role or define a custom role to specify more limited permissions that can be used for backup and restore operations, either for a specific resource group or for the subscription as a whole. At a minimum, include the permissions listed in the CVBackupRole.json file.
-
Download the CVBackupRole.json file, which contains minimal permissions needed for Azure backup and restore operations.
-
Use a JSON editor to modify the following entry and change #SubscriptionID# to your subscription ID:
"AssignableScopes" : ["/subscriptions/#SubscriptionID#"]
-
To create a custom role, refer to Custom roles for Azure resources.
-
-
On the Access Control (IAM) tab, click Add to add a service principal user.
-
On the Add Permissions blade, select the Contributor role or the custom role that you created in the previous step.
Select Azure AD user, group, or application.
-
Type the application name in the Select field, and then select the application created in previous step.
-
You can obtain the Tenant ID from the public Azure cloud by selecting Azure Active Directory > Properties > Directory ID.
The Directory ID is also the Tenant ID.
What to Do Next
Create the Azure virtualization client using the Subscription ID, Tenant ID, Application ID, and Application Key.