Adding a Cosmos DB Instance Using a New Azure Account

Updated

When you add a Cosmos DB instance, you can do that while also creating a new Azure account for the instance.

Before You Begin

  • For Azure Resource Manager, the cloud account represents an application, and there are two methods of deployment:

    • The traditional method with Azure Active Directory where you must set up the application and tenant. With this option, when you configure the cloud account, you must provide the following information:

    • Managed identity authentication with Azure Active Directory. This is a more secure method of deployment. Using this method ensures that your Azure subscription is accessed only from authorized managed identity-enabled virtual machines. In addition, the process of adding an Azure cloud account is more simplified, because you need only the Subscription ID, not the Tenant ID, Application ID , or Application Password.

      To complete this type of deployment, refer to Setting Up Managed Identity Authentication for Azure Resource Manager.

  • Verify that the Cosmos DB application has the contributor role enabled on the Azure account.

  • For restricted access, create a custom role using the CvCosmosdbSQLRole.json file at the resource group level and assign it to the Cosmos DB application.

Procedure

  1. From the navigation pane, go to Protect > Databases.

    The Instances page appears.

  2. Click Add instance, and then click Cloud DB.

    The Add Cloud DB instance page appears.

  3. From the Select vendor list, select Microsoft Azure.

  4. From the Database service list, select Cosmos DB.

  5. From the Cloud account list, click Add.

    The Add cloud account dialog box appears.

  6. In the Name box, type a name for the new cloud account.

  7. Enter information about the subscription:

    • For the traditional authentication method of deployment, enter the following information:

      • Subscription ID: Enter the subscription ID for the Azure account.

      • Tenant ID: Enter the tenant ID for the Azure account.

      • Application ID: Enter the application ID for the tenant.

      • Application password: Enter the password for the application.

    • For the managed identity authentication method of deployment, configure the following settings:

      • Connect using managed identities for Azure resources: Move the toggle key to the right.

      • Subscription ID: Enter the subscription ID for the Azure account.

  8. From the Access node list, select an access node that has both the Virtual Server and Cloud Apps packages installed.

    Note: If you configure this cloud account to use managed identity authentication, select only Azure access nodes that use managed identity authentication so that backups and restores will be successful. The access node must be an Azure virtual machine in the same subscription that contains the Cosmos DB account that you want to back up.

  9. Click Save.

  10. From the Access node list, select the access node that you selected in the Add cloud account dialog box for the new account.

  11. From the Backup Plan list, select the server plan to use for instance.

  12. To filter the content that that is backed up, for Backup content, click Edit, and then select or clear the databases or containers that you want to include or exclude.

  13. Click Add.

What to Do Next

A container group is created for the instance. You can create more container groups to meet different backup requirements.