Microsoft Azure Storage - IAM VM Role Assignment

Use this dialog box to add (or modify) Microsoft Azure Storage, with IAM VM Role Assignment authentication, as a storage target.

Option

Description

Additional Information

Name

The name of the Cloud library.

Device Name

A unique device name generated by the system when the library is added.

Type

Select Microsoft Azure Storage from the list.

MediaAgent

The name of the MediaAgent to which the device is attached. Select a MediaAgent from the list to add to the cloud storage device. The list contains the names of all the MediaAgents configured in the CommCell.

Access Information

Add the credentials and other details required to access the cloud storage space.

Authentication

Select IAM VM Role Assignment.

For IAM VM Role Assignment authentication, you must assign the VM accessing the Storage Account the Storage Blob Data Contributor or the Storage Blob Data Owner role on that Storage Account.

You must assign the Storage Blob Data Owner role to use the WORM storage functionality. If you do not want to assign the Storage Blob Data Owner role to use the WORM storage functionality, you can create a custom role with the following permissions:

  • Lock blob container immutability policy

  • Get blob container immutability policy

  • Put blob container immutability policy

  • Extend blob container immutability policy (Returns the list of storage accounts or gets the properties for the specified storage account.)

Note

If Azure VM has two managed identities assigned, create the sCloudAzureManagedIdentity additional setting by defining the object ID of the associated managed identity to receive an access token of an Azure VM, so that you can use the managed identities.

Service Host

The URL of the host providing the cloud storage service. (Commvault transfers data using HTTPS protocol to the service host.)

Default: blob.core.windows.net

Note

If Microsoft Azure Storage is using a private link endpoint, make sure to provide the Service Host with privatelink.blob.core.windows.net. If private link endpoint is not available, follow the instructions for DNS as described in Azure Private Endpoint DNS integration.

  • Do not add the container name as the service host.

  • Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102.)

    Note

    All the hosts (or IP addresses) in the list must point to the same storage. Adding a host or IP address to a different storage will result in data loss.

  • If Microsoft Defender is used for storage in Azure, you can:

    • Disable Microsoft Defender for storage on the storage account used for Commvault backups.
      or
    • Add the exclusions for containers used by the Commvault cloud storage.

Account Name

The account name that be used to access the account.

Container

Click the Detect button to detect an existing container.

Sometimes, existing container may not get populated while detecting the container. In such cases, type the name of the existing container that you want to use. The system will automatically use the existing container if it is available.

Storage Class

The following combined storage classes are available:

Use container's default storage class

Select this option to use the default storage class selected in the storage account in the Azure portal.

Commvault software will write the data based on the container's storage class.

Use this option if the container is already created in Azure.

Hot

Select this option to use the 'Hot' tier to write the data.

Use this option for a container already created in Azure using the 'Hot' tier.

Cool

Select this option to use the 'Cool' tier to write the data.

Use this option for a container already created in Azure using the 'Cool' tier.

Cold

Select this option to use the 'Cold' tier to write the data.

Use this option for a container already created in Azure using the 'Cold' tier.

Archive

Select this option to create an 'archive' storage class.

Commvault software will write all data in the Archive tier.

Create a container with the 'Archive' storage class in Azure and then select the Archive option while configuring the storage in Commvault software.

Use Combined Tier

Enable the option to use a combined storage tier, with the Cold/Archive Storage Class.

This option will be enabled when the Archive Storage Class is selected.

Combined Storage Class

The following combined storage classes are available:

Cool

Select this option for 'cool archive' storage class.

Commvault software will write the metadata in the Cool tier and data will be written in the Archive tier.

Create a container with the 'Cool' storage class in Azure and then select the Archive/Cool (Combined Storage Tiers) option while configuring the storage in Commvault software.

Hot

Select this option for 'hot archive' storage class.

Commvault software will write the metadata in the Hot tier and data will be written in the Archive tier.

Create a container with the ‘Hot’ storage class in Azure and then select the Archive/Hot (Combined Storage Tiers) option while configuring the storage in Commvault software.

Loading...