Configure an Azure Cosmos DB for MongoDB instance

Configure a cloud instance for Azure Cosmos DB for MongoDB to back up and restore your data.

Before you begin

For Azure Resource Manager, the cloud account represents an application, and there are two methods of deployment:
- The traditional method with Azure Active Directory where you must set up the application and tenant. With this option, when you configure the cloud account, you must provide the following information:
  - Subscription ID
  - Tenant ID
  - Application ID and secret value
  To complete this type of deployment, refer to Configuring Access to Azure Resources.
- Managed identity authentication with Azure Active Directory. This is a more secure method of deployment. Using this method ensures that your Azure subscription is accessed only from authorized managed identity-enabled virtual machines. In addition, the process of adding an Azure cloud account is more simplified, because you need only the Subscription ID, not the Tenant ID, Application ID, or Application secret.
  
  To complete this type of deployment, refer to Setting Up Managed Identity Authentication for Azure Resource Manager.
Verify that the Cosmos DB for MongoDB application or the managed identity of the access node VM has the contributor role enabled on the Azure Cosmos DB account.
Key-based (local) authentication for the account must be enabled for Cosmos DB backups to complete successfully. Therefore, the disableLocalAuth property must be set to FALSE.
You can set up the access node within a shared infrastructure subscription and assign the appropriate RBAC permissions to it across the target subscriptions where the Cosmos DB accounts reside.
For restricted access, create a custom role using the AzureDBBackupRole.json file at the resource group level of the Cosmos DB account and assign it to the Cosmos DB for MongoDB application or the managed identity of the access node VM.
If you are an MSP and want your tenant administrators to create the Azure Cosmos DB for MongoDB instances using the Commvault infrastructure, see MSP configuration for Azure.

Navigate to Service catalog

From the Command Center navigation pane, go to Service catalog.

Choose Azure Cosmos DB

On the Databases tile, click Configure.
Select Database running in the cloud (PaaS).
Select Microsoft Azure, and then click Next.
Select Cosmos DB.
Click Next.

Choose configuration method

Select one of the following options:
- Express configuration using OAuth: Automates most configuration steps and helps you configure the Azure app using the Commvault's Multi Tenant App. For more information, see Use the Express configuration to create an Azure app for Azure Cosmos DB for MongoDB.
- Custom configuration: Allows you to manually configure the Azure app in the Azure portal. For more information, see .
Click Next.

Create the Azure app using express or custom configuration and follow the next steps to continue with the instance configuration.

Configure permissions and choose access node

Use hosted infrastructure

Select Use hosted infrastructure.
Select one of the following application based authentications:
- Use an existing application
  1. From the Credential list, select an existing credential or add a new one.
  2. To assign roles, do the following:
    1. Move the Assign required roles to the selected application toggle key to the right.
    2. Click Open Azure Cloud Shell.
    3. In Subscription ID, enter your Azure subscription ID.
    4. At the Azure Cloud Shell command prompt, paste and run the commands to assign required roles to the selected application.
- Deploy a new application
  1. In the Application name box, enter a name for the Azure application.
  2. In the Subscription ID box, enter your Azure subscription ID.
  3. Under Deploy the application in the selected subscription and get the application details, copy the commands, and then paste them into a text editor.
  4. In the text editor, do the following:
    1. To use a custom role, for --role "Contributor", replace Contributor with the name of your custom role.
      
      The Storage Blob Data Contributor role is required. Do not remove this role from the commands unless you are certain that your custom role includes Storage Blob Data Contributor.
      
      For more information about custom roles, see Role and Permission Requirements for Protecting Azure Resources.
    2. Copy the commands.
  5. Click Open Azure Cloud Shell.
  6. At the Azure Cloud Shell command prompt, paste the commands.
    
    The commands run to create the Azure application, and then the Tenant ID, Application ID, and Application secret for the application are displayed.
  7. In the Commvault configuration wizard, add a new credential.
Click Next.
From the Region list, select a region. Infrastructure from the same region is used as the access node to connect to Azure resources for backup.
Click Next.

Use your access nodes for backups

Select Use your access nodes for backups.
Select how you want to authenticate the Azure app.
- Application: Select one of the following:
  - Use an existing application
    1. From the Credential list, select an existing credential or add a new one.
    2. To assign roles, do the following:
      
      Move the Assign required roles to the selected application toggle key to the right.
      
      Click Open Azure Cloud Shell.
      
      In Subscription ID, enter your Azure subscription ID.
      
      At the Azure Cloud Shell command prompt, paste and run the commands to assign required roles to the selected application.
  - Deploy a new application
    1. In the Application name box, enter a name for the Azure application.
      
      The commands are updated with the value that you enter.
    2. In the Subscription ID box, enter your Azure subscription ID.
      
      The commands are updated with the value that you enter.
    3. Under Deploy the application in the selected subscription and get the application details, copy the commands, and then paste them into a text editor.
    4. In the text editor, do the following:
      
      To use a custom role, for --role "Contributor", replace Contributor with the name of your custom role.
      
      The Storage Blob Data Contributor role is required. Do not remove this role from the commands unless you are certain that your custom role includes Storage Blob Data Contributor.
      
      For more information about custom roles, see Role and Permission Requirements for Protecting Azure Resources.
      
      Copy the commands.
    5. Click Open Azure Cloud Shell.
      
      Azure Cloud Shell appears.
    6. At the Azure Cloud Shell command prompt, paste the commands.
      
      The commands run to create the Azure application, and then the Tenant ID, Application ID, and Application secret for the application are displayed.
    7. In the Commvault configuration wizard, add a new credential.
- Managed identity
  1. In the Subscription ID box, enter the subscription ID for the Azure account.
Click Next.
From the Access nodes list, select an access node to connect to the Azure resources.

For information on how to configure an access node, see Add an Access Node for Azure Table Storage.
Click Next.

Plan creation

Select an existing backup plan or create a new backup plan to associate with the instance.

If a region for hosted infrastructure is selected, only backup plans associated with that region are displayed.
Steps to create a backup plan
1. Click the add button .
  
  The Create backup plan dialog box appears.
2. For Plan name, enter a descriptive name for the backup plan.
3. For Storage, select or add the storage pool where you want to store backups.
4. To configure backups, select Configure backups.
5. Under Frequency, specify the frequency of the backup.
6. Under Retention period, specify the duration for which the backup must be retained.
7. To specify the additional retention, such as weekly full backups, select Add extended retention and then add rules.
8. To add an additional storage copy, select Add second copy.
9. From the Storage list, select or add the storage to use for the backups.
10. Under Backups to copy, select the backup type.
11. Under Retention period, enter the amount of time to retain the backups.
  
  To specify additional retention period, such as weekly full backups, select Add extended retention and then add rules.
12. To add a third optional storage copy for maximum redundancy, select Add third copy, and then configure the storage, backup type, and retention settings.
13. Click Save.

Choose cloud account

From the API list, select MongoDB API.
From the Cloud account list, select an existing Azure account or add a new account.
Steps to add new cloud account
1. Beside the Cloud account list, click +.
  
  The Add cloud account dialog box appears.
2. In the Name box, type the name for the account.
3. Enter the subscription information:
  - For the traditional authentication method of deployment, enter the following information:
    - Subscription ID: Enter the subscription ID for the Azure account.
    - Credential: If you have already configured the credentials entity, select them from the list. To define a new credential, click + beside the list. For more information, see Adding credential.
  - For the managed identity authentication method of deployment, configure the following settings:
    - Connect using managed identities for Azure resources: Move the toggle key to the right.
    - Subscription ID: Enter the subscription ID for the Azure account.
4. Click Save.

Configure instance details

In the Instance box, enter a name for the instance.
In the Collection group box, enter a name for the collection group, and then click Next.

Choose backup content

To filter the content to be backed up, click Edit, and then do any of the following:
- To back up specific collections, click Add collections, and then do the following:
  1. Select or clear the collections as required, and then click Save.
- To select content based on the label metadata, click Add tag, and then do the following:
  
  Note
  
  Tag-based filtering is applicable only at account level.
  1. In the Tag name box, type the tag name on which you want to discover the Cosmos DB accounts.
  2. In the Tag value box, type the tag value on which you want to match the tag name for the Cosmos DB accounts.
  3. Click Save to add the tag criteria.
  You can add multiple tags.
Click Next to create the instance.

Submit

Review your selections, and then click Submit to complete the configuration.

Configure an Azure Cosmos DB for MongoDB instance

Before you begin

Navigate to Service catalog

Choose Azure Cosmos DB

Choose configuration method

Configure permissions and choose access node

Plan creation

Choose cloud account

Configure instance details

Choose backup content

Submit

Page contents