> Essential > Virtualization > Azure > Reference Information

Azure Resource Provider Usage

Commvault uses Azure resource providers to perform data protection and data recovery operations for virtual machines that run in Azure or Azure Stack.

These resource providers are used only to access snapshots, disks, and virtual machine configurations that are required for backing up virtual machines to storage media, for recovering virtual machines, and for deleting intermediate entities that are created by Commvault during those operations. When a user who has the required administrative privileges requests that a recovered virtual machine overwrite the original virtual machine, the resource providers are also used to remove the original virtual machine, but only after confirmation from the user.

Commvault usage of Azure resource providers is controlled by the service principal that is used to create a virtualization client (hypervisor). To perform authentication, the virtualization client can use a managed identity or Active Directory application-based client credentials to access the Azure or Azure Stack subscription.

For more information about Azure resource providers, go to Azure resource providers and types on the Microsoft documentation website.

The following table shows the Azure resource providers that are needed for Commvault operations and describes how Commvault uses each resource provider.

Resource Providers

Backups

Restores

VM conversions

Replication

Usage

Microsoft.Compute/availabilitySets/Read

Yes

--

--

--

Get the availability set details of the VM.

Microsoft.Compute/diskEncryptionSets/read

--

Yes

Yes

--

List the disk encryption set options for the region.

Microsoft.Compute/disks/*

Yes

Yes

--

Yes

Perform all disk actions.

Microsoft.Compute/locations/*

Yes

Yes

--

Yes

List the available VM sizes for a location and track the status of asynchronous API operations.

Microsoft.Compute/proximityPlacementGroups/read

Yes

Yes

--

--

Get the proximity placement group properties.

Microsoft.Compute/proximityPlacementGroups/write

Yes

Yes

--

--

Create a new proximity placement group or updates an existing one.

Microsoft.Compute/restorePointCollections/*

Yes

Yes

--

Yes

Perform all restorePointCollection activities.

Microsoft.ManagedIdentity/userAssignedIdentities/assign/action

--

Yes

--

Yes

RBAC action for assigning an existing user-assigned identity to a resource.

Microsoft.Compute/snapshots/*

Yes

Yes

--

Yes

Perform all snapshot activities.

Microsoft.Compute/virtualMachines/*

--

Yes

Yes

Yes

Create virtual machines during restore operations.

Microsoft.KeyVault/checkNameAvailability/read

--

Yes

Yes

Yes

Validate the name of a key vault.

Microsoft.KeyVault/vaults/accessPolicies/write

--

Yes

Yes

Yes

Add, merge, or replace an access policy in a key vault.

Microsoft.KeyVault/vaults/deploy/action

--

Yes

Yes

Yes

Access secrets in a key vault when you deploy Azure resources.

Microsoft.KeyVault/vaults/keys/*

Yes

Yes

--

Yes

Access key vault when configured with RBAC.

Used only for encrypted VMs.

Microsoft.KeyVault/vaults/read

Yes

Yes

Yes

Yes

Get the key vault properties.

Microsoft.KeyVault/vaults/secrets/*

Yes

Yes

--

Yes

Access key vault when configured with RBAC.

Used only for encrypted VMs.

Microsoft.KeyVault/vaults/write

--

Yes

Yes

Yes

Create or update a key vault for an encrypted VM.

Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action

Yes

Yes

Yes

Yes

Joins an IP Configuration to application security groups. Not alertable.

Microsoft.Network/applicationSecurityGroups/read

Yes

Yes

Yes

Yes

Gets an application security group ID.

Microsoft.Network/loadBalancers/read

--

--

--

Yes

Get a load balancer definition.

Microsoft.Network/locations/*

Yes

Yes

--

Yes

Track the status of asynchronous API operations.

Microsoft.Network/networkInterfaces/*

Yes

Yes

--

Yes

Perform all network interface actions to create or attach existing network interfaces.

Microsoft.Network/networkSecurityGroups/join/action

--

--

--

Yes

Join a network security group.

Microsoft.Network/networkSecurityGroups/read

--

Yes

--

Yes

Get a network security group definition.

Microsoft.Network/publicIPAddresses/delete

--

Yes

--

Yes

Deletes the public IP address.

Microsoft.Network/publicIPAddresses/join/action

--

Yes

--

Yes

Join a public IP address.

Microsoft.Network/publicIPAddresses/read

Yes

Yes

--

Yes

Get a public IP address.

Microsoft.Network/publicIPAddresses/write

--

Yes

--

Yes

Create or update an existing IP address.

Microsoft.Network/virtualNetworks/read

Yes

Yes

--

Yes

Get virtualNetworks information.

Microsoft.Network/virtualNetworks/subnets/join/action

--

--

--

Yes

Join a subnet.

Microsoft.Network/virtualNetworks/subnets/read

Yes

Yes

--

Yes

Get virtualNetworks information about a subnet.

Microsoft.ResourceHealth/availabilityStatuses/read

--

Yes

--

Yes

Get the availability statuses for the resources in a specified scope.

Microsoft.Resources/deployments/*

Yes

Yes

--

Yes

Create and manage a deployment.

Microsoft.Resources/subscriptions/resourceGroups/read

Yes

Yes

Yes

Yes

Get a list of resource groups.

Microsoft.Storage/storageAccounts/*

Yes

Yes

--

Yes

Create and manage a storage account on Blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete

--

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

--

Yes

--

Yes

Access unmanaged VM blob.

Loading...