To create an Azure hypervisor configuration, set up an application and tenant for Azure.
An application is a specific cloud service associated with your Azure account, and the tenant is a client or organization that manages an instance of the cloud service. The application and tenant are associated with your subscription through Azure Active Directory, which provides identity and access management for the Azure cloud.
To complete the setup of the Azure hypervisor, you need the following:
-
Application name
-
Application ID
-
Subscription ID
-
Tenant ID (Directory ID)
-
Application key
Before You Begin
-
Collect the following information for your Azure account:
-
Subscription ID for the Azure account
-
User credentials with Service Administrator capabilities, for logging in to your Azure account
-
Procedure
Use the following steps to create the application and tenant.
-
Log on to the public Azure portal with service administrator credentials.
-
From the All services menu, select the App registrations tab, and click on New registration.
-
Enter the appropriate values for the following:
-
Name: Name of the application to be created on Azure Active Directory.
-
Account type: Select one from the following:
-
Accounts in this organizational directory only
-
Accounts in any organizational directory
-
Accounts in any organizational directory and personal Microsoft accounts.
-
-
Redirect URI: Optional. https://app_name (URL including the application name you specify). For example: MyWebApp and https://MyWebApp.
-
-
Click Register.
Once created, the application will be listed on the App Registration tab. Note down the Application ID.
-
Go to the API permissions blade.
-
Click Add a permission to add the required API permissions:
-
Select the Microsoft API: Azure Service Management.
-
Select the option to provide delegated permissions to Access Azure Service Management as organization users.
-
Click Add permissions.
Note
If you are configuring a Linux proxy, you must also request API permissions for the Microsoft API: Azure Storage.
-
-
Go to Certificates & secrets blade.
-
Click on New client secret. Provide the key description and expiration date. Click Save.
This will generate a unique secret key for the application.
Important
Save the key value. The key value will be your application password. You will not be able to retrieve the key after you leave the Certificate & secrets tab/blade.
-
From the All services menu, click the Subscriptions tab, and then select the subscription ID for which the virtualization client needs to be created.
Optional: Define a Custom Role
You can use the predefined Contributor role or define a custom role to specify more limited permissions that can be used for operations, either for a specific resource group or for the subscription as a whole. At a minimum, include the permissions listed in the CVBackupRole.json file.
-
Download the CVBackupRole.json file, which contains minimal permissions needed for Azure operations.
-
Use a JSON editor to modify the following entry and change #SubscriptionID# to your subscription ID:
"AssignableScopes" : ["/subscriptions/#SubscriptionID#"]
-
To create a custom role, refer to Azure custom roles.
-
-
On the Access control (IAM) tab, click Add, and then select Add role assignment.
-
On the Role tab, select the Contributor role or the custom role that you created in the previous step.
Note
If you are configuring a Linux proxy, you must select the Storage Blob Data Contributor role for the application.
-
On the Members tab, complete the following:
-
Assign access to: Select User, group, or service principal.
-
Click Select members.
-
In the Select members pane, enter the name of the application you previously created in the Select box.
-
-
On the Review + assign tab, complete the following:
-
Review your assignment.
-
Click Save.
-
-
You can obtain the Tenant ID from the public Azure cloud by selecting Azure Active Directory > Properties > Directory ID.
The Directory ID is also the Tenant ID.