Microsoft Azure Storage - IAM AD Application Role Assignment (Credential Vault)

Use this dialog box to add (or modify) Microsoft Azure Storage, with IAM AD Application Role Assignment authentication, as a storage target.

Option

Description

Additional Information

Name

The name of the Cloud library.

Device Name

A unique device name generated by the system when the library is added.

Type

Select Microsoft Azure Storage from the list.

MediaAgent

The name of the MediaAgent to which the device is attached. Select a MediaAgent from the list to add to the cloud storage device. The list contains the names of all the MediaAgents configured in the CommCell.

Access Information

Add the credentials and other details required to access the cloud storage space.

Authentication

Select IAM AD Application Role Assignment (Credential Manager).

For IAM AD Application Role Assignment authentication, the application requires Storage Account Contributor and Storage Blob Data Contributor roles.

If you do not want to assign Storage Account Contributor role, to use the WORM storage functionality, you can create a custom role with the following permissions:

  • Lock blob container immutability policy

  • Get blob container immutability policy

  • Put blob container immutability policy

  • Extend blob container immutability policy (Returns the list of storage accounts or gets the properties for the specified storage account.)

Service Host

The URL of the host providing the cloud storage service. (Commvault transfers data using HTTPS protocol to the service host.)

Default: blob.core.windows.net

Note

If Microsoft Azure Storage is using a private link endpoint, make sure to provide the Service Host with privatelink.blob.core.windows.net. If private link endpoint is not available, follow the instructions for DNS as described in Azure Private Endpoint DNS integration.

  • Do not add the container name as the service host.

  • Multiple hosts can be added in the Service Host field using commas to separate them. For example servicehost1, servicehost2, servicehost3. (For local cloud servers with multiple IP addresses, the list of IP addresses can be added. For example, 192.xxx.0.100,192.xxx.0.101, 192.xxx.0.102.)

    Note

    All the hosts (or IP addresses) in the list must point to the same storage. Adding a host or IP address to a different storage will result in data loss.

Credential

Select a pre-defined credential from the list.

To define a new credential, click the Add New button from the list. The following information is required.

  • Credential Name: An user-defined name for the credential.

  • Tenant ID: The tenant ID of the Azure application. This is the Directory ID that you can find in application properties.

  • Application ID: The application ID of the Azure application. This is the Client ID that you can find in application properties.

  • Application Secret: The application secret of the Azure application. This is the Client Secret that you created for the application.

  • Environment: The environment that hosts the Azure application.

  • Authentication Endpoint: The authentication endpoint for the tenant.

  • Management Endpoint: The management endpoint for the tenant.

  • Storage Endpoint: The storage endpoint for the tenant.

Credentials must not contain blank spaces or other special characters. For instructions about creating a credential, see Adding a Credential to Credential Vault.

Note

For outbound connectivity, the following endpoints must be whitelisted:

  • login.microsoftonline.com
  • management.azure.com

Account Name

The account name that be used to access the account.

Container

Click the Detect button to detect an existing container.

Sometimes, existing container may not get populated while detecting the container. In such cases, type the name of the existing container that you want to use. The system will automatically use the existing container if it is available.

Storage Class

The following combined storage classes are available:

Use container's default storage class

Select this option to use the default storage class selected in the storage account in the Azure portal.

Commvault software will write the data based on the container's storage class.

Use this option if the container is already created in Azure.

Hot

Select this option to use the 'Hot' tier to write the data.

Use this option for a container already created in Azure using the 'Hot' tier.

Cool

Select this option to use the 'Cool' tier to write the data.

Use this option for a container already created in Azure using the 'Cool' tier.

Cold

Select this option to use the 'Cold' tier to write the data.

Use this option for a container already created in Azure using the 'Cold' tier.

Archive

Select this option to create an 'archive' storage class.

Commvault software will write all data in the Archive tier.

Create a container with the 'Archive' storage class in Azure and then select the Archive option while configuring the storage in Commvault software.

Use Combined Tier

Enable the option to use a combined storage tier, with the Cold/Archive Storage Class.

This option will be enabled when the Archive Storage Class is selected.

Combined Storage Class

The following combined storage classes are available:

Cool

Select this option for 'cool archive' storage class.

Commvault software will write the metadata in the Cool tier and data will be written in the Archive tier.

Create a container with the 'Cool' storage class in Azure and then select the Archive/Cool (Combined Storage Tiers) option while configuring the storage in Commvault software.

Hot

Select this option for 'hot archive' storage class.

Commvault software will write the metadata in the Hot tier and data will be written in the Archive tier.

Create a container with the ‘Hot’ storage class in Azure and then select the Archive/Hot (Combined Storage Tiers) option while configuring the storage in Commvault software.

Loading...