> Commvault SaaS > Virtual Machines > Azure > Planning

Azure Resource Provider Usage for VM Protection Operations

Commvault uses Azure resource providers to perform data protection operations for Azure and Azure Stack VMs.

These resource providers are used only to access snapshots, disks, and VM configurations that are required for backing up VMs to storage media, for recovering VMs, and for deleting intermediate entities that are created by Commvault during those operations. When a user who has the required administrative privileges requests that a recovered VM overwrite the original VM, the resource providers are also used to remove the original VM, but only after confirmation from the user.

Commvault usage of Azure resource providers is controlled by the managed identity or the Azure application that gives Commvault access to your Azure resources.

For more information about Azure resource providers, go to Azure resource providers and types on the Microsoft documentation website.

Resource Providers for All Protection Operations

The following table shows the Azure resource providers that are needed for all Commvault operations and describes how Commvault uses each resource provider.

Resource Providers

Backups

Restores

VM conversions

Replication

Usage

Microsoft.Compute/availabilitySets/Read

Yes

--

--

--

Get the availability set details of the VM.

Microsoft.Compute/diskEncryptionSets/read

--

Yes

Yes

--

List the disk encryption set options for the region.

Microsoft.Compute/disks/*

Yes

Yes

--

Yes

Perform all disk actions.

Microsoft.Compute/locations/*

Yes

Yes

--

Yes

List the available VM sizes for a location and track the status of asynchronous API operations.

Microsoft.Compute/proximityPlacementGroups/read

Yes

Yes

--

--

Get the proximity placement group properties.

Microsoft.Compute/proximityPlacementGroups/write

Yes

Yes

--

--

Create a new proximity placement group or updates an existing one.

Microsoft.Compute/restorePointCollections/*

Yes

Yes

--

Yes

Perform all restorePointCollection activities.

Microsoft.ManagedIdentity/userAssignedIdentities/assign/action

--

Yes

--

--

RBAC action for assigning an existing user-assigned identity to a resource.

Microsoft.Compute/snapshots/*

Yes

Yes

--

Yes

Perform all snapshot activities.

Microsoft.Compute/virtualMachines/*

--

Yes

Yes

Yes

Create VMs during restore operations.

Microsoft.KeyVault/checkNameAvailability/read

--

Yes

Yes

Yes

Validate the name of a key vault.

Microsoft.KeyVault/vaults/accessPolicies/write

--

Yes

Yes

Yes

Add, merge, or replace an access policy in a key vault.

Microsoft.KeyVault/vaults/deploy/action

--

Yes

Yes

Yes

Access secrets in a key vault when you deploy Azure resources.

Microsoft.KeyVault/vaults/keys/*

Yes

Yes

--

Yes

Access key vault when configured with RBAC.

Used only for encrypted VMs.

Microsoft.KeyVault/vaults/read

Yes

Yes

Yes

Yes

Get the key vault properties.

Microsoft.KeyVault/vaults/secrets/*

Yes

Yes

--

Yes

Access key vault when configured with RBAC.

Used only for encrypted VMs.

Microsoft.KeyVault/vaults/write

--

Yes

Yes

Yes

Create or update a key vault for an encrypted VM.

Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action

Yes

Yes

Yes

Yes

Joins an IP Configuration to application security groups. Not alertable.

Microsoft.Network/applicationSecurityGroups/read

Yes

Yes

Yes

Yes

Gets an application security group ID.

Microsoft.Network/loadBalancers/read

--

--

--

Yes

Get a load balancer definition.

Microsoft.Network/locations/*

Yes

Yes

--

Yes

Track the status of asynchronous API operations.

Microsoft.Network/networkInterfaces/*

Yes

Yes

--

Yes

Perform all network interface actions to create or attach existing network interfaces.

Microsoft.Network/networkSecurityGroups/join/action

--

--

--

Yes

Join a network security group.

Microsoft.Network/networkSecurityGroups/read

--

Yes

--

Yes

Get a network security group definition.

Microsoft.Network/publicIPAddresses/delete

--

Yes

--

Yes

Deletes the public IP address.

Microsoft.Network/publicIPAddresses/join/action

--

Yes

--

Yes

Join a public IP address.

Microsoft.Network/publicIPAddresses/read

Yes

Yes

--

Yes

Get a public IP address.

Microsoft.Network/publicIPAddresses/write

--

Yes

--

Yes

Create or update an existing IP address.

Microsoft.Network/virtualNetworks/read

Yes

Yes

--

Yes

Get virtualNetworks information.

Microsoft.Network/virtualNetworks/subnets/join/action

--

--

--

Yes

Join a subnet.

Microsoft.Network/virtualNetworks/subnets/read

Yes

Yes

--

Yes

Get virtualNetworks information about a subnet.

Microsoft.ResourceHealth/availabilityStatuses/read

--

Yes

--

Yes

Get the availability statuses for the resources in a specified scope.

Microsoft.Resources/deployments/*

Yes

Yes

--

Yes

Create and manage a deployment.

Microsoft.Resources/subscriptions/resourceGroups/read

Yes

Yes

Yes

Yes

Get a list of resource groups.

Microsoft.Storage/storageAccounts/*

Yes

Yes

--

Yes

Create and manage a storage account on Blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete

--

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

Yes

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

--

Yes

--

Yes

Access unmanaged VM blob.

Microsoft.Network/publicIPPrefixes/join/action

--

Yes

--

Yes

Create a public IP address from a prefix.

Microsoft.Network/routeTables/join/action

--

Yes

--

Yes

Associate a route table to a subnet.

Resource Providers for Auto-Scaling Azure Access Nodes

The following table shows the Azure resource providers that are needed for auto-scaling Azure access nodes and describes how Commvault uses each resource provider.

Resource Providers

Backups

Restores

VM conversions

Replication

Usage

Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read

Yes

Yes

Yes

Yes

Get an agreement for a given marketplace virtual machine item

Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write

Yes

Yes

Yes

Yes

Sign or cancel an agreement for a given marketplace virtual machine item
×

Loading...