Microsoft Azure Resource Provider Usage

Updated

Commvault uses Microsoft Azure resource providers to perform data protection and data recovery operations for virtual machines that run in Microsoft Azure or Azure Stack.

These resource providers are used only to access snapshots, disks, and virtual machine configurations that are required for backing up virtual machines to storage media, for recovering virtual machines, and for deleting intermediate entities that are created by Commvault during those operations. When a user who has the required administrative privileges requests that a recovered virtual machine overwrite the original virtual machine, the resource providers are also used to remove the original virtual machine, but only after confirmation from the user.

Resource Provider Usage

Commvault usage of Microsoft Azure resource providers is controlled by the service principal that is used to create a virtualization client (hypervisor). To perform authentication, the virtualization client can use a managed identity or Active Directory application-based client credentials to access the Azure or Azure Stack subscription.

For more information about Microsoft Azure resource providers, go to Azure resource provider operations on the Microsoft documentation website.

The following table shows the Microsoft Azure resource providers that are needed for Commvault operations and describes how Commvault uses each resource provider.

Resource Providers

Backups

Restores

VM conversions

Replication

Usage

Microsoft.Compute/diskEncryptionSets/read

--

Yes

Yes

--

List the Disk Encryption Set options for the region.

Microsoft.Compute/disks/*

Yes

Yes

--

Yes

Perform all disk actions.

Microsoft.Compute/locations/*

Yes

Yes

--

Yes

List the available VM sizes for a location and track the status of asynchronous API operations.

Microsoft.Compute/proximityPlacementGroups/read

Yes

Yes

--

--

Get the proximity placement group properties.

Microsoft.Compute/proximityPlacementGroups/write

Yes

Yes

--

--

Create a new proximity placement group or updates an existing one.

Microsoft.Compute/restorePointCollections/*

Yes

Yes

--

Yes

Perform all restorePointCollection activities.

Microsoft.Compute/snapshots/*

Yes

Yes

--

Yes

Perform all snapshot activities.

Microsoft.Compute/virtualMachines/*

--

Yes

Yes

Yes

Create virtual machines during restore operations.

Microsoft.KeyVault/checkNameAvailability/read

--

Yes

Yes

Yes

Validate the name of a key vault.

Microsoft.KeyVault/vaults/accessPolicies/write

--

Yes

Yes

Yes

Add, merge, or replace an access policy in a key vault.

Microsoft.KeyVault/vaults/deploy/action

--

Yes

Yes

Yes

Access secrets in a key vault when you deploy Azure resources.

Microsoft.KeyVault/vaults/read

Yes

Yes

Yes

Yes

Get the key vault properties.

Microsoft.KeyVault/vaults/write

--

Yes

Yes

Yes

Create or update a key vault for an encrypted VM.

Microsoft.Network/loadBalancers/read

--

--

--

Yes

Get a load balancer definition.

Microsoft.Network/locations/*

Yes

Yes

--

Yes

Track the status of asynchronous API operations.

Microsoft.Network/networkInterfaces/*

Yes

Yes

--

Yes

Perform all network interface actions to create or attach existing network interfaces.

Microsoft.Network/networkSecurityGroups/join/action

--

--

--

Yes

Join a network security group.

Microsoft.Network/networkSecurityGroups/read

--

Yes

--

Yes

Get a network security group definition.

Microsoft.Network/publicIPAddresses/join/action

--

Yes

--

Yes

Join a public IP address.

Microsoft.Network/publicIPAddresses/read

Yes

Yes

--

Yes

Get a public IP address.

Microsoft.Network/publicIPAddresses/write

--

Yes

--

Yes

Create or update an existing IP address.

Microsoft.Network/virtualNetworks/read

Yes

Yes

--

Yes

Get virtualNetworks information.

Microsoft.Network/virtualNetworks/subnets/join/action

--

--

--

Yes

Join a subnet.

Microsoft.Network/virtualNetworks/subnets/read

Yes

Yes

--

Yes

Get virtualNetworks information about a subnet.

Microsoft.ResourceHealth/availabilityStatuses/read

--

Yes

--

Yes

Get the availability statuses for the resources in a specified scope.

Microsoft.Resources/deployments/*

Yes

Yes

--

Yes

Create and manage a deployment.

Microsoft.Resources/subscriptions/resourceGroups/read

Yes

Yes

Yes

Yes

Get a list of resource groups.

Microsoft.Storage/storageAccounts/*

Yes

Yes

--

Yes

Create and manage a storage account on Blob.