Setting Up an Application and Tenant for Azure Resource Manager

Updated

To create an Azure virtualization client in the Commvault software, you need to set up an application and tenant for the Azure Resource Manager.

An application is a specific cloud service that is associated with your Azure account, and the tenant is a client or organization that manages an instance of the cloud service. The application and tenant are associated with your subscription through Azure Active Directory, which provides identity and access management for the Azure cloud.

Before You Begin

To complete the setup of the Azure virtualization client in the Commvault software, you need the following information:

  • Application name

  • Application ID

  • Subscription ID

  • Tenant ID (Directory ID)

  • Application key

You need the following information for your Azure account:

  • The subscription ID for the Azure account

  • User credentials with Service Administrator capabilities, for logging in to your Azure account

Procedure

  1. Log on to the public Azure portal with service administrator credentials.

  2. From the All services menu, select the App registrations tab, and then click on New registration.

  3. Specify the following:

    • Name: The name of the application to be created on Azure Active Directory.

    • Account type: Select one from the following:

      • Accounts in this organizational directory only

      • Accounts in any organizational directory

      • Accounts in any organizational directory and personal Microsoft accounts.

    • Redirect URI: (Optional) https://app_name (the URL, including the application name that you specify).

      For example, enter MyWebApp and https://MyWebApp.

  4. Click Register.

    The application will be listed on the App Registration tab. Record the Application ID.

  5. Go to the API permissions blade.

  6. Click Add a permission to add the required API permissions:

    1. Select the Microsoft API: Azure Service Management.

    2. Select the option to provide delegated permissions to Access Azure Service Management as organization users.

    3. Click Add permissions.

      Note: If you are configuring a Linux proxy, you must also request API permissions for the Microsoft API: Azure Storage.

  7. Go to the Certificates & secrets blade.

  8. Click on New client secret, and then enter the key description and expiration date.

  9. Click Save.

    A unique secret key is generated for the application.

    Important: Save the key value. The key value will be your application password. You will not be able to retrieve the key after you leave the Certificate & secrets tab/blade.

  10. From the All services menu, click the Subscriptions tab, and then select the subscription ID that the virtualization client needs to be created for.

  11. To define a custom role instead of using the predefined Contributor role, do the following:

    Define a custom role to specify more limited permissions that can be used for backup and restore operations, either for a specific resource group or for the entire subscription:

    1. Download the CVBackupRole.json file, which contains the minimum permissions needed for Azure virtual machine backup and restore operations.

      To back up Mysql and PostgreSQL databases on Azure, download the CvMySQLPostGreSQLCustomRole.json file.

    2. In the JSON file, modify the following entry and change #SubscriptionID# to your subscription ID:

      "AssignableScopes" : ["/subscriptions/#SubscriptionID#"]

    3. To create a custom role, see Custom roles for Azure resources.

  12. On the Access Control (IAM) tab, click Add, and then select Add role assignment.

    The Add role assignment pane appears.

  13. Specify the following:

    1. From the Role list, select the Contributor role or the custom role that you created.

    2. From the Assign access to list, select User, group, or service principal.

    3. In the Select box, enter the application name, and then select the application that you created in the preceding step.

  14. Click Save.

  15. If you are configuring a Linux proxy, you must add another role assignment, and select Storage Blob Data Contributor as the role.

  16. To obtain the Tenant ID from the public Azure cloud, select Azure Active Directory > Properties > Directory ID.

    The Directory ID is also the Tenant ID.

What to Do Next

In the Commvault software, create the Azure virtualization client using the Subscription ID, Tenant ID, Application ID, and Application Key.