Loading...

Setting Up an Application and Tenant for Azure Resource Manager

To create an Azure virtualization client in the CommCell Console, you will need to set up an application and tenant for the Azure Resource Manager.

An application is a specific cloud service associated with your Azure account, and the tenant is a client or organization that manages an instance of the cloud service. The application and tenant are associated with your subscription through Azure Active Directory, which provides identity and access management for the Azure cloud.

To complete the setup of the Azure virtualization client in the CommCell Console, you need the following:

  • Application name
  • Application ID
  • Subscription ID
  • Tenant ID (Directory ID)
  • Application key.

Before You Begin

  • Collect the following information for your Azure account:
    • Subscription ID for the Azure account
    • User credentials with Service Administrator capabilities, for logging in to your Azure account.

Procedure

Use the following steps to create the application and tenant.

  1. Log on to the public Azure portal with service administrator credentials.
  2. From the All Services menu, select the App registrations tab, and click on New Application Registration.
  3. Enter the appropriate values for the following:
    • Name: Name of the application to be created on Azure Active Directory.
    • Application type: Select Web app/API.
    • Sign-on URL: https://app_name (URL including the application name you specify). For example: MyWebApp and https://MyWebApp.
  4. Click Create.

    Once created, the application will be listed on the App Registration tab. Note down the Application ID.

  5. Go to the Settings blade, and select the newly created application.
  6. On the Required Permission tab, perform the following actions to add required permissions:
    1. Select an API (Windows Azure Service Management API).
    2. Select the option to provide delegated permissions to Access Azure Service Management as organization users.
    3. Click Done.
  7. Select the newly created application, and click Settings.
  8. Click on Keys. Provide the key description and expiration date. Click Save.

    This will generate a unique secret key for the application.

    Important: Save the key value. The key value will be your application password. You will not be able to retrieve the key after you leave the Keys tab/blade.

  9. Click the Subscriptions tab, and then select the subscription ID for which the virtualization client needs to be created.

    Optional: Define a Custom Role

    You can use the predefined Contributor role or define a custom role to specify more limited permissions that can be used for backup and restore operations, either for a specific resource group or for the subscription as a whole. At a minimum, include the permissions listed in the CVBackupRole.json file.

    1. Download the CVBackupRole.json file, which contains minimal permissions needed for Azure backup and restore operations.
    2. Use a JSON editor to modify the following entry and change #SubscriptionID# to your subscription ID:

      "AssignableScopes" : ["/subscriptions/#SubscriptionID#"]

  10. On the Access Control (IAM) tab, click Add to add a service principal user.
  11. On the Add Permissions blade, select the Contributor role or the custom role that you created in the previous step.

    Select Azure AD user, group, or application.

  12. Type the application name in the Select field, and then select the application created in previous step.
  13. You can obtain the Tenant ID from the public Azure cloud by selecting Azure Active Directory > Properties > Directory ID.

    The Directory ID is also the Tenant ID.

What to Do Next

Create the Azure virtualization client using the Subscription ID, Tenant ID, Application ID, and Application Key.

Last modified: 2/20/2019 7:09:56 PM