Configuring an Azure SQL Managed Instance

Configure a cloud instance for an Azure SQL managed instance to enable backup and restore operations.

Navigate to Service catalog

From the Command Center navigation pane, go to Service catalog.

Choose Azure Managed SQL

On the Databases tile, click Configure.
Select Database running in the cloud (PaaS).
Select Microsoft Azure, and then click Next.
Select Azure Managed SQL.
Click Next.

Choose configuration method

Select one of the following options:
- Express configuration using OAuth: Automates most configuration steps and helps you configure the Azure app using the Commvault's Multi Tenant App. For more information, see Use the Express Configuration to Create an Azure App for Azure SQL Managed Instance.
- Custom configuration: Allows you to manually configure the Azure app in the Azure portal.
Click Next.

Create the Azure app using express or custom configuration and follow the next steps to continue with the instance configuration.

Configure permissions and choose access node

Use hosted infrastructure

Select Use hosted infrastructure.
Select one of the following application based authentications:
- Use an existing application
  1. From the Credential list, select an existing credential or add a new one.
  2. To assign roles, do the following:
    1. Move the Assign required roles to the selected application toggle key to the right.
    2. Click Open Azure Cloud Shell.
    3. In Subscription ID, enter your Azure subscription ID.
    4. At the Azure Cloud Shell command prompt, paste and run the commands to assign required roles to the selected application.
- Deploy a new application
  1. In the Application name box, enter a name for the Azure application.
  2. In the Subscription ID box, enter your Azure subscription ID.
  3. Under Deploy the application in the selected subscription and get the application details, copy the commands, and then paste them into a text editor.
  4. In the text editor, do the following:
    1. To use a custom role, for --role "Contributor", replace Contributor with the name of your custom role.
      
      The Storage Blob Data Contributor role is required. Do not remove this role from the commands unless you are certain that your custom role includes Storage Blob Data Contributor.
      
      For more information about custom roles, see Role and Permission Requirements for Protecting Azure Resources.
    2. Copy the commands.
  5. Click Open Azure Cloud Shell.
  6. At the Azure Cloud Shell command prompt, paste the commands.
    
    The commands run to create the Azure application, and then the Tenant ID, Application ID, and Application secret for the application are displayed.
  7. In the Commvault configuration wizard, add a new credential.
Click Next.
From the Region list, select a region. Infrastructure from the same region is used as the access node to connect to Azure resources for backup.
Click Next.

Use your access nodes for backups

Select Use your access nodes for backups.
Select how you want to authenticate the Azure app.
- Application: Select one of the following:
  - Use an existing application
    1. From the Credential list, select an existing credential or add a new one.
    2. To assign roles, do the following:
      
      Move the Assign required roles to the selected application toggle key to the right.
      
      Click Open Azure Cloud Shell.
      
      In Subscription ID, enter your Azure subscription ID.
      
      At the Azure Cloud Shell command prompt, paste and run the commands to assign required roles to the selected application.
  - Deploy a new application
    1. In the Application name box, enter a name for the Azure application.
      
      The commands are updated with the value that you enter.
    2. In the Subscription ID box, enter your Azure subscription ID.
      
      The commands are updated with the value that you enter.
    3. Under Deploy the application in the selected subscription and get the application details, copy the commands, and then paste them into a text editor.
    4. In the text editor, do the following:
      
      To use a custom role, for --role "Contributor", replace Contributor with the name of your custom role.
      
      The Storage Blob Data Contributor role is required. Do not remove this role from the commands unless you are certain that your custom role includes Storage Blob Data Contributor.
      
      For more information about custom roles, see Role and Permission Requirements for Protecting Azure Resources.
      
      Copy the commands.
    5. Click Open Azure Cloud Shell.
      
      Azure Cloud Shell appears.
    6. At the Azure Cloud Shell command prompt, paste the commands.
      
      The commands run to create the Azure application, and then the Tenant ID, Application ID, and Application secret for the application are displayed.
    7. In the Commvault configuration wizard, add a new credential.
- Managed identity
  1. In the Subscription ID box, enter the subscription ID for the Azure account.
Click Next.
From the Access nodes list, select an access node to connect to the Azure resources.

For information on how to configure an access node, see Add an Access Node for Azure Table Storage.
Click Next.

Plan creation

Select an existing backup plan or create a new backup plan to associate with the instance.

If a region for hosted infrastructure is selected, only backup plans associated with that region are displayed.
Steps to create a backup plan
1. Click the add button .
  
  The Create backup plan dialog box appears.
2. For Plan name, enter a descriptive name for the backup plan.
3. For Storage, select or add the storage pool where you want to store backups.
4. To configure backups, select Configure backups.
5. Under Frequency, specify the frequency of the backup.
6. Under Retention period, specify the duration for which the backup must be retained.
7. To specify the additional retention, such as weekly full backups, select Add extended retention and then add rules.
8. To add an additional storage copy, select Add second copy.
9. From the Storage list, select or add the storage to use for the backups.
10. Under Backups to copy, select the backup type.
11. Under Retention period, enter the amount of time to retain the backups.
  
  To specify additional retention period, such as weekly full backups, select Add extended retention and then add rules.
12. To add a third optional storage copy for maximum redundancy, select Add third copy, and then configure the storage, backup type, and retention settings.
13. Click Save.

Choose cloud account

From the Cloud account list, select an existing Azure account or add a new account.
Steps to add new cloud account
1. Beside the Cloud account list, click +.
  
  The Add cloud account dialog box appears.
2. In the Name box, type the name for the account.
3. Enter the subscription information:
  - For the traditional authentication method of deployment, enter the following information:
    - Subscription ID: Enter the subscription ID for the Azure account.
    - Credential: If you have already configured the credentials entity, select them from the list. To define a new credential, click + beside the list. For more information, see Adding credentials.
  - For the managed identity authentication method of deployment, configure the following settings:
    - Connect using managed identities for Azure resources: Move the toggle key to the right.
    - Subscription ID: Enter the subscription ID for the Azure account.
4. Click Save.

Choose backup content

From the Backup Content page, you can either configure rule criteria for automatically discovering instances to back up, or you can manually select an instance to back up.
Steps to configure a rule - discover an instance automatically
1. To configure the rule criteria for automatically discovering instances to back up, move the Rule based discovery toggle key to the right.
  - To create a rule group to auto-discover and select instances to back up, click Add > Rule group.
    
    The Add rule group dialog box appears.
    1. To specify the type of Match rule, select all or any. The rules for the match are as follows:
      
      all: All rules that you configure for the rule group must be satisfied for a database instance to be discovered.
      
      any: Any rule that you define that is satisfied will result in the matching database being discovered.
    2. From the list of rule types, select the type of rule to create, and then specify the rule:
      
      Instance name: Select instances based on their names. For example, to select instances that have a name that includes "east", enter Instance name | Contains | east.
      
      Tag name: Select instances based on the names of tags that are assigned to them. Enter the tag name in the region\tag_name format. For example, to select instances in the eastern US Region that are for a department, enter Tag name | Equals | us-east-1\department.
      
      Tag value: Select instances based on the values of tags that are assigned to them. Enter the tag value in the region\tag_name\tag_value format. For example, to select instances in the eastern US Region for the human resources department, enter Tag value | Equals | us-east-1\department\HR.
    3. Click SAVE.
2. To see the instances that you selected for the group, click Preview.
3. From the SQL Server Authentication Type list, select on of the authentication types to access the instance and database to perform all operations, including backup, restore, and browse operations:
  - SQL Server/Microsoft Entra Password: Manages user accounts, security settings, and permissions for users who access the Azure SQL Database.
  - Microsoft Entra Service Principle (not available on hosted infrastructure): Provides a secure method to authenticate and access Azure SQL resources without using individual credentials.
  - Microsoft Entra Managed Identity (not available on hosted infrastructure): Provides a secure credential-less method for Azure resources without using individual user credentials.
    
    You do not need to select or create a credential for the Microsoft Entra Managed Identity authentication method.
  Note
  
  To use a Microsoft Entra Password account for the backup, install the Microsoft Active Directory Authentication Library for Microsoft SQL Server on the access node and configure an Microsoft Entra admin for that instance on the Azure portal. The AD account must be a local administrator with sysadmin server role on the Azure SQL instance. To provide the Microsoft Entra account credentials, edit the SQL cloud configuration setting in the Configuration tab for the SQL instance and provide the Microsoft Entra account credentials in the SQL server authentication box.
  
  Microsoft Entra multi-factor authentication is not supported.
4. For Credentials, select existing credentials or create new credentials. For more information, see Adding Credentials.
5. Click NEXT.
  
  The system creates the instance and displays a summary page that shows the instance configuration.
6. Click Finish to go to the instance page.
Steps to configure a rule - discover an instance manually
1. To manually select an instance to back up, move the Rule based discovery toggle key to the left, and then from the Instance name list, select the Azure SQL instance.
2. To see the instances that you selected for the group, click Preview.
3. From the SQL Server Authentication Type list, select on of the authentication types to access the instance and database to perform all operations, including backup, restore, and browse operations:
  - SQL Server/Microsoft Entra Password: Manages user accounts, security settings, and permissions for users who access the Azure SQL Database.
  - Microsoft Entra Service Principle (not available on hosted infrastructure): Provides a secure method to authenticate and access Azure SQL resources without using individual credentials.
  - Microsoft Entra Managed Identity (not available on hosted infrastructure): Provides a secure credential-less method for Azure resources without using individual user credentials.
    
    You do not need to select or create a credential for the Microsoft Entra Managed Identity authentication method.
    Note
    
    To use a Microsoft Entra Password account for the backup, install the Microsoft Active Directory Authentication Library for Microsoft SQL Server on the access node and configure an Microsoft Entra admin for that instance on the Azure portal. The AD account must be a local administrator with sysadmin server role on the Azure SQL instance. To provide the Microsoft Entra account credentials, edit the SQL cloud configuration setting in the Configuration tab for the SQL instance and provide the Microsoft Entra account credentials in the SQL server authentication box.
    
    Microsoft Entra multi-factor authentication is not supported. ///
    
    For Credentials, select existing credentials or create new credentials. For more information, see Adding Credentials.
    
    After selecting an instance, you can use the Export backup to control whether Commvault creates export backups or only syncs Azure SQL automated backups:
    
    Move the Export backup toggle key to the right (default ON) to create Commvault export backups in addition to syncing Azure SQL automated backups.
    
    Move the Export backup toggle key to the left (Off) to syncs only Azure SQL automated backups. No Commvault export backups are created.
    
    Click NEXT.
    
    The system creates the instance and displays a summary page that shows the instance configuration.
    
    Click Finish to go to the instance page.
Submit
1. Review your selections, and then click Submit to complete the configuration.

Configuring an Azure SQL Managed Instance

Navigate to Service catalog

Choose Azure Managed SQL

Choose configuration method

Configure permissions and choose access node

Plan creation

Choose cloud account

Choose backup content

Submit

Page contents