Configuring backups on your access nodes using the custom configuration wizard

You can configure backups on your access nodes using the custom configuration wizard. To give the Commvault Cloud software access to the Azure VMs that you want to back up, you need an Azure application. If you want to create an Azure application manually or if you already have an Azure application that you use for Commvault Cloud, use the custom configuration wizard.

The custom configuration wizard provides Bash and PowerShell commands for creating the Azure application, and a button to open Azure Cloud Shell for running the commands. For instructions, see Quickstart: Register an application with the Microsoft identity platform.)

Start the Configuration Wizard

From the Command Center navigation pane, go to Protect > Virtual machines.

The Overview page appears.
In the upper-right area of the page, click Add.

The Configure Hypervisor page appears.
Select Microsoft Azure.
Click Next.

The Azure configuration overview page of the Configure Microsoft Azure Subscription wizard appears.
Click Custom configuration.
Click Next.

The Configure Permissions page of the configuration wizard appears.

Configure Permissions

The Azure Application page provides Bash and PowerShell commands for creating an Azure application, and a button to open Azure Cloud Shell for running the commands. (For other ways to create an Azure application, see .

If you are configuring Azure backups in your tenant, by default, Commvault performs backups on hosted infrastructure. If you have created an access node and want to configure backups on your own access node, the custom configuration wizard displays an option to use access nodes.

Select Use your access nodes for backups.
Specify the authentication option that you want Commvault to access your Azure resources:
- To authenticate the access node with Azure services, toggle the Use Managed Identity option to the right, and then enter the subscription ID.
- To use an Azure application and a secret, move the Use Managed Identity toggle key to the left, from the Credentials list, select or create a credential.
  - If you have a existing Azure application, add a new credential.
    Steps to add a new credential
    1. Beside Credential, click the add button .
      
      The Add credential dialog box appears.
    2. From the Account type list, verify that Cloud Account is selected.
    3. From the Vendor type list, verify that Microsoft Azure is selected.
    4. In Credential name, enter a descriptive name for the credentials.
    5. In Tenant ID, enter the tenant ID for the Azure account.
    6. In Application ID, enter application ID for the tenant.
    7. In Application secret, enter the secret key value that is generated for the application.
      
      Copy the values for Tenant ID, Application ID, and Application secret from Azure Cloud Shell.
    8. From the Environment list, verify that AzureCloud is selected.
    9. To view and modify Azure endpoint URLs that Commvault will use to connect to Azure during VM onboarding, enable the Show endpoints toggle key. If your environment requires custom endpoints (for example, Azure Government or other sovereign cloud environments), you can modify the following endpoints:
      
      Authentication endpoint: Used to verify identity and obtain access tokens from Azure.
      
      Storage endpoint: Used to access Azure storage resources.
      
      Management endpoint: Used to communicate with Azure Resource Manager (ARM) for managing VM resources.
    10. In Description, enter a description of the credentials.
    11. Click Save.
  - If want to add a new Azure application, follow the steps below.
    Steps to add a new Azure application
    1. Beside Credential, click the add button .
      
      The Add credential dialog box appears.
    2. From the Account type list, verify that Cloud Account is selected.
    3. From the Vendor type list, verify that Microsoft Azure is selected.
    4. In Credential name, enter a descriptive name for the credentials.
    5. Beside Application ID, click Deploy New Application.
    6. In the Deploy new application dialog box, do the following:
      
      In the information box shown at the top, click Open Azure Cloud Shell.
      
      Follow the instructions that appear and select Bash or PowerShell.
      
      Return to the Command Center window, in the Application name box, enter a name for the Azure application.
      
      In the Subscription ID box, enter your Azure subscription ID. Click Get Subscription ID if you need to get the ID using the command.
      
      Copy the PowerShell or Bash commands to deploy the application in the selected subscription and get the application details.
      
      If you have the application ID, tenant ID, and secret key, enter them. Otherwise, run the commands to get these details.
      
      At the Azure Cloud Shell command prompt, paste the commands.
      
      The commands run to create a new Azure application, and then the Tenant ID, Application ID, and Application secret for the application are displayed.
      
      Copy Tenant ID, Application ID, and Application Secret from the shell.
    7. Switch to Add credentials dialog box, and then paste the Tenant ID, Application ID, and Application secret to create the credential.
    8. From the Environment list, verify that AzureCloud is selected.
    9. To view and modify Azure endpoint URLs that Commvault will use to connect to Azure during VM onboarding, enable the Show endpoints toggle key. If your environment requires custom endpoints (for example, Azure Government or other sovereign cloud environments), you can modify the following endpoints:
      
      Authentication endpoint: Used to verify identity and obtain access tokens from Azure.
      
      Storage endpoint: Used to access Azure storage resources.
      
      Management endpoint: Used to communicate with Azure Resource Manager (ARM) for managing VM resources.
    10. In Description, enter a description of the credentials.
    11. Click Save.
  Steps to assign required roles to the application
  
  For information about how Commvault uses Azure resource providers and what roles and permissions are required, see Azure Resource Provider Usage for VM Protection Operations.
  
  1. Click Assign role.
  
  1. In the Assign role dialog box, do the following:
  
  1. Copy the PowerShell or Bash commands into a text editor.
  
  1. Replace ROLE_NAME with the name of your role.
  
  1. In the information box shown at the top, click Open Azure Cloud Shell.
  
  1. Follow the instructions that appear and select Bash or PowerShell.
  
  1. At the Azure Cloud Shell command prompt, paste the commands.
  
  The commands runs to assign the required role.
  
  1. Switch to Assign role dialog box, and then click Close.
Click Next.

The Access Nodes page of the configuration wizard appears.

Access Nodes

Add a new access node or select an existing access node that you want to use for Commvault SaaS operations.

Potential for egress charges

If the VM group that you create (on the Add VM Group page of the configuration wizard) includes rules that discover VMs in regions other than the one you select, you might incur egress charges when the Commvault software backs up the VMs in the other regions.

From the Access nodes list, select your access node.

Note

Beside Access nodes, click the Refresh button to refresh the list of access nodes, and then select the access node that you created.

To add an additional access node, click the add button , and then deploy the custom template in the Azure portal by following the steps 7 through 13 mentioned in Creating an Access Node for Azure Hypervisor.
Once the Azure resource deployment is completed, return to the Commvault configuration wizard, and then click Done.
Click Next.

The Add Subscription page of the configuration wizard appears.

Add Subscription

An Azure subscription allows you to create a new Azure hypervisor.

In the Name box, enter a name for the hypervisor.
In the Subscription ID box, enter your Azure subscription ID.
Click Next.

The Add VM Group page of the configuration wizard appears.

Add VM Group

A VM group is a set of VMs that you want to back up with the same settings.

You can add content to the VM group by using rules that auto-discover content, by selecting specific VMs, and by other ways.

Potential for egress charges

If you specify rules that discover VMs in regions other than the one you selected (when creating the access node in the Azure portal), you might incur egress charges when the Commvault software backs up the VMs in the other regions.

In Name, enter a descriptive name for the VM group.
To create rules that auto-discover VMs to back up, do the following:
1. Click Add, and then select Rules.
  
  The Add rule dialog box appears.
2. From the list, select the type of rule to create, and then specify the rule:
  - Browse: Select specific VMs. (Selecting this option changes the Add rule dialog box to the Add content dialog box.)
  - Power state: Select VMs based on whether they are powered on or off.
  - Region: Select VMs based on the region that they reside in.
  - Resource group: Select VMs based on the Azure resource group they are in.
  - Tag name: Select VMs based on the names of tags that are assigned to them. For example, to select VMs that have a tag name of "Department", enter Tag name | Equals | Department.
  - Tag value: Select VMs based on the values of tags that are assigned to them. For example, to select VMs that have a tag value of "Finance", enter Tag value | Equals | Finance.
  - Virtual machine name or pattern: Select VMs based on their names. For example, to select VMs that have a name that includes "east", enter Virtual machine name or pattern | Contains | east.
3. Click Save.
To select specific VMs, do the following:
1. Click Add, and then select Content.
  
  The Add content dialog box appears.
2. From the Browse and select VMs list, select one of the following:
  - Tags: Backs up the VMs that contain the tags you select.
  - VMs: Select specific VMs.
  - Resource groups: Backs up the VMs that are in the resource groups you select.
  - Regions: Backs up the VMs that are in the regions you select.
3. Click Save.
To see the VMs that are selected for the VM group, click the Preview button.
Click Next.

The Plan page appears.

Plan

A backup plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.

Select an existing backup plan or create a new backup plan.
Steps to create a backup plan.
1. Click the add button .
  
  The Create backup plan dialog box appears.
2. In the Plan name box, enter a descriptive name for the backup plan.
3. From the Storage list, select the storage.
4. To configure storage for your backups, beside Storage, click the add button , and then select any of the following storage types that you want to add:
  - Air Gap Protect
  - Cloud
5. To configure backups, select the Configure backups check box.
  1. Under Frequency, specify the frequency of the backup.
  2. Under Retention period, specify the duration for which the backup must be retained.
  3. To specify the additional retention, such as weekly full backups, select the Add extended retention check box, and then add rules.
6. To add an additional storage copy, select Add second copy check box.
  1. From the Storage list, select or add the storage to use for the backups.
  2. Under Backups to copy, select the backup type.
  3. Under Retention period, enter the amount of time to retain the backups.
    
    To specify additional retention period, such as weekly full backups, select the Add extended retention check box, and then add rules.
7. To add a third optional storage copy for maximum redundancy, select Add third copy check box, and configure the storage, backup type and retention settings.
8. Click Done.
Click Next.

The Summary page of the configuration wizard appears.

Summary

Review the summary.
Click Close.