Adding an Azure resource group as a source

Adding an Azure resource group to R‑Cloud is required if you want to do any of the following:

  • Ensure data protection for your resources stored in Azure resource groups.

  • Use the HYCU Managed Service Principal (HMSP) for performing all operations on an Azure target.

  • Enable R‑Cloud to create data movers in your Azure resource group. This allows you to keep your protected data in the original Azure environment during the backup for security purposes. For instructions, see the Preparing for SaaS application data protection topic for your SaaS application in Protecting SaaS applications.

HYCU Managed Service Principal (HMSP)

As part of adding an Azure resource group as a source to R‑Cloud, you add the HMSP to your Azure tenant. The HMSP is a special type of Azure service principal that is designed specifically for R‑Cloud to access resources and to run data protection operations in Azure. The HMSP provides business continuity of your data protection environment by enforcing a single service principal that cannot be deleted accidentally. At the same time, the HMSP also delivers enhanced security by uniquely identifying the service and by using the key rotation to limit risks associated with potential leaks of the service principal secrets.

Prerequisite

Only if you plan to add the Azure resource group to a protection set other than the default one. The protection set must be created. For instructions, see Creating a protection set.

Consideration

Only if you plan to use a data mover configuration for the source. If you later assign a different data mover configuration to an entity that belongs to the source, that configuration will be used instead of the one that was used for the source.

Recommendation

Using a data mover configuration with the source is recommended if you plan to assign its entities a policy that uses a target that is accessible exclusively from a private network.

Procedure

  1. In the Sources panel, click Add Add.

  2. Select Azure, and then click Next.

  3. Only if you are adding the Azure resource group in the Subscription context. From the Protection Set drop-down menu, select the protection set to which you want to add the Azure resource group.

  4. In the Tenant ID field, enter your Azure tenant ID.

  5. In the Subscription ID field, enter your Azure subscription ID, and then click Add. This will register R‑Cloud as an application in your Azure tenant and create the HMSP.

    Note  The name of the created application in your Azure tenant is HYCU R‑Cloud.

  6. Click Create and Assign Role to create a custom role and assign it to the HMSP in the Azure portal.

    Note  The name of the created custom role is HYCU R‑Cloud Role. To see which permissions are assigned to the created custom role, see Using the HYCU R‑Cloud Role for Azure.

  7. Return to the R‑Cloud web user interface, and then click Save.

The Azure resource group is added to the list of sources.

You can later do the following:

  • Only if you want a data mover configuration to be automatically assigned to all the entities that belong to this source. Edit any of the existing Azure resource groups (click Edit Edit ) to enable the Use data mover configuration switch, and then, from the Data Movers drop-down menu, select an existing data mover configuration.

    By clicking Add Add New, you are automatically redirected to the dialog box that enables you to add new data mover configuration. For details, see Creating a data mover configuration.

  • Remove the Azure resource groups that you do not need anymore (click Remove Remove). As part of removing the Azure resource group from R‑Cloud, you must also delete the IAM permissions that were created in the Azure resource group. To delete these permissions, in the Remove Source dialog box, copy the bash script, and then click Go to Azure Cloud Bash Shell to open your Azure Bash Shell and run the script.