Adding an Azure resource group as a source

Adding an Azure resource group to R‑Cloud is required if you want to do any of the following:

  • Ensure data protection for your resources stored in Azure resource groups.

  • Use the HYCU Managed Service Principal (HMSP) for performing all operations on an Azure target.

HYCU Managed Service Principal (HMSP)

As part of adding an Azure resource group as a source to R‑Cloud, you add the HMSP to your Azure tenant. The HMSP is a special type of Azure service principal that is designed specifically for R‑Cloud to access resources and to run data protection operations in Azure. The HMSP provides business continuity of your data protection environment by enforcing a single service principal that cannot be deleted accidentally. At the same time, the HMSP also delivers enhanced security by uniquely identifying the service and by using the key rotation to limit risks associated with potential leaks of the service principal secrets.

Prerequisite

Only if you plan to add the Azure resource group to a protection set other than the default one. The protection set must be created. For instructions, see Creating a protection set.

Considerations

  • Only if you plan to use a data mover configuration for the source. If you later assign a different data mover configuration to an entity that belongs to the source by specifying the configuration properties, that data mover configuration will be used instead of the one that was used for the source.

  • Only if you want a data mover configuration to be assigned to all the entities that belong to this source. After adding an Azure resource group to R‑Cloud, edit the Azure to enable the Use data mover configuration switch, and then select the preferred data mover configuration.

Recommendation

If you plan to store protected data on a target that is accessible exclusively from a private network, it is recommended that you enable the Use data mover configuration option. By doing so, you ensure that the data movers will have access to the target.

Procedure

  1. In the Sources panel, click Add Add.

  2. Select Azure, and then click Next.

  3. Only if you are adding the Azure resource group in the Subscription context. From the Protection Set drop-down menu, select the protection set to which you want to add the Azure resource group.

  4. In the Tenant ID field, enter your Azure tenant ID.

  5. In the Subscription ID field, enter your Azure subscription ID, and then click Add. This will register R‑Cloud as an application in your Azure tenant and create the HMSP.

    Note  The name of the created application in your Azure tenant is HYCU R‑Cloud.

  6. Click Create and Assign Role to create a custom role and assign it to the HMSP in the Azure portal.

    Note  The name of the created custom role is HYCU R‑Cloud Role. To see which permissions are assigned to the created custom role, see Using the HYCU R‑Cloud Role for Azure.

  7. Return to the R‑Cloud web user interface, and then click Save.

The Azure resource group is added to the list of sources.

You can later do the following:

  • Only if you want a data mover configuration to be assigned to all the entities that belong to this source. Edit the Azure resource group (click Edit Edit ) to enable the Use data mover configuration switch, and then, from the Data Movers drop-down menu, select the preferred data mover configuration.

    By clicking Add Add New, you are automatically redirected to the dialog box that enables you to add a data mover configuration, if not already added. For details, see Creating a data mover configuration.

  • Remove the Azure resource groups that you do not need anymore (click Remove Remove). As part of removing the Azure resource group from R‑Cloud, you must also delete the IAM permissions that were created in the Azure resource group. To delete these permissions, in the Remove Source dialog box, copy the bash script, and then click Go to Azure Cloud Bash Shell to open your Azure Bash Shell and run the script.