Adding an Azure resource group

Adding an Azure resource group to R‑Cloud is required if you want to do any of the following:

  • Ensure data protection for your resources stored in Azure resource groups.

  • Use the HYCU Managed Service Principal (HMSP) for performing all operations on an Azure target. By doing this, you avoid the need to add your own Azure service principals.

  • Configure SaaS application backup options so that R‑Cloud creates data movers in the Azure resource group. This enables you to keep your protected data in the same Azure environment during the backup for security purposes. For instructions, see the Preparing for SaaS application data protection topic for your SaaS application in Protecting SaaS applications.

HYCU Managed Service Principal (HMSP)

As part of adding an Azure resource group as a source to R‑Cloud, you add the HMSP to your Azure tenant. The HMSP is a special type of Azure service principal that is designed specifically for R‑Cloud to access resources and to run data protection operations in Azure. The HMSP provides business continuity of your data protection environment by enforcing a single service principal that cannot be deleted accidentally. At the same time, the HMSP also delivers enhanced security by uniquely identifying the service and by using the key rotation to limit risks associated with potential leaks of the service principal secrets.

Prerequisite

Only if you plan to add your Azure resource group to a protection set other than the default one. The protection set must be created. For instructions, see Creating protection sets.

  • To access the Sources dialog box from the toolbar, click  Administration, and then select Sources.

  • To access the Sources dialog box from R-Graph, in an empty R-Graph with no sources configured, click Set Up Source.

You can also add sources directly from the Marketplace panel by clicking Configure in the product details page, bypassing the initial Sources dialog box.

Procedure

  1. In the Sources dialog box, click the Azure tab, and then click New New.

  2. From the Protection Set drop-down menu, select the protection set to which you want to add the Azure resource group. By default, the Azure resource group is added to the currently selected protection set.

  3. In the Tenant ID field, enter your Azure tenant ID.

  4. In the Subscription ID field, enter your Azure subscription ID, and then click Add. This will register R‑Cloud as an application in your Azure tenant and create the HMSP.

    Note  The name of the created application in your Azure tenant is HYCU R‑Cloud.

  5. Click Create and Assign Role to create a custom role and assign it to the HMSP in the Azure portal.

    Note  The name of the created custom role is HYCU R‑Cloud Role. To see which permissions are assigned to the created custom role, see Using the HYCU R‑Cloud Role for Azure.

  6. Return to the R‑Cloud web user interface, and then click Save.

The Azure resource group is added to the list of sources.

You can later delete the Azure resource groups that you do not need anymore (click Delete Delete). Keep in mind that deleting the Azure resource group from R‑Cloud does not delete any IAM permissions that were created in the Azure resource group.