Deploy Azure SaaS Connectors

Once you register your Azure source, you must set up a SaaS Connection for each region under each Azure subscription in your Azure source. A SaaS Connection consists of one or more SaaS Connectors, which are VMs that act as data movers between your data sources and the Cohesity DataProtect as a Service. Each Azure SaaS Connector is an Standard_D8s_v3 instance.

Create Azure SaaS Connection

To create an Azure SaaS Connection:

  1. In DataProtect as a Service, navigate Sources.

  2. Click the Actions menu (⋮) next to the Azure source and select Setup SaaS Connection.

  3. Click the > icon next to subscription for the subscription you want to set up the SaaS Connection.

    The Azure Connection form appears. In the Azure Connection form, the Azure Source and the Subscription ID are selected by default.

  4. Click Add SaaS Connection.

  5. In the Connection Details section, provide the following details:

    1. SaaS Connection Name: Provide a name for the SaaS Connection.

    2. Location: From the drop-down list, select the Azure region where you have the Azure cloud services to protect.

    3. Resource Group: From the drop-down list, select a resource group that will hold the resources related to the SaaS Connection.

    4. Number of Connectors: Enter the number of SaaS Connectors you want to deploy in the region.

  6. In the Network Settings section, provide the following details:

    1. Network Resource Group: From the drop-down list, select the resource group for the virtual network.

    2. Virtual Network: From the drop-down list, select a virtual network to which you want to connect the SaaS connections.

    3. Subnet: Select the subnet where you want the SaaS Connectors to be launched

  7. In the Other Settings (Optional fields) section, provide the following details:

    1. Network Security Group: From the drop-down list, select a security group that will be associated with the specified subnet. You can select multiple network security groups.

    2. Application Security Group: Select the application security groups you want to attach to the SaaS connector.

    3. Azure Managed Identity: Enter the managed identity that must be attached to the SaaS Connectors. This setting cannot be edited later. Example: /subscriptions/1234ab56-a2b2-a1b1-a12b-abc12345c678d/resourcegroups/example-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myManagedIdentity.

      For Azure SQL, the SaaS Connector’s managed identity will be used to authenticate to the SQL server for export/import if the SQL server source’s credential setting is set to “Managed Identity”.

      For more information on managed identity, see Microsoft Azure documentation.

    4. DNS Servers: Enter the IP addresses of the DNS servers that the SaaS Connectors should use. Separate multiple IPs with commas. Ensure the Active Directory DNS IP address (if applicable) is listed first. Verify that the NTP servers and other entities in the system can be resolved by the specified DNS server.

    5. NTP Servers: Enter the IP addresses or the Fully Qualified Domain Name of the NTP server(s) that must be used to synchronize the time on the SaaS Connector.

    6. Tags: Specify the tags to be used for your SaaS Connectors.

  8. Click Save.

  9. To create another SaaS connection for each region in the selected subscription, click Add SaaS Connection and provide the above details.

  10. Click Create Connections.

Repeat the steps above to set up SaaS Connections for each subscription and its regions in your Azure source.

Once you set up SaaS Connection, you can protect the Azure services of your Azure source.