Creating a file that contains Microsoft Azure Stack credentials
To communicate with Microsoft Azure Stack, the plug-in must have access to the Microsoft Azure Stack credentials. The credentials must be stored in a file on the NetBackup master server. The credentials are stored in an encrypted format and the plug-in securely accesses the information.
To create a file with the Microsoft Azure Stack credentials on the master server:
At any location on the master server, created a file with a JSON format.
For example, you can create a file named
azurestack.credsin the/usr/openv/var/global/directory.Open the file and add the following content:
{ "IdentityProvider":"ADFS", "TenantId":"tenant.domain.com", "ClientId":"1950a258-227b-4e31-a9cf-717495945fc2", "ClientSecret":"client_secret", "AuthResource": "https://management.adfs.azurestack.local/metadata/a6ad92e4-5b80-4c88-b84f-a7f25c12ba27", "teststorageac1": "9ghIt35bQeSvjZxXUPj8LinMs6aXPb2tMFjXVIG6N2v2FO6LRg+HzLz2LX1xR/qRkQYwNPIaE/v+QnUovzaKpQ==", "rg1disks540": "R6Lu3buXZ4HVtRTrNEHzzJqo2gShjQytfjX1hRkvfqMVWnvKWmEt2CUfmhlbxI7JCE0Gh5TKA9r3I88eit2FdA==", "StorageAccount3":"asasdlfkjaasdfasdfasdfasdf09sd8fhaopisdfbanpsdf98asdfpusadf====", "StorageAccount11":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==", "StorageAccount19":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==", "StorageAccount121":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==", "StorageAccount13":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==", "StorageAccount14":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==", "StorageAccount12":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==" ... }Note:
The
StorageAccountdetails are required if FETCH_STORAGE_KEYS = false in theazurestack.conffile.Option
Identity Provider
Description
IdentityProviderAADandADFSValues can be either ADFS (Active Directory Federation Services) or AAD (Azure Active Directory).
TenantIdAADValue is the tenant domain. For example, "
tenant.onmicrosoft.com".ClientIdADFSValue is 1950a258-227b-4e31-a9cf-717495945fc2.
AADValue is the application ID of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.
ClientSecretAADValue is the client secret of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.
AuthResourceAADandADFSValue of the key audiences that is obtained by opening the following URL in a web browser:
https://managment.{region}.{azurestackFQDN}/metadata/endpoints?api-version=2015-01-01
For example:
https://management.eng.azurestack.veritas.com/metadata/endpoints?api-version=2015-01-01
The URL returns a JSON value that is the value of the key audiences.
StorageAccountAADandADFSThe storage account with the access key.
If the value of fetchStorageKeys in the
azurestack.conffile is false, then you must add this option.
TenantId value for AADSign in to https://portal.azure.com.
Open > and locate the that is the
TenantId.
ClientId value for AADTo obtain the ClientId value, you must create a new service principal or use an existing service principal.
Sign in to https://portal.azure.com.
Open > .
In the Search by name or AppID field, search for
NBU-ASTK-1and click the service principal in the results.Use any of the following steps to get the
ClientID:Open and locate and copy that is the
ClientId.Open and locate and copy that is the
ClientId.
ClientSecret value for AADTo obtain the ClientSecret value, you must create a new service principal or use an existing service principal.
Sign in to https://portal.azure.com.
Open > > .
Create an application with the Name as
NBU-ASTK-1.Select the as Web App / API.
Enter the as
https://astk.nbu.com.Click .
Open > .
In the Search by name or AppID field, search for
NBU-ASTK-1and click the service principal in the results.Open Settings > and add a new password information as follows and then save:
Description:
Credential_1Expires:
NeverValue:
seedvalue_1Value displayed is the
ClientSecret. The value is displayed only once. If you close the window, the value is not displayed again.