Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup for Microsoft Azure Stack Administrator's Guide
  5. Configuring NetBackup and Microsoft Azure Stack
  7. Creating a file that contains Microsoft Azure Stack credentials
Veritas NetBackup for Microsoft Azure Stack Administrator's Guide

Creating a file that contains Microsoft Azure Stack credentials

To communicate with Microsoft Azure Stack, the plug-in must have access to the Microsoft Azure Stack credentials. The credentials must be stored in a file on the NetBackup master server. The credentials are stored in an encrypted format and the plug-in securely accesses the information.

To create a file with the Microsoft Azure Stack credentials on the master server:

  • At any location on the master server, created a file with a JSON format.

    For example, you can create a file named azurestack.creds in the /usr/openv/var/global/ directory.

  • Open the file and add the following content:

    {
"IdentityProvider":"ADFS",
"TenantId":"tenant.domain.com",
"ClientId":"1950a258-227b-4e31-a9cf-717495945fc2",
"ClientSecret":"client_secret",
"AuthResource":
"https://management.adfs.azurestack.local/metadata/a6ad92e4-5b80-4c88-b84f-a7f25c12ba27",
"teststorageac1":
"9ghIt35bQeSvjZxXUPj8LinMs6aXPb2tMFjXVIG6N2v2FO6LRg+HzLz2LX1xR/qRkQYwNPIaE/v+QnUovzaKpQ==",
"rg1disks540":
"R6Lu3buXZ4HVtRTrNEHzzJqo2gShjQytfjX1hRkvfqMVWnvKWmEt2CUfmhlbxI7JCE0Gh5TKA9r3I88eit2FdA==",
"StorageAccount3":"asasdlfkjaasdfasdfasdfasdf09sd8fhaopisdfbanpsdf98asdfpusadf====",
"StorageAccount11":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
"StorageAccount19":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
"StorageAccount121":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
"StorageAccount13":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
"StorageAccount14":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
"StorageAccount12":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd=="
...
}

    Note:

    The StorageAccount details are not listed if FETCH_STORAGE_KEYS = false.

    Option

    Identity Provider

    Description

    IdentityProvider

    AAD and ADFS

    Values can be either ADFS (Active Directory Federation Services) or AAD (Azure Active Directory).

    TenantId

    AAD

    Value is the tenant domain. For example, "tenant.onmicrosoft.com".

    See Obtaining the TenantId value for AAD.

    ClientId

    ADFS

    Value is 1950a258-227b-4e31-a9cf-717495945fc2.

    AAD

    Value is the application ID of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.

    See Obtaining the ClientId value for AAD.

    ClientSecret

    AAD

    Value is the client secret of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.

    See Obtaining the ClientSecret value for AAD.

    AuthResource

    AAD and ADFS

    Value of the key audiences that is obtained by opening the following URL in a web browser:

    https://managment.{region}.{azurestackFQDN}/metadata/endpoints?api-version=2015-01-01

    For example:

    https://management.eng.azurestack.veritas.com/metadata/endpoints?api-version=2015-01-01

    The URL returns a JSON value that is the value of the key audiences.

    StorageAccount

    AAD and ADFS

    The storage account with the access key.

    If the value of fetchStorageKeys in the azurestack.conf file is false, then you must add this option.

Obtaining the TenantId value for AAD

  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > Properties and locate the Directory ID that is the TenantId.

Obtaining the ClientId value for AAD

To obtain the ClientId value, you must create a new service principal or use an existing service principal.

  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > App registrations.

  3. In the Search by name or AppID field, search for NBU-ASTK-1 and click the service principal Display Name in the results.

  4. Use any of the following steps to get the ClientID:

    • Open Settings and locate and copy Application ID that is the ClientId.

    • Open Properties and locate and copy Application ID that is the ClientId.

Obtaining the ClientSecret value for AAD

To obtain the ClientSecret value, you must create a new service principal or use an existing service principal.

  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > App registrations > New application registration.

  3. Create an application with the Name as NBU-ASTK-1.

    Select the Application Type as Web App / API.

    Enter the Sign-on URL as https://astk.nbu.com.

    Click Create.

  4. Open Azure Active Directory > App registrations.

  5. In the Search by name or AppID field, search for NBU-ASTK-1 and click the service principal Display Name in the results.

  6. Open Settings > Keys and add a new password information as follows and then save:

    Description: Credential_1

    Expires: Never

    Value: seedvalue_1

  7. Value displayed is the ClientSecret. The value is displayed only once. If you close the window, the value is not displayed again.

Feedback

Was this page helpful?
Previous

Whitelisting the configuration file path on NetBackup master server

Next

Configuring proxy settings for communication with Microsoft Azure Stack

Feedback

Was this page helpful?