1. Home
  2. Docs
  3. Dynamic Storage Platform
  4. Custom Nodes
  5. Microsoft Azure

Microsoft Azure

In this guide you’ll learn how to setup your AZURE account so that Vawlt can use your own Azure Blob Storage service as one of your volume’s cloud providers.

First, you’ll need to create an Azure Active Directory App Registration specifically for Vawlt, which in the end will be used by Vawlt to authenticate its requests and manage resources inside your Azure Account.

1 – To do that, go to the Azure Active Directory Service page;

2 – App registrations -> New registration;

3 – Give a name to the new application (in our case we used vawlt-application); For the Supported account types options select the Single Tenant option, and press the Register button;

4 – After creating the Application, a Client ID and a Tenant ID will be generated. Save these two IDs because you’ll needed to input them later on Vawlt Platform. Now, you need to generate credentials for the App. To do that, click on the client credentials link;

5 – Press the New Client Secret button, give a description to the credentials and select an expiration period.
In our case we used a period of 24 months. Feel free to select a shorter period, but keep in mind that before your credentials expire you’ll have to create new ones and update that information inside Vawlt Platform.
Finally, press the Add button.

6 – After creating the secret, a Value and a Secret ID are generated. Make sure to save the Value code, because you’ll need to input it later on Vawlt Platform.

7 – Now we need to grant a permission so that Vawlt can use Azure API to manage resources. Go to API Permissions section, press the Add a permission button, select the Microsoft Graph API and add the Application.ReadWrite.OwnedBy permission under the Application Permissions section.

8 – If the status of the Application.ReadWrite.OwnedBy permission doesn’t appear as Green/Granted (as shown in the Figure below) press the Grant admin consent for Default Directory button to update its status. This action requires Admin Consent, so if you are not the admin, request your admin to perform this action.

9 – Go to the Subscriptions Service page and save the Subscription ID from the subscription you’ll want to use to provision the resources that our new Azure AD App will manage.
If you don’t have a Subscription or if you want to create a new Subscription, for instance to isolate Vawlt’s related billing from other bills you might have, do it now, before proceeding to the next step.

10 – Now, let’s create a Resource Group specifically for Vawlt, to have a logical container that will hold all the resources that will be managed by Vawlt (storage accounts, containers, management policies, etc.). To do that, go to the Resource Groups service page and press the Create button.

11 – Select a subscription (make sure that the subscription chosen here is the one with the Subscription ID you saved in the previous step 7);
Give a name to the resource group (in our case we used vawlt-resource-group);
Select a Region (select the one you prefer, this region is not relevant for Vawlt’s operation) and press the Review + create button.

12 – Save the Resource Group name that you chose, because you’ll needed to input it later on Vawlt Platform, and press the “Create” button.

13 – Now that the resource group is created, we recommend you to create a policy that will specify that Vawlt’s Azure AD Application will only be allowed to read/write the resources that are inside the resource group we just created. To do that, go into the created resource group;

14 – Go to the Access Control (IAM) section, and press the Add custom role button;

15 – Give a name to the role (in our case we used vawlt-role) and clone the baseline permissions from the Owner role. This will allow Vawlt to perform every operation inside Vawlt’s specific resource group.
Press the Review + Create button and then Create the new role.

16 – Now that the role is created, we have to assign it to Vawlt’s Azure AD Application.
To do that, press the Add button and select the Add role assignment option;

17 – Select the role you created in the previous step and hit the Next button.

18 – In the Members section, hit the + Select Members option, search for Vawlt’s Azure AD Application name, select it, and press the Select button;

19 – Press the Review + Assign button and conclude the attach operation by pressing the Assign button.

20 – Finally, go to Vawlt Platform and insert the values from all the fields you saved.

If everything was done correctly, Vawlt will be able to authenticate as the Azure AD Application we just created and make use of your Azure Account to store Vawlt’s data.

Was this article helpful to you? Yes No