This article will show the configuration steps required to have CPM running on AWS backup and restore Azure virtual machines and disks.
Part I Add an App registration in Azure.
1. Open the Azure portal and go to Azure Active Directory, then click on App registrations.
2. Click New Registration.
3. In the Register an application screen enter a Name for the registration in this example CPM training.
Add the option for Supported account types and select Accounts in this Organizational directory only (default directory only -single tennant.
Click on Register.
4. The following items will need to be added to CM when you add the Azure account there so copy the following information to a text document for later use
Application (client) ID
Directory (tennant) ID
5. Open the CPM console and go to the Accounts page and select +New and select Azure Account.
Open the text file you copied the Directory (tenant) ID and Application (client) ID into copy the values into the CPM New Azure Account screen.
6. In the Azure Portal screen go to Certificates and Secrets screen.
7. Click on + New Client secret
8. Add a meaningful description in the description field and set an expiration in the expires filed and click the Add button.
9. Copy the value of the newly created secret by using the clipboard option (see screenshot below).
10. In the CPM Console, copy and paste the Client secret value into the Client Secret field and then the click Save button.
11. CPM Accounts screen will now show the newly create Azure account and will indicate that under the column Cloud.
Part 2 Create a Custom Role and Add Permissions
12. In the Azure Portal go to Subscriptions, then go to Access Control (IAM)
13. Click the +Add button , Add custom Role.
14. Please download the CPM Azure JSON permissions file from this link
15. Add a meaningful name to the Custom role Name field. and select the option start from JSON. Then click the open file icon (folder icon) and select the file you downloaded in the previous step. In this example we named it CPM.
NOTE: You should see an indication that the file was uploaded in the upper right comer of the Azure Portal.
16 . Click on the Assignable Scopes tab.
17. Delete the Assignable scope listed /subscriptions<SUBSCRIPTION_ID> by hitting the trash can symbol.
18. Please click on the Add assignable scopes button.
19. Select your subscription and click the Add button. Then click the review and create button.
20. Click Create.
Part 3 Link the custom role with the app
21. Go to Subscription service → Your subscription → Access Control (IAM)
22. Click on Add → Add role assignment
23. Select your custom role, the app you created and Click Save
24. Check that you see the new assignment under Role assignment tab
** it might take time for azure to propagate changes in IAM
Part 4 Configure Azure backup policy in CPM
25. Go to the CPM Console and go to Policies
26. Click on New, Then Azure Policy
27. Give the policy a name in this example Azure and make sure the Account field is your Azure Account you created earlier in this process.
Make sure that the Enabled checkbox is selected. The subscription field should be populated automatically if all the previous steps were configured correctly.
Select you schedule, Set the configuration options Auto Target Removal and Keep # of backup Snapshot Generations. Click the Next button.
28. On the Backup Targets tab click on the Add backup Targets button. Select to add Virtual machines or Disks from the drop down list.
29. Choose the correct Location and Resource Group and a list of virtual machines should appear. Choose which virtual machines to include in the policy. Then click Add Selected Button at the bottom of the screen. Click close to exit the Add Virtual machines screen.
30. On the More options page add you desired configuration options for the settings Backup Successful when, Number of retries , Wait between retries, and failures to trigger alert. For more details on these settings see the CPM User Guide. Then click save to save the configuration settings for the policy. Then click the Save button at the bottom of the screen.