How to Register an Azure Subscription

Introduction

To add an Azure Virtual Machine server to a protection job for backups with Cloud Snapshot Manager, you must register the Azure Subscription as a Cloud source within the Cloud Data Protection platform.

Limitations and Considerations

• Backing up Virtual Machines with unmanaged disks is not supported
• Incremental snapshots of managed disks is not supported
• App consistent (quiesced) backups are not supported
•  

Permissions

An application service principle must be created and assigned a role with the permissions listed below. For further instructions on registering an application, see App registration, app objects, and service principals in the Microsoft Azure documentation.

    "permissions": [
      {
        "actions": [
          "Microsoft.Compute/disks/beginGetAccess/action",
          "Microsoft.Compute/disks/delete",
          "Microsoft.Compute/disks/endGetAccess/action",
          "Microsoft.Compute/disks/read",
          "Microsoft.Compute/disks/write",
	  "Microsoft.Compute/snapshots/beginGetAccess/action",	
          "Microsoft.Compute/snapshots/delete",
          "Microsoft.Compute/snapshots/read",
          "Microsoft.Compute/snapshots/endGetAccess/action",
          "Microsoft.Compute/snapshots/write",
          "Microsoft.Compute/virtualMachines/delete",
          "Microsoft.Compute/virtualMachines/read",
          "Microsoft.Compute/virtualMachines/write",
          "Microsoft.Network/networkInterfaces/delete",
          "Microsoft.Network/networkInterfaces/join/action",
          "Microsoft.Network/networkInterfaces/read",
          "Microsoft.Network/networkInterfaces/write",
          "Microsoft.Network/networkSecurityGroups/join/action",
          "Microsoft.Network/virtualNetworks/read",
          "Microsoft.Network/virtualNetworks/subnets/join/action",
          "Microsoft.Network/virtualNetworks/subnets/read",
          "Microsoft.Resources/subscriptions/resourcegroups/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/listkeys/action",
          "Microsoft.Storage/storageAccounts/read",
          "Microsoft.Storage/storageAccounts/write"
        ],
        "dataActions": [],
        "notActions": [],
        "notDataActions": []
      }

Procedure

1. Log in to the respective Cloud Data Protection system.
2. You should be directed to the Protection Jobs page upon logging into the cluster.
3. To register your Azure subscription as a Cloud Source, select the Data Protection Sources tab from the navigation bar on the left-hand side of the page.
   
4. Click Register | Virtual Machines.
   
   
5. Under Select Source Type, select Azure: Azure Subscription.
6. Select the Subscription Category and enter the Subscription ID, Application ID, Application Key, and Tenant ID.
   1.  The Subscription ID can be found on your Subscriptions page.
   2. The Application ID, Application Key (NOTE: This is the Value string, not the Secret ID), and Tenant IDs can be found on the App registrations page.
7. Click Register.
8. Confirm the newly registered Azure Source on the Source page.