Setting up Azure NetApp Files

Contributors netapp-bcammett Download PDF of this page

Create an Azure NetApp Files working environment in Cloud Manager to create and manage NetApp accounts, capacity pools, volumes, and snapshots.

Quick start

Get started quickly by following these steps or scroll down to the remaining sections for full details.

Number 1 Request access

Submit an online request to be granted access to Azure NetApp Files.

Number 2 Set up an Azure AD application

From Azure, grant permissions to an Azure AD application and copy the application (client) ID, the directory (tenant) ID, and the value of a client secret.

Number 3 Create an Azure NetApp Files working environment

In Cloud Manager, click Add Working Environment > Microsoft Azure > Azure NetApp Files and then provide details about the AD application.

Requesting access

You need to be granted access to Azure NetApp Files by submitting an online request. You’ll need to wait for approval from the Azure NetApp Files team before you can proceed.

Setting up an Azure AD application

Cloud Manager needs permissions to set up and manage Azure NetApp Files. You can grant the required permissions to an Azure account by creating and setting up an Azure AD application and by obtaining the Azure credentials that Cloud Manager needs.

Creating the AD application

Create an Azure Active Directory (AD) application and service principal that Cloud Manager can use for role-based access control.

Before you begin

You must have the right permissions in Azure to create an Active Directory application and to assign the application to a role. For details, refer to Microsoft Azure Documentation: Required permissions.

Steps
  1. From the Azure portal, open the Azure Active Directory service.

    Shows the Active Directory service in Microsoft Azure.

  2. In the menu, click App registrations.

  3. Create the application:

    1. Click New registration.

    2. Specify details about the application:

      • Name: Enter a name for the application.

      • Account type: Select an account type (any will work with Cloud Manager).

      • Redirect URI: You can leave this blank.

    3. Click Register.

  4. Copy the Application (client) ID and the Directory (tenant) ID.

    A screenshot that shows the application (client) ID and directory (tenant) ID for an application in Azure Active Directory.

    When you create the Azure NetApp Files working environment in Cloud Manager, you need to provide the application (client) ID and the directory (tenant) ID for the application. Cloud Manager uses the IDs to programmatically sign in.

  5. Create a client secret for the application so Cloud Manager can use it to authenticate with Azure AD:

    1. Click Certificates & secrets > New client secret.

    2. Provide a description of the secret and a duration.

    3. Click Add.

    4. Copy the value of the client secret.

      A screenshot of the Azure portal that shows a client secret for the Azure AD service principal.

Result

Your AD application is now setup and you should have copied the application (client) ID, the directory (tenant) ID, and the value of the client secret. You need to enter this information in Cloud Manager when you add an Azure NetApp Files working environment.

Assigning the app to a role

You must bind the service principal to your Azure subscription and assign it a custom role that has the required permissions.

Steps
  1. Create a custom role in Azure.

    The following steps describe how to create the role form the Azure portal.

    1. Open the subscription and click Access control (IAM).

    2. Click Add > Add custom role.

      screenshot azure access control

    3. In the Basics tab, enter a name and description for the role.

    4. Click JSON and click Edit which appears at the top right of the JSON format.

    5. Add the following permissions under actions:

      "actions": [
          "Microsoft.NetApp/*",
          "Microsoft.Resources/resources/read",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Resources/subscriptions/resourcegroups/resources/read",
          "Microsoft.Resources/subscriptions/resourceGroups/write",
          "Microsoft.Network/virtualNetworks/read",
          "Microsoft.Insights/Metrics/Read"
          ],
    6. Click Save, click Next, and then click Create.

  2. Now assign the application to the role that you just created:

    1. From the Azure portal, open the subscription and click Access control (IAM) > Add > Add role assignment.

    2. Select the custom role that you created.

    3. Keep Azure AD user, group, or service principal selected.

    4. Search for the name of the application (you can’t find it in the list by scrolling).

      A screenshot that shows the Add role assignment form in the Azure portal.

    5. Select the application and click Save.

      The service principal for Cloud Manager now has the required Azure permissions for that subscription.

Creating an Azure NetApp Files working environment

Set up an Azure NetApp Files working environment in Cloud Manager so you can start creating volumes.

  1. From the Working Environments page, click Add Working Environment.

  2. Select Microsoft Azure and then Azure NetApp Files.

  3. Provide details about the AD application that you previously set up.

    A screenshot of the fields that are required to create an Azure NetApp Files working environment, which includes a name, application ID, client secret, and directory ID.

  4. Click Add.

Result

You should now have an Azure NetApp Files working environment.

A screenshot of an Azure NetApp Files working environment.