Configure backup for multi-account access in Azure
Suggest changes
PDFs
BlueXP backup and recovery enables you to create backup files in an Azure account that is different than where your source Cloud Volumes ONTAP volumes reside. Both of those accounts can be different than the account where the BlueXP Connector resides.
These steps are required only when you are backing up Cloud Volumes ONTAP data to Azure Blob storage.
Just follow the steps below to set up your configuration in this manner.
Set up VNet peering between accounts
Note that if you want BlueXP to manage your Cloud Volumes ONTAP system in a different account/region, then you need to setup VNet peering. VNet peering is not required for storage account connectivity.
-
Log in to the Azure portal and from home, select Virtual Networks.
-
Select the subscription you are using as subscription 1 and click on the VNet where you want to set up peering.
-
Select cbsnetwork and from the left panel, click on Peerings, and then click Add.
-
Enter the following information on the Peering page and then click Add.
-
Peering link name for this network: you can give any name to identify the peering connection.
-
Remote virtual network peering link name: enter a name to identify the remote VNet.
-
Keep all the selections as default values.
-
Under subscription, select the subscription 2.
-
Virtual network, select the virtual network in subscription 2 to which you want to set up the peering.
-
-
Perform the same steps in subscription 2 VNet and specify the subscription and remote VNet details of subscription 1.
The peering settings are added.
Create a private endpoint for the storage account
Now you need to create a private endpoint for the storage account. In this example, the storage account is created in subscription 1 and the Cloud Volumes ONTAP system is running in subscription 2.
|
You need network contributor permission to perform the following action. |
{
"id": "/subscriptions/d333af45-0d07-4154-943dc25fbbce1b18/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"properties": {
"roleName": "Network Contributor",
"description": "Lets you manage networks, but not access to them.",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}-
Go to the Storage account > Networking > Private endpoint connections and click + Private endpoint.
-
In the Private Endpoint Basics page:
-
Select subscription 2 (where the BlueXP Connector and Cloud Volumes ONTAP system are deployed) and the resource group.
-
Enter an endpoint name.
-
Select the region.
-
-
In the Resource page, select Target sub-resource as blob.
-
In the Configuration page:
-
Select the virtual network and subnet.
-
Click the Yes radio button to "Integrate with private DNS zone".
-
-
In the Private DNS zone list, ensure that the Private Zone is selected from the correct Region, and click Review + Create.
Now the storage account (in subscription 1) has access to the Cloud Volumes ONTAP system which is running in subscription 2.
-
Retry enabling BlueXP backup and recovery on the Cloud Volumes ONTAP system and this time it should be successful.