Skip to main content
BlueXP backup and recovery
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Configure backup for multi-account access in Azure

Contributors netapp-tonacki netapp-bcammett

BlueXP backup and recovery enables you to create backup files in an Azure account that is different than where your source Cloud Volumes ONTAP volumes reside. Both of those accounts can be different than the account where the BlueXP Connector resides.

These steps are required only when you are backing up Cloud Volumes ONTAP data to Azure Blob storage.

Just follow the steps below to set up your configuration in this manner.

Set up VNet peering between accounts

Note that if you want BlueXP to manage your Cloud Volumes ONTAP system in a different account/region, then you need to setup VNet peering. VNet peering is not required for storage account connectivity.

  1. Log in to the Azure portal and from home, select Virtual Networks.

  2. Select the subscription you are using as subscription 1 and click on the VNet where you want to set up peering.

    A screenshot of selecting subscription 1 and the VNet where you want to set up peering.

  3. Select cbsnetwork and from the left panel, click on Peerings, and then click Add.

    A screenshot of adding the peering for the VNet for subscription 1.

  4. Enter the following information on the Peering page and then click Add.

    • Peering link name for this network: you can give any name to identify the peering connection.

    • Remote virtual network peering link name: enter a name to identify the remote VNet.

    • Keep all the selections as default values.

    • Under subscription, select the subscription 2.

    • Virtual network, select the virtual network in subscription 2 to which you want to set up the peering.

      A screenshot of selecting subscription 2 and the VNet where you want to set up peering.

  5. Perform the same steps in subscription 2 VNet and specify the subscription and remote VNet details of subscription 1.

    A screenshot of adding the peering for the VNet for subscription 2.

    The peering settings are added.

    A screenshot showing the results of the peering configuration.

Create a private endpoint for the storage account

Now you need to create a private endpoint for the storage account. In this example, the storage account is created in subscription 1 and the Cloud Volumes ONTAP system is running in subscription 2.

Note You need network contributor permission to perform the following action.
{
  "id": "/subscriptions/d333af45-0d07-4154-943dc25fbbce1b18/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "properties": {
    "roleName": "Network Contributor",
    "description": "Lets you manage networks, but not access to them.",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Authorization/*/read",
          "Microsoft.Insights/alertRules/*",
          "Microsoft.Network/*",
          "Microsoft.ResourceHealth/availabilityStatuses/read",
          "Microsoft.Resources/deployments/*",
          "Microsoft.Resources/subscriptions/resourceGroups/read",
          "Microsoft.Support/*"
        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}
  1. Go to the Storage account > Networking > Private endpoint connections and click + Private endpoint.

    A screenshot of opening the private endpoint configuration for your storage account.

  2. In the Private Endpoint Basics page:

    • Select subscription 2 (where the BlueXP Connector and Cloud Volumes ONTAP system are deployed) and the resource group.

    • Enter an endpoint name.

    • Select the region.

      A screenshot showing the details of the private endpoint Basics page.

  3. In the Resource page, select Target sub-resource as blob.

    A screenshot showing the details of the private endpoint Resource page.

  4. In the Configuration page:

    • Select the virtual network and subnet.

    • Click the Yes radio button to "Integrate with private DNS zone".

      A screenshot showing the details of the private endpoint Configuration page.

  5. In the Private DNS zone list, ensure that the Private Zone is selected from the correct Region, and click Review + Create.

    A screenshot showing the private zone selection from the private endpoint Configuration page.

    Now the storage account (in subscription 1) has access to the Cloud Volumes ONTAP system which is running in subscription 2.

  6. Retry enabling BlueXP backup and recovery on the Cloud Volumes ONTAP system and this time it should be successful.