Skip to main content
Cloud Sync

Installing the data broker in Azure

Contributors netapp-bcammett

When you create a new data broker, choose the Azure Data Broker option to deploy the data broker software on a new virtual machine in a VNet. Cloud Sync guides you through the installation process, but the requirements and steps are repeated on this page to help you prepare for installation.

You also have the option to install the data broker on an existing Linux host in the cloud or on your premises. Learn more.

Supported Azure regions

All regions are supported except for the China, US Gov, and US DoD regions.

Networking requirements

  • The data broker needs an outbound internet connection so it can poll the Cloud Sync service for tasks over port 443.

    When Cloud Sync deploys the data broker in Azure, it creates a security group that enables the required outbound communication.

    If you need to limit outbound connectivity, see the list of endpoints that the data broker contacts.

  • NetApp recommends configuring the source, target, and data broker to use a Network Time Protocol (NTP) service. The time difference between the three components should not exceed 5 minutes.

Authentication method

When you deploy the data broker, you'll need to choose an authentication method: a password or an SSH public-private key pair.

Installing the data broker

You can install a data broker in Azure when you create a sync relationship.

  1. Click Create New Sync Relationship.

  2. On the Define Sync Relationship page, choose a source and target and click Continue.

    Complete the pages until you reach the Data Broker page.

  3. On the Data Broker page, click Create Data Broker and then select Microsoft Azure.

    If you already have a data broker, you'll need to click the A screenshot if the plus icon icon first.

    A screenshot of the Data Broker page that enables you to choose between an AWS, Azure, GCP, and On-Prem data broker.

  4. Enter a name for the data broker and click Continue.

  5. If you're prompted, log in to your Microsoft account. If you're not prompted, click Log in to Azure.

    The form is owned and hosted by Microsoft. Your credentials are not provided to NetApp.

  6. Choose a location for the data broker and enter basic details about the virtual machine.

    A screenshot of the Azure deployment page that shows the following fields: Subscription, Azure region, VNet, Subnet, VM Name, User Name, Authentication Method, and Resource Group.

  7. Specify a proxy configuration, if a proxy is required for internet access in the VNet.

  8. Click Continue and keep the page open until the deployment is complete.

    The process can take up to 7 minutes.

  9. In Cloud Sync, click Continue once the data broker is available.

  10. Complete the pages in the wizard to create the new sync relationship.


You have deployed a data broker in Azure and created a new sync relationship. You can use this data broker with additional sync relationships.

Getting a message about needing admin consent?

If Microsoft notifies you that admin approval is required because Cloud Sync needs permission to access resources in your organization on your behalf, then you have two options:

  1. Ask your AD admin to provide you with the following permission:

    In Azure, go to Admin Centers > Azure AD > Users and Groups > User Settings and enable Users can consent to apps accessing company data on their behalf.

  2. Ask your AD admin to consent on your behalf to CloudSync-AzureDataBrokerCreator using the following URL (this is the admin consent endpoint):{FILL HERE YOUR TENANT ID}/v2.0/adminconsent?client_id=8ee4ca3a-bafa-4831-97cc-5a38923cab85&redirect_uri=

    As shown in the URL, our app URL is and the application client ID is 8ee4ca3a-bafa-4831-97cc-5a38923cab85.