Providing Azure permissions to an existing Cloud Manager virtual machine using a Managed Service Identity Edit on GitHub Request doc changes

You can provide Azure permissions to Cloud Manager by using a Managed Service Identity. A Managed Service Identity allows the Cloud Manager virtual machine to identify itself to Azure Active Directory without providing any credentials.

Managed Service Identities are not supported in the Azure US Gov regions and in the Germany regions. You must grant Azure permissions to Cloud Manager using a service principal and credentials.
About this task

If you currently provide Cloud Manager with Azure permissions through a service principal, you can change to using a Managed Service Identity instead. This method is simpler than manually setting up an Azure service principal and providing the credentials to Cloud Manager.

For more information about Managed Service Identities, refer to Azure documentation.

Steps
  1. Log in to the Azure portal using an account that is associated with the Cloud Manager virtual machine.

  2. Enable a Managed Service Identity on the virtual machine:

    1. Navigate to the virtual machine.

    2. Under Settings, select Configuration.

    3. Click Yes next to Managed Service Identity and then click Save.

  3. Provide permissions to the Cloud Manager virtual machine for one or more subscriptions:

    1. Open the Subscriptions service and then select the subscription in which you want to deploy Cloud Volumes ONTAP systems.

    2. Click Access control (IAM).

    3. Click Add and then add the permissions:

      • Select the OnCommand Cloud Manager Operator role.

        OnCommand Cloud Manager Operator is the default name provided in the Cloud Manager policy. If you chose a different name for the role, then select that name instead.

        If you have not yet created this role, follow these instructions.

      • Assign access to a Virtual Machine.

      • Select the subscription in which the Cloud Manager virtual machine was created.

      • Select the Cloud Manager virtual machine.

      • Click Save.

    4. If you want to deploy Cloud Volumes ONTAP from additional subscriptions, click Subscriptions again, select a subscription, and then repeat the steps for that subscription.

Result

Cloud Manager now has permissions that are controlled by a Managed Service Identity. If you repeated the steps for several subscriptions, then you can choose a different subscription when creating a new working environment.

Screen shot: Shows the link to select a different subscription in the Details and Credentials page.