Deploying Cloud Manager from the Azure Marketplace Edit on GitHub Request doc changes

It is best to deploy Cloud Manager in Azure using NetApp Cloud Central, but you can deploy it from the Azure Marketplace, if needed.

Deploying Cloud Manager in Azure

You need to install and set up Cloud Manager so you can use it to launch Cloud Volumes ONTAP in Azure.

Steps
  1. Go to the Azure Marketplace page for Cloud Manager.

  2. Click Get it now and then click Continue.

  3. From the Azure portal, click Create and follow the steps to configure the virtual machine.

    Note the following as you configure the virtual machine:

    • Cloud Manager can perform optimally with either HDD or SSD disks.

    • You should choose one of the recommended virtual machine sizes: A2 or D2_v2.

    • For the network security group, it is best to choose Advanced.

      The Advanced option creates a new security group that includes the required inbound rules for Cloud Manager. If you choose Basic, refer to Security group rules for the list of required rules.

    • Under the settings, enable Managed Service Identity for Cloud Manager by selecting Yes.

      This setting is important because a Managed Service Identity allows a Cloud Manager virtual machine to identify itself to Azure Active Directory without providing any credentials. This method is simpler than manually setting up an Azure service principal and providing the credentials to Cloud Manager.

      For more information about Managed Service Identities, refer to Azure documentation.

  4. On the summary page, review your selections and click Create to start the deployment.

    Azure deploys the virtual machine with the specified settings. The virtual machine and Cloud Manager software should be running in approximately five minutes.

  5. Open a web browser from a host that has a connection to the Cloud Manager virtual machine and enter the following URL:

    http://ipaddress:80

    When you log in, Cloud Manager automatically adds your user account as the administrator for this system.

  6. After you log in, enter a name for the Cloud Manager system.

Result

Cloud Manager is now installed and set up. You must grant Azure permissions before users can deploy Cloud Volumes ONTAP in Azure.

Granting Azure permissions to Cloud Manager

When you deployed Cloud Manager in Azure, you should have enabled a Managed Service Identity. You must now grant the required Azure permissions by creating a custom role and then by assigning the role to the Cloud Manager virtual machine for one or more subscriptions.

Steps
  1. Create a custom role using the Cloud Manager policy:

    1. Download the Cloud Manager Azure policy.

    2. Modify the JSON file by adding Azure subscription IDs to the assignable scope.

      You should add the ID for each Azure subscription from which users will create Cloud Volumes ONTAP systems.

      Example

      "AssignableScopes": [
      "/subscriptions/d333af45-0d07-4154-943d-c25fbzzzzzzz",
      "/subscriptions/54b91999-b3e6-4599-908e-416e0zzzzzzz",
      "/subscriptions/398e471c-3b42-4ae7-9b59-ce5bbzzzzzzz"

    3. Use the JSON file to create a custom role in Azure.

      The following example shows how to create a custom role using the Azure CLI 2.0:

      az role definition create --role-definition C:\Policy_for_Cloud_Manager_Azure_3_5_2.json

      You should now have a custom role called OnCommand Cloud Manager Operator that you can assign to the Cloud Manager virtual machine.

  2. Assign the role to the Cloud Manager virtual machine for one or more subscriptions:

    1. Open the Subscriptions service and then select the subscription in which you want to deploy Cloud Volumes ONTAP systems.

    2. Click Access control (IAM).

    3. Click Add and then add the permissions:

      • Select the OnCommand Cloud Manager Operator role.

        OnCommand Cloud Manager Operator is the default name provided in the Cloud Manager policy. If you chose a different name for the role, then select that name instead.
      • Assign access to a Virtual Machine.

      • Select the subscription in which the Cloud Manager virtual machine was created.

      • Select the Cloud Manager virtual machine.

      • Click Save.

    4. If you want to deploy Cloud Volumes ONTAP from additional subscriptions, switch to that subscription and then repeat these steps.

Result

Cloud Manager now has the permissions that it needs to deploy and manage Cloud Volumes ONTAP in Azure.