How to configure Azure for Commvault Cloud Backup.

Introduction 

This document provides the configuration steps required to enable SoftwareOne’s Backup and Recovery service to protect public cloud services and to utilize public cloud data repositories.

This page describes:

• How to configure Blob Storage for use as a storage repository by Commvault Cloud.

• How to configure Azure to enable Commvault Cloud to protect Azure Virtual Machines, Azure PaaS services and other data hosting services in Azure.

To create an Azure Blob for use as a storage repository

1. Log on to the public Azure portal with service administrator credentials.

2. Create a new Storage Account.

3. Go to Storage Account > Add.

4. Select your Subscription and Resource Group.
   Tip: We recommend creating a dedicated Resource Group for use by BackupSimple.

5. Enter a Storage Account Name, in the format:
   CompanyNameShortCodebackupsimple, where CompanyNameShortCode is a short code for your company name. For example, for SoftwareOne, we use the name SObackupsimple.

6. Select the Location where you want the data to reside.

7. Select the Performance, choose Standard.

8. Select the Account Kind, choose StorageV2 (general prpose v2).

9. Select the Replication, choose low-risk. For regional disaster recovery of your backup data, we recommend selecting Geo-Redundant Storage (GRS).

10. Select the Access Tier, choose Cool.

11. Click Next : Advanced.

12. For Security, under Secure Transfer required, choose Enabled.

13. Select the Virtual Networks, choose All Networks.

14. Select the Data Lake Storage Gen2, choose Disabled.
    Note: If you are hosting your Media Agent in Azure, we recommend that you restrict access to the Blob store to selected networks only, for example, the VNet of your Media Agent. This will ensure faster routing and a more secure environment for your backup data.

To configure the access for networks to an Azure Blob

1. In the Azure portal, select the Storage account of your Blob storage.

2. Select Security and Networking, then for Networking, select the option of Firewall and virtual networks

3. Define the public networks access to the Blob storage:

   1. Enabled from all network

   2. Enabled from selected virtual network and IP addresses

4. If option b is selected, then add the existing virtual network of Commvault cloud (command will be provided by backup consultant) and also add the vnet where media agent/backup gateway resides.

5. Also, if vnet is not used then similarly IP address can be added as well

Share the Storage Account information with the Backup and Recovery Services Team who will align a Commvault cloud library with the new Azure Blob.

1. Go to the Storage Account created above

2. Go to Access Keys and share the below:

   1. Storage account name

   2. Keys

   3. Connection String

Azure Configuration

After execution, please provide the following information to SoftwareOne:

• Application name

• Application ID

• Subscription ID

• Tenant ID (Directory ID)

• Application key

1. Log on to the public Azure portal with service administrator credentials.

2. From the All services menu, select the App registrations tab, and then click on New registration.

3. Specify the following:

   • Name: The name of the application to be created on Azure Active Directory (ex. BackupSimpleApp).

   • Account type: Select one from the following:

     • Accounts in this organizational directory only

     • Accounts in any organizational directory

     • Accounts in any organizational directory and personal Microsoft accounts (we recommend this option as it allows us to backup multiple subscriptions).

   • Redirect URI: (Optional) https://app_name (the URL, including the application name that you specify).

     For example, enter MyWebApp and https://MyWebApp.

4. Click Register.

   The application will be listed on the App Registration tab. Record the Application ID.

5. Go to the Certificates & secrets blade.

6. Click on New client secret, and then enter the key description and expiration date (we recommend minimum of two years).

7. Click Add.

   A unique secret key is generated for the application.

Important: Save the key value. The key value will be your application password. You will not be able to retrieve the key after you leave the Certificate & secrets tab/blade.

8. From the All services menu, click the Subscriptions tab, and then select the subscription ID that the virtualization client needs to be created for.

9. On the Access Control (IAM) tab, click Add, and then select Add role assignment.

   The Add role assignment pane appears.

10. Specify the following:

    1. From the Role list, select the Contributor role or the custom role that you created.

    2. From the Assign access to list, select User, group, or service principal.

    3. In the Select box, enter the application name, and then select the application that you created in the preceding step.

11. Click Review and Assign.

12. To obtain the Tenant ID from the public Azure cloud, select Azure Active Directory > Properties > Directory ID.

    The Directory ID is also the Tenant ID.

System Requirements for Azure Backup Gateways

You can install a Commvault Cloud backup gateway on an Azure VM, to back up Azure resources from one or more subscriptions in the same region. The backup gateway is deployed in your Azure subscription, in a VNET that you select.

Sizing Guidelines

When you configure backups for an Azure database, the configuration wizard includes an ARM template that you use to deploy an Azure backup gateway. Based on the selected BETB size, Commvault Cloud selects the most cost efficient and performant instance type.

Use the sizing guidelines in this document to configure or scale backup gateways for environments that are larger than 25 BETB. The sizing guidelines are recommended building blocks, but you can scale your gateway using smaller increments considering cloud costs. Important: A smaller sized cloud gateway is recommended for day 1 sizing in cloud environments. Ensure that resource usage is always monitored and that at least 30% head room is available at all times.

Backup Gateways

A Backup Gateway can have one or both of the following roles:

• Storage: The Backup Gateway with this role manages the backup data.

• DDB: The Backup Gateway hosts the deduplication database. The software automatically selects the Backup Gateways to host the DDBs for optimal usage. The software hosts the new DDBs on the Backup Gateways when the software adds more deduplication databases (DDBs) for horizontal scaling or when a DDB is sealed and a new DDB is created.

• Dedicated SSD data disk: This is the disk where you will install the backup gateway software. The data disk is used for program files, deduplication, indexing, and logs.

When the software creates new deduplication databases in a storage pool by horizontal scaling of deduplication databases (DDBs) or seal DDB operation, the software automatically selects DDB location and the Backup Gateway with DDB role for optimal usage of resources. The location can be different from the existing location.

CPU/Memory

Windows Disk

Note: If a secondary copy is configured, configure 2x DDB disk size.

Network Requirements

• If the backup gateway and the data source are in different VNETs (whether the VNETs are in the same Azure subscription or different Azure subscriptions), VNET peering or a private endpoint might be required.

• The VNet must be configured with the Azure Storage VNet service endpoints.

• TCP 443 outbound must be open in order to access the Commvault Cloud backup service (*.metallic.io).

  This traffic is only control traffic, not data traffic.

• The backup gateway must have outbound access to the following URLs:

  • https://turindownloadcenter.blob.core.windows.net/*

  • https://bootstrap.pypa.io/pip/3.6/get-pip.py, for Python pip packages

  • https://7-zip.org/a/7z1900-x64.exe

Operating System Support

• Windows 2025

• Windows 2019

• Windows 2022

• Windows 2016