Enabling Managed Identities and Setting Mandatory Permissions in Azure
Azure Managed Identities enables security best practices by allowing you to grant unique security credentials to users, groups and resources. Managed Identities is secure by default; users have no access to Azure resources until permissions are explicitly granted.
For installation of the ZCA to succeed in Azure, Manged Identities on the VM running the ZCA must be enabled and the permission level must be set to Contributor, or greater, at the Subscription level.
To enable Managed Identities on the ZCA VM:
|
1.
|
In the Azure Portal, navigate to Virtual Machines. |
|
2.
|
If you already have a VM with ZCA, proceed with Step 4. |
|
3.
|
If you do not have a VM with ZCA, see Deploy Zerto Cloud Appliance from Azure Marketplace Portal. |
|
4.
|
In the list of available VMs, select the VM that will be used to install the ZCA. |
|
5.
|
In the Settings area of the VM you selected, click Identity. |
|
6.
|
In the System assigned tab, change Status from Off to On. |
Managed Identities is now enabled on the VM. A role can be assigned to this VM.
To set the role on the ZCA VM:
| 1. | Navigate to All Services and click Subscriptions. |
| 2. | Select the Subscription to which the ZCA is associated. |
| 3. | Click Access control (IAM). |
| 4. | In the Add a role assignment area, click Add. |

The Add role assignment window appears.
| 5. | In the Add role assignment window, configure the following: |
Role: | Contributor |
Assign access to: | Virtual Machine |
Subscription: | The subscription to which the ZCA is associated |
Select: | Click to move the ZCA VM to the Selected members area. |
| 7. | Now proceed to install or upgrade the ZVM for Azure environments. |