Azure Connector Configuration

This article contains:

When to add a Connector Configuration for Azure

Azure information required

Add a Connector Configuration

A Connector Configuration contains the credentials and location information that Unidesk needs to access a specific location in Azure. For example, your organization may have one Azure account and several storage locations, and you will need a Connector Configuration so Unidesk can access each storage locations. For more about Connectors and Connector Configurations, see Connectors and Connector Configurations.

When to add a Connector Configuration for Azure

When you create your first Layers, and later when you publish Layered Images for the first time you will add a Connector Configuration for each task, as described below.

Azure information required

Your organization may have several Azure subscriptions. For Unidesk to access your Azure RD Session Host account, whether it's to download an OS Image or to publish a Layered Image, you must run this tool for each Azure subscription that you want to connect to via Unidesk. You can use the Unidesk Credentials Setup Tool to set up credentials for the Unidesk ELM, and later retrieve, the credentials you set up.

• Name - A name you enter for a new Connector Configuration.
• Subscription ID - In order to deploy Azure virtual machines, your organization must have an account and credentials, including a subscription ID.
• Tenant ID - This is a GUID that identifies your organization's dedicated instance of Azure AD.
• Client ID - The identifier for one of potentially many Azure accounts that your organization has.
• Client Secret - The password you want to use for the Client ID specified. If you already have a forgotten it, you can create a new one.

• Storage Account Name - The Azure storage account you want to use when storing Azure virtual machine disks. This name must adhere to Azure storage account naming restrictions. For example, the storage account name cannot contain uppercase characters.

  You must either create a storage account through the portal or use an existing storage account that fits the following criteria. The account:

  • Cannot be a classic storage account.
  • Should be a separate storage account from the one used for the Unidesk ELM. This new storage account will be used during Layer creation and Layered Image publishing.
  • Must be in the Azure location where you will deploy VMs.
  • Must be one of the following types:
    • Standard Locally Redundant storage (LRS)
    • Standard Geo-Redundant storage (GRS)
    • Standard Read-Access Geo-Redundant storage (RAGRS)
  • Can be located in any resource group, as long as the resource group's location is the same as the account's location.

Tool for retrieving information from Azure

The Azure Credentials Tool is a PowerShell script that grants the Unidesk appliance restricted access to your Azure subscription so that Unidesk can retrieve the information required to create a new Azure Connector Configuration. When you run the tool, it prompts you for your Azure Login credentials, then sets up the credentials required for Unidesk to gain restricted access to your Azure subscription.

Requirements for running the Azure Credentials Tool

• A system with access to Azure and running the following software:
  • Windows Server 2008, or later
  • Windows Powershell 2.0, or later (This ships with Windows Server 2008 and later.)
  • Storage Account in Azure

• Login credentials for a Global Admin or Service Admin in the Azure Active Directory Tenant associated with your subscription. In Azure, you can manage Active Directory here.

  An Azure AD tenant can be associated with many subscriptions, but each subscription can only have one tenant. If you are not sure which tenant is associated with which subscription, you can find out by clicking Subscriptions on the top of the old portal, and filtering by the directories listed until your subscription is listed as a check box under Filter by Subscriptions.

Create a new storage account in Azure, if you don't have one for this purpose

1. In a web browser, navigate to the Microsoft Azure portal and log in.
2. On the sidebar, select Storage accounts or Browser > Storage accounts. Do not select Storage accounts (classic).
3. Select Add in the top-left corner of the window that opens.
4. In the form that appears, select the options you need, making sure that the new storage location fits the same criteria for using any existing storage account.

Retrieve information for a new Azure Connector Configuration

Here's how to set up your Azure credentials in the Connector Configuration wizard. It explains how to run the Azure for each Azure subscription that you want Unidesk to access.

1. On a Windows Server 2008 (or later version) machine, download and run the Unidesk Azure Credentials Tool from the Unidesk 4 Downloads page.
2. Follow the directions in the command prompt to select a subscription and choose a Client Secret.
3. When the tool is complete, it will display the fields below. These should be entered into the configuration.
4. Enter the Client Secret that you chose while running the tool.
5. If you did not enter a Client Secret, it has already been set up using this tool and you should use the one that was entered previously.

Note: you will have to enter a new Client Secret each time you use a new subscription that has a new Tenant ID. This is because client secrets are logically associated with Azure tenants.

Retrieve information for an existing Azure Connector Configuration

If you have already run the Azure Credentials Tool to set up a subscription, you do not need to run the tool again. You can simply reuse the Name, Subscription ID, Tenant ID, Client ID, and Client Secret that you obtained.

What to do if your Azure Client Secret is lost

Once Unidesk creates the Client Secret for a Connector Configuration, the secret will always be hidden from view. If you forget and lose the Client Secret for a Configuration, you can reset it by using the following procedure:

Note: You may have to be the primary Administrator of your Azure subscription to complete this procedure. Other Azure users may not have the access required.

1. Log in to the Classic Azure Portal at: https://manage.windowsazure.com/.
2. In the left sidebar, select Active Directory.
3. From the list of Active Directories, select the entry corresponding to your Unidesk installation.
4. From the top menu, select Applications.
5. In the Show field, select Applications my company owns.
6. In the Search box, enter Unidesk and click the check mark to perform the search.
7. In the search results, locate an entry named "Unidesk ELM Access for your-subscription-name" and delete it. If you do not see such an entry, look for it in your other Active Directories.
8. Run the Unidesk Azure Credentials Tool again to create a new Client Secret.

Add a Connector Configuration

To add a new Connector Configuration:

1. In the wizard for creating a Layer or for adding a Layer Version, click the Connector tab.
2. Below the list of Connector Configurations, click the New button. This opens a small dialog box.
3. Select the Connector Type for the platform and location where you are creating the Layer or publishing the image. Then click New to open the Connector Configuration page.
4. Complete the fields on the Connector Configuration page. For guidance, see the above field definitions.
5. Click the TEST button to verify that Unidesk can access the location specified using the credentials supplied.
6. Click Save. The new Connector Configuration should now be listed on the Connector tab.