Configure an Azure AD Stamp

HOST VM OF THE STAMP TO BE CONFIGURED

On AzS Development Kits, sign in to the physical host.

On multi-node integrated systems, the host must be a system that can access admin end point.

  1. Place the RegisterVConnectAdminApp.ps1 file in a temp folder. [This file can be found in the install folder of Host VM where VConnect RP was installed: c:\CloudAssert\VConnectMSM\AppRegistration\]

  2. Open a new elevated (administrative) PowerShell console and change to the above directory. Use a new window to avoid problems that might arise from incorrect PowerShell modules that are already loaded on the system

  3. Run the RegisterVConnectAdminApp.ps1 script with appropriate parameters

.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser '' -AzureStackAdminResourceManagerEndpoint '' -AzureDirectoryTenantName '' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId '' 

Eg: 

.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser 'msmtest@cloudassertrp.contoso.com' -AzureStackAdminResourceManagerEndpoint 'https://adminmanagement.local.contoso.com/' -AzureDirectoryTenantName 'cloudassertrp.contoso.com' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId 'a7f2bc5b-2287-4a8b-b256-dcb14dd06878' 

The script outputs VConnectRegistrationOutput.txt in the same AppRegistration folder having all the information needed to add a new azure stack connection in VConnect coming up next.

IMPORT CERTIFICATE

If you prefer the stamp to be connected via certificate authentication (instead of application secret), import the .pfx file generated in the above step into VConnect Resource Provider VM as shown below.

VConnect Resource Provider VM

Ensure the certificate is imported into the Personal store of this VM.

  1. Open the certificate console (Using MMC) in the VConnect VM.

  2. Go to Personal -> On the imported certificate, Right click -> Select All Tasks, and then click Manage Private Keys.

  3. In the new window, click Add.

  4. Under 'Enter object name to select' type IIS_IUSRS and click OK.

  5. In the previous window, click Apply, and then OK to close the window

VCONNECT ADMIN EXTENSION

Create a new connection from the VConnect admin extension in the admin portal.

  1. Go to the admin portal of the master stamp where VConnect RP is deployed

  2. Go to All Services → VConnect → Connections → Azure Stack Hub

  3. Click on Add button to create new connection.

Basic Settings

Use the VConnectRegistrationOutput.txt file to fill in details, screenshots below for reference.

Offline Repository Details

Offline Repository settings in connection page allows operator to use different for a single stamp.

"Offline Repository Details" settings will be visible only when Offline Marketplace Download settings is configured.

Remote PowerShell Machine details

For each connection, separate remote PowerShell machine can be set to the global setting (VConnect → Settings → Azure Stack Hub - Remote PowerShell Settings) can be used. This needs to be configured when the Azure Stack Hub stamp has different Az PowerShell module version or if there is a VPN dependency

"Remote PowerShell Machine" settings will be visible only when Offline Marketplace Download settings is configured.

Marketplace Syndication Credentials

This setting will be useful when the stamps are registered with different Azure Subscription and has different set of Marketplace items.

"Marketplace Syndication Credentials" settings will be visible only when Offline Marketplace Download settings is configured.

Tags

Tags such 'Owner details' and 'Categories' can be specified for report generations.

6. Once a connection is added successfully, please wait for up to 10 minutes for the data to show up in portal. Data pertaining to Alerts, Resource Providers may start showing immediately. Data pertaining to Stamp Overview, Stamps, Updates may take up to 10 minutes to properly show in portal.

Last updated