# Azure Stack Hub Connection Management ## Azure Stack Hub connection Pre-requisites: To create and manage Azure Stack Hub in Hybr, Infra admin needs to configure the pre-requisites bellow. ## HOST VM OF THE STAMP TO BE CONFIGURED On **AzS Development Kits**, sign in to the physical host. On **multi-node integrated systems**, the host must be a system that can access admin end point. 1. Place the `RegisterVConnectAdminApp.ps1` file in a temp folder (E.g. C:\CloudAssert\VConnectMSM\AppRegistration\\). 1. This file can be found in the install folder of Host VM where VConnect RP was installed or must be sent to you in email: 2. Open a new elevated (administrative) PowerShell console and change to the above directory. Use a new window to avoid problems that might arise from incorrect PowerShell modules that are already loaded on the system 3. Run the `RegisterVConnectAdminApp.ps1` script with appropriate parameters. ``` .\RegisterVConnectAdminApp.ps1 -ServiceAdminUser '' -AzureStackAdminResourceManagerEndpoint '' -AzureDirectoryTenantId '' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId '' Eg: .\RegisterVConnectAdminApp.ps1 -ServiceAdminUser 'msmtest@cloudassertrp.contoso.com' -AzureStackAdminResourceManagerEndpoint 'https://adminmanagement.local.contoso.com/' -AzureDirectoryTenantId 'eef3d6b3-cf97-42c1-9cc5-f68905cdd1a6' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId 'a7f2bc5b-2287-4a8b-b256-dcb14dd06878' ``` | Parameter Name | Description | Required | | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | | ServiceAdminUser |

Go to Admin Portal -> Login as Service Admin -> Subscriptions -> Default Provider Subscription -> Check if role is Owner Eg: . Ensure this user is assigned with Application Administrator role in Azure AD.

| *Required* | |

AzureStackAdmin

ResourceManager

Endpoint

| Azure Stack ARM endpoint. Eg: "" | *Required* | |

AzureDirectory

TenantId

| Azure Directory tenant Id | *Required* | | AzureEnvironment | Cloud environment Eg: AzureCloud | *Required* | | IdentitySystemType | Either "AzureAD" or "ADFS" depending on authentication mechanism used in the Azure Stack being added | *Required* | | adminSubscriptionId | Default Provider Administrator Subscription ID | *Required* | The script outputs **VConnectRegistrationOutput.txt** in the same AppRegistration folder having all the information needed to add a new azure stack connection in VConnect coming up next. ![](https://814892446-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LoVCDjvSJF03p2a5huX%2F-MSgUq_0G1sxRCETo_yN%2F-MSgVQN_NfpsvyTQEn1S%2Fimage.png?alt=media\&token=21a518d8-92ff-4ff4-a6d6-c000d5765ef4) ![](https://814892446-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LoVCDjvSJF03p2a5huX%2F-MSgUq_0G1sxRCETo_yN%2F-MSgVYFYJKdkDMGveKUq%2Fimage.png?alt=media\&token=7d2d7de5-5188-42b3-aef2-0d9d0a26671d) ## **IMPORT CERTIFICATE** If you prefer the stamp to be connected via certificate authentication (instead of application secret), import the .pfx file generated in the above step into VConnect Resource Provider VM as shown below. #### VConnect Resource Provider VM Ensure the certificate is imported into the **Personal** store of this VM. 1. Open the certificate console (Using MMC) in the VConnect VM. 2. Go to **Personal** -> On the imported certificate, Right click -> Select **All Tasks**, and then click **Manage Private Keys**. 3. In the new window, click **Add**. 4. Under 'Enter object name to select' type **IIS\_IUSRS** and click **OK**. 5. In the previous window, click **Apply**, and then **OK** to close the window