Azure Stack Hub Connection Management

This documentation helps with the pre-requisites for creating Azure Stack Hub connection in Hybr.

Azure Stack Hub connection Pre-requisites:

To create and manage Azure Stack Hub in Hybr, Infra admin needs to configure the pre-requisites bellow.

HOST VM OF THE STAMP TO BE CONFIGURED

On AzS Development Kits, sign in to the physical host.

On multi-node integrated systems, the host must be a system that can access admin end point.

  1. Place the RegisterVConnectAdminApp.ps1 file in a temp folder (E.g. C:\CloudAssert\VConnectMSM\AppRegistration\).

    1. This file can be found in the install folder of Host VM where VConnect RP was installed or must be sent to you in email:

  2. Open a new elevated (administrative) PowerShell console and change to the above directory. Use a new window to avoid problems that might arise from incorrect PowerShell modules that are already loaded on the system

  3. Run the RegisterVConnectAdminApp.ps1 script with appropriate parameters.

.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser '' -AzureStackAdminResourceManagerEndpoint '' -AzureDirectoryTenantId '' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId ''

Eg:
.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser 'msmtest@cloudassertrp.contoso.com' -AzureStackAdminResourceManagerEndpoint 'https://adminmanagement.local.contoso.com/' -AzureDirectoryTenantId 'eef3d6b3-cf97-42c1-9cc5-f68905cdd1a6' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId 'a7f2bc5b-2287-4a8b-b256-dcb14dd06878'

Parameter Name

Description

Required

ServiceAdminUser

Go to Admin Portal -> Login as Service Admin -> Subscriptions -> Default Provider Subscription -> Check if role is Owner Eg: admin@contosotest.onmicrosoft.com. Ensure this user is assigned with Application Administrator role in Azure AD.

Required

AzureStackAdmin

ResourceManager

Endpoint

Azure Stack ARM endpoint. Eg: "https://adminmanagement.redmond.masi67.corp.contosotest.com/"

Required

AzureDirectory

TenantId

Azure Directory tenant Id

Required

AzureEnvironment

Cloud environment Eg: AzureCloud

Required

IdentitySystemType

Either "AzureAD" or "ADFS" depending on authentication mechanism used in the Azure Stack being added

Required

adminSubscriptionId

Default Provider Administrator Subscription ID

Required

The script outputs VConnectRegistrationOutput.txt in the same AppRegistration folder having all the information needed to add a new azure stack connection in VConnect coming up next.

IMPORT CERTIFICATE

If you prefer the stamp to be connected via certificate authentication (instead of application secret), import the .pfx file generated in the above step into VConnect Resource Provider VM as shown below.

VConnect Resource Provider VM

Ensure the certificate is imported into the Personal store of this VM.

  1. Open the certificate console (Using MMC) in the VConnect VM.

  2. Go to Personal -> On the imported certificate, Right click -> Select All Tasks, and then click Manage Private Keys.

  3. In the new window, click Add.

  4. Under 'Enter object name to select' type IIS_IUSRS and click OK.

  5. In the previous window, click Apply, and then OK to close the window

Last updated