Print Email PDF

Qumulo on Azure: Connect to Azure Active Directory

IN THIS ARTICLE

Outlines how to connect your Qumulo on Azure file system to Azure Active Directory

REQUIREMENTS

DETAILS

With the creation of Azure, Microsoft created a new Active Directory (AD) service called Azure Active Directory. You can connect your Qumulo on Azure file system to either form of AD; note however that Azure Active Directory is different from standard AD, which may be hosted on a Windows Server Machine. Refer to Compare Active Directory to Azure Active Directory for an overview of the differences between the two.

To join Qumulo on Azure to standard AD, follow the process described in Join your Qumulo Cluster to Active Directory. Ensure that your VNet routing is set up such that the Qumulo VNet can communicate with your AD server. Connecting Qumulo on Azure to Azure Active Directory requires routing through Azure AD Domain Services, as depicted below:

azure_ad_flow.png

Follow the steps in the next section to get your Qumulo on Azure file system authenticated to Azure AD via Azure’s AD Domain Services. For additional information, refer to the following links from the Microsoft Knowledge Base:

Configure Azure Active Directory

  1. Create an instance of Azure Active Directory Domain Services with the following details:
    • Name: A domain name of your choice—we recommend that you choose the $DOMAIN.onmicrosoft.com that is typically created for an organization.
    • VNet: A separate VNET and resource group from your Qumulo file system
    • SKU: Standard
    • Forest: User
  2. After the managed domain finishes deploying (this may take an hour or two), it will create a VNet.
  3. Configure a DNS for the new managed domain:
    1. From your Azure homepage, use the search tool at the top to find “azure active directory domain services”.
    2. Select your domain.
    3. Click the Configure button under Required configuration steps.
      NOTE: See Update DNS settings for the Azure virtual network for additional details.
  4. Find the domain controllers/DNS servers created by the managed domain deployment.

    azure_ad_configuration.png

  5. Peer the AD Domain Server managed domain VNet to the Qumulo file system’s VNet. Refer to Configure virtual network peering for additional details.
  6. Open a terminal window and SSH into your Qumulo on Azure file system.
  7. Run the following command using the IP addresses for the DNS servers identified in Step 4 above:
    qq network_mod_network --dns-servers <IP ADDRESS> <IP ADDRESS>
  8. Change the DNS servers of the Qumulo on Azure file system to point to the servers provided by the managed domain.
  9. Now just follow the steps detailed in Join your Qumulo Cluster to Active Directory to finish configuring your file system to work with Azure AD.
    NOTE: We recommend the user joining the domain have the admin role. If the user is newly-created, it will require a password reset. You can do this by logging in to the Azure portal with the user.

RESOLUTION

You should now be able to successfully connect your Qumulo on Azure file system to Azure Active Directory

ADDITIONAL RESOURCES

Qumulo on Azure: Launch a Qumulo on Azure File System

Join your Qumulo Cluster to Active Directory

Compare Active Directory to Azure Active Directory

How to: Plan your Azure AD join implementation

 

Like what you see? Share this article with your network!

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.