IN THIS ARTICLE
Outlines how to connect your Qumulo on Azure file system to Azure Active Directory
- Active Qumulo subscription on Azure
With the creation of Azure, Microsoft created a new Active Directory (AD) service called Azure Active Directory. You can connect your Qumulo on Azure file system to either form of AD; note however that Azure Active Directory is different from standard AD, which may be hosted on a Windows Server Machine. Refer to Compare Active Directory to Azure Active Directory for an overview of the differences between the two.
To join Qumulo on Azure to standard AD, follow the process described in Join your Qumulo Cluster to Active Directory. Ensure that your VNet routing is set up such that the Qumulo VNet can communicate with your AD server. Connecting Qumulo on Azure to Azure Active Directory requires routing through Azure AD Domain Services, as depicted below:
Follow the steps in the next section to get your Qumulo on Azure file system authenticated to Azure AD via Azure’s AD Domain Services. For additional information, refer to the following links from the Microsoft Knowledge Base:
- What is Azure Active Directory?
- How to: Plan your Azure AD join implementation
- Tutorial: Configure virtual networking for an Azure Active Directory Domain Services managed domain
- Tutorial: Join a Windows Server virtual machine to an Azure Active Directory Domain Services managed domain
Configure Azure Active Directory
- Create an instance of Azure Active Directory Domain Services with the following details:
- Name: A domain name of your choice—we recommend that you choose the $DOMAIN.onmicrosoft.com that is typically created for an organization.
- VNet: A separate VNET and resource group from your Qumulo file system
- SKU: Standard
- Forest: User
- After the managed domain finishes deploying (this may take an hour or two), it will create a VNet.
- Configure a DNS for the new managed domain:
- From your Azure homepage, use the search tool at the top to find “azure active directory domain services”.
- Select your domain.
- Click the Configure button under Required configuration steps.
NOTE: See Update DNS settings for the Azure virtual network for additional details.
- Find the domain controllers/DNS servers created by the managed domain deployment.
- Peer the AD Domain Server managed domain VNet to the Qumulo file system’s VNet. Refer to Configure virtual network peering for additional details.
- Open a terminal window and SSH into your Qumulo on Azure file system.
- Run the following command using the IP addresses for the DNS servers identified in Step 4 above:
qq network_mod_network --dns-servers <IP ADDRESS> <IP ADDRESS>
- Change the DNS servers of the Qumulo on Azure file system to point to the servers provided by the managed domain.
- Now just follow the steps detailed in Join your Qumulo Cluster to Active Directory to finish configuring your file system to work with Azure AD.
NOTE: We recommend the user joining the domain have the admin role. If the user is newly-created, it will require a password reset. You can do this by logging in to the Azure portal with the user.
You should now be able to successfully connect your Qumulo on Azure file system to Azure Active Directory
Like what you see? Share this article with your network!