Configuring Microsoft Azure for MSI Authentication
This section explains about the MSI feature which is used during the deployment of
NSX Advanced Load Balancer Controller
.- For a resource group where the Controller is spawned, the role of a Contributor or higher is required.
- For the virtual network where the Service Engine instances are to be deployed,NSX Advanced Load Balancer Controllercustom roles or higher is required.
Follow the steps below to configure MSI authentication on Microsoft Azure.
- Assign a role toNSX Advanced Load Balancer ControllerResource Group.
- Navigate to the Cloud resource group and select Access Control (IAM). The Controller will create all its resources in this resource group.
- Add a new role assignment of Contributor or higher for the controller VM.
- Save the above configuration.
- Assign a role to VNet Resource Group.
- Navigate to the VNet resource group.
- Add a new role assignment ofNSX Advanced Load Balancer Controllerfor the Controller VM. The custom role can be configured using Azure CLI, PowerShell, or REST API.
- Save the above configuration.
- Repeat the above steps for the DNS Application Group and Application Resource Group.
- Enable MSI authentication during cloud configuration.