Exercise A5: Creating a Service Principal Client Secret
Horizon Cloud Service needs a service principal to access and use your Microsoft Azure subscription capacity. A service principal defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud Service permission to access and modify your Microsoft Azure tenant. When you register a Microsoft Azure AD application, the service principal is also created. For more information, see Create the Required Service Principal by Creating an Application Registration.
In addition to the service principal, you must generate a client secret (previously called an authentication key) and assign the Contributor role to the service principal at the subscription level.
1. Register your Microsoft Azure AD application
- Navigate to Azure Active Directory.
- In the second pane, select App registration.
- In the third pane, select New registration.
2. Register the application
- In the Register an Application pane, indicate the following options:
- Name Provide a meaningful name for the app that will be displayed to its users.
- Supported account types Select Accounts in this organizational directory only.
- Redirected URI (optional) Select Web, and provide a redirect URI (reply URL) for the application.
- Verify all options, and then click Register.
3. Start creating a Client Secret
- Under Manage, select Certificates & Secrets.
- Under Client secrets, click New Client Secret.
4. Add the Client Secret
- In Add a Client Secret, provide a description.
- Under Expires, select an expiration option.
- Click Add.
5. Copy IDs for later exercises
The VNET that you configure for Horizon Cloud on Microsoft Azure must be setup to allow for the Microsoft.SQL service endpoint. That service endpoint allows the Horizon Cloud on Microsoft Azure Pod Manager VM to use the Microsoft Azure Database for PostgreSQL Service to backup and restore critical system data in the Pod Manager VM. It is also leveraged for the HA feature.
Note: For more information, see VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist For New Pod Deployments - Updated for the March 2020 Service Release.
To save time later, make note of the following IDs, which you will need during Exercise B12, Step 4:
- Display name
- Application (client) ID
- Directory (tenant) ID
- Object ID
- Client secret key
For more information, see the following:
Note: Some organizations have restrictions on Service Principal management. For more information, see the details in the Important note in Create the Required Service Principal Needed by the Horizon Cloud Pod Deployer by Creating an Application Registration.
After you finish creating a client secret for the service principal, proceed to the next exercise to assign a role to the service principal.
0 Comments
Add your comment