App Layering

Machine Creation for Azure Government

A connector configuration contains the information that the appliance needs to access a specific location for machine creation in Azure Government. If your organization has more than one storage location, you need a connector configuration for each location.

This article describes the settings included in the Machine Creation for Azure Government connector configuration. For more about connector configurations and how to add them, see Connect.

When to add a connector configuration for Azure Government

When you create your first Layers, and later when you publish Layered Images for the first time, you will add a connector configuration for each task, as described below.

Required Azure Government information

Your organization may have several Azure Government subscriptions. For the App Layering service to access your subscriptions, whether it’s to import an OS Image or to publish a Layered Image, you must use the procedure below for each Azure Government subscription that you want to connect to via the App Layering service.

  • Name - A name you enter for a new connector configuration.
  • Subscription ID - In order to deploy Azure Government virtual machines, your organization must have a subscription ID.
  • Tenant ID - An Azure Government Active Directory instance, this GUID identifies your organization’s dedicated instance of Azure Government Active Directory (AD).
  • Client ID - An identifier for the App Registration, which your organization has created for App Layering.
  • Client Secret - The password for the Client ID you are using. If you have forgotten the Client Secret, you can create a new one. > Note:

    Each time you use a new subscription and Tenant ID, you must enter a new Client Secret. This is because client secrets are logically associated with Azure Government tenants.

  • Storage Account Name - The Azure Government storage account you want to use when storing Azure Government virtual machine disks. This name must adhere to Azure Government storage account naming restrictions. For example, the storage account name cannot contain uppercase characters.

You must either create a storage account through the portal or use an existing storage account that fits the following criteria. The account:

  • Cannot be a classic storage account.
  • Be a separate storage account from the one used for the appliance. This new storage account is used during layer creation and layered image publishing.
  • Must be in the Azure Government location where you will deploy virtual machines.
  • Must be one of the following types:
    • Standard Locally Redundant storage (LRS)
    • Standard Geo-Redundant storage (GRS)
    • Standard Read-Access Geo-Redundant storage (RAGRS)
  • Can be located in any resource group, as long as the resource group’s location is the same as the account’s location.
Machine Creation for Azure Government