Обучение
Сертифициране
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Този браузър вече не се поддържа.
Надстройте до Microsoft Edge, за да се възползвате от най-новите функции, актуализации на защитата и техническа поддръжка.
Azure Operator Nexus utilizes secrets and certificates to manage component security across the platform. The Operator Nexus platform handles the rotation of these secrets and certificates. By default, Operator Nexus stores the credentials in a managed Key Vault. To keep the rotated credentials in their own Key Vault, the user must configure their own Key Vault to receive rotated credentials. This configuration requires the user to configure the Key Vault for the Azure Operator Nexus instance. Once created, the user needs to add a role assignment on the Customer Key Vault to allow the Operator Nexus Platform to write updated credentials, and additionally link the Customer Key Vault to the Nexus Cluster Resource.
Бележка
A single Key Vault can be used for any number of clusters.
Бележка
The managed identity functionality for Key Vault and Cluster managed identity exists with the 2024-10-01-preview API and will be available with the 2025-02-01 GA API.
See Azure Operator Nexus Cluster support for managed identities and user provided resources
Бележка
This method is deprecated with the roll out of the 2025-02-01 GA API. A transition period is in place to support migration, but existing users should look to migrate to using the Cluster managed identity. Once a Cluster is updated to use the Secret Archive Settings and the Cluster managed identity, the Cluster Manager managed identity is ignored for credential rotation.
Beginning with the 2024-07-01 API version, managed identities in the Cluster Manager are used for write access to deliver rotated credentials to a key vault. The Cluster Manager identity can be system-assigned or user-assigned, and can be managed directly via APIs or via CLI.
For information on assigning managed identities to the Cluster Manager, see Cluster Manager Identity
Register the Customer Key Vault as the secret archive for the Nexus cluster. The key vault resource ID must be configured in the cluster and enabled to store the secrets of the cluster.
Example:
# Set and enable Customer Key Vault on Nexus cluster
az networkcloud cluster update --ids /subscriptions/<subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Nexus Cluster Name> --secret-archive "{key-vault-id:<Key Vault Resource ID>,use-key-vault:true}"
# Show Customer Key Vault setting (secretArchive) on the Nexus cluster
az networkcloud cluster show --ids /subscriptions/<subscription ID>/resourceGroups/<Resource Group Name>/providers/Microsoft.NetworkCloud/clusters/<Nexus Cluster Name> --query secretArchive
For more help:
az networkcloud cluster update --secret-archive ?? --help
Once a managed identity is configured, use the CLI to view the identity and the associated principal ID data within the cluster manager.
Example:
az networkcloud clustermanager show --ids /subscriptions/<Subscription ID>/resourceGroups/<Cluster Manager Resource Group Name>/providers/Microsoft.NetworkCloud/clusterManagers/<Cluster Manager Name>
System-assigned identity example:
"identity": {
"principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
"tenantId": "aaaabbbb-0000-cccc-1111-dddd2222eeee",
"type": "SystemAssigned"
},
User-assigned identity example:
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/<subscriptionID>/resourcegroups/<resourceGroupName>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<userAssignedIdentityName>": {
"clientId": "00001111-aaaa-2222-bbbb-3333cccc4444",
"principalId": "bbbbbbbb-cccc-dddd-2222-333333333333"
}
}
},
Refer to Configure Key Vault Using Managed Identity for the Cluster to assign the appropriate role to the Managed Identity Principal ID.
Обучение
Сертифициране
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Документация
Azure Operator Nexus credential rotation
Describes the credential rotation lifecycle including automated rotation & requests for a manual rotation.
Step by step guide on using the `az networkcloud cluster baremetalmachinekeyset` command to manage emergency access to a bare metal machine.
How to upgrade Network Fabric for Azure Operator Nexus
Learn the process for upgrading Network Fabric for Azure Operator Nexus.