System Requirements for Azure SQL Database Using Commvault Cloud Infrastructure

Verify that your environment meets the system requirements to configure Azure SQL database backups using the Commvault Cloud Infrastructure.

Commvault Software

• Verify that the SQL Server Agent is installed on the access node.

Azure Cloud

• If you are using an Azure storage account for staging and not the DaCFX method, use the staging location to stage the database bacpac file for processing export and import operations. The bacpac file is deleted from the storage account after the export/import operation completes.

SQL Server Authentication

Azure SQL DB allows the following types of user accounts for data protection.

• Azure SQL Server Admin account: Server administrator of the Azure SQL instance.

• Microsoft Entra Admin: Administrator account to centrally manage identity and access for your Azure SQL database.

• Database user: Database level account that is used to configure minimal permissions for data protection operations. This authentication type will require the following minimum permissions:

  Server-Level Roles	Database-Level Roles
  None	db_ owner on database that is being backed up dbmanager on master database This role is required because the restore operation needs to create the database if it does not exist.

  The configuration requires the database level account to be a user of the master database. This is required to allow the software to perform discovery and gather metadata information for the databases being protected. Commvault recommends that you create a SQL login for the database level account and associate the user of the master database and other databases with the SQL login. This approach is preferred when the user must access multiple databases, while keeping the passwords synchronized.

Network Requirements

Verify that your Azure SQL server database has access through a public endpoint enabled. This allows the Commvault infrastructure to access your database.

• Enable access through public endpoint for Azure SQL server database.

• Verify that only the Commvault infrastructure can access your Azure SQL server database. To do this, set up inbound firewall rules by getting the list of Commvault infrastructure IP addresses by region and allowing those IP addresses in the Azure server level firewall rules of the Azure SQL server database.

• On the Azure SQL server, enable the Azure services and resources to access this server setting. If this setting is not enabled, backups may fail.

  For instructions, go to the Allow Azure services page in the Microsoft documentation website.

Supported TLS Version

The software supports database protection operations on TLS version 1.2.