This section explains about the MSI feature which is used during the deployment of NSX Advanced Load Balancer Controller.

This section covers the following:

  • Enabling MSI Authentication

  • Enabling MSI on NSX Advanced Load Balancer Controller VM

  • Assigning Role to NSX Advanced Load Balancer Resource Group

  • Assigning Role to VNet Resource Group

Prerequisites

  • For a resource group where the Controller is spawned, the role of a Contributor or higher is required.

  • For the virtual network where the Service Engine instances are to be deployed, the role of the Controller or higher is required.

Procedure

  1. To enable MSI Authentication, see Managed identities for Azure resources.
  2. Assigning Role to NSX Advanced Load Balancer Controller Resource Group
    1. Navigate to the Cloud resource group and select Access Control (IAM). The Controller will create all its resources in this resource group.
    2. Add a new role assignment of Contributor or higher for the controller VM.
    3. Save the above configuration.
  3. Assigning Role to VNet Resource Group.
    1. Navigate to the VNet resource group.
    2. Add a new role assignment of NSX Advanced Load Balancer Controller for the Controller VM. The custom role can be configured using Azure CLI, PowerShell, or REST API.
    3. Save the above configuration.
    4. Repeat the above steps for the DNS Application Group and Application Resource Group.