This section explains the MSI feature which is used during the deployment of the NSX Advanced Load Balancer Controller.

Prerequisites

  • For a resource group where the Controller is spawned, the role of a Contributor or higher is required.

  • For the virtual network where the Service Engine instances are to be deployed, NSX Advanced Load Balancer Controller Custom Roles or higher is required.

Procedure

  1. Enable MSI authentication.
  2. Assign a role to NSX Advanced Load Balancer Controller Resource Group.
    1. Navigate to the Cloud resource group and select Access Control (IAM). The Controller will create all its resources in this resource group.
    2. Add a new role assignment of Contributor or higher for the controller VM.
    3. Save the above configuration.
  3. Assign a role to VNet Resource Group.
    1. Navigate to the VNet resource group.
    2. Add a new role assignment of NSX Advanced Load Balancer Controller for the Controller VM. The custom role can be configured using Azure CLI, PowerShell, or REST API.
    3. Save the above configuration.
    4. Repeat the above steps for the DNS Application Group and Application Resource Group.
  4. Enable MSI authentication during cloud configuration.