You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-video-indexer/storage-behind-firewall.md
+7-14Lines changed: 7 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Use Video Indexer with storage behind firewall
3
3
description: This article gives an overview how to configure Azure Video Indexer to use storage behind firewall.
4
4
ms.topic: article
5
-
ms.date: 02/24/2023
5
+
ms.date: 03/02/2023
6
6
ms.author: juliako
7
7
---
8
8
@@ -14,37 +14,30 @@ If you want to use a firewall to secure your storage account and enable trusted
14
14
15
15
Follow these steps to enable Managed Identity for Media Services and Storage and then lock your storage account. It's assumed that you already created a Video Indexer account and associated with a Media Services and Storage account.
16
16
17
-
18
17
## Assign the Managed Identity and role
19
18
20
19
1. When you navigate to your Video Indexer account for the first time, we validate if you have the correct role assignments for Media Services and Storage. If not, the following banners that allow you to assign the correct role automatically will appear. If you don’t see the banner for the Storage account, it means your Storage account isn't behind a firewall, or everything is already set.
21
20
22
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-assign-role-banner.png" alt-text="Assign role to Media Services and Storage accounts from the Azure portal":::
23
-
21
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-assign-role-banner.png" alt-text="Screenshot shows how to assign role to Media Services and Storage accounts from the Azure portal.":::
24
22
1. When you select **Assign Role**, the followinging roles are assigned: `Azure Media Services : Contributor` and `Azure Storage : Storage Blob Data Owner`. You can verify or manually set assignments by navigating to the **Identity** menu of your Video Indexer account and selecting **Azure Role Assignments**.
25
23
26
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-verify-assigned-roles.png" alt-text="Screenshot of assigned roles from the Azure portal.":::
27
-
24
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-verify-assigned-roles.png" alt-text="Screenshot of assigned roles from the Azure portal.":::
28
25
1. Navigate to your Media Services account and select **Storage accounts**.
29
26
30
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-menu.png" alt-text="Screenshot of Assigned Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
31
-
27
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-menu.png" alt-text="Screenshot of Assigned Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
32
28
1. Select **Managed identity**. A warning that you have no managed identities will appear. Select **Click here** to configure one.
33
29
34
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-selection.png" alt-text="Screenshot of enable System Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
35
-
30
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-selection.png" alt-text="Screenshot of enable System Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
36
31
1. Select **User** or **System-assigned** identity. In this case, choose **System-assigned**.
37
32
1. Select **Save**.
38
33
1. Select **Storage accounts** in the menu and select **Managed identity** again. This time, the banner that you don’t have a managed identity shouldn't appear. Instead, you can now select the managed identity in the dropdown menu.
39
34
1. Select **System-assigned**.
40
35
41
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-system-assigned-selection.png" alt-text="Screenshot of Azure portal to select System Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
42
-
36
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-mediaservices-managed-identity-system-assigned-selection.png" alt-text="Screenshot of Azure portal to select System Managed Identity role on the connected storage account for Media Services from the Azure portal.":::
43
37
1. Select **Save**.
44
38
1. Navigate to your Storage account. Select **Networking** from the menu and select **Enabled from selected virtual networks and IP addresses** in the **Public network access** section.
45
39
46
-
:::image type="content" source="./media/storage-behind-firewall/trusted-service-storage-lock-select-exceptions.png" alt-text="Screenshot of how to disable public access for your storage account and enable exception for trusted services from the Azure portal.":::
47
-
40
+
:::image type="content" source="./media/storage-behind-firewall/trusted-service-storage-lock-select-exceptions.png" alt-text="Screenshot of how to disable public access for your storage account and enable exception for trusted services from the Azure portal.":::
48
41
1. Under **Exceptions**, make sure that **Allow Azure services on the trusted services list to access this storage account** is selected.
0 commit comments