Skip to content

Cloud Access Manager Configuration Storage

The root resource group contains all the long-term configuration storage in a Cloud Access Manager Deployment. Parameters, templates, secrets, and virtual hard disks are stored in a key vault and a storage account.

Key vault Secrets

The key vault in the root resource group of the Cloud Access Manager deployment contains the parameters, which are stored as secrets and are required to successfully deploy the Cloud Access Connector and remote workstations. This key vault's name starts with the prefix 'CAM-'.

The parameters are stored as secrets in the key vault.

Key Vault Access

Even administrator accounts given access to view these parameters by default, which are stored as secrets within a key vault. If you do not have access to these parameters, you have to give yourself access by setting the Access Policies in the key vault blade in the Azure Portal. For detailed steps on how to perform this see Creating a New Access Policy within the System Configuration section.

The following is a list of the Cloud Access Manager Parameters in the key vault:

  • artifactsLocation: The URL of resources, such as templates, scripts, and DSC modules, that the ARM deployment template depends on.

  • AzureKeyVaultName: The name of the key vault containing this data.

  • AzureResourceGroupName: The resource group where the remote workstations are deployed.

  • AzureSPClientID: The client ID of the Azure Service Principal that Cloud Access Manager uses to manage the deployment and remote workstations.

  • AzureSPKey: The key (password) of the Azure Service Principal.

  • AzureSPTenantID: The Azure Active Directory Tenant ID of the Azure ServicePrincipal.

  • AzureSubscriptionID: The ID of the Azure Subscription of this Cloud Access Manager deployment.

  • binaryLocation: The URL of the location of the CAM binaries.

  • CAMCSCertificate: The .pfx file in base-64 encoded form of the Application Gateway certificate.

  • CAMCSCertificatePassword: The password for the .pfx file for the Application Gateway certificate.

  • CAMDeploymentID: The identifier that the Cloud Access Manager service uses to identify this Cloud Access Manager deployment.

  • CAMDeploymentInfo: A composite record of multiple parameters from this key vault which is sent to the connection server as a single encoded set of data.

  • CAMServiceURI: The URI of the Cloud Access Manager service that this Cloud Access Manager deployment is being managed by.

  • cloudAccessRegistrationCode: The Teradici Cloud Access registration code.

  • connectionServiceLocalAdminPassword: The password of the local admin account for connection service VM's and the domain controller, if created.

  • connectionServiceLocalAdminUsername: The name of the local admin account for connection service VM's and the domain controller, if created.

  • connectionServiceNumber: The number of the most recent connection service that was deployed. This number will always increment so each connection service is unique. This secret may not be set, which implies '1'.

  • connectionServiceSubnet: The ID of the subnet that the Connection Service Machines' NIC's attach to.

  • domainServiceAccountPassword: The password of the service account for Cloud Access Manager to use with the connected domain. In the case where Cloud Access manager is deployed with a domain controller and a new domain, then this is also a domain administrator.

  • domainServiceAccountUsername: The username of the service account for Cloud Access Manager to use with the connected domain. This username must be short form and not a User Principal Name (UPN). For example 'uname' is allowed and 'uname@example.com' is not allowed.

  • domainName: The fully qualified domain name of the domain to connect to. The name must include a '.' such as example.com. In the case where Cloud Access manager is deployed with a domain controller and a new domain, then this is the fully qualified domain name of the new domain.

  • gatewaySubnet: The ID of the subnet that the Connection Service gateway(s) attach to.

  • radiusServerHost: The FQDN of the RADIUS server that the Cloud Access Manager broker will use for RADIUS authentication.

  • radiusServerPort: The port number that the RADIUS server is using for RADIUS authentication (default 1812)

  • radiusSharedSecret: The shared secret used for communications with the RADIUS server over the PAP protocol.

  • enableRadiusMfa: The enable/disable setting for RADIUS MFA for the last connector that was deployed.

  • remoteWorkstationDomainGroup: The name of the domain group that Remote Workstations are joined to.

  • remoteWorkstationLocalAdminPassword: The password of the local admin account for remote workstation VM's.

  • remoteWorkstationLocalAdminUsername: The name of the local admin account for remote workstation VM's.

Storage Account Data

In the root resource group, there is a storage account that begins with the text 'cam0'. This storage account contains other configuration data for the Cloud Access Manager deployment which is not contained in the key vault, including:

  • Remote workstation ARM templates in /cloudaccessmanager/remote-workstation-template.
  • Install scripts and DSC configurations for configuring new remote workstations in /cloudaccessmanager/remote-workstation.
  • Virtual hard disk files for remote workstation in /vhds.