• Usage of storage accounts in an Azure cloud by Avi is as follows:
  • The controller will upload a VHD to that account and then create an Azure image for the SEs.
  • This image generation is a one time thing. It happens when the controller is first deployed, or if there is an upgrade or if the existing image is deleted out of band (a check happens for it’s existence every 5 mins).
  • This storage account is created with public access and no private endpoints.
  • This can get flagged by the customer security teams.
    
    

Azure

• The controller creates the Azure storage account by default and there is no way to modify the storage account parameters for the controller created ones.
• Instead, there is a feature to use an already created storage account with a private endpoint in the cloud configuration.
• You can modify the cloud config to use your custom storage account using the commands below:
  

  [admin:cntlr]: > configure cloud <cloud-name>
  [admin:cntlr]: cloud> azure_configuration 
  [admin:cntlr]: cloud:azure_configuration> se_storage_account <resource-group>:<storage-account-name>
  [admin:cntlr]: cloud:azure_configuration> save
  [admin:cntlr]: cloud> save

• Once the new account is configured, you should be able to delete the Avi created one.
• And once the cloud settings are changed, the controller will start using the new storage account.