Following on from my post on joining Azure batch pools to a vNet, this leads on to a requirement to access resources on the vNet and this means credentials are needed. Rather than hard-coding these credentials in scripts, we want to obtain these from a secure storage location on demand and this is where Azure KeyVault comes in, providing a secure, encrypted storage location for our credentials. Obviously there is no point putting your admin credentials in KeyVault, then hard-coding credentials to access KeyVault in your script, so the solution is to use a certificate to give your batch VM’s access to KeyVault.
A recent update to Azure Batch added the ability to join a batch pool to a virtual network. By doing so it is possible for batch compute nodes to access resources inside a vNet (file servers, SQL servers etc.). vNet Requirements There are some limitations on the vNet configuration if you wish to do this: Only Cloud Services Configuration pools can be assigned a VNet. This is no longer the case The VNet must be: - In the same Azure region as the Azure Batch account.