Microsoft Azure Volumes
The option of connecting your Microsoft Azure storage container to the Cancer Genomics Cloud allows you to read files from your Azure storage and use them on the CGC. After connection is established, your container (volume) behaves like your external storage for the Cancer Genomics Cloud.
Making the necessary settings in your Microsoft Azure account
Follow the instructions on this page to make all settings on the Azure Portal that are required for successful connection of your Azure storage container to the CGC. Once completed, you can proceed to connecting your container as a volume.
Prerequisites:
- A Microsoft Azure account.
- One or more storage containers within the Azure account.
Procedure (all steps take place on the Azure Portal):
- Register a new application
- Create a new client secret
- Assign roles to the registered application
- Enable Cross-Origin Resource Sharing (CORS)
Register a new application
The first step in preparing to connect your storage container to the Cancer Genomics Cloud is to register a new application so the Microsoft identity platform can provide authentication and authorization services for the application and its users.
- Go to the Azure Portal.
- Under select Microsoft Entra ID.
- In the pane on the left, under Manage, click App registrations.
- Click New registration.
- Enter the name of the new app, for example
sbg-app
and click Register. Application details are displayed. Note that the Application (client) ID and Directory (tenant) ID of the app will be required later on when connecting the storage container to the CGC.
Create a new client secret
The client secret you create in this step will be used for authorization of access to your storage container.
- Select the application you created in the previous step.
- In the pane on the left click Certificates & secrets.
- Under Client secrets click New client secret.
- Add a Description (e.g.
sbg-secret
) and for Expires select 730 days (24 months). - Click Add. You have added a new secret. Copy its Value information as it will be required later on when connecting the storage container to the CGC.
Assign roles to the registered application
To allow the connection with your Azure container, you need to assign roles to your registered application.
- Open the storage account that holds the container you want to connect. The account may be displayed under Resources, on your Azure Portal home page.and
- Select Access Control (IAM) from the menu on the left.
- Click Add > Add role assignment.
- In the Role field select the Storage Blob Delegator role and click Next.
- Under Members, click Select members and search for your registered application (e.g.
sbg-app
). - Click Select
- Click Next
- Click Save.
- Click Review + assign. You have now added the Storage Blob Delegator role.
Repeat the previous steps, this time by selecting the Reader role.
Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to the CGC:
- Open the container that you want to connect to the CGC and select Access Control (IAM) from the menu on the left.
- Click Add > Add role assignment.
- In the Role field select the Storage Blob Data Reader role and click Next.
- Under Members, click Select members and search for your registered application (e.g.
sbg-app
). - Click Select.
- Click Next
- Keep the Conditions tab as is and click Next.
- Click Review + assign.
You have now assigned all required roles to the registered application.
Enable Cross-Origin Resource Sharing (CORS)
Finally, enable Cross-Origin Resource Sharing on the storage account that contains the container you want to connect to the CGC. This will enable proper file preview for file formats that are supported for previewing on the CGC.
- Open the storage account that holds the container you want to connect, and select Resource sharing (CORS) from the menu on the left.
- Select the Blob service tab and enter the following values in the edit fields:
- Allowed origins: Enter
*
- Allowed methods: Select
GET
- Allowed headers: Copy and paste the following list
"Authorization", "Content-Range", "Accept", "Content-Type", "Origin", "Range"
- Exposed headers: Copy and paste the following list
"Content-Range", "Content-Length", "ETag"
- Max age:Enter
3000
- Allowed origins: Enter
Next steps
Now that you have made all necessary settings, you can move on to connecting your Azure storage container to the CGC.
Updated 6 months ago