Microsoft Azure volumes
Navigation
- Microsoft Azure volumes
- Attach a Microsoft Azure volume:
The CGC provides the option of connecting your Microsoft Azure storage container to be able to read files from the CGC. After connection is established, your container (volume) behaves like your external storage for the CGC.
Making the necessary settings in your Microsoft Azure account
Follow the instructions on this page to make all settings on the Azure Portal that are required for successful connection of your Azure storage container to the CGC. Once completed, you can proceed to connecting your container as a volume through the visual interface or the API.
Prerequisites:
- A Microsoft Azure account.
- One or more storage containers within the Azure account.
Procedure (all steps take place on the Azure Portal):
- Register a new application
- Create a new client secret
- Assign roles to the registered application
- Enable Cross-Origin Resource Sharing (CORS)
Register a new application
The first step in preparing to connect your storage container to the CGC is to register a new application so the Microsoft identity platform can provide authentication and authorization services for the application and its users.
- Go to the Azure Portal.
- Under select Azure Active Directory.
- In the pane on the left click App registrations.
- Click New registration.
- Enter the name of the new app, for example
sbg-app
and click Register. Application details are displayed. Note that the Application (client) ID and Directory (tenant) ID of the app will be required later on when connecting the storage container to the CGC.
Create a new client secret
The client secret you create in this step will be used for authorization of access to your storage container.
- Select the application you created in the previous step.
- In the pane on the left click Certificates & secrets.
- Under Client secrets click New client secret.
- Add a Description (e.g.
sbg-secret
) and for Expires select 24 months. - Click Add. You have added a new secret. Copy its Value information as it will be required later on when connecting the storage container to the CGC.
Assign roles to the registered application
In order to allow the connection with your Azure container, you need to assign roles to your registered application.
- Open the storage account that holds the container you want to connect, and select Access Control (IAM) from the menu on the left.
- Click Add > Add role assignment.
- In the Role field select the Storage Blob Delegator role.
- In the Select field choose your registered application (e.g.
sbg-app
). - Click Save.
- Repeat the previous steps, this time by selecting the Reader role.
Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to the CGC:
- Open the container that you want to connect to the CGC and select Access Control (IAM) from the menu on the left.
- Click Add > Add role assignment.
- In the Role field select the Storage Blob Data Contributor role.
- In the Select field choose your registered application (e.g.
sbg-app
). - Click Save.
You have now assigned all required roles to the registered application.
Enable Cross-Origin Resource Sharing (CORS)
Finally, enable Cross-Origin Resource Sharing on the storage account that contains the container you want to connect to the CGC. This will enable proper file preview for file formats that are supported for previewing on the CGC.
- Open the storage account that holds the container you want to connect, and select Resource sharing (CORS) from the menu on the left.
- Select the Blob service tab and enter the following values in the edit fields:
- Allowed origins: Enter
*
- Allowed methods: Select
GET
- Allowed headers: Copy and paste the following list
"Authorization", "Content-Range", "Accept", "Content-Type", "Origin", "Range"
- Exposed headers: Copy and paste the following list
"Content-Range", "Content-Length", "ETag"
- Max age:Enter
3000
- Allowed origins: Enter
- Click Save. You have successfully added new CORS rules to your storage account.
Next steps
Now that you have made all necessary settings, you can move on to connecting your Azure storage container to the CGC through the visual interface or the API.