Attach a Microsoft Azure volume
Overview
Attach a volume for use on BioData Catalyst powered by Seven Bridges's visual interface. Use this tutorial if your cloud storage provider is Microsoft Azure.
Or, learn more if your cloud storage provider is Amazon Web Services (AWS) or Google Cloud Storage (GCS).
Prerequisites
- A Microsoft Azure account
- A storage container within this Azure account.
- (Optional) Completed app registration and role assignment on the Azure Portal. If you haven't completed this step, don't worry, the instructions below will guide you through the entire process.
Procedure
- Access the Volumes dashboard.
- Choose the cloud storage provider for your volume.
- Provide app details.
- Enter the required Azure credentials.
- Provide storage container details.
- Assign roles on the Azure Portal.
- Configure additional options.
- Review volume details and confirm to connect your volume.
Step 1: Access the Volumes Dashboard
This step takes place on BioData Catalyst powered by Seven Bridges
- Click on the Data tab of the top navigation bar.
- Select Volumes from the drop-down menu.
Step 2: Choose the cloud storage provider
This step takes place on BioData Catalyst powered by Seven Bridges
- On the Volumes Dashboard, click Connect Storage.
- Select Azure as your cloud storage provider.
- Click Next.
Step 3: Provide application details
Provide details of the Microsoft Azure application that will be used to establish a connection to the container that you want to attach to Platform. This information is available in the overview of the application on the Azure Portal. If you have already registered an application for this purpose by following the app registration and role assignment guide, copy its Application (client) ID and Directory (tenant) ID and enter them in the volume connection wizard. If you haven't done so, follow the steps below to register a new application:
- Go to the Azure Portal.
- Under select Microsoft Entra ID.
- In the pane on the left, under Manage, click App registrations.
- Click New registration.
- Enter the name of the new app, for example
sbg-app
and click Register. Application details are displayed. Note that the Application (client) ID and Directory (tenant) ID of the app are required to attach the storage container to Platform. - On BioData Catalyst powered by Seven Bridges, enter the Application (client) ID and Directory (tenant) ID.
- Click Next.
Step 4: Enter the client secret value
If you have already created a client secret for this purpose by following the app registration and role assignment guide, copy its Value and enter it in the volume connection wizard. If you haven't done so, follow the steps below to create a new client secret:
- On the Azure Portal, select the app you created for the purpose of attaching your container to Platform.
- In the pane on the left click Certificates & secrets.
- Under Client secrets click New client secret.
- Add a Description (e.g.
sbg-secret
) and for Expires select 730 days (24 months). - Click Add. You have added a new secret. Copy the information from its Value field.
- On BioData Catalyst powered by Seven Bridges, enter the Value of the client secret.
- Click Next.
Step 5: Provide volume information
Provide details related to your Microsoft Azure storage container and the way it will be connected to Platform.
- Enter the name of the Storage account which holds the container you want to attach.
- Enter the Resource ID. Get it by opening the JSON View on your storage account's Overview page on the Azure Portal.
- In Container name, enter the name of the container you want to attach.
- Enter a Volume name, which is how the attached container will be named on Platform.
- (Optional) Enter a description for the attached container (volume).
- Select access privileges for the volume: The only supported access at the moment is Read only (RO), which means that you will be able to read files from the volume, but not write (export) files to it.
- (Optional) Enter the root (prefix). If set, access to the attached container will be limited to the defined root location and its subdirectories.
- Click Next.
Step 6: Assign roles
This step takes place on the Azure Portal. If you have already completed role assignment by following the app registration and role assignment guide, skip this step and continue to configuring additional options.
In order to allow the connection with your Azure container, you need to assign roles to your registered application.
- Open the storage account that holds the container you want to connect. The account may be displayed under Resources, on your Azure Portal home page.
- Select Access Control (IAM) from the menu on the left.
- Click Add, then click Add role assignment.
- In the Role field select the Storage Blob Delegator role and click Next.
- Under Members, click Select members and search for your registered application (e.g.
sbg-app
). - Click Select.
- Click Next
- Click Review + assign. You have now added the Storage Blob Delegator role.
Repeat the previous steps, this time by selecting the Reader role.
Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to Platform:
- Open the container you entered in the previous step and select Access Control (IAM) from the menu on the left.
- Click Add > Add role assignment.
- In theRole field select the Storage Blob Data Reader role and click Next.
- Under Members, click Select members and search for your registered application (e.g.
sbg-app
). - Click Select.
- Click Next.
- Keep the Conditions tab as is and click Next.
- Click Review + assign.
You have now assigned all required roles to your registered application. Click Next to continue.
Step 7: Configure additional options
Enter a Microsoft Azure endpoint, only if you are using an endpoint that is different from the default one https://(serviceaccount).blob.core.windows.net
. To make a non-default endpoint work with Platform, please first make sure it is supported by Seven Bridges. For more information, please contact [email protected].
Step 8: Review volume details
On this tab, review the details for your volume and click Connect.
Next step
Congratulations! You've attached your Microsoft Azure storage container as a volume to Platform. You can make individual data objects within it available as "aliases" on Platform. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on Platform. We call this operation "importing". Learn more about working with aliases.
Updated 6 months ago