GuidesAPI ReferenceRelease NotesTutorials
Guides

Microsoft Azure Volumes

Suggest Edits

šŸ“˜

Microsoft Azure is available on demand. Please contact our support for more information.

The option of connecting your Microsoft Azure storage container to BioData Catalyst powered by Seven Bridges allows you to read files from your Azure storage and use them on Platform. After connection is established, your container (volume) behaves like your external storage for BioData Catalyst powered by Seven Bridges.

Making the necessary settings in your Microsoft Azure account

Follow the instructions on this page to make all settings on theĀ Azure PortalĀ that are required for successful connection of your Azure storage container to Platform. Once completed, you can proceed to connecting your container as a volume.

Prerequisites:

  • A Microsoft Azure account.
  • One or more storage containers within the Azure account.

Procedure (all steps take placeĀ on the Azure Portal):

  1. Register a new application
  2. Create a new client secret
  3. Assign roles to the registered application
  4. Enable Cross-Origin Resource Sharing (CORS)

Register a new application

The first step in preparing to connect yourĀ storage container to BioData Catalyst powered by Seven Bridges is to register a new application so the Microsoft identity platform can provide authentication and authorization services for the application and its users.

  1. Go to theĀ Azure Portal.
  2. UnderĀ  select Microsoft Entra ID.
  3. In the pane on the left, under Manage, click App registrations.
  4. Click New registration.
  5. Enter the name of the new app, for exampleĀ sbg-app and click Register. Application details are displayed. Note that the Application (client) ID andĀ Directory (tenant) ID of the app will be required later on when connecting the storage container to Platform.

Create a new client secretĀ 

The client secret you create in this step will be used for authorization of access to your storage container.

  1. Select the application you created in the previous step.
  2. In the pane on the left click Certificates & secrets.
  3. Under Client secrets click New client secret.
  4. Add a Description (e.g. sbg-secret)Ā and for Expires select 730 days (24 months).
  5. Click Add. You have added a new secret. Copy its Value informationĀ as it will be required later on when connecting the storage container to Platform.

Assign roles to the registered applicationĀ 

To allow the connection with your Azure container, you need to assign roles to your registered application.

  1. Open the storage account that holds the container you want to connect. The account may be displayed under Resources, on your Azure Portal home page.and
  2. Select Access Control (IAM) from the menu on the left.
  3. Click AddĀ >Ā Add role assignment.
  4. In the Role field select the Storage Blob Delegator role and click Next.
  5. Under Members, click Select members and search for your registered application (e.g. sbg-app).
  6. Click Select
  7. Click Next
  8. Click Save.
  9. Click Review + assign. You have now added the Storage Blob Delegator role.

šŸ“˜

Repeat the previous steps, this time by selecting the Reader role.

Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to Platform:

  1. Open the containerĀ that you want to connect to Platform and select Access Control (IAM) from the menu on the left.
  2. Click Add >Ā Add role assignment.
  3. In the Role fieldĀ select the Storage Blob Data ReaderĀ role and click Next.
  4. Under Members, click Select members and search for your registered application (e.g.Ā sbg-app).
  5. Click Select.
  6. Click Next
  7. Keep the Conditions tab as is and click Next.
  8. Click Review + assign.

You have now assigned all required roles to the registered application.

Enable Cross-Origin Resource Sharing (CORS)Ā 

Finally, enableĀ Cross-Origin Resource Sharing on the storage account that contains the container you want to connect to Platform. This will enable proper file preview for file formats that are supported for previewing on Platform.

  1. Open the storage account that holds the container you want to connect, and select Resource sharing (CORS)Ā from the menu on the left.
  2. Select the Blob service tab and enter the following values in the edit fields:
    • Allowed origins: EnterĀ *
    • Allowed methods: SelectĀ GET
    • Allowed headers: Copy and paste the following list "Authorization", "Content-Range", "Accept", "Content-Type", "Origin", "Range"Ā 
    • Exposed headers:Ā Copy and paste the following listĀ "Content-Range", "Content-Length", "ETag"
    • Max age:EnterĀ 3000

Next steps

Now that you have made all necessary settings, you can move on to connecting your Azure storage container to Platform.

Updated 10 months ago

Any Questions?

If you don't find an answer to your question, please get in touch. Send us a message at [email protected].