Attach a Microsoft Azure volume

📘

Navigation

• Microsoft Azure volumes
• Attach a Microsoft Azure volume:
  • Via the visual interface
  • Via the API:
    • Create a volume (Microsoft Azure)
    • Get details of a volume (Microsoft Azure)
    • Update a volume (Microsoft Azure)

Overview

Attach a volume for use on the Platform's visual interface. Use this tutorial if your cloud storage provider is Microsoft Azure.

Or, learn more if your cloud storage provider is Amazon Web Services (AWS) or Google Cloud Storage (GCS).

Prerequisites

1. A Microsoft Azure account
2. A storage container within this Azure account.
3. (Optional) Completed app registration and role assignment on the Azure Portal. If you haven't completed this step, don't worry, the instructions below will guide you through the entire process.

Procedure

1. Access the Volumes dashboard.
2. Click Attach volume and choose the cloud storage provider for your volume.
3. Provide app details.
4. Enter the required Azure credentials.
5. Provide storage container details.
6. Assign roles on the Azure Portal.
7. Configure additional options.
8. Review volume details and confirm to connect your volume.

Step 1: Access the Volumes Dashboard

This step takes place on BioData Catalyst powered by Seven Bridges

1. Click on the Data tab of the top navigation bar.
2. Select Volumes from the drop-down menu.

Step 2: Choose the cloud storage provider

This step takes place on BioData Catalyst powered by Seven Bridges

1. On the Volumes Dashboard, click Attach volume.
2. Select Microsoft Azure as your cloud storage provider.
3. Click Next.

Step 3: Provide application details

Provide details of the Microsoft Azure application that will be used to establish a connection to the container that you want to attach to the Platform. This information is available in the overview of the application on the Azure Portal. If you have already registered an application for this purpose by following the app registration and role assignment guide, copy its Application (client) ID and Directory (tenant) ID and enter them in the volume connection wizard. If you haven't done so, follow the steps below to register a new application:

1. Go to the Azure Portal.
2. Under  select Azure Active Directory.
3. In the pane on the left click App registrations.
4. Click New registration.
5. Enter the name of the new app, for example sbg-app and click Register. Application details are displayed. Note that the Application (client) ID and Directory (tenant) ID of the app are required to attach the storage container to the Platform.
6. On the Platform, enter the Application (client) ID and Directory (tenant) ID.
7. Click Next.

Step 4: Enter the client secret value

If you have already created a client secret for this purpose by following the app registration and role assignment guide, copy its Value and enter it in the volume connection wizard. If you haven't done so, follow the steps below to create a new client secret:

1. On the Azure Portal, select the app you created for the purpose of attaching your container to the Platform.
2. In the pane on the left click Certificates & secrets.
3. Under Client secrets click New client secret.
4. Add a Description (e.g. sbg-secret) and for Expires select 24 months.
5. Click Add. You have added a new secret. Copy the information from its Value field.
6. On BioData Catalyst powered by Seven Bridges, enter the Value of the client secret.
7. Click Next.

Step 5: Provide volume information

Provide details related to your Microsoft Azure storage container and the way it will be connected to the Platform.

1. Enter the name of the Storage account which holds the container you want to attach.
2. Enter the Resource ID. Get it by opening the JSON View on your storage account's Overview page on the Azure Portal.
3. In Container name, enter the name of the container you want to attach.
4. Enter a Volume name, which is how the attached container will be named on the Platform.
5. (Optional) Enter a description for the attached container (volume).
6. Select access privileges for the volume:
   • Read only (RO) - You will be able to read files from the volume, but not write files to it.
7. (Optional) Enter the root (prefix). If set, access to the attached container will be limited to the defined root location and its subdirectories.
8. Click Next.

Step 6: Assign roles

This step takes place on the Azure Portal. If you have already completed role assignment by following the app registration and role assignment guide, skip this step and continue to configuring additional options.

In order to allow the connection with your Azure container, you need to assign roles to your registered application.

1. Open the storage account you entered in the previous step and select Access Control (IAM) from the menu on the left.
2. Click Add, then click Add role assignment.
3. In theRole field select the Storage Blob Delegator role.
4. In the Select field enter and select your registered application (e.g. sbg-app).
5. Click Save.
6. Repeat the previous steps, this time by selecting the Reader role.

Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to the Platform:

1. Open the container you entered in the previous step and select Access Control (IAM) from the menu on the left.
2. Click Add, then click Add role assignment.
3. In theRole field select the Storage Blob Data Contributor role.
4. In the Select field, enter and select your registered application (e.g. sbg-app).
5. Click Save.

You have now assigned all required roles to your registered application. Click Next to continue.

Step 7: Configure additional options

Enter a Microsoft Azure endpoint, only if you are using an endpoint that is different from the default one https://(serviceaccount).blob.core.windows.net. To make a non-default endpoint work with the Platform, please first make sure it is supported by Seven Bridges. For more information, please contact [email protected].

Step 8: Review volume details

On this tab, review the details for your volume and click Connect.

Next step

Congratulations! You've attached your Microsoft Azure storage container as a volume to the Platform. You can make individual data objects within it available as "aliases" on the Platform. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on the Platform. We call this operation "importing". Learn more about working with aliases.