Microsoft Azure volumes

📘

Navigation

BioData Catalyst powered by Seven Bridges provides the option of connecting your Microsoft Azure storage container to be able to read files from the Platform. After connection is established, your container (volume) behaves like your external storage for the Platform.

Making the necessary settings in your Microsoft Azure account

Follow the instructions on this page to make all settings on the Azure Portal that are required for successful connection of your Azure storage container to the Platform. Once completed, you can proceed to connecting your container as a volume through the visual interface or the API.

Prerequisites:

  • A Microsoft Azure account.
  • One or more storage containers within the Azure account.

Procedure (all steps take place on the Azure Portal):

  1. Register a new application
  2. Create a new client secret
  3. Assign roles to the registered application
  4. Enable Cross-Origin Resource Sharing (CORS)

Register a new application

The first step in preparing to connect your storage container to the Platform is to register a new application so the Microsoft identity platform can provide authentication and authorization services for the application and its users.

  1. Go to the Azure Portal.
  2. Under  select Azure Active Directory.
  3. In the pane on the left click App registrations.
  4. Click New registration.
  5. Enter the name of the new app, for example sbg-app and click Register. Application details are displayed. Note that the Application (client) ID and Directory (tenant) ID of the app will be required later on when connecting the storage container to the Platform.

Create a new client secret 

The client secret you create in this step will be used for authorization of access to your storage container.

  1. Select the application you created in the previous step.
  2. In the pane on the left click Certificates & secrets.
  3. Under Client secrets click New client secret.
  4. Add a Description (e.g. sbg-secret) and for Expires select 24 months.
  5. Click Add. You have added a new secret. Copy its Value information as it will be required later on when connecting the storage container to the Platform.

Assign roles to the registered application 

In order to allow the connection with your Azure container, you need to assign roles to your registered application.

  1. Open the storage account that holds the container you want to connect, and select Access Control (IAM) from the menu on the left.
  2. Click Add > Add role assignment.
  3. In the Role field select the Storage Blob Delegator role.
  4. In the Select field choose your registered application (e.g. sbg-app).
  5. Click Save.
  6. Repeat the previous steps, this time by selecting the Reader role.

Once you are done adding roles for your app in storage account settings, continue by assigning an appropriate role to the container you want to attach to the Platform:

  1. Open the container that you want to connect to the Platform and select Access Control (IAM) from the menu on the left.
  2. Click AddAdd role assignment.
  3. In the Role field select the Storage Blob Data Contributor role.
  4. In the Select field choose your registered application (e.g. sbg-app).
  5. Click Save.

You have now assigned all required roles to the registered application.

Enable Cross-Origin Resource Sharing (CORS) 

Finally, enable Cross-Origin Resource Sharing on the storage account that contains the container you want to connect to the Platform. This will enable proper file preview for file formats that are supported for previewing on the Platform.

  1. Open the storage account that holds the container you want to connect, and select Resource sharing (CORS) from the menu on the left.
  2. Select the Blob service tab and enter the following values in the edit fields:
    • Allowed origins: Enter *
    • Allowed methods: Select GET
    • Allowed headers: Copy and paste the following list "Authorization", "Content-Range", "Accept", "Content-Type", "Origin", "Range" 
    • Exposed headers: Copy and paste the following list "Content-Range", "Content-Length", "ETag"
    • Max age:Enter 3000
  3. Click Save. You have successfully added new CORS rules to your storage account.

Next steps

Now that you have made all necessary settings, you can move on to connecting your Azure storage container to the Platform through the visual interface or the API.