In this article
Overview
You can use this account type to connect Binary Snap Pack Snaps with data sources that use the Azure Storage account. An Azure storage account contains all your Azure Storage data objects like blobs, files, queues, and tables. For more information about Azure storage accounts, refer to Storage account overview. In this article, you learn to create a storage account using the Azure portal.
Prerequisites
If you don't have an Azure subscription, create a free account.
Key Steps
The following steps help you to create and register your application in the Azure Storage accounts to be used in the Snap.
Create the Data Storage Account
Check Access control (IAM) for the Storage Account
Select an app based on the permission
Locate the Tenant ID and Client ID for the registered app
Locate the Client and secrets ID value for the registered app
Create the Data Storage Account
Log into the Microsoft Azure Portal.
Click Create a resource under Azure Services on the Portal Home page.
Select Storage accounts and specify the required details under each tab for the storage accounts. Refer to the storage details table for the configuration settings.
Basic: Project and Instance details.
Advanced: Security and Blob Storage details.
Networking: Network connectivity and routing details.
Data protection: Recovery and Tracking details.
Encryption: Encryption details.
Tags: Tag details.
Review: Complete details of the Storage account.
For detailed information with images, refer to Azure Data Lake Gen2 Account.
Once all the details are specified, and the validation passes, click Create to deploy the Resource.
Select Go to Resource to view the details of the storage account.
Storage account details
Tab Name | Field Name | Type | Description |
---|---|---|---|
Basics | Subscription | String | Required. Select the subscription in which to create the new storage account. |
Resource group | String | Required. You can create a new resource group for this storage account or select an existing one. For more information, refer to Resource groups. | |
Storage account name | String | Specify a unique name for your storage account. Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. | |
Region | drop-down | Select the appropriate region for your storage account from the drop-down list. For more information, refer to Regions and Availability Zones in Azure. All the regions are not supported by all types of storage accounts or redundancy configurations. For more information, refer to Azure Storage redundancy. | |
Performance | Radio button | Select the appropriate performance as per the purpose of your accounts. The options are:
| |
Redundancy | drop-down | Select your desired redundancy configuration. The options available are:
If you select a geo-redundant configuration (GRS or GZRS), your data is replicated to a data center in a different region. | |
Make read access to data available in the event of regional unavailability. | Checkbox | Select this checkbox to get the read access to data in the secondary region. | |
Advanced | Require secure transfer for REST API operations | Checkbox | Optional. Require secure transfer to ensure that incoming requests to this storage account are made only via HTTPS (default). Recommended for optimal security. Learn more at Require secure transfer to ensure secure connections. |
Enable blob public access | Checkbox | Optional. When enabled, this setting allows a user with the appropriate permissions to enable anonymous public access to a container in the storage account (default). Learn more at Prevent anonymous public read access to containers and blobs. | |
Enable storage account key access | Checkbox | Optional. When enabled, this setting allows clients to authorize requests to the storage account using either the account access keys or an Azure Active Directory (Azure AD) account (default). Learn more at Prevent Shared Key authorization for an Azure Storage account. | |
Default to Azure Active Directory authorization in the Azure portal | Checkbox | Optional. When enabled, the Azure portal authorizes data operations with the user's Azure AD credentials by default. For more information, see Default to Azure AD authorization in the Azure portal. | |
Minimum TLS version | drop-down | Required. Select the minimum version of Transport Layer Security (TLS) for incoming requests to the storage account. Learn more at Enforce a minimum required version of Transport Layer Security (TLS) for requests to a storage account. | |
Enable hierarchical namespace | Checkbox | Optional. To use this storage account for Azure Data Lake Storage Gen2 workloads, configure a hierarchical namespace. Learn at Introduction to Azure Data Lake Storage Gen2. | |
Enable SFTP | Checkbox | Optional. Enable the use of Secure File Transfer Protocol (SFTP) to securely transfer of data over the internet. Learn at Secure File Transfer (SFTP) protocol support in Azure Blob Storage. | |
Enable network file share (NFS) v3 | Checkbox | Optional. NFS v3 provides Linux file system compatibility at object storage scale enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises. For more information, see Network File System (NFS) 3.0 protocol support in Azure Blob storage. | |
Allow cross-tenant replication | Checkbox | Required. By default, users with appropriate permissions can configure object replication across Azure AD tenants. To prevent replication across tenants, deselect this option. Learn more at Prevent replication across Azure AD tenants. | |
Enable large file shares | Checkbox | Optional. Available only for standard file shares with the LRS or ZRS redundancies. | |
Networking | Network access | Radio button | Required. By default, incoming network traffic is routed to the public endpoint for your storage account. You can specify that traffic must be routed to the public endpoint through an Azure virtual network. You can also configure private endpoints for your storage account. |
Routing preference | Radio button | Required. The network routing preference specifies how network traffic is routed to the public endpoint of your storage account from clients over the internet. By default, a new storage account uses Microsoft network routing. | |
Data protection | Enable point-in-time restore for containers | Checkbox | Provides protection against accidental deletion or corruption by enabling you to restore block blob data to an earlier state. For more information, refer to Point-in-time restore for block blobs. Enabling point-in-time restore also enables blob versioning, blob soft delete, and blob change feed. |
Enable soft delete for blobs | Checkbox | Optional. Soft delete enables you to recover blobs that were previously marked for deletion, including blobs that were overwritten. | |
Enable soft delete for blobs | Checkbox | Optional. Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by maintaining the deleted data in the system for a specified retention period. | |
Enable soft delete for containers | Checkbox | Container soft delete protects a container and its contents from accidental deletes by maintaining the deleted data in the system for a specified retention period. | |
Enable soft delete for file shares | Checkbox | Optional. Soft delete for file shares protects a file share and its contents from accidental deletes by maintaining the deleted data in the system for a specified retention period. Learn more at Prevent accidental deletion of Azure file shares. | |
Enable versioning for blobs | Checkbox | Optional. Blob versioning automatically saves the state of a blob in a previous version when the blob is overwritten. Learn more at Blob versioning. | |
Enable blob change feed | Checkbox | Optional. The blob change feed provides transaction logs of all changes to all blobs in your storage account, as well as to their metadata. Learn more at Change feed support in Azure Blob Storage. | |
Enable version-level immutability support | Checkbox | Optional. Enable support for immutability policies that are scoped to the blob version. Learn more at Enable version-level immutability support on a storage account. | |
Encryption | Encryption type | Radio button | By default, data in the storage account is encrypted by using Microsoft-managed keys. You can rely on Microsoft-managed keys for the encryption of your data, or you can manage encryption with your own keys. The options available are:
|
Enable support for customer-managed keys | Radio button | By default, customer managed keys can be used to encrypt only blobs and files. Set this option to All service types (blobs, files, tables, and queues) to enable support for customer-managed keys for all services. You are not required to use customer-managed keys if you choose this option. | |
Enable infrastructure encryption | Checkbox | Required if Encryption type field is set to Customer-managed keys. The available options are:
| |
User-assigned identity | Radio button | Required if Encryption type field is set to Customer-managed keys. If you are configuring customer-managed keys at create time for the storage account, you must provide a user-assigned identity to use for authorizing access to the key vault. | |
Enable infrastructure encryption | Checkbox | Optional. By default, infrastructure encryption is not enabled. Enable infrastructure encryption to encrypt your data at both the service level and the infrastructure level. | |
Tags | Name Value Resource | Dropdown | Optional. Tags are name/value pairs that enable you to categorize resources and helps in billing purpose by the same tag to multiple resources and resource groups. For more information refer to Tags. |
Review | NA | Labels | Provides details of all the tabs for you to review and proceed to create the Resource (storage account). |
Check Access to the Resource
From the navigation panel, select Access control (IAM) to check the apps that have permission to access the storage account created.
Create an Azure Portal application for the Storage Account
From the main portal navigation menu, select the Azure Active Directory option.
Under Overview, register a new app or use an existing application. From the search option, select the registered app and make a note of the Application (Client) ID and Tenant ID.
For a new application, on the Overview page, select Add > App registration. On the Register an application page, enter the Name of the application. Click Register. The Application (client) ID is required for the new account.
Under Manage, click Certificates & secrets.
On the Certificates & secrets page, click + New client secret.
On the Add a client secret page, enter the Description and Expires and click Add. Make a note of the Client & secret value that is generated.
Specify Credentials in the Snap Account
Navigate to the Snap of your choice and set up the account with the following details noted in the earlier steps.
Tenant ID
Access ID
Secret key
Click Save and validate the Snap with the Data account.
Related Content