Azure Storage Container Setup Guide
Overview
Aptean EAM utilizes the Azure storage container as a common storage location, to store files as blobs for EAM integration Jobs. It is also used to drop output files generated from EAM Integration jobs.
Scope of the Document
The scope of the document is to describe the procedure to create containers, setup an access policy, and generate SAS URL to share containers with customers.
Intended Audience
The intended audiences for this document are Aptean Administrators and Aptean SRE group users.
Prerequisite
Azure Storage Explorer application
Azure Storage Explorer application is a desktop utility used to connect to various storage services. You can download and install the Azure Storage Explorer application from the Microsoft site.
Azure Storage Container Setup
Setting up Storage Container
Setting up a storage container for a customer includes the following steps:
EAM Integration architecture is designed to provide only one container per plant. All integration files for the plant will reside in their respective containers.
Creating Storage Container
To create a container, perform the following steps:
-
In the Azure portal, navigate to the storage account where the customer data is hosted.
For the production environment, the storage account name is strgeastus2prdeamdataprd.
For the test environment, the storage account name is strgeastus2prdeamdatatst. -
Open the storage account and navigate to the Containers section.
-
From the header menu, click
. -
In the Name field, enter the container name.
The naming convention to be followed while creating containers is:<DBName>-integrations-<PlantCode>All names must be in lower case. Example: Production container - peam03-integrations-df0. Test container name - team03-integrations-df0. -
From the Public access level drop-down list, select Private (no anonymous access).
-
Click OK. Now the container is created.
Adding Access Policy
After creating the container, you have to add an access policy before sharing it with the customers. This helps users to securely access the storage containers. To add an access policy to the containers, perform the following steps:
-
In the Azure portal, navigate to the storage account where the customer data is hosted.
For the production environment, the storage account name is strgeastus2prdeamdataprd.
For the test environment, the storage account name is strgeastus2prdeamdatatst. -
Open the storage account and navigate to the Containers section.
-
From the Names column, click on the container name you want to share with the customer.
-
From the left pane, click Access policy. The options for the Access policy appear in the right pane.
-
From the right pane, click
.
-
In the Add policy screen, Enter a name for the policy.
The naming convention to be followed for access policy is:
int<dbname><plantcode><5RandomCharactersOfNumeralsAndAlphabets>
Example: intteam03914a879d. -
Select the permissions required and select the start date and end date.
-
Click Save. The policy is created.
Generate SAS URL
After creating a policy for the storage container, you have to generate the SAS URL to share it
with the customer.
To create the SAS URL, perform the following steps:
-
Launch Azure Storage Explorer application.
-
Connect to the required storage account and navigate to the container.
-
Right-click on the container and click Get Shared Access Signature.
-
From the Access policy drop-down list, select the required access policy.
-
In the Time zone section, select UTC.
-
Click Create. The SAS URL and Query string will be created.
Save the SAS URL and Query string value in a centralized location for future reference. You can share this SAS URL and Query string with the customers.
Advise the customers to secure the shared container name, SAS URL, and Query string. Any data leak of this information could lead to data compromise.