Access to Production Azure Blob Storage

Owned by Jimmy Hung
Last updated: Nov 29, 2022 by Terri West
3 min read

Azure Blob Storage, or also called Azure Storage Account has three main levels of user access – storage level, container level, and folder level. A storage can have many containers, a container can have many folders. Storage level access pertains to DHTS admins. Labs, PI and users will only have container and folder level access.

DHTS created a production grade Azure Blob Storage named azprddusom with up to 5 petabyte of storage space.

To set up a container in azprddusom, each lab needs to obtain (1)a fund code/cost center and (2) an OIT group name (https://groups.oit.duke.edu/groupmanager/).  Beginning 6/28/22, submit a request for container creation via ServiceNow.

https://duke.service-now.com/sp?id=sc_category&sys_id=d9cbe8fd4fdc06007b338b8d0210c76a&catalog_id=-1

  1. Select Request for Azure Blob Storage.
  2. Enter the desired attributes.
  3. If a Storage Account has not been previously created, select New.  NOTE:  A Storage Account is tied 1:1 to a fund code/cost center. 

Once a container is set up for the lab, a lab user should be able to track container usage and user access via this web interface https://azurestorage.duhs.duke.edu/  (work in progress)

Because lab users do not have storage level access, they will not be able to access container via Azure portal, instead users are required to connect to container directly via Microsoft Azure Storage Explorer Interface.

  1. Download Microsoft Azure Storage Explorer:
    1. Visit this link https://aka.ms/storageexplorer.
    2. Select the correct Operating system for your machine (windows, macOS, linux ,etc.)
    3. Click Download Now
  2. Open Storage Explorer, and add a user account:




    1. Click add an account

    b. Select subscription.  

    c. Select Azure

    d. Select Sign-in Options

    e. Sign in to an organization

    f. Type in duke.edu  

    g. Type in your Duke email address, click Next 

    h. Finish with Duke Shibolleth login. 

    i. Once successful, it will show all subscriptions your account has access

  3. Add container 
    1. Click on Open Connect Dialog again (the plug icon on the left menu)
    2. Select ADLS Gen2 container or directory
    3. Select Sign in using Azure Active Directory (AD), click Next
    4. Select your Azure account (Duke email address), click Next
    5. Fill in Display name –  example: genomics-itlab
    6. Paste in container URL – example: https://azprddusom.blob.core.windows.net/genomics-itlab
  4. Once container is attached successfully, you should be able to see folders and files in the containers

 


Go to Getting Data onto DASH to learn how to transfer data in and out of container and HPC cluster.