> Essential > Databases > Azure > Azure SQL Database Managed Instance > Getting Started

Set Up Azure Blob Storage

Set up Azure Blob Storage to store backup and restore files, and then give your Azure SQL managed instance access to the files.

Before You Begin

  • Verify that you have a minimum of the following settings enabled when generating the SAS token:

    • Allowed Services: Blob

    • Allowed resource type: Container and Object

    • Allowed Permissions: Read, Write, and Create

  • Verify that the storage account is not behind a firewall.

    To configure the firewall settings for your storage account, in the Azure portal, go to storage > Security + networking > Networking, on the Firewalls and virtual networks tab, select Enabled from all networks.

Procedure

  1. You can generate a shared access signature (SAS) token for your Azure Storage by using the Azure portal, by using the Azure command line, or by using PowerShell.

    You can generate one of the three shared access signatures that Azure Storage supports. For more information, go to Delegate Access with Shared Access Signatures on the Azure documentation website.

    The following substeps describe how to use the Azure portal to generate a shared access signature.

    1. Log on to the Azure portal.

    2. Click your Storage Account, click the Shared access signature menu, and then click Generate SAS and connection string.

      An SAS token value is generated.

    3. Copy the SAS token value so you can use it in the next step.

  2. Using CREATE CREDENTIAL (Transact-SQL), create a T-SQL credential in your Azure SQL managed instance that allows Azure SQL managed instances to access the files from Azure Blob Storage. Use the following values for the parameters:

    • CREDENTIAL_NAME: The Azure Blob Storage URL that has “commvault” appended.

      For example, your URL should look like this: https://testazurestorage.blob.core.windows.net/commvault.

    • IDENTITY: Use "Shared Access Signature".

    • SECRET: The SAS token.

    For example, assume that the name of your Azure storage account is “testazurestorage”, and the value for the SAS token is the following:

    sv=2018-03-28&sr=c&si=test_Policy&sig=4gFj4b%2BJPywWFrDIJbV6L69R4iQtlw72695oFBjepVM%3D

    For this example, you would use the following T-SQL credential generation statement:

    CREATE CREDENTIAL [https://testazurestorage.blob.core.windows.net/commvault] WITH IDENTITY='Shared Access Signature', SECRET='sv=2018-03-28&sr=c&si=test_Policy&sig=4gFj4b%2BJPywWFrDIJbV6L69R4iQtlw72695oFBjepVM%3D'

Loading...