config_azure with AAD | Teradata DSA Commands - 17.20 - config_azure with Azure Active Directory - BAR - Data Stream Architecture

Teradata® DSA User Guide

Product
BAR
Data Stream Architecture
Release Number
17.20
Published
November 2022
Language
English (United States)
Last Update
2022-11-14
dita:mapPath
bis1632417576364.ditamap
dita:ditavalPath
vwp1576617377804.ditaval

Purpose

The DSA Azure AD helps prevent unauthorized access to the storage accounts. To prevent it, Teradata implemented Azure AD with DSA using the client's secret credentials approach based on the Authentication with service principles.

The config_azure command configures the Microsoft Azure Server in the DSA repository based on parameter files.

During configuration, enter the following parameters:
  1. Tenant_id (Azure AD tenant)
  2. Client_id (Registered app ID)
  3. Client_secret (Client secret value)

Here is a representation of the high-level architecture:

high_level_architecture

Prerequisite

  1. Register an app in the Azure portal to get the client ID, Azure AD tenant ID.
  2. Create a client secret from the Azure portal to get the client's secret value.

Register app and assign role in the Azure portal

To register app and assign role, follow these steps:

  1. In the Azure portal, click app registration from your AD tenant.
    1. Enter app name.
    2. Leave redirect URL blank.
    3. Note the client ID and tenant ID.
  2. Create client secret for your registered app and note the client secret value. See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
  3. To assign role for your storage account, see https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current

Syntax

config_azure -f|-file FILE

Example

config_azure -f file1.xml

Parameters

f|file filename
The full path and name of the file containing the necessary configuration parameters.
u|user_authentication User
Required when security management is enabled. Supplies the command with the Viewpoint user, and triggers a password prompt for authentication.

Permissions required: Administrator role

Usage Notes

Enter tenant ID, client ID, and client secret value for the Azure storage account.

XML File Example

Here’s a representative XML file. Note that "/" must follow the prefix_name to use it as a folder.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dscConfigAzureBlobStorage xmlns="http://schemas.teradata.com/v2012/DSC">
<config_azure_blob_storage>
<!-- 'Storage account' - Required, max length 24, lowercase -->
<storage_account>azurerbuda</storage_account>
 <!-- 'Storage account enumeration ' - Required, valid values: cool, hot -->
 <storage_type>cool</storage_type>
 <!-- Specialized endpoint for Azure Independent Clouds e.g. AzureUSGovernment,    
  AzureChinaCloud and AzureGermanCloud - Optional -->
 <region></region>
 <blobs>
 <!--'Blob container name' - Required, max length 63, lowercase, at least one -->
 <blob_container>udaesblob01</blob_container>
   <prefix_list>
      <!-- 'Prefix name' - Required, max length 256, at least one -->
      <prefix_name>br186001-1</prefix_name>
      <storage_devices>2</storage_devices>
   </prefix_list> 
 </blobs>
 <blobs>
  <blob_container>udaesblob02</blob_container>
     <prefix_list>
       <prefix_name>br186001-2</prefix_name>
       <storage_devices>2</storage_devices>
     </prefix_list>  
  </blobs>
<is_azure_ad>true</is_azure_ad>
</config_azure_blob_storage>
</dscConfigAzureBlobStorage>