Integrating with data source services on Microsoft Azure
You can configure an integration with the Microsoft Azure platform to allow Cloud Pak for Data as a Service users access to data sources from Microsoft Azure. Before proceeding, make sure you have required permissions. For example, you'll need permission in your subscription to create an application integration in Azure Active Directory.
After you configure an integration, you'll see it under Service instances. You'll see a new Azure tab that lists your instances of Data Lake Storage Gen1 and SQL Database.
To configure an integration with Microsoft Azure:
-
Log on to your Microsoft Azure account at https://portal.azure.com.
-
Navigate to the Subscriptions panel and copy your subscription ID.
-
In Cloud Pak for Data as a Service, go to Administration > Cloud integrations and click the Azure tab. Paste the subscription ID you copied in the previous step into the Subscription ID field.
-
In Microsoft Azure Active Directory, navigate to Manage > App registrations and click New registration to register an application. Give it a name such as IBM integration and select the desired option for supported account types.
-
Copy the Application (client) ID and the Tenant ID and paste them into the appropriate fields on the Cloud Pak for Data as a Service Integrations page, as you did with the subscription ID.
-
In Microsoft Azure, navigate to Certificates & secrets > New client secret to create a new secret.
Important!
- Write down your secret and store it in a safe place. After you leave this page, you won't be able to retrieve the secret again. You'd need to delete the secret and create a new one.
- If you ever need to revoke the secret for some reason, you can simply delete it from this page.
- Pay attention to the expiration date. When the secret expires, integration will stop working.
-
Copy the secret from Microsoft Azure and paste it into the appropriate field on the Integrations page as you did with the subscription ID and client ID.
-
Configure firewall access.
-
Confirm that you can see your Azure services. From the main menu, choose Services > Services instances. Click the Azure tab to see those services.
Now users who have credentials to your Azure services can create connections to them by selecting them on the Add connection page. Then they can access data from those connections by creating connected data assets.
Configuring firewall access
You must also configure access so Cloud Pak for Data as a Service can access data through the firewall.
For Microsoft Azure SQL Database firewall:
- Open the database instance in Microsoft Azure.
- From the top list of actions, select Set server firewall.
- Set Deny public network access to No.
- In a separate tab or window, open Cloud Pak for Data as a Service and go to Administration > Cloud integrations. In the Firewall configuration panel, for each firewall IP range, copy the start and end address values into the list of rules in the Microsoft Azure QL Database firewall.
For Microsoft Azure Data Lake Storage Gen1 firewall:
- Open the Data Lake instance.
- Go to Settings > Firewall and virtual networks.
- In a separate tab or window, open Cloud Pak for Data as a Service and go to Administration > Cloud integrations. In the Firewall configuration panel, for each firewall IP range, copy the start and end address values into the list of rules under Firewall in the Data Lake instance.
You can now create connections, preview data from Microsoft Azure data sources, and access Microsoft Azure data in Notebooks, Data Refinery, SPSS Modeler, and other tools in projects and in catalogs. You can see your Microsoft Azure instances under Services > Service instances.
Next steps
Parent topic: Integrations with other cloud platforms