Integrating with Microsoft Azure

You can configure an integration with the Microsoft Azure platform to allow Cloud Pak for Data as a Service users to access data sources from Microsoft Azure. Before proceeding, make sure you have proper permissions (you’ll need permission in your subscription to create the application integration in Azure Active Directory, for example).

After configuring an integration, you’ll see it under Service instances. For example, you’ll see a new Azure tab that lists your instances of Data Lake Storage Gen1 and SQL Database.

To configure an integration with Microsoft Azure:

  1. Log on to your Microsoft Azure account at https://portal.azure.com.

  2. Click Subscriptions and copy your subscription ID.

    Azure subscription ID

  3. In Cloud Pak for Data as a Service, go to Administer > Cloud integrations and click the Azure tab. Paste the subscription ID you copied in the previous step into the Subscription ID field.

    Integrations page

  4. In Microsoft Azure Active Directory, under Manage, go to App registrations and click New registration. Give it a name such as IBM integration and select the desired option for supported account types.

    New registration in Azure

    New registration in Azure

  5. Copy the Application (client) ID and the Tenant ID and paste them into the appropriate fields on the Cloud Pak for Data as a Service Integrations page, as you did with the subscription ID in step 3.

    New registration in Azure

  6. In Microsoft Azure, under Certificates & secrets, click New client secret to create a new secret.

    Important!

    • Write down your secret and store it in a safe place. After you leave the this page, you won’t be able to retrieve the secret again. You’d need to delete the secret and create a new one.
    • If you ever need to revoke the secret for some reason, you can simply delete it from this page.
    • Pay attention to the expiration date. When the secret expires, integration will stop working.
  7. Copy the secret from Microsoft Azure and paste it into the appropriate field on the Integrations page as you did with the subscription ID and client ID.

    Client secret in Azure

Configuring firewall access

You must also configure access so Cloud Pak for Data as a Service can access data through the firewall.

For Microsoft Azure SQL Database firewall:

  1. Open the database instance in Microsoft Azure.
  2. From the top list of actions, select Set server firewall.
  3. Set Deny public network access to No.
  4. In a separate tab or window, open Cloud Pak for Data as a Service and go to Administer > Cloud Integrations. In the Firewall configuration section, for each firewall IP range, copy the start and end address values into the list of rules in the Microsoft AzureSQL Database firewall.

    Firewall IP range

For Microsoft Azure Data Lake Storage Gen1 firewall:

  1. Open the Data Lake instance.
  2. Go to Settings > Firewall and virtual networks.
  3. In a separate tab or window, open Cloud Pak for Data as a Service and go to Administer > Cloud Integrations. In the Firewall configuration section, for each firewall IP range, copy the start and end address values into the list of rules under Firewall in the Data Lake instance.

    Firewall IP range

You can now create connections, preview data from Microsoft Azure data sources, and access Microsoft Azure data in Notebooks, Data Refinery, SPSS Modeler, and other tools in projects and in catalogs. You can see your Microsoft Azure instances under Service instances > Azure.

Next steps