Attach your Azure Blob storage

Edit online

You can attach existing Azure Blob storage to your AoC organization using the Aspera transfer service available in Aspera on Cloud.

Note: Aspera on Cloud only supports Block blob and Page blob storage.

Once you attach the storage, you can create access keys to enable Aspera transfers to and from the cloud storage. The storage is then available to support your organization workspace(s). You can make content in the storage available to your AoC users in the form of administratively shared folders (see Share a node folder with a workspace).

This procedure also creates access keys to the cloud storage that you can share with other users so that they can run Aspera transfers with the cloud storage from any Aspera client application. You can create multiple access keys to the same cloud storage to allow access to different areas of the storage. To do so, repeat the procedure in this topic, creating a transfer service node for each individual access key. The transfer service attaches the cloud storage to your organization and performs the transfers your users request.

Use this procedure when you have existing cloud storage but no Aspera transfer node associated with it, and want to use the transfer service to connect with it. If you already have an existing Aspera transfer node (which can be on-prem or in the cloud, and managed by you or by Aspera) with its Node URL and password, see Tether Your Aspera Transfer Server to Aspera on Cloud.

Note: Once you create the new transfer service node, you can use the Aspera GUI to transfer to the cloud storage; see Transfer to cloud with Desktop Client, HST Server, or HST Endpoint GUI.

Prerequisites

  • You must be a transfer service administrator (ATS admin) in Aspera on Cloud.
  • Your Azure storage must be in a region that is supported by the transfer service. To view the supported regions, to see IP addresses for allow listing in your firewall configuration, and to retrieve your transfer service server URL, see https://ats.aspera.io/pub/v1/servers/AZURE.
  • Have the cloud storage credentials available.
  • Azure Blob buckets must have hierarchical namespace disabled before attaching.

Procedure

  1. In the Admin Management console, click Nodes and storage > Nodes > Create new.
  2. Click Attach my cloud storage.

    If you do not see this option at the top of the page, you do not have transfer service admin privileges and cannot perform this procedure.

  3. Enter a Node name for the transfer service node.

    If you are creating multiple access keys to the same storage for different users or groups of users, make the name descriptive enough to tell them apart.

  4. To apply a pre-configured network policy to this node, click the Network policy field and select the intended policy. For details, see Creating Network Policies.
  5. To apply a pre-configured node configuration policy to this node, click the Configuration policy field and select the intended policy. For details, see Creating Node Configuration Policies.
  6. Select the storage type Microsoft Azure Blob.
  7. Select the region where the storage to attach exists.
  8. For Premium Blob storage, select Page API in the API type field.
  9. For Standard Blob storage, select either Page API or Block API.
  10. Provide an access key or SAS URL for the storage credentials:
    Access key:
    • In the Azure portal storage account Access keys page, copy the storage account name; paste that info into the AoC Storage account field.
    • In the Azure portal storage account Access keys page, copy the access key; paste that info into the AoC Key field.
    • In the Azure portal storage account Container page, copy the container; paste that info into the AoC Container field.
    • In the Path field, enter / to access the root level, or enter /<pathName> to access a specific folder.
    SAS URL:
    • Paste the complete URL, with queries, in the Shared access signature field. For example, https://aspera.blob.core.windows.net/?sv=2018-05-22&ss=bfqt&sr=b&sp=rwdlacup&se=2019-07-23T04:56:28Z&st=2019-08-22T20:56:28Z&spr=https&sig-ivlRmKYM2lR1BgaBe1r97KY02RinVnQzKbBnDixgCFg%8J.
    • The SAS URL must contain a query parameter (in the URL, everything after '?').
    • The SAS URL must have more than five parameter items (each parameter item follows '&').
    • The SAS URL must have the following parameters set:
      • sv (&sv=): Storage services version. For storage services version 2012-02-12 and later, this parameter indicates the version to use.
      • se (&se=): Expiry time. Specified in UTC time.
      • sp (&sp=): Permissions. The permission granted by the SAS include Read and Write.
      • sig (&sig=): Signature. Used to authorize access to the blob. The signature is an HMAC computed over a string-to-sign and key using the SHA256 algorithm, and then encoded using Base64 encoding.
      • sr (&sr=): Resource. b = blob. The resource is a blob.
      • st (&st=): Start time. Specified in UTC time.
  11. In the Path field, enter / to access the root level, or enter /<pathName> to access a specific folder.
  12. Click Save.

    If you see the error message, "Unable to create ATS access key and secret", see Access keys for a troubleshooting procedure.

  13. Download or copy and save the Aspera on Cloud access key and secret according to local site practice. These credentials allow you to access this node for content management and configuration activities. If you download, Aspera generates a text file with the default name KeySecret.txt. Aspera recommends that you rename this file to make it easier to track and manage.
    Important: Aspera on Cloud does not store the secret. Once you complete this step, you can no longer retrieve the secret. You must track these credentials according to your own local site security practices.
  14. To protect content on this node with Aspera encryption at rest, do one of the following:
    Note: You can enable encryption only on nodes that are not configured for watermarking. See this article for details.
  15. Click Save to complete creation of the new transfer service node.
This storage can now be used to support a workspace.