How to set up Azure Blob Storage for Large Volume Media Archiving

IFS Applications offers two options for archiving large media items; Azure Blob Storage and Oracle File Storage. This document describes how to set up an Azure Blob Storage for Large Volume Media Archiving.

Contents

• Create Azure Blob Storage Account
• Manage Storage Account
• Manage Storage Access Keys
• View and Copy Storage Access Keys
• Rotating Storage Access Keys
• Create Access Control Lists
• Create Oracle Wallet
• Grant Permission to access Media Archives Window
• Define a Media Archive for Azure BLOB Storage
   

Create Azure Blob Storage Account    

1. Sign in to the Azure portal.
2. On the Hub menu, select New -> Storage -> Storage Account.
3. Enter a name for the storage account. Note: Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. Your storage account name must be unique within Azure. The Azure portal will indicate if the storage account name you select is already in use.
4. Select Resource Manager as the deployment model to be used. Note: Blob storage accounts can only be created using the Resource Manager deployment model.
5. Select Blob Storage as the type of storage account and Hot or Cool as the access tier (Hot is specified by default). Note: The access tier Archive is not recommended large volume media archiving within IFS Applications since media items stored in this tier cannot be accessed immediately.
6. Select the replication option for the storage account: LRS , GRS , RA-GRS , or ZRS . The default is RA-GRS. Selection depends on the criticality of the data stored in Azure.
7. Select the subscription in which you want to create the new storage account.
8. Specify a new resource group or select an existing resource group.
9. Select the geographic location for your storage account.
10. Click Create to create the storage account.
       

Manage Storage Account

After you create your storage account, you can modify its configuration, such as changing the replication option used for the account or changing the access tier for a Blob storage account.

In the Azure portal, navigate to your storage account, find and click Configuration under SETTINGS to view and/or change the account configuration. Depending on the performance tier you chose when creating the storage account, some replication options may not be available.

For Blob storage accounts, changing the access tier may incur charges for the change in addition to changing your pricing. Please see the Blob storage accounts - Pricing and Billing for more details.
 

Manage Storage Access Keys

When you create a storage account, Azure generates two 512-bit storage access keys, which are used for authentication when the storage account is accessed. By providing two storage access keys, Azure enables you to regenerate the keys with no interruption to your storage service or access to that service.

Note: It is recommend that you avoid sharing your storage access keys with anyone else.

View and Copy Storage Access Keys

To view and copy storage access keys:

1. In the Azure portal, navigate to your storage account, click All Settings  and then click Access Keys to view, copy, and regenerate your account access keys. The Access Keys blade also includes pre-configured connection strings using your primary and secondary keys that you can copy to use in IFS Applications.
2. Regenerate storage access keys.

Note: It is recommended that you change the access keys to your storage account periodically to help keep your storage connections secure. Two access keys are assigned so that you can maintain connections to the storage account by using one access key while you regenerate the other access key. Regenerating your access keys can affect IFS applications that are dependent on the storage account. If access keys are regenerated the Media Archives window must be updated with the new key.

Rotating Storage Access Keys

Follow the below process to rotate storage access keys:

1. In the Media Archives window update the Azure Account Key field to reference the secondary access key of the storage account.
2. Regenerate the primary access key for your storage account. On the Access Keys blade, click Regenerate Key 1 , and then click Yes to confirm that you want to generate a new key.
3. Update the Azure Account Key field to reference the new primary access key.
4. Regenerate the secondary access key in the same manner.
    

Create Access Control Lists

1. Login to the Oracle database as SYSDBA
2. Execute the POST_APPSRV_App9_MediaArchiveAclGrants.sql located in the following path ..\appsrv\manualdeploy\database\appsrv\
3. When executing above script you will be prompted for below info

• APPLICATIONS_OWNER - App Owner for the Database
• AZURE_CLOUD_HOST - Host name of the Azure Blob Storage Account URL (E.g., <Azure Account Name>.blob.core.windows.net)
   

Create Oracle Wallet

It is recommended to use HTTPS when connecting to Microsoft Azure from IFS Applications, for this you need to create an Oracle Wallet. You can continue without creating an Oracle Wallet but this makes IFS Application use HTTP instead which is not secure. The Oracle Wallet creation process is started by exporting the SSL Certificates from your browser. The steps below outline how it is done in Internet Explorer 11:

1. Run Internet Explorer as Administrator and Log on to the Azure Account (https://portal.azure.com)
2. Click on the padlock icon shown on the URL.
3. Click View Certificates link in the Pop-up window. The Certificate dialog will appear.
4. Select the Details tab.
5. Select Subject field and copy the value (e.g., portal.azure.com)
6. Click Copy to File to open the Certificate Export Wizard. Click Next and Next again.
7. Browse for a location and provide the text copied in step 5 as the file Name.
8. Click Next and then click Finish.
9. Select Certification Path tab in the Certificate dialog.
10. Perform steps 5 - 8 for each node except for the bottom node in the Certificate path.
11. Open Oracle Wallet Manger.
12. Select Wallet-> New from the menu.
13. The New Wallet screen will now prompt you to enter a password for your wallet. Enter the password.
14. Click OK.
15. Click No in the next dialog asking to create a request.
16. Select the Trusted Certificates Node from the Tree navigator. Right-click and click Import Trusted Certificates.
17. Import all the Certificates created in steps 1-10.
18. Save the wallet to a local folder.
19. Put the wallet inside a folder that can be accessed by Oracle. Preferably this location would be inside what is listed under ALL_DIRECTORIES data dictionary view. E.g., C:/app/Administrator/product/12.1.0/dbhome_1/scheduler/wallet
     

Grant Permission to access Media Archives Window

1. Login to the IFS Applications as APPOWNER (application owner)
2. Grant permission set MEDIA_LIBRARY_ARCHIVE to a user who will perform administrative tasks related to media archive.
    

Define a Media Archive for Azure BLOB Storage

Follow the steps below to define a media archive for Azure Blob Storage:

1. Login to IFS Applications. The user should have grants to the MEDIA_LIBRARY_ARCHIVE permission set.
2. Open the Media Archives window and create a new record.
3. Enter below values for the respective fields:

• Archive Method: Azure Storage
• Archive Location: https://<Azure Account Name>.blob.core.windows.net
• Azure Account Name: Name of the Microsoft Azure Blob Storage account
• Azure Container Name: Name of the container in the Azure Blob Storage account
• Azure Account Key: Key 1 generated by Azure (listed under Access Keys in Azure account).
• Azure Wallet Path: Path of the Oracle Wallet. This location is in the virtual machine where Oracle is installed. Oracle should have access to this location. Preferably this path should be part of the ALL_DIRECTORIES data dictionary view in Oracle.
• Azure Wallet Password: Password used when creating the Oracle Wallet.

4. Save the record.