Microsoft Azure Set-up

This article explains how to set up a Diplomat transaction with Microsoft Azure cloud storage as a source or destination partner Diplomat MFT can transfer files to and/or from Azure Blob storage (including Azure Data Lake), or Azure File shares.
Diplomat MFT supports both key-based authentication to the storage account, or a Shared Access Signature (SAS) token via a URL. Coviant Software strongly recommends a SAS URL because it allows fine-grained access control, IP access restrictions, and token expiration.

A tutorial on Microsoft Azure file storage, including how to set up a storage account and define a share, can be found at https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create

Prerequisites

• An Microsoft Azure Storage account.
• At least one share defined in the File Service section of the account, or a Blob container.
• A Microsoft Azure account access key or SAS URL.

Authentication

1. BLOB Shared Access Signature (SAS) URL

To generate a BLOB SAS URL, perform the following:

1. Log on to your Microsoft Azure account
2. On the Dashboard, click the storage account resource, and then the container for which you want to generate a BLOB SAS URL.
3. Under ‘Settings’ in the left-hand navigation panel click ‘Shared access tokens’.
4. In the right-hand side,
   1. Select the appropriate permissions. Diplomat MFT needs “list” for all operations, and “read”, “create”, and/or “write” depending upon how you plan to use the SAS token (i.e., as a Source vs Destination partner)
   2. Choose the access times for the token to be active.
   3. (Optionally, you can set an IP address from which connections will be accepted for this token. You should put the external IP address (or range) of your Diplomat MFT server)
   4. Finally, press “Generate SAS token and URL”, and copy the value from the “Blob SAS URL” field.
      

2. Microsoft Azure Access Key
 

• Log on to your Microsoft Azure account.
• On the Dashboard, click the storage account resource for which you want to download an access key.
• Under ‘Settings’ in the left-hand navigation panel click ‘Access Keys’.
• Click the ‘Click to Copy’ icon.
• You will need to paste this key into the ‘Key’ field in the Diplomat transaction in the next step.

 Setting Up Diplomat Transaction

• Open the Diplomat MFT Client.
• Under Transactions in the top menu bar, select either “Create Inbound Transaction…” or “Create Outbound Transaction…” to create a new transaction, or under the Partners menu choose “Create Public Partner…” or “Create Trusted Partner…”
• Choose ‘Microsoft Azure’ as the transport type.
• Choose the storage type to be used, and fill in the appropriate details:
• Fill the ‘Account’ field with the name of your Microsoft Azure Storage account. (Not required for SAS authentication)
• Fill the ‘Key’ field with the account’s access key. or SAS URL value when using SAS.
• Fill the ‘Share/Container’ field with the name of the share to be used.
• The ‘Directory’ field is optional. When used, it refers to a sub-directory of the share.
• Click the ‘Test’ button to see the current contents of your share or sub-directory.