Create an Azure storage account
It is recommended to have a dedicated storage account for each Model9 environment such as Sandbox/Test/Prod.
When creating a new storage account the following parameters should be considered:
- Location
- Choose the location closest to your Mainframe site
- LRS - Replicates your data three times within a single physical location in the primary region
- ZRS - Replicates your Azure Storage data synchronously across three Azure availability zones in the primary region
- GRS - Copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region
- RA-GRS - Copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region
- Default access tier
- As Model9 works in bulk, in most cases “Cool” storage will provide good performance and will costs less money. You can either choose Cool or Hot.
- Secure transfer required
- Set this option to “Enabled” to enforce data in flight encryption when accessing Azure storage.
- Allow Blob public access
- Set this option to “Disabled”. Unauthenticated users should not be able to access the Azure storage.
ENCRYPTION SCOPE
In the storage account Encryption settings, create an encryption scope and provide the data-at-rest encryption key that you would like to use with Model9. The encryption scope will be used during the container creation.
CREATE A CONTAINER
You must create a dedicated container for each Model9 environment such as Sandbox/Test/Prod. If a single management server manages multiple environments, the container can be shared. Each Model9 management server must have a dedicated container.
When creating the new container, make sure to select the encryption scope you created on the storage account.