Create an Azure storage account
It is recommended to have a dedicated storage account for each Model9 environment such as Sandbox/Test/Prod.
When creating a new storage account the following parameters should be considered:
- Choose the location closest to your Mainframe site
- LRS - Replicates your data three times within a single physical location in the primary region
- ZRS - Replicates your Azure Storage data synchronously across three Azure availability zones in the primary region
- GRS - Copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region
- RA-GRS - Copies your data synchronously across three Azure availability zones in the primary region using ZRS. It then copies your data asynchronously to a single physical location in the secondary region
- Default access tier
- As Model9 works in bulk, in most cases “Cool” storage will provide good performance and will costs less money. You can either choose Cool or Hot.
- Secure transfer required
- Set this option to “Enabled” to enforce data in flight encryption when accessing Azure storage.
- Allow Blob public access
- Set this option to “Disabled”. Unauthenticated users should not be able to access the Azure storage.
In the storage account Encryption settings, create an encryption scope and provide the data-at-rest encryption key that you would like to use with Model9. The encryption scope will be used during the container creation.
CREATE A CONTAINER
You must create a dedicated container for each Model9 environment such as Sandbox/Test/Prod. If a single management server manages multiple environments, the container can be shared. Each Model9 management server must have a dedicated container.
When creating the new container, make sure to select the encryption scope you created on the storage account.