Cube.js LogoCube Cloud Logo
SlackGitHub

Connecting with a VPC on Azure

Prerequisites

To allow Cube Cloud to connect to a Virtual Network on Azure, the following information is required:

  • Virtual Network Name: This can be found in the Virtual Networks section of the Azure Portal.
  • Tenant ID: This can be found under Azure Active Directory > Properties > Tenant ID in the Azure Portal.

Setup

Unfortunately Azure cross-tenant peering suppose that you grant peering role to the user id/service principal to the peering party Below the list of steps that would register Cube Cloud tenant at your organization and grant peering access to Cube Cloud service principal

Add Cube tenant to your organization

First the Cube Cloud tenant must be added to your organization. To do this, open the Azure Portal and go to Azure Active Directory > External Identities > Cross-tenant access settings > Organizational Settings > Add Organization.

For Tenant ID, enter 197e5263-87f4-4ce1-96c4-351b0c0c714a. Make sure that B2B Collaboration > Inbound Access > Applications is set (or inherited) so that it Allows access

Register Cube Cloud service principal at your organization

Cube Cloud service principal

info: Client ID: 0c5d0d4b-6cee-402e-9a08-e5b79f199481 Name: cube-dedicated-infra-sp

Using browser tab where account that has rights to register Enterprise applications is logged in open the following url: https://login.microsoftonline.com/**Tenant ID**/oauth2/authorize?client_id=0c5d0d4b-6cee-402e-9a08-e5b79f199481&response_type=code&redirect_uri=https%3A%2F%2Fwww.microsoft.com%2F Select Consent on behalf of your organization And click Accept

Grant peering permissions to Cube Cloud service principal on your Virtual Network

As peering role you can use built-in Network contributor or custom role that has the following permissions:

  • Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write
  • Microsoft.Network/virtualNetworks/peer/action
  • Microsoft.ClassicNetwork/virtualNetworks/peer/action
  • Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read
  • Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete

On the Azure Portal, go to Virtual networks > Virtual Network Name > Access Control (IAM) > Add > Add role assignment Role = peering role Members: cube-dedicated-infra-sp

Firewall

Make sure that your firewall rules allow inbound and outbound traffic

Information required by Cube Cloud support

When you are reaching out Cube Cloud support please provide following information:

  • Virtual Network ID: You can find it at Virtual Networks > Virtual Network Name > Overview > JSON view > Resource ID on Azure Portal.
  • Virtual Network Address Spaces: You can find it at Virtual Networks > Virtual Network Name > Overview > JSON view > properties > addressSpace on Azure Portal.
  • Tenant ID: You can find it in Azure Active Directory > Properties > Tenant ID section of Azure Portal.

Supported Regions

We support all general purpose regions

Did you find this page useful?