📝

Prerequisites

1. You are an admin in Azure (for step 1).
2. You are an Account Owner (for step 2).

This guide outlines how to setup a Data Store for storing troubleshooting and temporary data in your Azure cloud.

Steps

1. Create a Storage Account and Container

1. Use the Azure Portal, CLI or favorite IaC tool to create a new Storage account in your Azure account with no public access. Note that registration (step 2) will fail if the bucket is publicly accessible.

   We strongly recommend you do not use an existing storage account or share with other jobs as Monte Carlo might overwrite existing data. And we also recommend the following settings:

   • Requiring secure transfer for REST API operations and enabling encryption.
   • Setting Expiration lifecycles. 90 days or less for all objects in the following prefixes:
   Prefixes

   custom-sql-output-samples/
   rca
   idempotent
   

2. Then under Data storage for the Storage Account you created in step #1, select "Containers" and create a private Container.

3. Finally, under Security + networking for the Storage Account you created in step #1, select "Access keys" and retrieve the "Connection string" for either key. Please keep this safe. You will be using it during the registration.

2. Register the Data Store

After creating the storage account and container you can register either via the Monte Carlo UI or CLI.

After this step is complete all integrations that you add to this collection service will automatically use this container for storing troubleshooting and temporary data. You can add these integrations as you normally would using Monte Carlo's UI wizard or CLI.

UI

👍

If you are onboarding a new account, you can also register by following the steps on the onscreen

1. Navigate to settings/integrations/agents and select the Create button.
2. Follow the onscreen wizard for the "Azure" Platform. The "Container name" and "Connection string" are from step one.

CLI

Use the command montecarlo agents register-azure-blob-store to register.

For reference on this command please see here. And see here for how to install and configure the CLI.

The "container-name" and "connection-string" are from step one. For instance:

montecarlo agents register-azure-blob-store \
  --container-name artemis \
  --connection-string -1

FAQs

Can I further constraint access to this Data Store (Azure Storage Account)?

👍

Updated IPs

For all accounts created after April 24th, 2024 the Monte Carlo platform will generally use the following IP addresses to connect to your integration (cloud-only), agent (GCP and Azure), and/or object store:

• 34.200.118.118
• 35.169.25.209

Please be sure to allowlist both as requests from the Monte Carlo Platform* can originate from either one. If your account was created before this date, please reach out to your Monte Carlo representative.

*If you are leveraging a Customer-hosted Agent these are not the same as the IP addresses that the agent will use to connect to your resource. See "Egress" FAQs per platform for more details and options to constraint outbound access.

Absolutely! By default this is done via the connection string, but if you prefer you can further restrict requests via an IP allowlist. For instance you can:

1. Reach out to your Monte Carlo representative or support at [email protected] for an IP Address to allowlist. All inbound requests to the Azure data store will originate here.
2. Create a Storage Account and Container. You can do this by following the steps here.
3. Navigate to the Storage Account created in step #2 and select "Networking".
4. Update the Public network access option to "Enabled from selected virtual networks and IP addresses" and under Firewall add the IP address from step #1 alongside any other IP addresses you want to allow. Select "Save" when you're done.
5. Continue with registration.

How do I check the reachability between Monte Carlo and the Data Store?

Reachability is automatically validated during registration, but you can also use this CLI command or "test" button on the UI to test anytime.