Deployment Options – Nonrelational Databases in Azure
Deployment Options
Instances of Azure Cosmos DB can be deployed to an Azure subscription using several methods. Users can manually configure the necessary requirements for their Azure Cosmos DB environment through the Azure Portal or automate the deployment with different scripting languages. As discussed in Chapter 2, Azure PowerShell, Azure CLI, and ARM templates are some of the most common ways to automate Azure resource deployments. Let’s discuss in the following sections how to use these different options to configure and deploy Azure Cosmos DB.
Azure Portal
Use the following steps to create an Azure Cosmos DB account through the Azure Portal:
- Log into portal.azure.com and search for Azure Cosmos DB in the search bar at the top of the page. Click Azure Cosmos DB to go to the Azure Cosmos DB page in the Azure Portal.
- Click Create to start choosing the configuration options for your Azure Cosmos DB account.
- The first requirement for creating an Azure Cosmos DB account is to select the most appropriate API for the workload it will be serving. The Select API Option page allows you to choose from one of the five APIs. Figure 3.5 is a screen shot of what this page looks like. For the purposes of this example, we will select the Core (SQL) API.
- The Create Azure Cosmos DB Account page includes six tabs with different configuration options to tailor the Azure Cosmos DB account to fit your needs. Let’s start by exploring the options available in the Basics tab. Along with the following list that describes each option, you can view a completed example of this tab in Figure 3.6.
a. Choose the subscription and resource group that will contain the Azure Cosmos DB account. You can create a new resource group on this page if you have not already created one.
b. Enter a name for the Azure Cosmos DB account.
FIGURE 3.5 Select Azure Cosmos DB API.
c. Choose the primary Azure region for the account.
d. Choose whether you want to provision throughput for Azure Cosmos DB or have Azure Cosmos DB manage throughput with serverless.
e. The last option allows you to choose whether you would like to apply the free tier discount to this Azure Cosmos DB account. This allows you to get the first 1000 RU/s and 25 GB of storage for free in the account. This option can be enabled for one account per subscription.
FIGURE 3.6 Create an Azure Cosmos DB Account: Basics tab.
- The Global Distribution tab allows you to enable geo-redundancy, multi-region writes, and availability zones for the account. These options can also be configured post-deployment.
- The Networking tab allows you to configure network access and connectivity for your Azure Cosmos DB account. There are three options to choose from for network configuration: All networks, Public endpoint (selected network), and Private endpoint.
a. All networks opens access to the account to applications from any network. This option removes network isolation as a data security component to the Azure Cosmos DB configuration.
b. Public endpoint (selected network) configures Azure Cosmos DB to use a firewall to only allow access from certain IP addresses. This includes access from the Azure Portal, the IP address of the machine that is creating the Azure Cosmos DB account, and IP addresses in one or more subnets in an Azure VNet. Figure 3.7 illustrates an example of this configuration.
c. Private endpoint attaches an IP address in an Azure VNet to the Azure Cosmos DB account, limiting access to applications that can communicate with the VNet. This option also allows you to enable access to the account from the Azure Portal and the IP address of the machine that is creating the Azure Cosmos DB account.
FIGURE 3.7 Create an Azure Cosmos DB Account: Networking tab.
- The Backup Policy tab allows you to select between a Periodic or Continuous backup strategy for data stored in this Azure Cosmos DB account. The Periodic setting allows you to set the time interval, retention rate, and zone redundancy for data backups. The Continuous setting will automatically back up data within 100 seconds of a change in the account, including those made to databases, containers, and items. Figure 3.8 illustrates an example of a Periodic backup policy configuration.
FIGURE 3.8 Create an Azure Cosmos DB Account: Backup Policy tab.
- The Encryption tab allows you to choose whether data encryption uses a key that is generated and managed by Azure or a custom one that is stored in Azure Key Vault.
- The Tags tab allows you to place a tag on the Azure Cosmos DB account for cost management.
- Finally, the Review + Create tab allows you to review the configuration choices made during the design process. If you are satisfied with the choices made for the instance, click the Create button to begin provisioning the Azure Cosmos DB account.