Enterprise Recon 2.6.1

Azure Storage

This section covers the following topics:

Overview

The instructions here work for setting up the following Azure Storage types as Targets:

  • Azure Blobs
  • Azure Tables
  • Azure Queues

To set up Azure Storage as a Target:

  1. Get Azure Account Access Keys
  2. Set up Azure as a Target location

To scan specific paths in an Azure Storage Target, see Edit Azure Storage Target Path.

Licensing

For Sitewide Licenses, all scanned Azure Storage Targets consume data from the Sitewide License data allowance limit.

For Non-Sitewide Licenses, Azure Storage Targets require Server & DB Licenses, and consume data from the Server & DB License data allowance limit.

See Target Licenses for more information.

Requirements

Requirements Description
Proxy Agent
  • Proxy Agent host with direct Internet access.
  • Cloud service-specific access keys.
Required Proxy Agents:
  • Windows Agent with database runtime components
  • Windows Agent
  • Linux Agent with database runtime components
  • Linux Agent
  • macOS Agent
TCP Allowed Connections Port 443

Get Azure Account Access keys

  1. Log in to your Azure account.
  2. Go to All resources > [Storage account], and under Settings, click on Access keys.
  3. Note down key1 and key2 which are your primary and secondary access keys respectively. Use the active access key to connect ER2 to your Azure Storage account.

Set up Azure as a Target location

  1. From the New Scan page, Add Targets.
  2. In the Select Target Type dialog box, click on Azure Storage and select one of the following Azure Storage types:
    • Azure Blobs
    • Azure Queue
    • Azure Table
  3. Fill in the following fields:
    Dialog box to configure the path, credentials and proxy agent for an Azure Blob Target.

    Field Description
    Azure Account Name Enter your Azure account name.
    New Credential Label Enter a descriptive label for the credential set.
    New Username Enter your Azure Storage account name.
    New Password Enter either key1 or key2. See Get Azure Account Access Keys for more information.
    Agent to act as proxy host Select a Proxy Agent host with direct Internet access.
    Recommended Least Privilege User Approach

    To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

  4. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  5. Click Commit to add the Target.

Edit Azure Storage Target Path

To scan a specific Target location in Azure Storage:

  1. Set up Azure as a Target location.
  2. In the Select Locations section, select your Azure Storage Target location and click Edit.
  3. In the Edit Azure Storage Location dialog box, enter the Path to scan. Use the following syntax:

    Azure Storage type Path syntax
    Azure Blobs To scan a specific folder:
    <folder_name>
    To scan a specific file:
    <[folder_name/]file_name.txt>
    Azure Table To scan a specific table:
    <table_name>
    Azure Queue To scan a specific Queue:
    <queue_name>
  4. Click Test and then Commit to save the path to the Target location.