Tutorial: Order Azure Data Box

Azure Data Box is a hybrid solution that allows you to import your on-premises data into Azure in a quick, easy, and reliable way. You transfer your data to a Microsoft-supplied 80-TB (usable capacity) storage device, and then ship the device back. This data is then uploaded to Azure.

This tutorial describes how you can order an Azure Data Box. In this tutorial, you learn about:

  • Prerequisites to deploy Data Box
  • Order a Data Box
  • Track the order
  • Cancel the order

Prerequisites

Complete the following configuration prerequisites for Data Box service and device before you deploy the device:

For service

Before you begin, make sure that:

  • You have your Microsoft Azure storage account with access credentials, such as storage account name and access key.

  • The subscription you use for Data Box service is one of the following types:

  • Ensure that you have owner or contributor access to the subscription to create a device order.

For device

Before you begin, make sure that:

  • You should have a host computer connected to the datacenter network. Data Box will copy the data from this computer. Your host computer must run a supported operating system as described in Azure Data Box system requirements.
  • Your datacenter needs to have high-speed network. We strongly recommend that you have at least one 10-GbE connection. If a 10-GbE connection is not available, a 1-GbE data link can be used but the copy speeds are impacted.

Order Data Box

Do the following steps in the Azure portal to order a device.

  1. Use your Microsoft Azure credentials to sign in at this URL: https://portal.azure.com.

  2. Select + Create a resource and search for Azure Data Box. Select Azure Data Box.

    Screenshot of New section with Azure Data Box in search field

  3. Select Create.

    Screenshot of Azure Data Box section with Create option called out

  4. Check if Data Box service is available in your region. Enter or select the following information and select Apply.

    Setting Value
    Transfer type Select Import to Azure.
    Subscription Select an EA, CSP, or Azure sponsorship subscription for Data Box service.
    The subscription is linked to your billing account.
    Resource Group Select an existing resource group. A resource group is a logical container for the resources that can be managed or deployed together.
    Source country/region Select the country/region where your data currently resides.
    Destination Azure region Select the Azure region where you want to transfer data.
    For more information, go to region availability.

    Starting an Azure Data Box import order

  5. Select Data Box. The maximum usable capacity for a single order is 80 TB. You can create multiple orders for larger data sizes.

    Available data sizes: Data Box Disk, 40 terabytes; Data Box, 100 terabytes; Data Box Heavy, 1000 terabytes; Send your own disks, 1 terabyte

  6. In Order, go to the Basics tab. Enter or select the following information and select Next: Data destination>.

    Setting Value
    Subscription The subscription is automatically populated based on your earlier selection.
    Resource group The resource group you selected previously.
    Import order name Provide a friendly name to track the order.
    The name can have between 3 and 24 characters that can be letters, numbers, and hyphens.
    The name must start and end with a letter or a number.

    Data Box import Order wizard, Basics screen, with correct info filled in

  7. On the Data destination screen, select the Data destination - either storage accounts or managed disks.

    If using storage account(s) as the storage destination, you see the following screen:

    Data Box import Order wizard, Data destination screen, with storage accounts selected

    Based on the specified Azure region, select one or more storage accounts from the filtered list of existing storage accounts. Data Box can be linked with up to 10 storage accounts. You can also create a new General-purpose v1, General-purpose v2, or Blob storage account.

    Note

    • If you select Azure Premium FileStorage accounts, the provisioned quota on the storage account share will increase to the size of data being copied to the file shares. After the quota is increased, it isn't adjusted again, for example, if for some reason the Data Box can't copy your data.
    • This quota is used for billing. After your data is uploaded to the datacenter, you should adjust the quota to meet your needs. For more information, see Understanding billing.

    Storage accounts with virtual networks are supported. To allow Data Box service to work with secured storage accounts, enable the trusted services within the storage account network firewall settings. For more information, see how to Add Azure Data Box as a trusted service.

    If using Data Box to create Managed disk(s) from the on-premises virtual hard disks (VHDs), you will also need to provide the following information:

    Setting Value
    Resource groups Create new resource groups if you intend to create managed disks from on-premises VHDs. You can use an existing resource group only if the resource group was created previously when creating a Data Box order for managed disks by the Data Box service.
    Specify multiple resource groups separated by semi-colons. A maximum of 10 resource groups are supported.

    Data Box import Order wizard, Data destination screen, with Managed Disks selected

    The storage account specified for managed disks is used as a staging storage account. The Data Box service uploads the VHDs as page blobs to the staging storage account before converting it into managed disks and moving it to the resource groups. For more information, see Verify data upload to Azure.

    Note

    If a page blob isn't successfully converted to a managed disk, it stays in the storage account and you're charged for storage.

  8. Select Next: Security to continue.

    The Security screen lets you use your own encryption key and your own device and share passwords, and choose to use double encryption.

    All settings on the Security screen are optional. If you don't change any settings, the default settings will apply.

    Security screen of the Data Box import Order wizard

  9. If you want to use your own customer-managed key to protect the unlock passkey for your new resource, expand Encryption type.

    Configuring a customer-managed key for your Azure Data Box is optional. By default, Data Box uses a Microsoft managed key to protect the unlock passkey.

    A customer-managed key doesn't affect how data on the device is encrypted. The key is only used to encrypt the device unlock passkey.

    If you don't want to use a customer-managed key, skip to Step 15.

    Security screen showing Encryption type settings

  10. Select Customer managed key as the key type. Then select Select a key vault and key.

    Security screen, settings for a customer-managed key

  11. In the Select key from Azure Key Vault blade, the subscription is automatically populated.

    • For Key vault, you can select an existing key vault from the dropdown list.

      Select key from Azure Key Vault screen

    • You can also select Create new to create a new key vault. On the Create key vault screen, enter the resource group and a key vault name. Ensure that Soft delete and Purge protection are enabled. Accept all other defaults, and select Review + Create.

      Create a new Azure Key Vault settings

      Review the information for your key vault, and select Create. Wait for a couple minutes for key vault creation to complete.

      New Azure Key Vault review screen

  12. In Select key from Azure Key Vault, you can select an existing key in the key vault.

    Select existing key from Azure Key Vault

    If you want to create a new key, select Create new. You must use an RSA key. The size can be 2048 or greater. Enter a name for your new key, accept the other defaults, and select Create.

    Create a new key option

    You'll be notified when the key has been created in your key vault.

  13. Select the Version of the key to use, and then choose Select.

    New key created in key vault

    If you want to create a new key version, select Create new.

    Open a dialog box for creating a new key version

    Choose settings for the new key version, and select Create.

    Create a new key version

    The Encryption type settings on the Security screen show your key vault and key.

    Key and key vault for a customer-managed key

  14. Select a user identity that you'll use to manage access to this resource. Choose Select a user identity. In the panel on the right, select the subscription and the managed identity to use. Then choose Select.

    A user-assigned managed identity is a stand-alone Azure resource that can be used to manage multiple resources. For more information, see Managed identity types.

    If you need to create a new managed identity, follow the guidance in Create, list, delete, or assign a role to a user-assigned managed identity using the Azure portal.

    Select a user identity

    The user identity is shown in Encryption type settings.

    A selected user identity shown in Encryption type settings

  15. If you don't want to use the system-generated passwords that Azure Data Box uses by default, expand Bring your own password on the Security screen.

    The system-generated passwords are secure, and are recommended unless your organization requires otherwise.

    Expanded Bring your own password options for a Data Box import order

  • To use your own password for your new device, by Set preference for the device password, select Use your own password, and type a password that meets the security requirements.

    Options for using your own device password on the Security screen for a Data Box import order

  • To use your own passwords for shares:

    • By Set preference for share passwords, select Use your own passwords and then Select passwords for the shares.

      Options for using your own share passwords on the Security screen for a Data Box import order

    • Type a password for each storage account in the order. The password will be used on all shares for the storage account.

      To use the same password for all of the storage accounts, select Copy to all. When you finish, select Save.

      Screen for entering share passwords for a Data Box import order

      On the Security screen, you can use View or change passwords to change the passwords.

  1. In Security, if you want to enable software-based double encryption, expand Double-encryption (for highly secure environments), and select Enable double encryption for the order.

    Security screen for Data Box import, enabling software-based encryption for a Data Box order

    The software-based encryption is performed in addition to the AES-256 bit encryption of the data on the Data Box.

    Note

    Enabling this option could make order processing and data copy take longer. You can't change this option after you create your order.

    Select Next: Contact details to continue.

  2. In Contact details, select + Add Shipping Address.

    From the Contact details screen, add shipping addresses to your Azure Data Box import order

  3. In the Shipping address, provide your first and last name, name and postal address of the company, and a valid phone number. Select Validate address. The service validates the shipping address for service availability. If the service is available for the specified shipping address, you receive a notification to that effect.

    Screenshot of the Add Shipping Address dialog box with the Ship using options and the Add shipping address option called out.

    If you selected self-managed shipping, you will receive an email notification after the order is placed successfully. For more information about self-managed shipping, see Use self-managed shipping.

  4. Select Add Shipping Address once the shipping details have been validated successfully. You will return to the Contact details tab.

  5. After you return to Contact details, add one or more email addresses. The service sends email notifications regarding any updates to the order status to the specified email addresses.

    We recommend that you use a group email so that you continue to receive notifications if an admin in the group leaves.

    Email section of Contact details in the Order wizard

  6. Review the information in Review + Order related to the order, contact, notification, and privacy terms. Check the box corresponding to the agreement to privacy terms.

  7. Select Order. The order takes a few minutes to be created.

    Review and Order screen of the Order wizard

Track the order

After you have placed the order, you can track the status of the order from Azure portal. Go to your Data Box order and then go to Overview to view the status. The portal shows the order in Ordered state.

If the device is not available, you receive a notification. If the device is available, Microsoft identifies the device for shipment and prepares the shipment. During device preparation, following actions occur:

  • SMB shares are created for each storage account associated with the device.
  • For each share, access credentials such as username and password are generated.
  • Device password that helps unlock the device is also generated.
  • The Data Box is locked to prevent unauthorized access to the device at any point.

When the device preparation is complete, the portal shows the order in Processed state.

A Data Box order that's been processed

Microsoft then prepares and dispatches your device via a regional carrier. You receive a tracking number once the device is shipped. The portal shows the order in Dispatched state.

A Data Box order that's been dispatched

Cancel the order

To cancel this order, in the Azure portal, go to Overview and select Cancel from the command bar.

After placing an order, you can cancel it at any point before the order status is marked processed.

To delete a canceled order, go to Overview and select Delete from the command bar.

Next steps

In this tutorial, you learned about Azure Data Box articles such as:

  • Prerequisites to deploy Data Box
  • Order Data Box
  • Track the order
  • Cancel the order

Advance to the next tutorial to learn how to set up your Data Box.