Tutorial: Order Azure Data Box
Azure Data Box is a hybrid solution that allows you to import your on-premises data into Azure in a quick, easy, and reliable way. You transfer your data to a Microsoft-supplied 80-TB (usable capacity) storage device, and then ship the device back. This data is then uploaded to Azure.
This tutorial describes how you can order an Azure Data Box. In this tutorial, you learn about:
- Prerequisites to deploy Data Box
- Order a Data Box
- Track the order
- Cancel the order
Complete the following configuration prerequisites for Data Box service and device before you deploy the device:
Before you begin, make sure that:
You have your Microsoft Azure storage account with access credentials, such as storage account name and access key.
The subscription you use for Data Box service is one of the following types:
Ensure that you have owner or contributor access to the subscription to create a device order.
Before you begin, make sure that:
- You should have a host computer connected to the datacenter network. Data Box will copy the data from this computer. Your host computer must run a supported operating system as described in Azure Data Box system requirements.
- Your datacenter needs to have high-speed network. We strongly recommend that you have at least one 10-GbE connection. If a 10-GbE connection is not available, a 1-GbE data link can be used but the copy speeds are impacted.
Order Data Box
Do the following steps in the Azure portal to order a device.
Use your Microsoft Azure credentials to sign in at this URL: https://portal.azure.com.
Select + Create a resource and search for Azure Data Box. Select Azure Data Box.
Check if Data Box service is available in your region. Enter or select the following information and select Apply.
Setting Value Transfer type Select Import to Azure. Subscription Select an EA, CSP, or Azure sponsorship subscription for Data Box service.
The subscription is linked to your billing account.
Resource Group Select an existing resource group. A resource group is a logical container for the resources that can be managed or deployed together. Source country/region Select the country/region where your data currently resides. Destination Azure region Select the Azure region where you want to transfer data.
For more information, go to region availability.
Select Data Box. The maximum usable capacity for a single order is 80 TB. You can create multiple orders for larger data sizes.
In Order, go to the Basics tab. Enter or select the following information and select Next: Data destination>.
Setting Value Subscription The subscription is automatically populated based on your earlier selection. Resource group The resource group you selected previously. Import order name Provide a friendly name to track the order.
The name can have between 3 and 24 characters that can be letters, numbers, and hyphens.
The name must start and end with a letter or a number.
On the Data destination screen, select the Data destination - either storage accounts or managed disks.
If using storage account(s) as the storage destination, you see the following screen:
Based on the specified Azure region, select one or more storage accounts from the filtered list of existing storage accounts. Data Box can be linked with up to 10 storage accounts. You can also create a new General-purpose v1, General-purpose v2, or Blob storage account.
- If you select Azure Premium FileStorage accounts, the provisioned quota on the storage account share will increase to the size of data being copied to the file shares. After the quota is increased, it isn't adjusted again, for example, if for some reason the Data Box can't copy your data.
- This quota is used for billing. After your data is uploaded to the datacenter, you should adjust the quota to meet your needs. For more information, see Understanding billing.
Storage accounts with virtual networks are supported. To allow Data Box service to work with secured storage accounts, enable the trusted services within the storage account network firewall settings. For more information, see how to Add Azure Data Box as a trusted service.
If using Data Box to create Managed disk(s) from the on-premises virtual hard disks (VHDs), you will also need to provide the following information:
Setting Value Resource groups Create new resource groups if you intend to create managed disks from on-premises VHDs. You can use an existing resource group only if the resource group was created previously when creating a Data Box order for managed disks by the Data Box service.
Specify multiple resource groups separated by semi-colons. A maximum of 10 resource groups are supported.
The storage account specified for managed disks is used as a staging storage account. The Data Box service uploads the VHDs as page blobs to the staging storage account before converting it into managed disks and moving it to the resource groups. For more information, see Verify data upload to Azure.
If a page blob isn't successfully converted to a managed disk, it stays in the storage account and you're charged for storage.
Select Next: Security to continue.
The Security screen lets you use your own encryption key and your own device and share passwords, and choose to use double encryption.
All settings on the Security screen are optional. If you don't change any settings, the default settings will apply.
If you want to use your own customer-managed key to protect the unlock passkey for your new resource, expand Encryption type.
Configuring a customer-managed key for your Azure Data Box is optional. By default, Data Box uses a Microsoft managed key to protect the unlock passkey.
A customer-managed key doesn't affect how data on the device is encrypted. The key is only used to encrypt the device unlock passkey.
If you don't want to use a customer-managed key, skip to Step 15.
Select Customer managed key as the key type. Then select Select a key vault and key.
In the Select key from Azure Key Vault blade, the subscription is automatically populated.
For Key vault, you can select an existing key vault from the dropdown list.
You can also select Create new to create a new key vault. On the Create key vault screen, enter the resource group and a key vault name. Ensure that Soft delete and Purge protection are enabled. Accept all other defaults, and select Review + Create.
Review the information for your key vault, and select Create. Wait for a couple minutes for key vault creation to complete.
In Select key from Azure Key Vault, you can select an existing key in the key vault.
If you want to create a new key, select Create new. You must use an RSA key. The size can be 2048 or greater. Enter a name for your new key, accept the other defaults, and select Create.
You'll be notified when the key has been created in your key vault.
Select the Version of the key to use, and then choose Select.
If you want to create a new key version, select Create new.
Choose settings for the new key version, and select Create.
The Encryption type settings on the Security screen show your key vault and key.
Select a user identity that you'll use to manage access to this resource. Choose Select a user identity. In the panel on the right, select the subscription and the managed identity to use. Then choose Select.
A user-assigned managed identity is a stand-alone Azure resource that can be used to manage multiple resources. For more information, see Managed identity types.
If you need to create a new managed identity, follow the guidance in Create, list, delete, or assign a role to a user-assigned managed identity using the Azure portal.
The user identity is shown in Encryption type settings.
If you don't want to use the system-generated passwords that Azure Data Box uses by default, expand Bring your own password on the Security screen.
The system-generated passwords are secure, and are recommended unless your organization requires otherwise.
To use your own password for your new device, by Set preference for the device password, select Use your own password, and type a password that meets the security requirements.
To use your own passwords for shares:
By Set preference for share passwords, select Use your own passwords and then Select passwords for the shares.
Type a password for each storage account in the order. The password will be used on all shares for the storage account.
To use the same password for all of the storage accounts, select Copy to all. When you finish, select Save.
On the Security screen, you can use View or change passwords to change the passwords.
In Security, if you want to enable software-based double encryption, expand Double-encryption (for highly secure environments), and select Enable double encryption for the order.
The software-based encryption is performed in addition to the AES-256 bit encryption of the data on the Data Box.
Enabling this option could make order processing and data copy take longer. You can't change this option after you create your order.
Select Next: Contact details to continue.
In Contact details, select + Add Shipping Address.
In the Shipping address, provide your first and last name, name and postal address of the company, and a valid phone number. Select Validate address. The service validates the shipping address for service availability. If the service is available for the specified shipping address, you receive a notification to that effect.
If you selected self-managed shipping, you will receive an email notification after the order is placed successfully. For more information about self-managed shipping, see Use self-managed shipping.
Select Add Shipping Address once the shipping details have been validated successfully. You will return to the Contact details tab.
After you return to Contact details, add one or more email addresses. The service sends email notifications regarding any updates to the order status to the specified email addresses.
We recommend that you use a group email so that you continue to receive notifications if an admin in the group leaves.
Review the information in Review + Order related to the order, contact, notification, and privacy terms. Check the box corresponding to the agreement to privacy terms.
Select Order. The order takes a few minutes to be created.
Track the order
After you have placed the order, you can track the status of the order from Azure portal. Go to your Data Box order and then go to Overview to view the status. The portal shows the order in Ordered state.
If the device is not available, you receive a notification. If the device is available, Microsoft identifies the device for shipment and prepares the shipment. During device preparation, following actions occur:
- SMB shares are created for each storage account associated with the device.
- For each share, access credentials such as username and password are generated.
- Device password that helps unlock the device is also generated.
- The Data Box is locked to prevent unauthorized access to the device at any point.
When the device preparation is complete, the portal shows the order in Processed state.
Microsoft then prepares and dispatches your device via a regional carrier. You receive a tracking number once the device is shipped. The portal shows the order in Dispatched state.
Cancel the order
To cancel this order, in the Azure portal, go to Overview and select Cancel from the command bar.
After placing an order, you can cancel it at any point before the order status is marked processed.
To delete a canceled order, go to Overview and select Delete from the command bar.
In this tutorial, you learned about Azure Data Box articles such as:
- Prerequisites to deploy Data Box
- Order Data Box
- Track the order
- Cancel the order
Advance to the next tutorial to learn how to set up your Data Box.