Set Up a Peered Network for Data Hub Service - Azure

Before you begin

You need:

About this task

In a peered networking environment, you need a virtual network (VNet) peering connection between your Data Hub Service (DHS) clusters and endpoints. In this task, you will configure your peered DHS network and enable VNet peering.
Important: For this task, you need the SEC-ADMIN portal role. See Portal Roles.

Procedure

  1. Go to the MarkLogic Data Hub Service home page and select Network from the menu.
  2. In the Network Configuration page, click Add Network.

    Add Network Configuration
  3. In the Configure Network page, update the network settings.

    Configure Network page
    Field Description
    Name Name for the network.
    Region The region where your preconfigured network is located. Default: Central US. See Supported Regions - Azure
    Important: Your client-side VNet and peered DHS network must be configured in the same region.
    Select if you want to set up VNet peering Select to set up VNet peering and create peered endpoints.
    Tenant ID Your Active Directory's Tenant ID.

    To find your Tenant ID in Azure, navigate to Microsoft Azure.

    1. Click Azure Active Directory.
    2. Click Overview in the left menu.
    3. Copy the Tenant ID.

    To add your Tenant ID to your Data Hub Service, return to the DHS Configure Network page.


    Microsoft Azure - create virtual network page
    Important: You can add your MarkLogic Data Hub Service account to only one Azure Active Directory, meaning you cannot change the Tenant ID once verified.
    1. Paste the Tenant ID into the appropriate field.
    2. Click Add to Active Directory.

      Result: Microsoft Azure opens in a new browser tab, asking you to log into your Microsoft Azure account.

      • Log into your Microsoft Azure account to authenticate DHS.
    3. Click Verify.
    Important: You cannot assign the Network Contributor role to MarkLogic without adding your Tenant ID to your DHS.

    Example: 12a3b456-7cd8-9123-e4f5-6g7hi8j91k2
    Assign the Network Contributor Role Assign the Network Contributor role to the mlDataHubService application, enabling MarkLogic to manage networks but not access them. To learn how to assign the Network Contributor role to the mlDataHubService application, see Assign the Network Contributor Role. For details about the role, see Network Contributor.
    VNet ID Your client-side VNet's identifier.

    To find your VNet ID in Microsoft Azure, navigate to Azure Virtual networks.

    1. Select the virtual network with which you want to peer.
    2. Select Properties.
    3. Copy the Resource ID.

    Example: /subscriptions/[subscription-id]/resourceGroups/[resource-group-name]/providers/Microsoft.Network/virtualNetworks/[virtual-network-name]
    VNet CIDR The IPv4 Address Space used to set up your client-side VNet. Primary CIDR (Classless Inter-Domain Routing) block for your VNet. Example: 10.0.0.0/23
    Important: The CIDR block 10.100.0.0/10 is used internally. If your VNet CIDR is within the 10.100.0.0/10 range of IP addresses, your CIDR block size must be between /20 and /28 subnet masks. The maximum amount of IP addresses in a CIDR block is 4,096, including all subnets.

    Click the following link to view a full list of DHS network resources.

  4. Click Configure.

Results


Peered Network Configuration page

The dashboard displays information about each of the current network configurations, listing the information and status for each configuration. The status of the network in the status bar must be Completed.

  • To add a network configuration, click Add Network.
  • To delete a network configuration, click Delete in the configuration's row under the Delete column.
Note: The Network CIDR is the CIDR of your MarkLogic VNet, which is provided and managed by MarkLogic.

What to do next

Create a Data Hub Service with a peered network: