Create Microsoft Azure Managed Disk

Microsoft Azure VMs are a combination of disk images and Virtual Machine definitions.

To create an Microsoft Azure managed disk:

  • Create a an empty managed disk.
  • Populate the managed disk with the converted Access Gateway disk.
  1. Create an empty managed disk.

    1. Login or return to the Microsoft Azure Portal.
    2. In the upper left hand menu click + Create a resource.
    3. Using Search search for Managed Disks.
    4. Under Managed Disks click Create.
    5. In the Create managed disk pane enter a disk name, and select a resource group from the resource group drop down.
    6. Click Change size to select an appropriate size, no less then the size of the previously created VHD disk.
    7. Click Review + create.
  2. Populate the empty disk.

    1. Login or return to the Microsoft Azure Portal.
    2. In the upper left hand menu click Storage Accounts.
    3. Select the storage account where the Security Access Manager VHD file will be uploaded to.

      If you do not have a storage account, click Add to create one.

    4. Under BLOB SERVICE, click Containers.
    5. Select the container to house the VHD file.
      If you do not have a container click + Container to create one.
    6. Click Upload and navigate to the location of the VHD file.
    7. From the Blob type drop down select Page Blob.
    8. Click Upload.
      Note: Upload time will vary based on disk size and upload speed.

 

  1. Create an empty managed disk.

    1. Login or return to the Microsoft Azure command line interface.
      az login
    2. Using the az disk create command create a disk large enough to contain the OVA disk file.
      az disk create -n <virtual-disk> -g <resource-group> -l <location> --for-upload --upload-size-bytes <size> --sku standard_lrs

      Where:

      • <virtual-disk> is the name of the virtual disk - typically the same as the OVA disk without suffix.
      • <resource-group> is the name of the previously created resource group. For example, AccessGateway.
      • <location> is the location of the resource group. For example eastus.
      • <size> is the size of the disk in bytes. For example 236223201792.
      • and

      • --sku standard_lrs is a required parameter

      For example:

      az disk create -n Okta-AccessGateway-2019.4.5 -g OAG -l eastus --for-upload --upload-size-bytes 236223201792 --sku standard_lrs

    Which will produce results resembling:

    {
    "creationData": {
    "createOption": "Upload",
    "imageReference": null,
    "sourceResourceId": null,
    "sourceUniqueId": null,
    "sourceUri": null,
    "storageAccountId": null,
    "uploadSizeBytes": 20972032
    },. . .
    "tags": {},
    "timeCreated": "2019-12-20T17:51:29.894626+00:00",
    "type": "Microsoft.Compute/disks",
    "uniqueId": "d1485574-. . . ",
    "zones": null
    }
    Info

    Note

    The file size of the created disk must match exactly the file size used when copying up the disk image.
    Use a command such as ls -l (linux) or dir (Windows) to determine the file size in bytes.

    Important Note

    Important

    Note carefully the uniqueID field which can be used to create snapshots of the disk.

  2. Populate the empty disk.
    Info

    Note

    The following section requires the use of azcopy. Follow the directions here to download and install an operating system appropriate version of azcopy

    1. Using az disk grant-access access to create an Shared Access Token which can be used to grant access to the previously created disk.
       az disk grant-access -n <virtual-disk> -g <resource-group> --access-level Write --duration-in-seconds 86400

      Where:
      • <virtual-disk> is the name of the virtual disk
      • <resource-group> is the name of the previously created resource group.
      • and

      • --access-level Write is the required write access level
      • --duration-in-seconds 86400 in the lifetime of the Shared Access Token in seconds.

      for example:
       az disk grant-access -n Okta-AccessGateway-2019.4.5 -g OAG --access-level Write --duration-in-seconds 86400

      Which will produce results resembling:

      "accessSas": "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D"

    2. Upload the disk file using the azcopy copy command.
      azcopy copy <path-to-disk> "<accessSas>" --blob-type PageBlob
      Where:
      • <path-to-disk> is the fully qualified path to the fixed disk previously created.
      • <accessSas> is the value from the az disk grant-access command.


      Info

      Note

      Azcopy uses the AZCOPY_CONCURRENCY_VALUE environment variable to control the upload process.
      Setting this variable to AUTO causes Azcopy to attempt to optimize the upload process.


      For example:
      export AZCOPY_CONCURRENCY_VALUE=AUTO
      azcopy copy Okta-AccessGateway-2019.4.5 "https://md-. . . VY1SlQ79TOnwoMaVHjaqkmVlU%3D" --blob-type PageBlobexample

      Which will produce results similar to:
      INFO: Scanning...
      Job 50d659dd-6174-fe4d-78b1-5f97e305fdee has started
      Log file is located at: ~/.azcopy/50d659dd-6174-fe4d-78b1-5f97e305fdee.log
      INFO: Trying 4 concurrent connections (initial starting point)
      INFO: Trying 16 concurrent connections (seeking optimum)
      . . .
      INFO: Trying 5 concurrent connections (at optimum)
      . . .
      Elapsed Time (Minutes): 78.9381
      Total Number Of Transfers: 1
      Number of Transfers Completed: 1
      . . .
      TotalBytesTransferred: 236223201792
      Final Job Status: Completed
    3. Revoke access to the using az disk revoke.
      az disk revoke-access -n <virtual-disk> -g <resource-group>
      Where:
      • <virtual-disk> is the name of the virtual disk
      • <resource-group> is the name of the previously created resource group.

      For example:

      az disk revoke-access -n oag-2019-12-30-disk1.fixed.vhd -g OAG 

See Also