Mirroring contracts to Azure Blob Storage
Zefort supports mirroring contracts to Azure Blob Storage.
With these instructions you can configure a weekly mirrored version of your contracts (files and metadata). This data will be periodically (every Sunday) copied to an Azure container of your choice.
Configuring Azure Blob Storage integration
Prerequisites
You need:
- A Zefort administrator user account with the ”can manage account settings” permission
- Administrative access to storage accounts in your Azure Portal
Sidenote: as a best practice, organisations using Zefort often reserve some administrator user accounts for IT personnel, who only have access to configure account settings (and possibly manage user accounts), but no access to actual contracts or other content.
Configurations steps
The steps to configure the integration are as follows:
- Create a new storage account in the Azure Portal
- Create a new storage container in the Azure Portal
- Create a new Azure Blob Storage integration entry in Zefort’s Account settings
- Notify Zefort’s support about your new integration
- Enable the integration
0. Create a new storage account in the Azure Portal
Note: This step is not mandatory if you already have an existing account. However, the connection string (used in step 2) has access to the entire account and we strongly recommend using a separate account for the integration.
- Sign in to the Azure Portal and browse to Storage accounts.
- Click the “+ Create” button to create a new account. Give it a name and select a suitable region. The default settings are suitable for the integration but you might want to review the settings to suit the needs of your organization.
- Click “Review + Create” on the bottom of the page, then click “Create“.
1. Create a new storage container in the Azure Portal
- Browse to Storage accounts and select an account.
- Under Data storage select Containers and click the “+ Container” button to create a new container.
- Enter a name for the container and click “Create“.
NOTE! This container should be reserved only for the contracts in Zefort. During the procedure the integration will upload new contracts and remove obsolete contracts (which have been deleted in Zefort). Therefore all files that are not in Zefort will be removed from the container.
2. Create a new Azure Blob Storage integration entry in Zefort’s Account Settings
- In Zefort browse to Account Settings → Integrations.
- Click the “Connect” button in the section “Azure Blob Storage mirror” and enter the following settings:
- Status: Disabled*
*This will be enabled in the final phase
- Container name: The name of the container you created in phase 1
(this is case-sensitive so be sure to copy-paste or type in the name exactly as in Azure). - Connection string: The connection string for your Azure Storage account.
This string can be found in the Azure Portal (Storage Accounts → The name of the account → Security + Networking →Access keys → Show keys). You can use either of the connection strings (for key1 or key2).
- Status: Disabled*
- After you’ve entered the settings click “Save” to close the dialog.
3. Notify Zefort’s support about your new integration
Contact support@zefort.com and let us know you’ve created a new Azure Blob Storage entry in your integration settings. Include the name of the Azure storage account and Azure storage container in the email (do NOT send us your connection string). As in phase 3, this information is also case-sensitive so make sure you enter the account name and the container name exactly as they appear in Azure.
We will then configure our firewall to allow connections to the aforementioned Azure storage container. The purpose of this phase is to keep your data safe, so that it will be only transferred to a container you surely own. (Note that you can rotate your connection string in Azure and use the new string in Zefort’s integration settings without contacting us.)
4. Enable the integration
The integration can be activated once we have confirmed that the previous phase has been completed and the firewall rules have been updated.
- Change the integration status from “Disabled” to “Active” and press “Save“.
- The next operation will take place on the following Sunday. In the following week, check your Azure storage container to see if your contracts have been mirrored. In case of any trouble please don’t hesitate to contact our support.
Securing your container
Connections towards the container always come from the dedicated IP addresses for egress traffic. We strongly recommend you to configure Azure to only allow connections from these IP addresses, instead of allowing “public access” from anywhere on the internet. Please refer to Azure documentation on the specifics.
Email notifications
You can order an email notification for each mirroring process when the weekly sync is completed. The summary includes following information:
- Contracts checked: number of contracts in Zefort account
- Objects added: number of files added in Azure Blob storage
- Objects updated: number of files that have been updated in Azure Blob storage
- Objects deleted: number of files deleted from Azure Blob storage
- Data sent: amount of data that was sent from Zefort to Azure Blob storage
Note! Objects include also log files that are updated weekly. For this reason, the number of deleted objects is larger than the number of deleted contracts in Zefort.