How To Create X509 Security Certificate

In this article, we will learn how to create the self-signed X.509 security certificate for Azure IoT Hub Device Provisioning Service and Azure IoT Hub, which can be helpful during development instead of relying on the real IoT Device certificate. If you are new to the IoT, then you can read my previous articles using the following links to learn more about the IoT.

What is use of X.509 Certificate?

The X.509 certificate helps to identify the device on IoT Hub using public and private keys stored within the certificate.

How To Create X.509 Test Certificates locally?

X.509 certificates are required during the development of IoT applications for devices that rely on X.509-based authentication.The developer tests many scenarios during the development, so every time the new certificate and device for development is not possible, we require something virtual but gives a real-life experience, so by considering time and cost, we will create the test certificates locally and test the Azure IoT experience. Microsoft has provided the sample PowerShell script on GitHub to generate the X.509 certificates.Step 1: Copy the PowerShell Script.

Copy the following PowerShell script and save it on your PC storage location as GenerateTestCertificate. or whatever name you wish, just make sure you have saved the file with an extension . ps1.

# Copyright (c) Microsoft. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for full license information.

Param(
    $deviceName = "iothubx509device1",
    $certificateValidityInYears = 1
)

$cert = New-SelfSignedCertificate `
    -Type Custom `
    -Subject "CN=$deviceName, O=TEST, C=US" `
    -KeySpec Signature `
    -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 `
    -KeyLength 2048 `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -NotAfter (Get-Date).AddYears($certificateValidityInYears)

Write-Host "Generated the certificate:"
Write-Host $cert

Write-Host "Enter the PFX password:"
$password = Read-Host -AsSecureString

$cert | Export-PfxCertificate -FilePath certificate.pfx -Password $password
Set-Content -Path certificate.cer -Value ([Convert]::ToBase64String($cert.RawData)) -Encoding Ascii


I have saved the file on my E drive in the Cert folder, which looks like as follows.



Step 2: Open the PowerShell ISE

Now open the PowerShell ISE command prompt in administrative mode as follows.



Make sure it's PowerShell ISE, not just a PowerShell command prompt.

Step 3: Change The Directory

Change the directory location where your GenerateTestCertificate.ps1 certificate PowerShell file is located. In this article, the file is located under the E Drive Cert folder.


In the preceding image, the path is set to the Cert folder using the CD command, in which our PowerShell Script file is located.

Step 4: Load GenerateTestCertificate.ps1 File

As shown in the following image, load the GenerateTestCertificate.ps1 file and provide the parameter which is a CA (common name of the certificate), which internally can be used as a DeviceId of the IoT device. Make sure you are following the command syntax exactly as shown in the below image.


Once all the details are given as shown in the image, then press the enter key on your keyboard. It will prompt the following screen. Provide the password for the PFX certificate and remember the password that is required during the provisioning of the device on the IoT Hub.


Once you enter the password, press the enter or OK button as shown in the preceding image. Once the certificates are successfully generated, the following details are shown on the PowerShell command prompt.



There are two certificates created with the preceding procedure that are password-protected PKCS12 formatted file (certificate.pfx) and public key certificate file (certificate.cer).

The created certificates files are stored in the same location as your GenerateTestCertificate.ps1 file. Now navigate to the my E drive cert folder where you will see the created file.


As you see in the preceding image, the X.509 self signed certificates are created that are password-protected PKCS12 formatted file certificate.pfx and public key certificate file certificate.cer.

Both the certificates are required to authenticate the single device. One is a public key certificate used to enrol the device on the Azure device provisioning service and the other is password protected . Pfx is required to identify the device and provision the device on the IoT Hub.

Summary

I hope from the preceding explanation you have learned how to create the X.509 test certificate. In my next article, we will learn how to enrol an X.509 device on the Azure Device provisioning service and provision the device on the Azure IoT Hub. If you are facing any issue while generating the certificates, then you can use the comment box to ask your queries.

Related article

Difference between Azure Resource and Resource Group

Azure resource and Azure resource group are two of the most commonly used terms while working with Microsoft Azure. Recently, one of the readers asked me about the difference between these two terms, so I have decided to write a post on these two terms.

What is Resource?

The resource is simply an Azure service like an app service, Azure storage, Azure service bus, and so on. It means whenever you create a new resource, you are actually creating an Azure service.

What is Azure Resource Group?

The Azure resource group is the collection of resources. The resource group is the container in which multiple Azure services reside.

Every Azure service must be located in a resource group. The resource group gives better flexibility to manage the life cycle of all services in one place, which are located in the resource group. You can deploy, update, and delete these services together.

Key Points of Azure Resource Group

  • The resource group can be created using Azure portal, Azure CLI, Azure PowerShell and Azure ARM Template.
  • The every resource group has its own deployment location to store the metadata of the services which are contained in the resource group, no matter in which location your services are deployed.
  • All services located in the resource group have a similar life cycle, you can delete, update and deploy them together.
  • You can move services from one resource group to another resource group.
  • If the service has the same metadata, it won't be allowed in a different resource group. It means you cannot have two resource groups for one service which is identical.
  • The resource group and resources can be in different regions. It means that if your resource group location is the US region, then your service might have any other deployment location such as west Europe etc.
  • The Resource group provides better control to manage the security of a group of services such as user access and resource permission etc. so someone cannot harm the service.
  • Every resource in the resource group can connect to the other resource group services.
  • Each resource group can deploy 800 services at a time.
  • When you delete the resource group, then all the services which are in the resource are deleted.

Summary

I hope this article is useful to understand the difference between the Azure resource and the resource group. If you have any doubts, then please ask using the comment box.

Related articles

How to Get Free Access to Azure DevOps Build Agents

 Microsoft has changed the policy to allow the free tier of hosted agent pools for public and private projects of newly created DevOps organisations by citing the reason that many are abusing this feature by sending a huge amount of traffic to these hosted agent pools. For this reason, many are getting the following error during the build pipeline.

No hosted parallelism has been purchased or granted. To request a free parallelism grant, please reach out to azpipelines-freetier@microsoft.com with your name and organization name.


The sudden change is causing lots of trouble for those who have been using the feature for a long time, particularly those who are community contributors (public speakers, bloggers, etc.). Obviously, many users across the world disagree with the change and the restrictions.

How do I get free access to the Azure DevOps Build Agent Pools?

Microsoft devises some temporary workarounds until the automated solution is implemented to grant permission to those users who require free hosted agent pools.

Now users need to drop their email to get the free tier access based on the project visibility types, which is explained below.

As you know, there are two types of repositories you can create, as mentioned below, and based on project types, the build agent pools are different.

  • Private
  • Public

Private Project

To get the free tier access of Microsoft hosted agent pools for private projects, send an email to azpipelines-freetier@microsoft.com with the following details:

Public Project

To get the free tier access of Microsoft's hosted agent pools for public projects, send an email to azpipelines-ossgrant@microsoft.com with the following details:
  • Your Name
  • Microsoft azure DevOps organization name (dev.azure.com/yourorganization)
  • Link of the repositories you want to build
  • Short description of your project.

Update (03-12-2022)

Microsoft introduced the form instead of email, so you can fill out the below form using the following link:

How soon will I get the free grant after the email?

There is no defined timeline for approval in which someone can expect approval within your expected days, but by considering the mass requests and manual approval process, we can consider a timeline of 7 to 15 working days from your email.

Summary

I hope you came to know the root cause of the issue, and some of you got help on how to get the free grant. If you have any doubts, then please send them using the comment box.

Related Articles

How To Create x509 Test Certificate for Azure IoT

During the IoT application development we need the X.509 certificates for those devices which are depends on the X.509 based authentication. The developer test many scenarios during the development, so every time buying the new certificate and device for development is not possible, so we required something virtual but gives a real-life experience, so by considering time and cost, we will create the test certificates locally and test the Azure IoT experience. Microsoft has provided the sample PowerShell script on GitHub to generate the X.509 certificates.

What is use of X.509 Certificate?

The X.509 certificate helps to identify the device on IoT Hub using public and private keys stored within the certificate.

Step 1: Copy the PowerShell Script

Copy the following PowerShell script and save it on your PC storage location as GenerateTestCertificate.ps1 or whatever name you wish, just make sure you have saved the file having an extension .ps1.

# Copyright (c) Microsoft. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for full license information.

Param(
    $deviceName = "iothubx509device1",
    $certificateValidityInYears = 1
)

$cert = New-SelfSignedCertificate `
    -Type Custom `
    -Subject "CN=$deviceName, O=TEST, C=US" `
    -KeySpec Signature `
    -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 `
    -KeyLength 2048 `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -NotAfter (Get-Date).AddYears($certificateValidityInYears)

Write-Host "Generated the certificate:"
Write-Host $cert

Write-Host "Enter the PFX password:"
$password = Read-Host -AsSecureString

$cert | Export-PfxCertificate -FilePath certificate.pfx -Password $password
Set-Content -Path certificate.cer -Value ([Convert]::ToBase64String($cert.RawData)) -Encoding Ascii

I have saved the file on my E drive in the Cert folder which looks like as follows.


Step 2: Open the PowerShell ISE

Now open the PowerShell ISE command prompt in administrative mode as follows.


Make sure it's PowerShell ISE, not just PowerShell command prompt.

Step 3: Change The Directory

Change the directory location where your generate test certificate PowerShell file is located. In this article, the file is located under the E Drive Cert folder.


In the preceding image, the path is set to the Cert folder using the CD command in which our PowerShell Script file is located.

Step 4: Load GenerateTestCertificate.ps1 File

As shown in the following image, load the GenerateTestCertificate.ps1 file and  provide the parameter which is a CA (common name of the certificate) which internally can be become as a DeviceId of the IoT device. Make sure you are following the command syntax exactly as shown in the below image.


Once all details are given as shown in the image, then press the enter key on your keyboard, it will prompt the following screen. Provide the password for the pfx certificate and remember the password which is required during the provisioning the device on IoT Hub.


Once you enter the password press the enter or OK button as shown in the preceding image. Once the certificates are successfully generated, the following details are shown on the PowerShell command prompt.



There are two certificates created with the preceding procedure that are password-protected PKCS12 formatted file (certificate.pfx) and public key certificate file (certificate.cer).

The created certificates files are stored in the same location as your GenerateTestCertificate.ps1 file. Now navigate to the my E drive cert folder where you will see the created file.


As you see in the preceding image, the X.509 self signed certificates are created that are password-protected PKCS12 formatted file certificate.pfx and public key certificate file certificate.cer.

Both the certificates are required to authenticate the single device that is a public key certificate used to enroll the device on Azure device provisioning service and password protected .Pfx required to identify the device identity and provision the device on IoT Hub.

Note

  • These certificates are only for testing purposes, don’t use for the production. 
  • Please buy the certificates from the respective device certificate authority for production requirement.

Summary

I hope from the preceding explanation you have learned how to create the X.509 test certificate. In my next article, we will learn how to enroll X.509 device on Azure Device provisioning service and provision the device on Azure IoT Hub. If you are facing any issue during generating the certificates then you can use the comment box to ask your queries.

If you are new to the IoT, then you can read my previous articles using the following given links to learn more about the IoT.

Related article

Device Enrollment Using Symmetric Key In Azure DPS

In this article, we will learn how to enroll the device using the Symmetric key in Azure device provisioning service. If you have not read my previous articles about Azure device provisioning service yet, then please read them using the following link.As explained in the previous articles, IoT devices on the IoT hub can be connected in two ways that are
  • Using Device Provisioning Service then Azure IoT Hub
  • Directly to the Azure IoT hub
So let's learn how to enroll the IoT devices with Device Provisioning Service (DPS).

What is Device Enrollment?

Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.

Now let's learn step by step how to enroll the IoT devices

Step 1: Login To Azure Portal

After login into the azure portal, find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service article or if you haven't created it, then please follow the steps shown in the article and create it. I hope you have DPS services on the portal. Now find the option to manage enrollments as shown in the following image.


 Device Provisioning Service (DPS) provide the  following two concepts,
  • Individual Enrollment
  • Group Enrollment
In this article we will learn about the individual device enrollment using the symmetric key.

What is Individual Enrollment?

This allows enrolling one device at a time that allows unique configuration per device. 

Step 2:  Navigate To Azure Device Provisioning Service Instance

To create the individual enrollment, select manage enrollment, then click on the Add individual enrollment as shown in the following image.


After clicking on the Add individual enrollment button, the following screen will get appeared as shown in the following step.

Device Enrollment Using Symmetric Key

Choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image.



In the symmetric key attestation mechanism we need to provide the registration id but in X.509 enrollment the registration id taken from the certificate common name (CN).

Now providing all the above details, click on the save and go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.





As shown in the preceding image, we see the registration id reg100 is added, follow the same steps for other types of attestation mechanism, and enroll the device.


Summary

I hope this article is useful to understand how to enroll the device using Symmetric key in Azure device provisioning service.

Azure Device Provisioning Service IoT Hub Allocation Policy

In my previous article, we have learned how the Azure Device Provisioning Service helps to manage the IoT devices throughout their life cycle. You can link the multiple IoT Hub to the single instance of Azure device provisioning service and IoT devices automatically allocate to the specific IoT hub based on the set policy during the device enrollment. There are the following policies supported by the device provisioning service.

  • Static configuration
  • Evenly weighted distribution
  • Lowest latency

Static Configuration

When static allocation policy is assigned during the devices enrollment, then it gives the option to choose the IoT Hub & based on selected IoT hub devices get registered to the specific IoT hub.
The following flow will give an idea how it will work.

Evenly Weighted Distribution

Evenly distributed policy registers the device on the IoT hub which has less utilization & load. Let’s say we have ten IoT devices and two linked IoT hubs, then five devices will be assigned to one IoT hub and five devices to another IoT hub based on how much available IoT hub is utilized.
The following process diagram will give a clear idea of an evenly distributed policy.

Lowest latency

Lowest latency policy allows to allocate the device on the IoT hub which is near the device location. It means device automatically allocate to the closest IoT hub ((Datacenter) of the device location, which will make faster communication between devices and the IoT hub.
The following diagram shows how the lowest latency policy works.

Summary

I hope this article helped you to understand about the Azure device provisioning service IoT hub allocation policies. In the next article we will learn about the Azure event hub.

Related Articles

Resource Group and Resource in Azure

Azure resource and azure resource group are two most commonly used terms while working with Microsoft azure. Recently one of the readers asked me about the difference between these two terms, so I have decided to write a post on these two terms.

What is Resource?

The resource is nothing but an Azure service such as app service, Azure storage, azure active directory etc. It means whenever you create a new resource, you are actually creating the azure service.

What is Azure Resource Group?

The azure resource group is the collection of resources, the resource group is the container in which multiple azure services reside.

Every Azure service must be located in the resource group. The Resource group gives better flexibility to manage the life cycle of all services at one place, which are located in the resource group. You can deploy, update and delete these services together.

Key Points of Azure Resource Group

  • The resource group can be created using Azure portal, Azure CLI, Azure PowerShell and Azure ARM Template.
  • The every resource group has its own deployment location to store the metadata of the services which are contained in the resource group, no matter in which location your services are deployed.
  • All services located in the resource group have a similar life cycle, you can delete, update and deploy them together.
  • You can move services from one resource group to another resource group.
  • If the service has the same metadata, it won't be allowed in a different resource group. It means you cannot have two resource groups for one service which is identical.
  • The resource group and resources can be in different regions. It means that if your resource group location is the US region, then your service might have any other deployment location such as west Europe etc.
  • The Resource group provides better control to manage the security of a group of services such as user access and resource permission etc. so someone cannot harm the service.
  • Every resource in the resource group can connect to the other resource group services.
  • Each resource group can deploy 800 services at a time.
  • When you delete the resource group, then all the services which are in the resource are deleted.

Summary

I hope this article is useful to understand the difference between the Azure resource and resource group. If you have any doubts, then please ask using the comment box.

Related articles

How To Get Return Value Using SQL Stored Procedure

In this article, we will learn how to get the return value using the SQL stored procedure Out parameter. There are some scenarios where we need the return value using the SQL stored procedure such as whenever a new order is created into the database, then return an OrderId to the user for reference.

Let's consider the similar scenario and we have the following table OrderDetails which maintains the processed orders as shown in the following image.


I hope you have created the same table structure as shown above. Now create the stored procedures to get the return value as in the following code snippet.

Create PROCEDURE PlaceOrder  
(  
@Product varchar(50),  
@Amount decimal(18,2),  
@OrderId int out  
)  
AS  
BEGIN  
SET NOCOUNT ON;  
  
INSERT INTO [dbo].[OrderDetails]  
           (  
            Product,  
            Amount
           )  
     VALUES  
           (  
          @Product,  
          @Amount
           )  
select @OrderId=isnull(max(OrderId),0) from OrderDetails

END 

Now execute the stored procedure using the SQL editor as follows.



In the preceding, The stored procedure inserts the new order into the SQL table and return the out value as OrderId using the stored procedure.

Summary

I hope from the preceding explanation, you have learned how to return the value using the SQL stored procedure. If you have any queries, then you can send using the following comment box.

Related articles


Creating Azure Cosmos DB Using Azure Portal

In this article, we will learn how to create the Azure Cosmos DB using the Azure Portal. So let's start creating the Cosmos DB service step by step.

Prerequisites

You need a valid Azure subscription either free or paid to create any service in the Azure, I hope you have a valid subscription.

What is Azure Cosmos DB?

Azure Cosmos DB is the NoSQL database which is a globally distributed and highly available database. The Azure Cosmos DB stored the data in the JSON format. The database is easily scalable by a few clicks across the regions.

Step 1: Login To Azure Portal

Navigate to the portal.azure.com using a browser and login into the portal with valid credentials, as shown in the following image.

After a successful authentication, the page will be redirected to the Azure portal default dashboard page as shown in the following image.

 Step 2:  Create the Azure Cosmos DB

Find the create resource option which can be found left top side of the portal as shown into the following image or follow any other option which you may know to create the resource (service) in the Azure portal. Search for the Azure Cosmos DB as shown in the following image.


As shown in the preceding image, click on the create button, it will show the following screen.


Provide the required details as shown in the preceding image

Subscription

Choose the available Azure subscription which you want to use for creating the service from the drop down list.

Resource Group

Choose an existing resource group or create a new resource group which you may want to use.

Account Name

Provide the unique name for the Azure Cosmos database account which creates the universal unique URI by appending the Cosmos database service URL.

API

Azure Cosmos database provides the five API's which decide what type of data is stored into the cosmos DB. The following are the API's.

  • SQL API
  • Cassandra API
  • Gremlin API
  • Table API
  • MongoDB API
In our article we are using the SQL API.

Location

Choose the deployment location for Azure Cosmos database from the given list.

Capacity Mode

The capacity mode decides the processing capacity for your database which are as

  • Provisioned throughput 
  • Serverless

The database operation cost also differs depending on the selected capacity mode.

Apply Free Tier Discount

You can decide whether to apply or not to apply the free tier discount. If you apply the free tier discount, you will get the first 400 RU/s and 5 GB of storage for free in an account.

Account Type

The Azure Cosmos database allows users to choose the following two account types.

  • Production
  • Non-production

If your application is running in the production environment, then choose the Production account type; otherwise, choose the non-production account type. This is only the azure resource tag which does not impact on any cost-related things on your Cosmos database account.

Geo-redundancy

You can enable the disable of your account global distribution by pairing with the other region. This makes sure that your database account will be globally replicated along with another region.

Multi-region Writes

The Azure Cosmos DB is capable of writing the data on the multiple regions. If you want to write the data to multiple regions, then just enable the button, otherwise keep it in disable mode.

After providing all the required basic details, click on the next button, then the networking screen will get appeared where you can define the networking details as shown in the following image.


As shown in the preceding image, you can decide from which network the Azure Cosmos database is available to connect that is either public network or private network or both the networks.

Now after providing the required networking details, click on the next Backup policy option, then the following screen will appear where you can define the Backup policy details.


You can choose the backup policy, how frequently database backup can be taken by using the periodic or Continuous option, as shown in the preceding image.

Now after providing the required backup policy details, click on the Next Encryption button, then the following screen will appear where you can define the encryption details.


As shown in the preceding image, choose how data is encrypted that is either using the service managed key or customer managed key.

Once you choose the data encryption method, click on the next step tags, which will show the following screen.


The tagging helps to identify or categorize the services across the line of applications. After providing the tag details, click on the next step, Review and Create, then the following screen will get appeared to review the details before creating the service.


After reviewing details, click the create button, it will take some time to create the service. Once the service is created, the status can be notified on the notification icon. Now click on the Go to resource button, you will be redirected to the newly created Azure Cosmos database service.

The Azure Cosmos database welcome screen will look like as shown in the following image from which you can manage your Azure cosmos database.


Step 3: Create the DataBase and Container.

In previous steps we have created the Azure Cosmos database account. Now we need to create the database and a container to store the data. Use the data explorer option as shown in the following image.


As shown in the preceding image, HumanResource is the database id and EmployeeMaster is the Container Id. These two terms are equivalent to the database name and table name respectively in a relational database.

The Database throughput decides the request-proceesing capacity for your database which you can choose between the Manual and Autoscale. Choose the manual for this article and keep 400 RU/s (request units per second), which is the default. We have chosen Partition Key as departmentName which can logically distribute the data on the multiple servers which makes database operation faster, each partition key has 20 GB of capacity.

I hope you have provided the required details as explained in the preceding, now click the Ok button, then it will create the database and container as shown in the following image.


Step 4: Adding the New Item

Now we have a Database and Container Id, let's add the item (records) into it as steps shown in the following image.


Now use the preceding document structure and click on the save button. After saving the document, it will look like as follows.


As you can see in the preceding image, what the added document structure looks like, Cosmos DB will add some auto-generated properties which can be mostly useful during the database operation.

Summary

I hope from the preceding explanation you have learned how to create the cosmos database and add the document.

Related Articles

Now Azure Cosmos DB Support Partial Document Update

The Microsoft announced the most awaited and productive feature for Azure Cosmos DB in the Build 2021 event that is to update the partial document in the Azure Cosmos DB.

Previously, the developer needed to call the whole document in the program and replace the entire document even for a single field update. This process involved the round trip to the server. This process consumes lots of request units for each request which directly impact on cost increase.

The partial update document feature is available for Core (SQL) API using the .NET SDK, Java SDK and stored procedures. The developer can sign up for a private preview using the following link to test the applications.

Related article

I hope this post is useful to get early access to the feature and test your application. If you like this article, then share with your friends and subscribe to the blog.

Now Azure Cosmos DB Free Tier Supports 25 GB Storage and 1000 Ru/s

In the MS Build 2021 event, Microsoft announced the limit enhancement of Azure Cosmos DB. Now Azure Cosmos DB will support 25 GB of storage and 1000 request units per second (1000 Ru/s) for every month per subscription, which is increased from previously 5 GB of storage and 400 request units per second (400 Ru/s) per subscription.

You can use this free tier by simply creating the free tier Cosmos DB account or just applying the free tier discount. If you know more how to create the Azure Cosmos DB, then please refer to the following link.


The limit enhancement will help developers to test their small application workloads very effectively in the development environment..

Read more details by using the following link.

Summary

Microsoft Azure enhancing their platform in a very short time to enhance the user experience and productivity, I hope you will test your applications effectively with the limit enhancement.

Getting Started with Azure Cosmos DB

In this article, we will learn about the Azure Cosmos DB. So let's learn about Azure Cosmos DB  step by step.

Prerequisites

You need a valid Azure subscription either free or paid to create any service in the Azure, I hope you have a valid subscription.

What is Azure Cosmos DB?

Azure Cosmos DB is the NoSQL database which is a globally distributed and highly available database. The Azure Cosmos DB stored the data in the JSON format. The database is easily scalable by a few clicks across the regions.

Now let's learn about the Cosmos DB while creating the instance into the Azure portal. So you can visualize and understand the concepts easily.

Step 1: Login To Azure Portal

Navigate to the portal.azure.com using a browser and login into the portal with valid credentials, as shown in the following image.

After a successful authentication, the page will be redirected to the Azure portal default dashboard page as shown in the following image.

 Step 2:  Create the Azure Cosmos DB

Find the create resource option which can be found left top side of the portal as shown into the following image or follow any other option which you may know to create the resource (service) in the Azure portal. Search for the Azure Cosmos DB as shown in the following image.


As shown in the preceding image, click on the create button, it will show the following screen.


Provide the required details as shown in the preceding image

Subscription

Choose the available Azure subscription which you want to use for creating the service from the drop down list.

Resource Group

Choose an existing resource group or create a new resource group which you may want to use.

Account Name

Provide the unique name for the Azure Cosmos database account which creates the universal unique URI by appending the Cosmos database service URL.

API

Azure Cosmos database provides the five API's which decide what type of data is stored into the cosmos DB. The following are the API's.

  • SQL API
  • Cassandra API
  • Gremlin API
  • Table API
  • MongoDB API
In our article we are using the SQL API for the demonstration.

Location

Choose the deployment location for Azure Cosmos database from the given list. It will always be better to choose the location which is close to your customer's location.

Capacity Mode

The capacity mode decides the processing capacity for your database which are as

  • Provisioned throughput 
  • Serverless

The database operation cost also differs depending on the selected capacity mode.

Apply Free Tier Discount

You can decide whether to apply or not to apply the free tier discount. If you apply the free tier discount, you will get the first 400 RU/s and 5 GB of storage for free in an account.

Account Type

The Azure Cosmos database allows users to choose the following two account types.

  • Production
  • Non-production

If your application is running in the production environment, then choose the Production account type; otherwise, choose the non-production account type. This is only the azure resource tag which does not impact on any cost-related things on your Cosmos database account.

Geo-redundancy

You can enable the disable of your account global distribution by pairing with the other region. This makes sure that your database account will be globally replicated along with another region.

Multi-region Writes

The Azure Cosmos DB is capable of writing the data on the multiple regions. If you want to write the data to multiple regions, then just enable the button, otherwise keep it in disable mode.

After providing all the required basic details, click on the next button, then the networking screen will get appeared where you can define the networking details as shown in the following image.


As shown in the preceding image, you can decide from which network the Azure Cosmos database is available to connect that is either public network or private network or both the networks.

Now after providing the required networking details, click on the next Backup policy option, then the following screen will appear where you can define the Backup policy details.


You can choose the backup policy, how frequently database backup can be taken by using the periodic or Continuous option, as shown in the preceding image.

Now after providing the required backup policy details, click on the Next Encryption button, then the following screen will appear where you can define the encryption details.


As shown in the preceding image, choose how data is encrypted that is either using the service managed key or customer managed key.

Once you choose the data encryption method, click on the next step tags, which will show the following screen.


The tagging helps to identify or categorize the services across the line of applications. After providing the tag details, click on the next step, Review and Create, then the following screen will get appeared to review the details before creating the service.


After reviewing details, click the create button, it will take some time to create the service. Once the service is created, the status can be notified on the notification icon. Now click on the Go to resource button, you will be redirected to the newly created Azure Cosmos database service.

The Azure Cosmos database welcome screen will look like as shown in the following image from which you can manage your Azure cosmos database.


Step 3: Create the DataBase and Container.

In previous steps we have created the Azure Cosmos database account. Now we need to create the database and a container to store the data. Use the data explorer option as shown in the following image.


As shown in the preceding image, HumanResource is the database id and EmployeeMaster is the Container Id. These two terms are equivalent to the database name and table name respectively in a relational database.

The Database throughput decides the request-proceesing capacity for your database which you can choose between the Manual and Autoscale. Choose the manual for this article and keep 400 RU/s (request units per second), which is the default. We have chosen Partition Key as departmentName which can logically distribute the data on the multiple servers which makes database operation faster, each partition key has 20 GB of capacity.

I hope you have provided the required details as explained in the preceding, now click the Ok button, then it will create the database and container as shown in the following image.


Step 4: Adding the New Item

Now we have a Database and Container Id, let's add the item (records) into it as steps shown in the following image.


Now use the preceding document structure and click on the save button. After saving the document, it will look like as follows.


As you can see in the preceding image, what the added document structure looks like, Cosmos DB will add some auto-generated properties which can be mostly useful during the database operation.

Summary

I hope from the preceding explanation you have learned about the Azure Cosmos Database. If you have any suggestion, then you can send it using the comment box.

Related Articles

www.CodeNirvana.in

Protected by Copyscape
Copyright © Compilemode