Deploying GraphDB in Azure

GraphDB can be deployed on Microsoft Azure by following the general installation instructions. You can find information regarding the costs of running a GraphDB instance on the Azure website.

You can find a Terraform module in our GitHub repository that automates the procedure for deploying GraphDB on Azure. This documentation lists just the necessary prerequisites for using the script.

Architecture

The GraphDB architecture diagram showcases the deployment architecture for GraphDB on VM scale set instances in Azure cloud platform. The diagram illustrates the key components, and their interactions to provide a high-level understanding of the system’s architecture and how it should be deployed.

_images/azure-architecture.png

Note

There are no third-party integration points on the default GraphDB deployment.

Prerequisites

There are several prerequisites for running a GraphDB instance on Azure:

  • Access to an Azure account and an active Azure subscription

  • Active GraphDB license required to use the Enterprise functionalities of the database

  • Create a shell script used to initialize the VM scale set instances

Note

The GraphDB Terraform module contains a Terraform template you can use when creating your shell script. If you use the Terraform template, you will need to replace the placeholder values of all variables with your actual values.

Technical requirements

The following Azure services are required to complete the GraphDB deployment on Azure:

Service

Description

Resource Group

Container that holds closely related Azure resources and services that forms a solution.

Virtual Network

Private virtual network that enables Azure resources to communicate securely with each other.

VM scale set

Scalable compute service for creating and managing load balanced VM instances. Used to deploy GraphDB VM images build with GraphDB Azure Packer scripts that packages GraphDB and GraphDB external cluster proxy.

Managed disks

Block level storage for persistent data attached to VM instances. Used for persistent storage of GraphDB instance data, configurations and log files.

Application Gateway

Scalable layer 7 web load balancer managing traffic to applications in Azure. Used to load balance requests to GraphDB’s external cluster proxies running in the VM scale set.

NAT Gateway

Gateway for private outbound connectivity to the internet from VM instances. Provides GraphDB VM scale set instances with NAT based internet connectivity without directly exposing them.

Key Vault

Secure storage for secret keys and certificates.

App Configuration

Service for central storage and management of application settings and feature flags. Used to store GraphDB configurations and license.

Storage Account

Secure storage for files and objects. Used for scheduled GraphDB backups that are stored as BLOBs in a storage container.

Azure Monitor

Monitoring service that collects and aggregates data, metrics and service logs from different Azure resources.

DNS Private Zones

Secure DNS service for private DNS resolution between Azure resources. Used to establish stable network identifiers for GraphDB VM scale set instances.

Public IP

Dedicated IP address exposing Azure resources on the internet. Used to expose the Application Gateway and NAT gateway on the internet.

Network Security Groups

Security rules restricting the network traffic between Azure resources in an Azure Virtual Network. Used to restrict the traffic between the Virtual Network subnets.

Required skills

Note

Deploying GraphDB on Azure requires a combination of skills in Azure infrastructure management, database administration, and system troubleshooting. Acquiring these skills may involve hands-on experience, self-study, online resources, and formal training programs provided by Azure like Azure Fundamentals or other educational platforms.

The following skills and knowledge are typically required in order to successfully deploy GraphDB on Azure:

Azure Fundamentals

Familiarity with Microsoft Azure and understanding of its core concepts, such as subscriptions and resource groups, VM instances, virtual networks, security groups and RBAC roles. Knowledge of how to navigate the Azure Portal and interact with Azure resources is essential.

Azure Virtual Networks

Understanding network fundamentals and security, subnets and network security groups. Knowledge of how to set up inbound and outbound traffic rules with NSGs to allow communication with GraphDB.

Azure VM scale sets

Proficiency in creating and managing Azure VM instances. This includes selecting the appropriate machine size, configuring security settings, managing storage (Managed Disks), and understanding VM instance lifecycle management.

Monitoring and Troubleshooting

Proficiency in monitoring the health and performance of GraphDB instances on Azure. Understanding of logging, monitoring and troubleshooting techniques using Azure Monitor, VM instance logs, and GraphDB diagnostic tools.

Linux Administration

Proficiency in Linux command-line interface (CLI) and basic administration tasks. This includes SSH access to the VM instances using Azure Bastion, navigating the file system, managing permissions, installing packages, and configuring system settings.

Database Management

Knowledge of GraphDB and its deployment requirements. Understanding of how to configure GraphDB settings, including database storage, memory allocation, and repository creation.

Database Backup and Recovery

Familiarity with backup and recovery strategies for GraphDB on Azure. Knowledge of Azure services like Storage Account for data backups and restoration processes.

High Availability and Scalability

Knowledge of implementing high availability and scalability for GraphDB on Azure. This may involve using features like VMSS Auto Scaling, load balancers, and multi-Availability Zone (AZ) deployments.

Infrastructure as Code (IaC)

Familiarity with Infrastructure as Code principles and tools like Terraform. This enables automating the provisioning and configuration of GraphDB infrastructure.

Security Best Practices

Understanding of security best practices for Azure deployments, including data encryption, access controls, identity and access management, and compliance considerations.