Starburst Documentation
Starburst Galaxy
  •  Get started
  •  Working with data
  •  Data engineering
  •  Developer tools
  •  Cluster administration
  •  Security and compliance
  •  Troubleshooting
  • Galaxy status
  •  Reference

    • starburst galaxy > security and compliance > manage cluster connectivity > azure > Set up a bastion host in Azure

    Set up a bastion host in Azure #

    Configuring an SSH tunnel for Azure Cloud enables you to connect to your Azure data sources using Starburst Galaxy. This page provides step-by-step instructions for configuring an SSH tunnel for Azure Cloud. After completing these steps, you can use Galaxy to generate catalogs and execute queries using your Azure databases.

    Prerequisites #

    Before you begin, you must complete the following:

    Configure bastion host security #

    To configure a bastion host, you must allow access from both your local network and from your Starburst Galaxy network.

    Connect your local network #

    1. In the Azure portal, use the search bar to navigate to the Virtual machines page. Select the VM that you intend to use as your bastion host.
    2. In the left navigation menu, click Network settings. In the + Create port rule drop-down menu, select Inbound port rule.
    3. In the Add inbound security rule pane, select IP Addresses from the Source drop-down menu.
    4. In the Source IP addresses/CIDR ranges field, enter the public IP address for your local network.
    5. In the Service drop-down menu, select SSH.
    6. In the Name field, enter a name for your inbound security rule.
    7. Click Add to finish creating the rule.

    Connect your Starburst Galaxy network #

    1. In the + Create port rule drop-down menu, select Inbound port rule again.
    2. In the Add inbound security rule pane, select IP Addresses from the Source drop-down menu.
    3. In the Source IP addresses/CIDR ranges field, enter the public IP address range for your Starburst Galaxy network.
    4. In the Service drop-down menu, select SSH.
    5. In the Name field, enter a name for your inbound security rule.
    6. Click Add to finish creating the rule.

    Update SSH client configuration file #

    1. In the Overview page for your VM, copy the Public IP address.
    2. Open your SSH client configuration file using the following command: 
      vi ~/.ssh/config
    3. At the end of the file, paste the following content. Replace <azbastion>, <public-ip>, <azureuser>, and <your-ssh-key-file> with your connection properties. 
      Host <azbastion>
   Hostname <public-ip>
   User <azureuser>
   ForwardAgent yes
   IdentityFile ~/.ssh/<your-ssh-key-file>.pem
   IdentitiesOnly yes
    4. Save and close the file.

    Configure an SSH tunnel in Starburst Galaxy #

    1. Log in to Starburst Galaxy.
    2. Expand the Admin > Cloud Settings menu, and select the Azure tab.
    3. Click the Configure SSH tunnel button.
    4. Click the Generate RSA key button. Copy the RSA key to your clipboard.
    5. Run the following command to create a galaxy.pub file: 
      vi ~/.ssh/galaxy.pub
    6. Paste the RSA key into the file. Save the file.
    7. Use the following command to copy the galaxy.pub file to your bastion host. Replace <azbastion> with the bastion host alias defined in your SSH client configuration file. 
      ssh-copy-id -f -i ~/.ssh/galaxy.pub <azbastion>
    8. Run the following command to access your bastion host using the SSH tunnel: 
      ssh <azbastion>
    9. Return to the Starburst Galaxy SSH tunnels pane.
    10. In the SSH tunnel alias field, enter a name for your SSH tunnel.
    11. In the SSH host and SSH user fields, paste the <azbastion> and <azureuser> values from your SSH client configuration file.
    12. Click the Validate and save button.