CockroachDB Dedicated on Azure

This page provides information about CockroachDB Dedicated clusters on Microsoft Azure, including frequently asked questions and limitations during limited access. To create a cluster, refer to Create Your Cluster.

Limitations

During limited access, CockroachDB Dedicated clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team. For more details, refer to the FAQs.

Regions

• Clusters can be created in the following regions:

  • australiaeast
  • canadacentral
  • centralus
  • eastasia
  • eastus
  • germanywestcentral
  • northeurope
  • uksouth
  • westus2

Editing and scaling

• A cluster must have at minimum three nodes. Single-node clusters are not supported.
• After it is created, a cluster's regions cannot yet be modified.
• After it is created, a cluster's storage can be increased in place, but cannot subsequently be decreased or removed.

Networking

• Azure Private Link is not yet available. IP Allowlisting allows you to restrict the IP addresses that can connect to your cluster.

Observability

• Exporting metrics to Datadog is available. Enable the Datadog integration in the CockroachDB Cloud Console or with the Cloud API.
• Exporting metrics to Azure Monitor is not yet available. To express interest, contact your Cockroach Labs account team.
• Log Export is not yet available.

Other features

PCI-Ready features are not yet available on Azure. To express interest, contact your Cockroach Labs account team.

• Private Clusters
• Customer Managed Encryption Keys (CMEK)
• Egress Perimeter Controls

FAQs

The following sections provide more details about CockroachDB Dedicated on Azure.

What is Limited Access and how does it relate to CockroachDB Dedicated on Azure?

CockroachDB Dedicated on Azure is fully managed, like on GCP or AWS. During limited access, your organization must be enrolled before you can deploy CockroachDB Dedicated clusters on Azure.

The clusters created during this period are recommended for proof-of-concept and testing, and are not suitable for production. The CockroachDB Cloud Service Level Agreement (SLA) is not applicable to Azure clusters during limited access. Azure clusters are excluded from premium support agreements during limited access, and technical support is only available during business hours.

Are multi-region clusters supported?

Yes.

Are horizontal and vertical scaling supported?

Yes. Refer to Cluster Management.

What Azure regions can we choose?

Refer to Azure Regions.

What kind of compute and storage resources are used?

Dedicated clusters on Azure use Dsv4-series VMs and Premium SSDs. This configuration was selected for its optimum price-performance ratio after thorough performance testing across VM families and storage types.

Can we use credits to pay for clusters on Azure?

Yes, existing CockroachDB Cloud customers can pay for the usage of CockroachDB Dedicated clusters on Azure with their available credits. To add additional credits to your CockroachDB Cloud organization, contact your Cockroach Labs account team.

Does the CockroachDB Cloud technical SLA cover clusters on Azure?

During limited access, the CockroachDB Cloud technical SLA does not apply to CockroachDB Dedicated clusters on Azure. For more details about the roadmap, contact your Cockroach Labs account team.

What backup and restore options are available for clusters on Azure?

Managed-service backups automatically back up clusters on Azure, and customers can take and restore from manual backups to Azure storage (Blob Storage or ADLS Gen 2). Refer to the blog post CockroachDB locality-aware Backups for Azure Blob for an example.

Is it possible to take encrypted backups?

Yes, customers can take and restore from encrypted backups on Azure storage by using an RSA key stored in Azure Key Vault.

Are changefeeds available?

Yes, customers can create and configure changefeeds to send data events in real-time from a CockroachDB Dedicated cluster to a downstream sink such as Kafka, Azure storage, or Webhook. Azure Event Hubs provides an Azure-native service that can be used with a Kafka endpoint as a sink.

Can we export logs and metrics from a cluster on Azure to Azure Monitor or a third-party observability service?

During limited access, exporting metrics to Datadog is supported. Refer to Export Metrics From a CockroachDB Dedicated Cluster. It’s not possible to export cluster logs or metrics to Azure Monitor or to another third-party observability service during the limited access period. To express interest in this feature, contact your Cockroach Labs account team.

Are CockroachDB user-defined functions available for clusters on Azure?

Yes, user-defined functions are supported for CockroachDB Dedicated clusters on Azure. The same CockroachDB binaries are used across CockroachDB Cloud deployment environments, and all SQL features behave the same on Azure as on GCP or AWS.

Can we migrate from PostgreSQL to CockroachDB Dedicated on Azure?

CockroachDB supports the PostgreSQL wire protocol and the majority of PostgreSQL syntax. Refer to Supported SQL Feature Support. The same CockroachDB binaries are used across CockroachDB Cloud deployment environments, and all SQL features behave the same on Azure as on GCP or AWS.

How are clusters on Azure isolated from each other? Do they follow a similar approach as on AWS and GCP?

CockroachDB Cloud follows a similar tenant isolation approach on Azure as on GCP and AWS. Each Dedicated cluster is created on an AKS cluster in a unique VNet. Implementation details are subject to change.

Can we use Single-Sign On to sign-in to and manage clusters on Azure?

Yes, Cloud Organization SSO is supported. This feature is unrelated to the cluster's deployment environment.

What secure and centralized authentication methods are available for Dedicated clusters on Azure?

Human users can connect using Cluster SSO, client certificates, or the ccloud command or SQL clients.

Application users can connect using JWT tokens or client certificates.

How is data encrypted at rest in a cluster on Azure?

Customer data at rest on cluster disks is encrypted using server-side encryption of Azure disk storage. CockroachDB’s file-based encryption at rest and Customer-Managed Encryption Keys (CMEK) are not available during the limited access period. To express interest, contact your Cockroach Labs account team.

All client connections to a CockroachDB Dedicated cluster on Azure, as well as connections between nodes, are encrypted using TLS.

Can we use private connectivity methods, such as Private Link, to securely connect to a cluster on Azure?

You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB Dedicated cluster on Azure. Azure Private Link is not available during the limited access period. To express interest, contact your Cockroach Labs account team.