CockroachDB Dedicated on Azure

On this page Carat arrow pointing down

This page provides information about CockroachDB Dedicated clusters on Microsoft Azure, including frequently asked questions and limitations. To create a cluster, refer to Create a CockroachDB Dedicated Cluster.


CockroachDB Dedicated clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team. For more details, refer to the FAQs.

Editing and scaling

  • A cluster must have at minimum three nodes. A multi-region cluster must have at minimum three nodes per region. Single-node clusters are not supported.
  • After it is created, a cluster's storage can be increased in place, but cannot subsequently be decreased or removed.

Other features

PCI-Ready features are not yet available on Azure. To express interest, contact your Cockroach Labs account team.


The following sections provide more details about CockroachDB Dedicated on Azure.

Can CockroachDB Serverless clusters be deployed on Azure?

CockroachDB Serverless is not currently available on Azure.

Can we use credits to pay for clusters on Azure?

Yes, a CockroachDB Cloud organization can pay for the usage of CockroachDB Dedicated clusters on Azure with credits. To add additional credits to your CockroachDB Cloud organization, contact your Cockroach Labs account team.

Can we migrate from PostgreSQL to CockroachDB Dedicated on Azure?

CockroachDB supports the PostgreSQL wire protocol and the majority of PostgreSQL syntax. Refer to Supported SQL Feature Support. The same CockroachDB binaries are used across CockroachDB Cloud deployment environments, and all SQL features behave the same on Azure as on GCP or AWS.

What kind of compute and storage resources are used?

Dedicated clusters on Azure use Dsv4-series VMs and Premium SSDs. This configuration was selected for its optimum price-performance ratio after thorough performance testing across VM families and storage types.

CockroachDB Dedicated clusters can be created with a minimum of 4 vcPUs per node on Azure.

What backup and restore options are available for clusters on Azure?

Managed-service backups automatically back up clusters on Azure, and customers can take and restore from manual backups to Azure storage (Blob Storage or ADLS Gen 2). Refer to the blog post CockroachDB locality-aware Backups for Azure Blob for an example.

You can take and restore from encrypted backups on Azure storage by using an RSA key stored in Azure Key Vault.

Are changefeeds available?

Yes, customers can create and configure changefeeds to send data events in real-time from a CockroachDB Dedicated cluster to a downstream sink such as Kafka, Azure storage, or Webhook. Azure Event Hubs provides an Azure-native service that can be used with a Kafka endpoint as a sink.

What secure and centralized authentication methods are available for Dedicated clusters on Azure?

Human users can connect using Cluster SSO, client certificates, or the ccloud command or SQL clients.

Application users can connect using JWT tokens or client certificates.

You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB Dedicated cluster on Azure, and you can use Azure Private Link to connect your applications in Azure to your cluster and avoid exposing your cluster or applications to the public internet. Refer to Connect to your cluster.

How are clusters on Azure isolated from each other? Do they follow a similar approach as on AWS and GCP?

CockroachDB Cloud follows a similar tenant isolation approach on Azure as on GCP and AWS. Each Dedicated cluster is created on an AKS cluster in a unique VNet. Implementation details are subject to change.

How is data encrypted at rest in a cluster on Azure?

Customer data at rest on cluster disks is encrypted using server-side encryption of Azure disk storage. Customer-Managed Encryption Keys (CMEK) are not yet available. To express interest, contact your Cockroach Labs account team.

All client connections to a CockroachDB Dedicated cluster, as well as connections between nodes, are encrypted using TLS.

Do CockroachDB Dedicated clusters on Azure comply with SOC 2?

CockroachDB Dedicated on Azure meets or exceeds the requirements of SOC 2 Type 2. Refer to Regulatory Compliance in CockroachDB Dedicated.

Yes No
On this page

Yes No