How to set up billing: Step 1 (Azure prerequisites)

Allie Cliffe
  • Updated

Step-by-step instructions to set prerequisites for your Terra on Azure environment. This article is for team finance admins with access to the Azure subscription that will cover cloud costs. Once you set the prerequisites, you can proceed to creating the Managed Application and linking it to a Terra Billing Project.

Steps to set up billing (admins)

Terra-on-Azure_Billing-setup_Diagram.png

Prerequisites overview

Before you can create the Terra Azure Managed Application, you must be a member of at least one organization’s subscription in the Microsoft Azure Portal.

If your organization already uses Azure

  • You will need to request access to an Azure Subscription you can use for setting up and working in Terra from your IT admin.
  • Note that if you have trouble registering for an account on Terra (app.terra.bio) because your work email is already associated with an Azure tenant, you can try using a personal email, including a Gmail, for SSO to app.terra.bio. The email you use for SSO (Terra registration) will not affect what cloud you work in in Terra. Whether you are working in Terra on Azure or Terra on GCP is a function of the umbrella cloud billing account behind the workspace Terra Billing Project.  

If your organization is new to Azure

To get started using Azure, you can set up a pay-as-you-go account on the Azure Portal here.  

Free credit accounts aren't compatible with TerraAzure's free credit offering creates a subscription with limitations set on quotas and resources that are needed to power Terra. Transitioning the free subscription to paid does not resolve these issues. For these reasons, we recommend not using free credits to try the Terra platform.

To limit the amount you spend while on a pay-as-you-go account, see How to set up an Azure Cloud cost budget

Terra and your Azure resource group: Subscription prerequisites 

Your Terra environment relies on several Azure services, listed below, for tasks like authentication, setting up storage and compute, and accessing cost information. For Terra to work, your Azure subscription must have a number of resource providers enabled to perform these functions.

What to do if your org has these disabled

These may be disabled by default for your organization. If so, you will need to ask to have them enabled. Understanding how Terra uses these resources should help explain why it is OK to enable resource providers that are disabled by default at the org level. See our Terms of Service for additional details. 

Compute resources

  • AKS for running core analysis services and user-defined applications
  • Compute Data Science VMs for running tools like JupyterLab
  • Batch for running batch jobs (e.g. via Cromwell or Nextflow)
  • Azure Relay for proxying inbound http traffic

Storage resources

  • Storage Account + Blob storage
  • Postgres Flexible

Additional infrastructure

  • Log Analytics
  • App Insight
  • VNet and dedicated subnets for each compute resource

How does Terra use these resources?

You can think of Terra as a SaaS offering that happens to run some infrastructure in your Azure subscription. Resources get deployed in the Managed Resource Group by the Terra Control Plane (which runs externally and is operated by the Broad Institute) when you perform certain actions in Terra. 

Resource providers that must be enabled

The list below outlines all the resource providers you will enable in the Microsoft Azure Portal (scroll down for step-by-step instructions) along with a brief description of what they do.

See additional information about how Terra uses these Azure cloud resources.

  • Microsoft.Storage
    Terra leverages Storage Accounts and Blob Containers for holding unstructured data in Terra workspaces.
  • Microsoft.Compute
    Terra allocates Linux Virtual Machines to run JupyterLab and other analysis applications in Terra workspaces.
  • Microsoft.Authorization
    Registered by default. Terra authenticates through Azure Resource Manager (ARM) for managing cloud resources in your subscription.
  • Microsoft.Batch
    Terra leverages Azure Batch to run batch workflows using Cromwell in Terra workspaces.
  • Microsoft.OperationalInsights
    Terra provisions a Log Analytics Workspace to collect system logs, audit logs, and user application logs.
  • Microsoft.OperationsManagement
    Terra deploys a Data Collection Rule to connect Azure Kubernetes Service to the Log Analytics Workspace.
  • Microsoft.Insights
    Terra leverages Application Insights to monitor system health of applications in Terra workspaces.
  • Microsoft.Network
    Terra allocates a Virtual Network (VNet) and subnets to host applications running on compute resources.
  • Microsoft.DBforPostgreSQL
    Terra allocates a PostgreSQL Flexible Server for hosting SQL Databases for applications in Terra workspaces.
  • Microsoft.ContainerService
    Terra leverages Azure Kubernetes Service (AKS) to run applications in Terra workspaces, such as Cromwell and Workspace Data Service.
  • Microsoft.Relay
    Terra leverages Azure Relay to allow end users to securely access Terra workspace applications via https.
  • Microsoft.ManagedIdentity
    Terra creates User-Assigned Managed Identities and assigns them to compute resources, to allow for authentication and data access.

How to enable resource providers (step 1)

You must have permission on your subscription to register a resource provider. This permission is included in Contributor and Owner roles.

1.1. Go to the Subscription page in the Microsoft Azure Portal.

1.2. Go to the Resource providers section.

1.3. Search for each resource from the list above. If it isn’t registered, select it, then select Register. Screenshot 2023-12-07 at 12.04.32 PM.png

For a handy checklist, see your Terra Billing pageNote that you must be already logged into Terra for the checklist to show up). 

1.4. Complete registering all resources.

If you still get a resource error when creating a billing project, the error will identify what other resources still need to be registered.

Next: Request quota increase

Before you proceed to setting up your Terra Billing project and Terra Environment, ask for a batch quota increaseEnabling resources does not necessarily mean you have them available to use! Resources come with quotas, and your quota may be zero, especially if you are newer to Azure. 

What can you do? 
Follow these instructions to ask Microsoft for a quota increase.

  • To view your Batch account quotas in the Azure portal.

    1. Sign in to the Azure portal.

    2. Select or search for Batch accounts.

    3. On the Batch accounts page, select the Batch account that you want to review.

    4. On the Batch account's menu, under Settings, select Quotas.
    Screenshot-of-my-batch-account-quota-page-in-the-azure.png

    5. Review the quotas currently applied to the Batch account.

Additional resources

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.