CockroachDB Dedicated on Azure

This page provides information about CockroachDB Dedicated clusters on Microsoft Azure, including frequently asked questions and limitations during limited access. To create a CockroachDB Dedicated cluster, refer to Create Your Cluster.

Limitations

During limited access, CockroachDB Dedicated clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team. For more details, refer to the FAQs.

Regions

• Multi-region clusters are not yet available.
• Single-region clusters can be created in the following regions: eastus2 (US East Coast - Virginia) and westeurope (Netherlands)

Editing and scaling

• A cluster must have at minimum three nodes. Single-node clusters are not supported.
• After it is created, a cluster cannot yet be modified or scaled in place. Instead, create a new cluster with the desired configuration.

Disaster recovery

• Managed Service Backups are not yet available during the limited access period. Customers can take and restore from their own backups on Azure storage (Blob Storage or ADLS Gen 2).

Networking

• Azure Private Link is not yet available. IP Allowlisting allows you to restrict the IP addresses that can connect to your cluster.

Observability

• Log Export is not yet available.
• Exporting metrics to Azure Monitor is not yet available, but metrics can be exported to Datadog. To express interest, contact your Cockroach Labs account team.

Other features

PCI-Ready features are not yet available on Azure. To express interest, contact your Cockroach Labs account team.

• Private Clusters
• Customer Managed Encryption Keys (CMEK)
• Egress Perimeter Controls

FAQs

What does limited access refer to regarding the availability of CockroachDB Dedicated on Azure?

CockroachDB Dedicated on Azure is fully managed, just like CockroachDB Dedicated on GCP or AWS. During limited access, your CockroachDB Cloud organization must be enrolled before you can start using CockroachDB Dedicated on Azure.

The clusters created during this period are recommended for proof-of-concept and testing, and are not suitable for production. The CockroachDB Cloud Service Level Agreement (SLA) is not applicable to Azure clusters during limited access. Azure clusters are excluded from premium support agreements during limited access, and technical support is only available during business hours.

Can we create multi-region dedicated clusters on Azure?

Not yet. During limited access, a cluster can be created only in a single region, and a cluster must have three or more nodes. A cluster's nodes are automatically placed in different availability zones to ensure resiliency to failure of a single availability zone.

Is it possible to horizontally scale a dedicated cluster on Azure?

Not yet.

What Azure regions can we choose to create the dedicated clusters?

You can create a cluster in eastus2 (US East Coast - Virginia) or westeurope (Netherlands) during the limited access period. Contact your account team to express interest in other regions.

What kind of compute and storage resources are used for the dedicated clusters on Azure?

CockroachDB Dedicated clusters on Azure use Dasv5-series VMs and Premium SSDs. This configuration was selected for its optimum price-performance ratio after thorough performance testing across VM families and storage types.

We use CockroachDB Cloud credits to pay for our usage on AWS or GCP. Is it possible to use those same credits for CockroachDB Dedicated clusters on Azure?

Yes, existing CockroachDB Cloud customers can pay for the usage of CockroachDB Dedicated clusters on Azure with their available credits. To add additional credits to your CockroachDB Cloud organization, contact your Cockroach Labs account team.

Does the CockroachDB Cloud technical SLA cover the dedicated clusters on Azure?

During limited access, the CockroachDB Cloud technical SLA does not apply to CockroachDB Dedicated clusters on Azure. For more details about the roadmap, contact your Cockroach Labs account team.

Are backups available for CockroachDB Dedicated clusters on Azure? Can we take our own backups to Azure storage in our tenant?

Customers can take and restore from their own backups on Azure storage (Blob Storage or ADLS Gen 2). Refer to the blog post CockroachDB locality-aware Backups for Azure Blob for an example.

Managed service backups are not available during the limited access period.

Is it possible to take encrypted backups for dedicated clusters in Azure?

Yes, customers can take and restore from their own encrypted backups on Azure storage by using an RSA key stored in Azure Key Vault.

Are changefeeds available for dedicated clusters in Azure?

Yes, customers can create and configure changefeeds to send data events in real-time from a CockroachDB Dedicated cluster to a downstream sink such as Kafka, Azure storage, or Webhook. Azure Event Hubs provides an Azure-native service that can be used with a Kafka endpoint as a sink.

Can we export logs and metrics from a dedicated cluster on Azure to Azure Monitor or a third-party observability service?

During limited access, exporting metrics to Datadog is supported. Refer to Export Metrics From a CockroachDB Dedicated Cluster. It’s not possible to export cluster logs or metrics to Azure Monitor or to another third-party observability service during the limited access period. To express interest in this feature, contact your Cockroach Labs account team.

Are CockroachDB user-defined functions available for dedicated clusters in Azure?

Yes, user-defined functions are supported for CockroachDB Dedicated clusters on Azure. The same CockroachDB binaries are used across CockroachDB Cloud deployment environments, and all SQL features behave the same on Azure as on GCP or AWS, with the exception of multi-region capabilities during the limited access period.

Can we use CockroachDB Dedicated on Azure if we are coming from PostgreSQL?

CockroachDB supports the PostgreSQL wire protocol and the majority of PostgreSQL syntax. Refer to Supported SQL Feature Support. The same CockroachDB binaries are used across CockroachDB Cloud deployment environments, and all SQL features behave the same on Azure as on GCP or AWS, with the exception of multi-region capabilities during the limited access period.

How are CockroachDB Dedicated clusters on Azure isolated from each other? Do they follow a similar approach like on AWS and GCP?

We follow a similar tenant isolation approach on Azure as on GCP and AWS. During the limited access period, each CockroachDB Dedicated cluster is created its own unique Azure subscription on a AKS cluster in a unique VNet. Implementation details are subject to change.

Can we use Single-Sign On to sign-in to CockroachDB Cloud and manage CockroachDB Dedicated clusters on Azure?

Yes, Cloud Organization SSO is supported. This feature is unrelated to the cluster's deployment environment.

Is it possible to use a secure and centralized authentication method for CockroachDB Dedicated clusters on Azure?

Human users can connect using Cluster SSO, client certificates, or the ccloud command or SQL clients.

Application users can connect using JWT tokens or client certificates.

What is the encryption posture for data stored in a CockroachDB Dedicated cluster on Azure?

Customer data at rest on cluster disks is encrypted using server-side encryption of Azure disk storage. CockroachDB’s file-based encryption at rest and Customer-Managed Encryption Keys (CMEK) are not available during the limited access period. To express interest, contact your Cockroach Labs account team.

All client connections to a CockroachDB Dedicated cluster on Azure, as well as connections between nodes, are encrypted using TLS.

Are private connectivity methods, such as Private Link, available to securely connect to a CockroachDB Dedicated cluster on Azure?

You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB Dedicated cluster on Azure. Azure Private Link is not available during the limited access period. To express interest, contact your Cockroach Labs account team.