> ## Documentation Index
> Fetch the complete documentation index at: https://cockroachlabs.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# CockroachDB Advanced on Azure

export const InternalLink = ({version, path = "", children, ...props}) => {
  let detectedVersion = version || "stable";
  if (typeof window !== 'undefined' && !version) {
    const match = window.location.pathname.match(/\/docs\/([^/]+)/);
    if (match) {
      detectedVersion = match[1];
    }
  }
  const normalizedPath = path.startsWith("/") ? path.slice(1) : path;
  return <a href={`/docs/${detectedVersion}/${normalizedPath}`} {...props}>
      {children}
    </a>;
};

This page provides information about CockroachDB Advanced clusters on Microsoft Azure, including frequently asked questions and limitations. To create a cluster, refer to <InternalLink path="create-an-advanced-cluster">Create a CockroachDB Advanced Cluster</InternalLink>.

To express interest or request more information about a given limitation, contact your Cockroach Labs account team.

CockroachDB Advanced clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team.

* A cluster must have at minimum three nodes. A multi-region cluster must have at minimum three nodes per region. Single-node clusters are not supported on Azure.
* CockroachDB Advanced on Azure meets or exceeds the requirements of SOC 2 Type 2, and now supports <InternalLink path="pci-dss">PCI DSS</InternalLink> and HIPAA compliance. (Refer to <InternalLink path="compliance">Regulatory Compliance in CockroachDB Advanced</InternalLink>.) Note that the following features required for PCI DSS and HIPAA compliance are in Preview for Azure:
  * <InternalLink path="cmek">Customer Managed Encryption Keys (CMEK)</InternalLink>
  * <InternalLink path="egress-perimeter-controls">Egress Perimeter Controls</InternalLink>

You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB Advanced cluster on Azure, and you can use [Azure Private Link](https://learn.microsoft.com/azure/private-link/private-link-overview) to connect your applications in Azure to your cluster and avoid exposing your cluster or applications to the public internet. Refer to <InternalLink path="connect-to-your-cluster#azure-private-link">Connect to your cluster</InternalLink>.

## Change data capture

CockroachDB Advanced supports <InternalLink version="stable" path="changefeed-messages">changefeeds</InternalLink>, which allow your cluster to send data events in real-time to a <InternalLink version="stable" path="changefeed-sinks">downstream sink</InternalLink>. [Azure Event Hubs](https://learn.microsoft.com/azure/event-hubs/azure-event-hubs-kafka-overview) provides an Azure-native service that can be used with a Kafka endpoint as a sink.

## Disaster recovery

<InternalLink path="managed-backups?filters=advanced">Managed backups</InternalLink> automatically back up clusters in CockroachDB Cloud.

You can <InternalLink path="take-and-restore-self-managed-backups">take and restore from manual backups</InternalLink> to Azure ([Blob Storage](https://azure.microsoft.com/products/storage/blobs) or [ADLS Gen 2](https://learn.microsoft.com/azure/storage/blobs/data-lake-storage-introduction)). Refer to the blog post [CockroachDB locality-aware Backups for Azure Blob](https://www.cockroachlabs.com/blog/locality-aware-backups-azure-blob) for an example. To encrypt manual backups using an RSA key, refer to the [Azure Key Vault](https://learn.microsoft.com/azure/key-vault/keys/about-keys) documentation.
