Setup Black Diamond

Get Started With Black Diamond

This guide provides your Black Diamond administrator with instructions to get started using the platform. The objective of this guide is to provide you with the resources that you need to get Black Diamond working with your Snowflake instance.

Prerequisites

To use Black Diamond with Snowflake, you must meet the following prerequisites.

An active Snowflake Instance

In order to leverage Black Diamond, you must first create a Snowflake account.
Using Black Diamond Data Secure

To use the Data Secure feature, you must have a Snowflake Account that is Enterprise Edition or higher.If you do not have an account that meets this requirement, you will not be able to access the Data Secure functionality. If you are adding multiple connections, only those connections that meet this requirement will be available. If you are not planning to use Data Secure, you can skip this requirement.
Allow Black Diamond network policy access to your Snowflake Account

If you have restricted access to your Snowflake account to only be accessible from specific IP addresses, you will need to ensure that you add Black Diamond's IP addresses to your policies. IF you do not have network policies enabled, you can skip this requirement.

The Black Diamond IP addresses are 10.0.0.1/28, 10.0.0.1/28, and 192.168.1.1/28.
A Snowflake User With ACCOUNTADMIN Access

In order for Black Diamond to communicate with your Snowflake instance, you must deploy Black Diamond configuration settings to each instance. This deployment will create a warehouse, role, user, and database (BD_SERVICE_USER, BD_SERVICE_ROLE, BD_SERVICE_WH, and BD_SERVICE_DB). In order to create these objects and GRANT the appropriate permissions to them, the setup user for each connection must have an ACCCOUNTADMIN role. Once the configuration is deployed, Black Diamond will switch to using the configuration objects to log in and interact with your instance.

Setting Up Black Diamond

In order to setup and use Black Diamond, you must follow these initial steps:

Create a new account by clicking Register. You should only register the user who will be your administrator. The admin can create additional users within the User Interface.
Upon logging into your account, you'll be promoted to select a subscription plan. Black Diamond uses Stripe, SSL and CSRF to ensure secure communication of your payment details for processing. All payments are stored in Stripe in order to meet the most stringent PCI compliance policies.
After you've selected a Plan, navigate to Settings and Snowflake Instances. You will see the Connect New Instnace button, allowing you to connect an instance. If you are connecting multiple instances, you will continue to see the button to create a new connection until all of the connections allotted by your Plan are used. If you need additional connections, you can upgrade your Plan or buy a connection Add-On.

Configure Your Connection

To create a connection, you must first create a Public and Private Key. This is used to generate the unique fingerprint for your user to authenticate, which does not require you to supply a password to your instance. You will need access to a command line interface, such as Terminal on MacOS, or other method. Click here to view method examples.

Generate an unencrypted version of your key using the following command:

openssl genrsa 2048 | openssl pkcs8 -topk8 -inform PEM -out rsa_key.p8 -nocrypt 2 . Generate a public key from your referenced private key: openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub
Store your Public and Private Keys in a secure location. Do not lose these keys.
Assign your public key to your Snowflake user. Notice that the public key you paste does not have any comments (-----BEGIN PUBLIC KEY-----) or start with anything (such as ssh-rsa or any leading whitespace).

ALTER USER username_here SET rsa_public_key='MIIevgIBADANDbgKghki...';
Verify the User's Public Key Fingerprint using DESCRIBE USER. You should see the RSA_Public_key and RSA_Public_Key_FP properties filled for your user.
When you configure your connection, you will need to paste your Private and Public Keys.
1. When you post your Private Key, it must start with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY----- comments.
2. When you post your Public Key, you must remove any comments, similar to the comments you ensured were added in the Private Key. You must also ensure the key starts with ssh-rsa(insert_space) in order for it to generate the fingerprint. Example: ssh-rsa MIIBIjANBgkqhdiG9......
Finish providing details in the New Connection form and click submit.
Navigate to Settings -> Snowflake Connections, and you'll see an option for your service configuration: Trigger Generate Config. Please only click this button one time. It may take some time before the page refreshes and you'll see that the option has changed to Config Already Generated.

Frequently Asked Questions (F.A.Q.)

Does Black Diamond support Partner Connect from Snowsight?

At this time, Black Diamond does not support Partner Connect. Black Diamond, a QuadraByte solution, is a Service Partner and Technology Partner with Snowflake. All connections to Snowflake are recorded through the Technology Partner identification tagging. Black Diamond leverages the Snowflake API, instead of a Snowflake Driver, and there currently is not full support for Partner Connect through the API.
How does Black Diamond communicate with my instance of Snowflake?

Black Diamond uses the Snowflake API instead of a Driver to communicate with your Snowflake instance. All API calls are made with SSL connections between Black Diamond and Snowflake, allowing for secure transmission of your data. The Snowflake API provides more flexiblity to querying your Snowflake instance, including asynchronous exection and deferring execution of calls to job workers so that long-running statements will run in the background while you continue to use other aspects of the platform.