This article will outline the steps that will have to be done to deploy the Login Enterprise Virtual Appliance to Azure.
If you haven't already, you'll need to download the VHD from our Downloads page. Be sure to select the Microsoft Azure download.
Upload to Azure
You will have to upload the VHD to Azure using Microsoft’s Azure Storage Explorer, which you can download by clicking the link below. Please note, this will immediately start the download.
Once downloaded and logged in, navigate to the subscription you want to upload the disk to. Next, click on the “Disks” submenu and select the correct Resource group. Click on the upload button and fill out the form presented. Make sure that the OS type is set to Linux.
NOTE: While the VHD is compressed in a zip file, it is still a large file. For best results initiate the download from an Azure VM which has plenty of bandwidth for a fast and reliable download. The Azure VM also makes a great way to upload in the next step.
Once uploaded, log in to shell.azure.com using your browser. It might prompt you to create a new file share to upload files to the shell. This will be needed to upload the azure.yml config file later. You can refer to the following article from Microsoft for more information about the azure file share:
Once in the shell, we will need to convert the VHD we uploaded to an image. You can use the following command as an example.
az image create --resource-group Research-Development --name AZ-VA-LoginEnterprise-nightly-Thursday --source AZ-VA-LoginEnterprise-nightly-Thursday --storage-sku Premium_LRS --os-type linux
When this has been done successfully, we can upload the config file for the appliance. The config file can be found at the bottom of this article. You can do this by clicking the upload file button.
Once uploaded you will need to change the password that is in the file. To do this, open the file in the editor by pressing the “Open Editor” button. Select the azure.yml file and enter in a new base64 encoded password.
To change a password into base 64, you can use the following command:
Paste the string in the content section as seen in the original file. Next you need to change the domainname to match the correct location (location.cloudapp.azure.com), e.g. westeurope.cloudapp.azure.com. To view all available regions you can use the following command:
az account list-locations
Save and close the editor after making the changes.
Creating the Virtual Machine
Next we will create a VM based on the image we created earlier and supply it with the azure.yml file. This will automatically set up the virtual appliance for you.
Important: The default VM size is Standard_DS1_v2 (1vCPU/3.5GB RAM) unless the --size parameter is specified. We require a minimum of 4vCPU/ 8GB RAM for the VM. For example, Standard_F4s_v2.
Use the following command to get the available VM sizes: "az vm list-sizes". Specify the --size parameter in the az vm create command for the desired VM size. See https://azure.microsoft.com/en-us/pricing/details/virtual-machines/linux/ for sizing info.
You can use the following command to create a new virtual machine using the Login Enterprise image:
az vm create --resource-group "MYGROUP" --location "MYLOCATION" --name "MYNAME" --size Standard_F4s_v2 --image "AZ-VA-LoginEnterprise-4.11.2" --custom-data ./azure.yml --authentication-type password --admin-password AzurePassword!123 --admin-username azureadministrator --storage-sku Premium_LRS --public-ip-address-dns-name "MYNAME" --verbose
You will have to replace the “MYGROUP, ”MYLOCATION”, "MYNAME” dummy variable values to your desired values, and make sure the image name matches the version you have downloaded.
The admin username and password are needed by the cmdlet, but they are not being used within Login Enterprise, so just provide dummy values. Please note that VM name and DNS name need to be lowercase and adhere to normal computer name restrictions.
Network Security Rules
Once this is done, you will need to add rules to the firewall to allow incoming and out going traffic to the appliance, to do this you can use the following command:
az network nsg rule create --resource-group "MYGROUP" --nsg-name "MYNAME" --name HTTPS --priority 1010 --access allow --destination-port-ranges 443 --protocol Tcp --direction inbound
You will have to replace “MYGROUP” and “MYNAME” with their respective values. The --nsg-name is name of the VM you used + NSG in capitals.
Accessing Login Enterprise
The initial start and configuration of the virtual appliance will take roughly 10 minutes. Once this has passed you can navigate to the virtual appliance on the configured URL, eg. https://az-loginenterprise1.westeurope.cloudapp.azure.com/
If you want to access the console of the virtual machine, navigate to the serial console option of the virtual machine.