.. _install_azure: Azure Cloud Deployment =============================== VOSS can be deployed into the Azure cloud by means of terraform scripts. Hardware Requirements --------------------- For details on Standard and Modular Topologies, refer to the VOSS Architecture and Hardware Specification Guide and Platform Guide. Unified (single, standalone) or Database Nodes: * VM Size: Standard_E4as_v5 * CPU: 4 * RAM: 32 * OS Disk: 30 GB, Premium_LRS * Application Disk: 50 GB, Standard_LRS * Backup Disk: 55 GB, Standard_LRS * DB Disk: 250 GB, Premium_LRS * Insights Disk: 70 GB, Premium_LRS * Total Disk size: 455 GB Application Nodes: * VM Size: Standard_E4as_v5 * CPU: 4 * RAM: 32 * OS Disk: 30 GB, Premium_LRS * Application Disk: 50 GB, Standard_LRS * Total Disk size: 80 GB Web Proxies: * Web Proxies are replaced by an Azure Load Balancer or Application Gateway Network Communications External to the Cluster ---------------------------------------------- The following details are all based on the default settings. These can vary depending on the application setup and network design (such as NAT) of the solution, so may need adjustment accordingly. Where a dependent is noted, this is fully dependent on the configuration with no default. These communications are all related to communications with devices external to the cluster. * Outbound Communications to Devices from the Application/Unified nodes: .. tabularcolumns:: |p{7cm}|p{3cm}|p{4cm}| +---------------------------------------------+----------+---------------------------------+ | Communication | Protocol | Port | +=============================================+==========+=================================+ | Cisco Unified Communications Manager (UCM) | HTTPS | TCP 8443 | +---------------------------------------------+----------+---------------------------------+ | Cisco Unity Connection (CUXN) | HTTPS | TCP 443 | +---------------------------------------------+----------+---------------------------------+ | Webex | HTTPS | TCP 443 | +---------------------------------------------+----------+---------------------------------+ | LDAP directory | LDAP | TCP/UDP 389 and/or 636(TLS/SSL) | +---------------------------------------------+----------+---------------------------------+ * VOSS Communications The cluster contains multiple nodes which can be contained in separate secured networks. Network ports need to be opened on firewalls and/or network security groups to allow inter-node communication – these are described in more detail in the Platform Guide. All communication between nodes are encrypted. +------------------------------------+------------+------------------------------------+ | Communication | Protocol | Port | +====================================+============+====================================+ | Database access | Database | TCP 27020 and 27030 bi-directional | +------------------------------------+------------+------------------------------------+ | Cluster Communications | HTTPS | TCP 8443 | +------------------------------------+------------+------------------------------------+ | Remote Administration | SSH | TCP 22 | +------------------------------------+------------+------------------------------------+ | Web Server Communication | HTTP/HTTPS | TCP 80/443 | +------------------------------------+------------+------------------------------------+ | Simple Network Management Protocol | SNMP | UDP 161 and 162 | +------------------------------------+------------+------------------------------------+ | Network Time Protocol | NTP | UDP 123 | +------------------------------------+------------+------------------------------------+ | Domain Name System | DNS | UDP 53 | +------------------------------------+------------+------------------------------------+ VOSS Azure Deployment Procedure ---------------------------------------- 1. *The supplied terraform deployment configuration requires the following:* - Existing resources: - Resource group - Virtual Network - Virtual Network Subnet - Disk Encryption Set (Optional if required to have Customer-Managed Keys) - App Registration with a role assignment of "Contributor" on the Resource Group to allow terraform to deploy - Record "client_id" - Record "client_secret" - Record "tenant_id" - Record "subscription_id" - Bastion Server (Required for the initial deployment and Administration Access) - Deploy the Bastion Server within the same Virtual Network that Automate will be deployed in. - VM Size: 1vCPU, 2GB RAM, 30GB Storage is sufficient - OS Type: Ubuntu or Windows - Install AZ CLI - Windows: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli - Ubuntu: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt - Install Terraform - https://developer.hashicorp.com/terraform/install - Upload the **voss-automate-terraform.zip** file to the bastion server and extract it. 2. Update **values.yaml** with appropriate information 3. Ensure that the local file sources for each provisioner "file" block are correct in modules/voss-node/provision.tf. :: provisioner "file" { # Windows source path example # source = "C:\\path\\to\\your\\platform-newest.iso" source = "~/voss-automate-terraform/files/platform-newest.iso" destination = "/home/install/platform-newest.iso" } 4. Deployment Type The defaults are configured as follows: :: Unified: Availibility Zone 1 1x Unified Node (single, standalone node) Modular: 2x Application, 3x Database Availibility Zone 1 App Node 1, Database Node 1 Availibility Zone 2 App Node 2, Database Node 2 Availibility Zone 3 Database Node 3 To set the deployment type, edit the **values.yaml** file. Specify either Unified (single, standalone node) or Modular. :: # VOSS System Parameters deployment_type: "Modular" # Unified (single, standalone node) | Modular If the requirement is to deploy more than the defaulted Unified (single, standalone node) or Application(Modular) Nodes, edit the **voss-automate-terraform/modules/voss-deployment/main.tf** file. :: module "voss-unified-node" { count = var.deployment_type == "Unified" ? 1 : 0 } module "voss-app-node" { count = var.deployment_type == "Modular" ? 2 : 0 } 5. Configure the state backend in main.tf (defaults to a local file) if required 6. For the terraform deployment, it is recommended to use a ``tmux`` session. :: tmux - start a new session tmux list-sessions - show sessions already available tmux attach -t [session number] - reconnect to a disconnected session 7. Run terraform - From the root terraform directory - Run: **terraform init** - Run: **terraform plan** (Validate plan) - Default total resources to be created (Example): :: Plan: 11 to add, 0 to change, 0 to destroy. Modular (2 App 3 DB): Plan: 43 to add, 0 to change, 0 to destroy. - Run: **terraform apply** 8. An install log file will be created to monitor the installation progress. *On each of the newly deployed node(s)*, log in as the platform user, using the password configured in ``values.yaml`` (**automate_cli_password**). 8.1. Run: **log list platform_install.run** 8.2. Run: **log follow install/platform_install.run-tty-.log** Once the installation is complete, the log file will return ``Platform installed successfully``. VOSS Platform Config and Template Install Procedure -------------------------------------------------------------------------- 1. You are now ready to configure the platform and install the template. 2. *On each of the newly deployed node(s)*, log in as the platform user. :: username: platform password: automate_cli_password (Specified in the values.yaml file) .. note:: * For both Azure and AWS, deploy using Automate 25.1 and later, the ``security check`` and ``security update`` commands are not available, since security updates are included during the release upgrade process. - Single Node Cluster Guide: .. note:: Since the type is Unified, a number of steps are required. https://documentation.voss-solutions.com/release_25.3-PB0/html/src/user/install/standalone-installation.html - Modular Cluster Guide: https://documentation.voss-solutions.com/release_25.3-PB0/html/src/user/install/modular-multinode-installation.html