Azure Marketplace
securiCAD Enterprise for Azure
To use securiCAD from the Azure Marketplace you will need to create a VM in one of our supported regions with particular configurations.
Payment plans
Currently we only support payment per core and the license has certain restrictions. If you want to use a license with larger limitations please contact us at [email protected] and we'll be happy to help.
Set up a VM
There are two basic ways to set up a VM, through the Azure portal web gui and through the Azure CLI. Both of them require you to get the setup_vm.sh script from our customer utilties repo at https://github.com/foreseeti/securicad-enterprise-auxiliary
Overall the Azure portal is more limited in functionality since it doesn't allow you to assign proper access and you will need to do some more configuration after the VM is set up.
Regardless of which way you choose you must supply the customdata script or the VM won't work properly.
Larger models will require more memory, we currently recommend 16gb or more.
Minimum requirements
To set up a VM you need a couple of things
- Access to the securiCAD Enterpise for Azure image in the marketplace
- An Azure subscription
- A resource group
- The vm setup script template
This will give you a machine with default admin credentials, admin/admin, and no backup solution. Currently this is the only possible choice if you set up through the Azure Portal Marketplace web gui.
Recommended requirements
All of the above plus
- An User Assigned Managed Identity
- An Azure Key Vault instance with two Secrets; admin username and admin password. These are used to set up the initial enterprise admin account. The User Assigned Identity will need secret read access to these two.
- A Azure Storage Blob Container. The User Assigned Identity will need Storage Blob Data Contributor role assigned to this container.
If you set this up and use the CLI you will get an admin user with credentials of your choice plus automated backup through cron triggered scripts.
Set up securiCAD through the CLI
First you need to fill in the vm setup script template with your parameters as appropriate. Then you need to supply your script as customdata when creating the vm. If you're using the Azure CLI it could look like this if you're using a user assigned identity.
Note: If the path to the custom-data script is wrong you will not get an error message. It simply will not work, due to how the Azure CLI handles userdata.
First you need the image id:
$ az vm image list --all --publisher foreseeti --output table
Offer Publisher Sku Urn Version
-------------------- ------------------------ -------- ------------------------------------------------------------ ---------
securicad_enterprise foreseetiab1613650409016 tier1 foreseetiab1613650409016:securicad_enterprise:tier1:1.10.3 1.10.3
The value under Urn is the one you're looking for.
resource_group="securicadResourceGroup"
vm_name="securicad_instance"
image_id="foreseetiab1613650409016:securicad_enterprise:tier1:1.10.3"
ssh_username="me"
ssh_key="/home/me/.ssh/mykey.pub" # absolute path
user_assigned_identity="/subscriptions/<mySubscription>/resourceGroups/$resourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/securicadInstanceIdentity"
az vm create --resource-group "$resource_group" \
--name "$vm_name" \
--image "$image_id" \
--admin-username "$ssh_username" \
--ssh-key-values "$ssh_key" \
--size Standard_E2as_v4 \
--assign-identity "$user_assigned_identity" \
--custom-data /home/me/azure.setup_vm.sh
Set up securiCAD through the Azure Marketplace web gui
Currently the azure portal does not support assigning a user assigned identity and userdata so you need to use the System Managed Identity through RBAC.
You find the custom-data section under the Advanced tab.
Network access
After your machine has been created rememeber to allow access on the appropriate port through the security group.
Access
Once your machine has been set up you can log in at http://1.2.3.4/, or https://1.2.3.4/ depending on your security setting in azure.setup_vm.sh, with the credentials specified in the keyvault. They are set as the initial system admin credentials.
Supported regions
Currently we support the following regions, if you want us to expand support to another region please contact [email protected] and we'll be happy to help.
- United States
- North Europe
- West Europe
- Brazil
- Canada
- India
Updated about 1 year ago