Guides

Azure Marketplace

Suggest Edits

securiCAD Enterprise for Azure

To use securiCAD from the Azure Marketplace you will need to create a VM in one of our supported regions with particular configurations.

Payment plans

Currently we only support payment per core and the license has certain restrictions. If you want to use a license with larger limitations please contact us at [email protected] and we'll be happy to help.

Set up a VM

There are two basic ways to set up a VM, through the Azure portal web gui and through the Azure CLI. Both of them require you to get the setup_vm.sh script from our customer utilties repo at https://github.com/foreseeti/securicad-enterprise-auxiliary

Overall the Azure portal is more limited in functionality since it doesn't allow you to assign proper access and you will need to do some more configuration after the VM is set up.

Regardless of which way you choose you must supply the customdata script or the VM won't work properly.

Larger models will require more memory, we currently recommend 16gb or more.

Minimum requirements

To set up a VM you need a couple of things

  • Access to the securiCAD Enterpise for Azure image in the marketplace
  • An Azure subscription
  • A resource group
  • The vm setup script template

This will give you a machine with default admin credentials, admin/admin, and no backup solution. Currently this is the only possible choice if you set up through the Azure Portal Marketplace web gui.

Recommended requirements

All of the above plus

  • An User Assigned Managed Identity
  • An Azure Key Vault instance with two Secrets; admin username and admin password. These are used to set up the initial enterprise admin account. The User Assigned Identity will need secret read access to these two.
  • A Azure Storage Blob Container. The User Assigned Identity will need Storage Blob Data Contributor role assigned to this container.

If you set this up and use the CLI you will get an admin user with credentials of your choice plus automated backup through cron triggered scripts.

Set up securiCAD through the CLI

First you need to fill in the vm setup script template with your parameters as appropriate. Then you need to supply your script as customdata when creating the vm. If you're using the Azure CLI it could look like this if you're using a user assigned identity.

Note: If the path to the custom-data script is wrong you will not get an error message. It simply will not work, due to how the Azure CLI handles userdata.

First you need the image id:

$ az vm image list --all --publisher foreseeti --output table
Offer                 Publisher                 Sku       Urn                                                           Version
--------------------  ------------------------  --------  ------------------------------------------------------------  ---------
securicad_enterprise  foreseetiab1613650409016  tier1     foreseetiab1613650409016:securicad_enterprise:tier1:1.10.3    1.10.3

The value under Urn is the one you're looking for.

resource_group="securicadResourceGroup"
vm_name="securicad_instance"
image_id="foreseetiab1613650409016:securicad_enterprise:tier1:1.10.3"
ssh_username="me"
ssh_key="/home/me/.ssh/mykey.pub" # absolute path
user_assigned_identity="/subscriptions/<mySubscription>/resourceGroups/$resourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/securicadInstanceIdentity"

az vm create --resource-group "$resource_group" \
--name "$vm_name" \
--image "$image_id" \
--admin-username "$ssh_username" \
--ssh-key-values "$ssh_key" \
--size Standard_E2as_v4 \
--assign-identity "$user_assigned_identity" \
--custom-data /home/me/azure.setup_vm.sh

Set up securiCAD through the Azure Marketplace web gui

Currently the azure portal does not support assigning a user assigned identity and userdata so you need to use the System Managed Identity through RBAC.

You find the custom-data section under the Advanced tab.

Network access

After your machine has been created rememeber to allow access on the appropriate port through the security group.

Access

Once your machine has been set up you can log in at http://1.2.3.4/, or https://1.2.3.4/ depending on your security setting in azure.setup_vm.sh, with the credentials specified in the keyvault. They are set as the initial system admin credentials.

Supported regions

Currently we support the following regions, if you want us to expand support to another region please contact [email protected] and we'll be happy to help.

  • United States
  • North Europe
  • West Europe
  • Brazil
  • Canada
  • India

Updated about 1 year ago