Enter a descriptive name for your cloud provider setup, such as “My Azure Account”. From the drop-down, select Microsoft Azure as the provider. Enter the Subscription ID, Tenant ID, Application ID, and Application Secret (all of which were provided when you created the Service Account in the Azure portal). Add the Storage Account and Storage Container to use for storing configuration and application data for your cluster. If it does not already exist, the container will be created.
If this Microsoft Azure account will be your main cloud provider for CycleCloud, check the “Set Default” option. Once you have completed setting the parameters for your Azure account, click Save to continue.
You will need the following:
- A Microsoft Azure account with an active subscription
- An Application Registration with Contributor access for the Subscription used with CycleCloud
- A Network Security Group set up to allow CycleCloud to communicate with Azure
- A Virtual Network for CycleCloud
Azure uses a subscription ID and authentication certificate for account validation. You can download these in a .publishsettings format by logging into this Azure service. This format easily integrates with CycleCloud.
Creating the Azure Application Registration
- Log into your Microsoft Azure Dashboard
- From the left menu, open Azure Active Directory
- Click on App Registrations, then + New Application Registration
- Give your application a unique name (i.e. “MyAzureApplication”)
- Choose “Web App/API” as the Type
- The Sign-on URL is a required field, but not used by CycleCloud. Enter http://localhost so the form will accept your request.
- Click Create
- Once your application has been created, click on it to load the app information. From here, click on Settings, then Keys.
- Enter a descriptive name for your key, such as “MyCycleCloudKey”
- Select a duration for your key to be valid: 1-year, 2-years, or Never Expires
- Your key will not be displayed until it has been saved. Click the button at the top of the pane:
You can only view this key once! If you leave this page, you will no longer be able to access the key, which is needed to configure CycleCloud as the “Application Secret”. Copy it now and save it somewhere secure.
After you’ve saved your key, go back to the app information panel. From here, copy the Application ID. This will be used in CycleCloud, along with the key saved in the previous step.
Assigning the Contributor Role
To give CycleCloud the required access to your Azure Application Registration, you will need to set the service account (application) you just created up as a Contributor. To change the Application Registration Role:
- From the left menu, click on “Subscriptions” (or All Services – Subscriptions)
- Click on the appropriate subscription
- Select Access Control (IAM)
- Click + Add. On the new panel that appears, click on Contributor to set the role.
- In Step 2, search for “MyAzureApplication” and select the appropriate item. Click Select.
Creating a Network Security Group
From the Azure Dashboard, click on Network Security Groups. If you don’t see the option, click on All Services and search for or scroll down to Network Security Groups.
- Click + Add
- Give your Network Security Group a unique name. Security groups are managed per region, so we suggest including the region you intend to run in.
- Create a new Resource Group with a unique name
- Click Create
In the dashboard, click on the name of the Network Security Group you just created. If you do not see it, click Refresh. In the new panel, click on Inbound Security Rules and add the following:
- For each entry, Allow the action
- Click OK to add the rule
Should you wish to start a cluster that includes CycleServer (such as the standard Condor cluster), you may want to include the following rule for port 8443. Please note that this will require SSL configured with a valid domain and certificates. Additional configuration information can be found in our Installation Guide.
|https_8443 | 150 | Any | HTTPS | TCP | 8443|
Creating a Virtual Network
You will need to set up a Virtual Network within Azure to work with CycleCloud. From the main menu, click on Virtual Network. If you don’t see the option, click on All Services and either search for Virtual Networks or scroll down to the Networking section.
- Click + Add
- Enter a unique name for your Virtual Network
- Create a new Resource Group if you don’t have one set up
- The other default settings will suffice for this demonstration
- Select the Resource Group name you created in the previous step
- Click Create
Your Virtual Network requires a subnet, and your Network Security Group assigned to it:
- From the dashboard, click on the Virtual Network you just created
- Under “Settings”, click on Subnets
- Click on the default subnet
- Click on the Network Security Groups header
- Select the group created earlier
- Click OK
The information you need from Microsoft Azure to get it working within CycleCloud can be a little difficult to locate. Here’s a list of what you’ll need, and where to find it:
- Application ID: Click on Dashboard – Azure Active Directory – App Registrations – the Application ID
- Application Secret: This is the secret key that you saved when creating your Application Registration
- Subscription ID: Dashboard – All Services – Subscriptions – Subscription – Subscription ID
- Tenant ID: This is the Directory ID. It is found under Azure Active Directory – Properties – Directory ID
For more information on Microsoft Azure, check out the Azure Documentation Portal.