What is the process for installing Orchestrator as Azure PaaS?
Create App Service:
From Azure in the search bar type “App Service” and fill in the template:
- Select a Resource Group, if none is available a new one can be created.
- Give it a name > It must be unique all over the Azure tenants worldwide
- Select a Region, in here the Microsoft Datacenter should be chosen for the App Service to be hosted
- Select an App Service Plan, which is used for price charging purposes and can also be used for Scaling
Click Review + Create > Azure will evaluate the template and if everything is fine the “Create” button can be hit to deploy the App Service.
Create SQL Server and Database:
From Azure in the search bar type SQL Server and fill in the template:
- Give it a name to the Database > must be unique over Azure tenants worldwide
- Give it an admin Username and Password. Remember this information will be used later on to connect to the SQL Server and will also be included in the Connection String for the Database
- Once the SQL Server is created access it to create a new database, which will be used to deploy Orchestrator:
Give it a name and create it.
Next, get the SQL Connection String:
- In Azure navigate to Azure SQL server and select SQL databases then select the previously created Database:
- Once in the Database select Show database connection strings:
- Copy it as will be used for the deployment in Azure App Service. In the Connection String, the Password will not be disclosed, instead, delete the ‘{your_password}' field and add the Database password. The connection string should look like this:
Server=tcp:0rchestrator2024.database.windows.net,1433;Initial Catalog=Orchestrator;Persist Security Info=False;User ID=;Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30; - Once copied the Connection String, access the previously created App Service > Configuration > New Connection string:
- Paste the Connection String in the Value field.
- Name: type Default
- Type: Select SQLServer
Register the Application in Azure:
- Go to Azure Active Directory > App Registrations > New Registration > Give it a name > make sure that “Single Tenant” is selected, unless you would like people from different organizations/Azure Active Directories to also access it > click on register:
- Copy the Application (Client ID):
Create a Client Secret:
- Go to the previously created Application (on App registrations) > Certificates & Secrets > New Client Secret:
- Give it a name and Select its expiration time > Click Add and copy its value:
- Assign a role in the WebApp for the newly created application. To do that, go to WebApp-> Open Access Control(IAM)-> Add Role Assignment -> Search for the application name of the registered app-> Assign the role owner/contributor and save it:
Finally, gather the information to deploy Orchestrator in Azure:
- Azure Application ID: Can be obtained from Azure Active Directory > App Registrations > Application client ID
- Azure Account Password: Can be obtained from Azure Active Directory > App Registrations > Certificate & Secrets
- Azure Subscription ID: Go to App Service > check the Subscription ID
- Azure Account Tenant ID: Go to Azure Active Directory > Properties > Copy the Directory ID
- Resource Group Name: Could be get from Resource Group Name in Azure or directly from App Service > Resource Group:
- App Service Name:
Prior to start the deployment from Powershell, add a rule in the SQL Firewall, to allow the Public IP address of the machine to perform changes on SQL:
- Go to SQL Server in Azure > Set Server Firewall:
- Add Client IP and save it
As the last step build the Powershell command using the specs from here and deploy Orchestrator.
Next steps:
- Based on the version of the product being deployed, proceed in a similar way to deploy the Identity, Webhooks, and Resource Catalog services. Details elaborated in the articles below.