Differences
This shows you the differences between two versions of the page.
azure-gettingstarted [2020_06_29 21:42] – [Use Cases] steven | azure-gettingstarted [2024_04_22 21:30] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
# Getting Started with Microsoft Azure | # Getting Started with Microsoft Azure | ||
+ | |||
+ | **Last updated Feb 27, 2023** | ||
{{ azure-gettingstarted: | {{ azure-gettingstarted: | ||
- | |||
## Why Azure? | ## Why Azure? | ||
- | Azure customers are using the File Fabric | + | Azure customers are using the Nasuni Access Anywhere |
- | + | ||
- | For more information on See [[https:// | + | |
## Architecture | ## Architecture | ||
- | ### Single VM Deployment | + | #### Single VM Deployment |
- | For evaluation and smaller production environments the Enterprise File Fabric™ | + | For evaluation and smaller production environments the solution is typically deployed as a single virtual machine. The virtual machine includes an embedded database and search index. |
- | A single virtual machine can be launched directly from the Azure Marketplace | + | A single virtual machine can be launched directly from the Azure Marketplace. |
- | ### Multiple VM Deployment | + | #### Multiple VM Deployment |
- | The Enterprise File Fabric | + | The solution may also be deployed for High Availability with multiple virtual machines and a separate database. |
Please contact us for more information on setting up HA deployments on the Azure Cloud. | Please contact us for more information on setting up HA deployments on the Azure Cloud. | ||
Line 27: | Line 25: | ||
For production deployments see also [[sizingguide]]. | For production deployments see also [[sizingguide]]. | ||
- | ### Requirements | + | ## Requirements |
You will need the following information before you can complete setup on Azure: | You will need the following information before you can complete setup on Azure: | ||
* A domain name (recommended) | * A domain name (recommended) | ||
- | | + | * A Nasuni Account with access to a Nasuni Access Anywhere Serial Number. |
+ | * Password for Appliance Administrator | ||
* Outbound mail relay information. (recommended) | * Outbound mail relay information. (recommended) | ||
- | | + | |
* An Active Directory service account if you are connecting to AD (optional) | * An Active Directory service account if you are connecting to AD (optional) | ||
+ | ## Azure Marketplace | ||
- | ## Launch from Azure Marketplace | + | Navigate to [[https:// |
- | **COMING SOON** | + | [[https:// |
+ | Select **"Get It Now"** and log in with a Microsoft Account. | ||
+ | {{ : | ||
+ | Select **" | ||
+ | ## Create a Virtual Machine | ||
- | ## Setting Up Instance | + | Choose where you wish to deploy the appliance: |
+ | 1. Check **Subscription** | ||
+ | 2. Check **Resource Group** | ||
- | ### SSH Access | + | {{ : |
+ | |||
+ | Enter a **Virtual Machine Name** such as " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Enter the Username **smeconfiguser** and either create or use an existing SSH key. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Select " | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Then select **" | ||
+ | |||
+ | Select **" | ||
+ | ## SSH Access | ||
The instance can now be accessed at this IP address using a standalone SSH client. The username is **smeconfiguser**. For example: | The instance can now be accessed at this IP address using a standalone SSH client. The username is **smeconfiguser**. For example: | ||
- | ssh -i "FileFabric.pem" smeconfiguser@54.194.216.200 | + | ssh -i "AccessAnywhere.pem" smeconfiguser@54.194.216.200 |
| | ||
Check that you can become root. | Check that you can become root. | ||
- | sudo bash | + | sudo su - |
| | ||
This will be required to complete configuration. | This will be required to complete configuration. | ||
Line 63: | Line 86: | ||
More information on connecting via SSH can be found from the Azure Console. Select the instance and click **Connect**. | More information on connecting via SSH can be found from the Azure Console. Select the instance and click **Connect**. | ||
+ | ## Configure Domains | ||
- | ### SSL Configuration (Recommended) | + | #### SSL Configuration (Recommended) |
The appliance is configured, by default, with DHCP and a self-generated untrusted SSL certificate. | The appliance is configured, by default, with DHCP and a self-generated untrusted SSL certificate. | ||
- | In order to use the client tools (desktop and mobile | + | In order to use the web, desktop and mobile |
#### Disabling SSL (Not Recommended) | #### Disabling SSL (Not Recommended) | ||
Line 74: | Line 98: | ||
If you do NOT wish to use SSL for the trial you can disable it. | If you do NOT wish to use SSL for the trial you can disable it. | ||
- | 1. Log in as the Appliance Administrator as per the the instructions below. | + | 1. Log in as the Appliance Administrator as per the instructions below. |
2. Navigate to Settings > Site Functionality | 2. Navigate to Settings > Site Functionality | ||
3. Set Always use HTTPS to No. | 3. Set Always use HTTPS to No. | ||
- | 4. Set Generate secure server side links to No. | + | 4. Set Generate secure server-side links to No. |
5. Select *Update options* at the bottom of the page. | 5. Select *Update options* at the bottom of the page. | ||
- | ### Create DNS entries | + | #### Create DNS entries |
- | Choose | + | Choose |
* **files**.example.com - Domain name (service endpoint and website) | * **files**.example.com - Domain name (service endpoint and website) | ||
* **files-webdav**.example.com - used for WebDAV service | * **files-webdav**.example.com - used for WebDAV service | ||
- | * **files-s3**.example.com - used for S3 service | ||
Add DNS type A records that point these domain names to the appliance IP Address. For example, | Add DNS type A records that point these domain names to the appliance IP Address. For example, | ||
^ Type ^ Name ^ Value^ | ^ Type ^ Name ^ Value^ | ||
- | | A | files | 35.188.82.62| | + | | A | files | 54.194.216.200| |
- | | A | files-webdav | 35.188.82.62| | + | | A | files-webdav | 54.194.216.200| |
- | | A | files-s3 | + | |
Verify that Public DNS records are setup correctly: | Verify that Public DNS records are setup correctly: | ||
- | curl -L -k http:// | + | curl -Lk http:// |
- | curl -L -k http:// | + | curl -Lk http:// |
- | curl -L -k http:// | + | |
These commands should resolve the domain name, connect to port 80, get redirected to port 443 and return (part of) the web login page: | These commands should resolve the domain name, connect to port 80, get redirected to port 443 and return (part of) the web login page: | ||
Line 108: | Line 129: | ||
< | < | ||
<!-- title --> | <!-- title --> | ||
- | < | + | < |
<meta content=" | <meta content=" | ||
Line 114: | Line 135: | ||
<meta name=" | <meta name=" | ||
- | ### Change Hostname | + | #### Change Hostname |
- | To update the appliance with the FQDN change to the root user by issuing “sudo bash“ with SSH. As the root user, edit / | + | Change |
- | Change the Azure instance name to your FQDN. | + | echo "files.example.com" |
- | files.example.com | ||
+ | #### Add Inbound Access to Port 8080 | ||
- | ### Start SME Config Server | + | The NAAConfig App is used to set up networking. To access it you will need to open port 8080. |
+ | From the virtual machine resource page within the [[https:// | ||
- | Leave root privilege: | + | * Source - Any |
+ | * Source port ranges -**8080** | ||
+ | * Destination - Any | ||
+ | * Service - Custom | ||
+ | * Protocol - TCP | ||
+ | * Action - Allow | ||
- | | + | #### Start NAAConfig Server |
+ | |||
+ | If you are logged in as root leave root privilege: | ||
+ | |||
+ | | ||
As the smeconfiguser start the configuration server by typing **smeconfigserver**. You should see a confirmation that the config server is running: | As the smeconfiguser start the configuration server by typing **smeconfigserver**. You should see a confirmation that the config server is running: | ||
- | [smeconfiguser@ip-10-0-0-192 | + | [smeconfiguser@files ~]$ smeconfigserver |
Please contact me with a browser on port 8080 | Please contact me with a browser on port 8080 | ||
Hit Ctrl+C when work is done | Hit Ctrl+C when work is done | ||
Line 140: | Line 171: | ||
- | ### Configure Hostname Settings | + | #### Configure Hostname Settings |
- | Here you only need to configure the three domain names. Click " | + | Here you only need to configure the three domain names. Click "**Configuration**" and then "**NAAServer |
Line 148: | Line 179: | ||
After Saving go to the " | After Saving go to the " | ||
+ | |||
+ | {{ : | ||
Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window. | Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window. | ||
- | ### Create SSL Certificates | + | {{ : |
+ | |||
+ | #### Remove Inbound Access to Port 8080 | ||
+ | |||
+ | You can now remove inbound port access to 8080. | ||
+ | |||
+ | #### Create SSL Certificates | ||
This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver service above to add certificates. | This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver service above to add certificates. | ||
Line 157: | Line 196: | ||
Log back into the rebooted appliance: | Log back into the rebooted appliance: | ||
- | ssh -i "FileFabric.pem" smeconfiguser@34.194.216.200 | + | ssh -i "AccessAnywhere.pem" smeconfiguser@34.194.216.200 |
Elevate to the root user (no password required). | Elevate to the root user (no password required). | ||
- | sudo bash | + | sudo su - |
Note: The appliance will be inaccessible during the request which may be up to a minute. | Note: The appliance will be inaccessible during the request which may be up to a minute. | ||
Line 173: | Line 212: | ||
Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation. | Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation. | ||
- | Certbot will automatically detect what FQDNs are setup for the Enterprise File Fabric | + | Certbot will automatically detect what FQDNs are setup for the server |
Which names would you like to activate HTTPS for? | Which names would you like to activate HTTPS for? | ||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
1: files.example.com | 1: files.example.com | ||
- | 2: files-s3.example.com | + | 2: files-webdav.example.com |
- | 3: files-webdav.example.com | + | |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
Select the appropriate numbers separated by commas and/or spaces, or leave input | Select the appropriate numbers separated by commas and/or spaces, or leave input | ||
blank to select all options shown (Enter ' | blank to select all options shown (Enter ' | ||
- | After successful completion, the Enterprise File Fabric | + | After successful completion, the machine |
#### Automatically Certificate Renewal | #### Automatically Certificate Renewal | ||
Line 190: | Line 228: | ||
A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration. | A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration. | ||
- | Please Note: The File Fabric | + | Please Note: The server |
While still logged in as root run the following command to add a cron job. | While still logged in as root run the following command to add a cron job. | ||
Line 196: | Line 234: | ||
crontab -e | crontab -e | ||
- | In the example below the renewal attempt will process at 2: | + | In the example below the renewal attempt will process at 2: |
30 2 * * * / | 30 2 * * * / | ||
Line 202: | Line 240: | ||
This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file. | This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file. | ||
- | Use https:// | + | Use https:// |
- | ## Appliance | + | ## Configure |
- | Open a browser to the the domain name you assigned: | + | Open a browser to the domain name you assigned: |
| | ||
Line 216: | Line 254: | ||
You'll see the following login page: | You'll see the following login page: | ||
- | {{ ::appladmin-login.png?nolink&300 |}} | + | {{ :azure-gettingstarted:naa-login.png? |
- | Log into the appliance | + | Log into the appliance |
User name: appladmin | User name: appladmin | ||
- | | + | |
- | ### License Key | + | ### Change Admin Password (REQUIRED) |
- | Configure your license key under **Settings > License Key**. | + | Select " |
- | A trial key can be requested from https:// | + | After you select " |
- | ### Change Admin Password (Optional) | + | ### License Activation |
- | Select " | + | Register your site key under **Settings > Account Status & License Key**. |
+ | |||
+ | For more information see [[: | ||
### Outbound Email (Recommended) | ### Outbound Email (Recommended) | ||
Line 239: | Line 279: | ||
If you do not configure an email server remember not to use email notification when adding users. | If you do not configure an email server remember not to use email notification when adding users. | ||
+ | #### Using SendGrid for Email | ||
+ | |||
+ | Microsoft has restrictions on sending email from the Azure platform. They recommend using an SMTP relay service such as SendGrid. See [[https:// | ||
+ | |||
+ | An SMTP configuration is: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | Use **Test SMTP options** to test the settings and also check that the test email was received since Azure silently discards emails sent to unsupported servers. | ||
### Change Appliance Admin Email | ### Change Appliance Admin Email | ||
- | With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/ | + | With an SMTP server configured you can change the email of the Appliance Admin which will require a confirmation email. |
+ | |||
+ | Go to the main menu (Hamburger icon) to Password/ | ||
You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen. | You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen. | ||
Line 254: | Line 305: | ||
## Create an Organization | ## Create an Organization | ||
- | An //organization// is a tenant within the appliance and is created by the Appliance Administrator. | + | An organization is an administrative unit for a set of users. It includes policies, storage resources, and permissions for those users. Organizations, also called tenants, are self-managed by their users and not accessible or even visible |
- | + | ||
- | ### Review User Package (Optional) | + | |
- | + | ||
- | The File Fabric platform uses templates for organizations, in order for us to create our organization, we need to pick a template, before we do, let’s review. | + | |
- | + | ||
- | Login as the Appliance Administrator. | + | |
- | + | ||
- | Click “User Packages” | + | |
- | + | ||
- | ### Create Organization | + | |
- | + | ||
- | Login as the Appliance Administrator. | + | |
- | + | ||
- | In the hamburger menu, select “Users” and then "Add a User" | + | |
- | + | ||
- | On the Add a User screen create your Organization admin user. (This will also be your organization.) | + | |
- | + | ||
- | 1. User Login: The Organization short name and superuser' | + | |
- | 1. E-mail: Email address of organizational admin, must be unique to the system, do not use your own. | + | |
- | 1. Password: | + | |
- | 1. Name (Company Name): Full organization name. | + | |
- | 1. Package: The user package template | + | |
- | 1. We do not need to split the license between | + | |
- | + | ||
- | Click Save. | + | |
- | {{ : | + | The appliance administrator creates organizations and provides credentials for the first “Organization Administrator” who will log in to complete the setup of organization policies and users. |
- | ## Setting Up an Organization | + | To create |
- | Log out from the Appliance Admin, appladmin user, and log back in as the user you just created. | + | ## Add Storage |
- | You will first see the “Add Storage Provider” screen. You have to add storage before you can continue. | + | Log out as the appladmin user, and log back in as the user you just created. |
- | Select your provider and follow the instructions on the next couple of screens. See the next section for information on setting up Amazon S3 storage. | + | Select your provider and follow the instructions on the next couple of screens. |
- | ## Cloud Storage Provider | + | See [[cloudproviders: |
- | After logging into the organization you will be prompted to register your cloud storage provider. Choose the provider (for example, [[cloudproviders: | ||
- | ### Azure Storage Provider | ||
- | Enter your Azure Blog Storage account name and key to continue: | + | ## Single Sign-On (Optional) |
+ | An authentication provider can be added to allow users to log in using their corporate credentials. For Azure, we recommend Azure Active Directory. There are two ways to connect. | ||
- | The credentials are validated and a list of buckets in the account are returned. Select the buckets | + | 1. Use [[ldap]] with Azure AD Domain Services if you will be using a [[: |
- | Select and create a new bucket for default data (at the bottom) before selecting Continue. You are then ready to add users! | + | 2. Otherwise use [[: |
- | ## Use Cases | + | ## Next Steps |
Once this is complete you can: | Once this is complete you can: | ||
- | * [[organisationcloud/ | + | * [[admin/ |
- | * [[filesharing|Share files]] | + | |
- | * ... | + | |
For more information see [[index|]] | For more information see [[index|]] |