Microsoft Azure Deploy Tasks

Deploying to Microsoft Azure involves the following tasks:

Topics

Before You Begin
Microsoft Azure Deployment Tasks
Post Deployment Tasks

Before You Begin

You’re familiar with Azure GUI and CLI, commands and concepts.
Wherever possible both the UI and CLI instructions are provided.

Microsoft Azure Deployment Tasks

Process Overview

Creating an instance of Access Gateway within Microsoft Azure requires the creation of a VM and then associating that VM with a disk image. Microsoft requires the use of fixed size disk files, as such the Access Gateway disk must be expanded to its full size before being used. Expanding the provided disk locally would require an upload to Microsoft Azure which is greater than 200gb. To avoid this a second temporary VM is created, and this temporary VM is used to create a disk in the Microsoft Azure Cloud. The Access Gateway Microsoft Azure disk image is then copied directly to the disk associated with the VM, expanded and then attached to the second, actual Access Gateway VM. The original, temporary VM, is then deleted to conserve resources.

Tasks

Task	Description	Related Topic(s)
Install and configure Microsoft Azure CLI	The Microsoft Azure Command line utility is used extensively through the MS Azure deployment process.	Install and Configure Microsoft Azure Command Line interface
Define an resource group	Microsoft Azure uses resource groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to contain related resources. Access Gateway VM and disk must be created within the same resource group.	Define Resource Group
Create Temporary VM	To create a VM in Microsoft Azure we must define a virtual machine and associate it with a previously uploaded disk image.	Create Disk Host VM
Prepare Temporary Disk	The Temporary VM is used for the purpose of creating a disk to contain the OAG image. This task walks through that process.	Prepare Temporary VM Disk
Create and populate managed disk	Upload Microsoft Azure disk to the new disk and decompress. Using the Microsoft Azure CLU and AZcopy create a manage disk and copy the uncompressed image to it.	Upload, create and populate managed disk
Create Access Gateway VM	Create a virtual machine and attach it to the previously created disk.	Create VM
Open Ports	Open port 80 and 443 to new VM.	Configure Networking
Cleanup	Clean up an the temporary VM and disk.	Cleanup

Post Deployment Tasks

All deployments of Access Gateway require a set of common tasks including:

Task	Description	Related Topic(s)
First Login	Reset the Access Gateway command line interface password. Reset the virtual appliance at the command line.	First login to Command Line Console Initialize Access Gateway Command line
Determine the IP Address assigned and configure DNS	Determine Access Gateway IP address. Configure required /etc/hosts adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. entry Configure required DNS entries.	Determine Access GatewayIP address, for non-AWS instances. Configure Admin /etc/hosts entry ConfigureAccess Gateway DNS
Initialize Access Gateway	Initialize the cookie domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). and instance hostname.	Initialize Access Gateway Console
Configure an identity provider	Configure Okta tenant as identify provider Setup SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. Access.	Configure your Okta tenant as an Identity Provider
Configure SAML access to Access Gateway from your Okta tenant	Configure Okta Tenant to allow access to Access Gateway using SAML.	Configure Administration Access using SAML

Important

When creating a set of Access Gateway nodes, for use in a High Availability ClusterA group of computer instances (physical or virtual) within a given infrastructure used together for a single purpose., care should be taken to name the nodes appropriately.
Note also, node names must be resolvable between Access Gateway instances other before configuring High Availability.

Top