Microsoft Azure deploy tasks

Deploying to Microsoft Azure involves the following tasks:

Topics

Before you begin
Microsoft Azure deployment tasks
Post deployment tasks

Before you begin

You’re familiar with Azure GUI and CLI, commands, and concepts.
Wherever possible both the UI and CLI instructions are provided.

Microsoft Azure deployment tasks

Process overview

To create an instance of Access Gateway within Microsoft Azure, you must create a VM and then associate it with a disk image. Microsoft requires the use of fixed size disk files. So, disks, such as the Access Gateway disk, must be expanded to their full size before being used. Expanding the provided disk locally would require an upload to Microsoft Azure, which is greater than 200gb. To avoid this, create a second temporary VM, and use it to create a disk in the Microsoft Azure Cloud. Next, directly copy the Access Gateway Microsoft Azure disk image to the disk associated with the VM, expanded and then attached to the second, actual Access GatewayVM. The original, temporary VM, is then deleted to conserve resources.

Tasks

Task	Description	Related Topics
Install and configure Microsoft Azure CLI	The Microsoft Azure command line utility is used extensively through the MS Azure deployment process.	Install and Configure Microsoft Azure command line interface
Define an resource group	Microsoft Azure uses resource groups to contain related resources. Access Gateway VM and disk must be created within the same resource group.	Define resource group
Create Temporary VM	To create a VM in Microsoft Azure we must define a virtual machine and associate it with a previously uploaded disk image.	Create Disk Host VM
Prepare Temporary Disk	The Temporary VM is used for the purpose of creating a disk to contain the OAG image. This task walks through that process.	Prepare temporary VM disk
Create and populate managed disk	Upload Microsoft Azure disk to the new disk and decompress. Use the Microsoft Azure CLU and AZcopy to create a manage disk and copy the uncompressed image to it.	Upload, create and populate managed disk
Create snapshot and replicate	Create a disk snapshot and then replicate disks as required for clustering. This step is only required if creating an Access Gateway cluster.	Copy disk
Create Access Gateway VM	Create a virtual machine and attach it to the previously created disk.	Create VM
Open Ports	Open port 80 and 443 to new VM.	Configure networking
Cleanup	Clean up the temporary VM and disk.	Cleanup

Post deployment tasks

All Access Gateway deployments require a set of common tasks:

Task	Description	Related Topics
First sign in	Reset the Access Gateway Management console password. Reset the virtual appliance at the command line.	First sign in to command line console Initialize Access Gateway command line
[Optional but recommended] Specify the hostname	Access Gateway defaults to a known gateway hostname which can be changed.	Set Access Gateway instance hostname
[Optional] Specify a fixed IP address	Many installations require Access Gateway to use a fixed known IP address.	Set Access Gateway instance IP address
[Optional] Specify DNS servers	Many installations use a split DNS process where multiple DNS servers are required.	Set Access Gateway DNS Servers
[Optional] Specify proxy	Some installations require a proxy server for Access Gateway	Set Access Gateway proxy server
Determine the IP Address assigned and configure DNS	Determine Access Gateway IP address. Configure required /etc/hosts admin entry. Configure required DNS entries.	Determine Access Gateway IP address for non-AWS instances. Configure admin /etc/hosts entry Configure Access Gateway DNS
First login to the Access Gateway Admin UI console	Connect to the Access Gateway Admin UI console and reset the default password.	First sign in to Access Gateway Admin UI console
Initialize Access Gateway	Initialize the cookie domain and instance hostname.	Initialize Access Gateway console
Configure an identity provider	Configure Okta tenant as an identify provider.	Configure your Okta tenant as an identity provider
Configure SAML access to Access Gateway from your Okta tenant	Configure Okta tenant to allow access to Access Gateway using SAML.	Add an Access Gateway Admin UI console application
Review security best practices	Examine and execute a set of common Access Gateway security best practices.	Security best practices

Important

When creating a set of Access Gateway nodes for use in a high availability cluster, ensure that nodes are named appropriately.
Also, node names must be resolvable between Access Gateway instances before configuring high availability.

High availability and load balancer tasks

Organizations which are implementing high availability and load balancing will also want to perform the following tasks.

Task	Description	Related Topics
Configure Load Balancer	Configure a load balancer and related health checks.	Configure Microsoft Azure load balancers
Manage TLS termination	Determine where certificates and TLS will be managed.	Managing SSL/TLS termination