search
About UsTrust and Security

Configuring all Azure Resources

Below describes the complete configuration of all Azure components in the customer's Azure environment.

hashtag
Azure App Service configuration

The full archive setup and configuration are performed within the Azure App Service. To proceed, you will need the deployment package file.

file-archive
20MB
ArchiveConnector.zip
archive
arrow-up-right-from-squareOpen

Once you have the file, follow these steps to complete the deployment.

  1. Deploy the ZIP file to the Azure App Service by following the steps below.

  2. Go to the settings of your Azure Web App. Under Developer Tools and open Advanced Tools.

  1. Click on Go and a new web browser TAB will be opened.

  2. Click Debug console > CMD.

  1. Go to directory (\home\site\wwwroot).

  1. In this directory (\home\site\wwwroot), the ZIP file should be deployed.

  2. You can do this by Drag and Drop the ZIP file into this directory.

  1. The ZIP file will be automatically extracted into the wwwroot folder.

  2. After the ZIP file is deployed you can edit / modify the appsettings.json file.

  3. The purpose of this appsettings.json file is to configure the complete archive setup when there is no Key Vault available at the customer site.

circle-info

Please avoid configuring settings directly in appsettings.json file instead please utilize Key Vault or app service configuration, or both. Before deploying a new archive connector, ensure a backup of appsettings.json is created. If not using it, ensure all settings are commented.

hashtag
Editing the app.settings JSON file

  1. Please open the appsettings.json file.

  1. Ensure the different sections are commented out by adding the underscore (_) before each setting.

circle-info

Do this for every section and key in the appsettings.json file.

hashtag
Web App Configuration

  1. Add a new configuration setting by clicking on Settings and Environment Variables then click on Add.

hashtag
Create the following Web Application settings

Application Setting for Database

  • Name: Database:CreateUpdateDatabase.

  • Value: true.

Application Setting for Keyvault

  • Name: KeyVault:Name.

  • Value: keyvault-cpro-archive.

circle-info

Please use your own created Key Vault name value.

Application Setting for Storage Account

  • Name: StorageAccount:StorageName.

  • Value: storagecproarchive.

circle-info

Please use your own created storage account name value.

Application Setting for Search Index URL

  • Name: SearchIndex:IndexUri.

  • Value: https://search-ai-cpro-archive.search.windows.net.

The value of the SearchIndex:IndexUri can be found in the Azure AI Search.

Application Setting for Search Index Name

The index will be created automatically upon the creation of the Azure AI Search.

  • Name: SearchIndex:IndexName.

  • Value: cprosearchindex.

circle-info

Please use your own created Index Name value.

hashtag
Setting up Managed Identity on the Web App

To enable Managed Identity on the Web App:

  1. In the Settings dropdown select Identity.

  2. Set Status to On.

  3. Click on Save.

Key Vault access always uses Managed Identity and below is a description of how to set up Azure role-based access control on the Azure Key Vault.

  1. Select the Azure Key Vault and click on Access configuration.

  2. Select Azure role-based access control (recommended).

  1. Go to Access control (IAM) and click on Add > Add role assignment.

  1. Click on Job function roles and search for Key Vault Reader from the search bar. Select Key Vault Reader and click on the Next button.

  1. From the Members section, click on select members and a window on the right appears to select members. Search for the Azure Web App you have created.

  1. Click on Review + assign button.

  1. Repeat the Add role assignment for the role Key Vault Secret User.

hashtag
Adding the database connection string to the Key Vault

circle-info

In order to create any secrets in the Key Vault. Please ensure that you have enough user rights.

  • Name: ConnectionStrings—ArchiveContext.

  • Secret value:

    • Data Source=tcp:mydb.database.windows.net,1433;Initial Catalog=the-archive-catalog;User Id=mydbaccount;Password=verysecret

The database user specified should have the following access rights on the database:

  • DDL writer/reader access because it will create the database upon application startup.

If needed, these access rights can be revoked after the first successful startup.

hashtag
Azure AI Search configuration

Azure AI Search uses Managed Identity and below is a description of how to set up Azure role-based access control on the Azure AI Search.

  1. Select the AI Search and go to Access Control (IAM) and click on Add > Add role assignment.

  1. Add the role Search Index Data Contributor.

  1. Add the role Contributor role (under tab Privileged administrator roles).

  1. Change the Keys setting of the Cognitive Search resource.

  2. In the search service, click on Keys and select Role-based access control.

hashtag
Azure Storage Account configuration

The Azure Storage Account is responsible for storing all documents in the archive. Therefore, the following settings must be applied:

  1. Create a new container in the Storage Account (example: cparchive).

  1. Select the Web App and click on the Configuration and add a new application setting.

  • Name: StorageAccount:ContainerName.

  • Value: cparchive.

  1. The Azure Storage Accounts also work with Managed Identity, and you have to set the correct role rights so the Azure Web App can have access to the Azure Storage container you have just created.

  2. Select the Storage account and go to Access Control (IAM) and click on Add > Add role assignment.

  1. Add the role Storage Blob Data Contributor.

hashtag
Azure Service Bus configuration

circle-info

The Azure Service Bus will be configured in the CumulusPro Azure environment. CumulusPro Professional Services will take care of the settings below.

Create two new Queues in the Azure Service Bus. The archive-result is a mandatory queue and must have this name:

  1. Select the Azure Service Bus and click on Queues.

  2. Add a new Queue named archive-result.

  1. Add another queue and you can use your own name.

  2. Add a new Queue named archivecpro.

The following queues are now created:

  1. Add the newly created Azure Servicebus queue to the Azure Web Application settings.

  2. Select the Web App and click on the Configuration and add a new application setting.

  • Name: ServiceBus:QueueName.

  • Value: cparchivesetup.

hashtag
Service bus Shared Access Policy

Create a Share Access Policy on the service bus:

  1. Select the Service Bus Namespace and click on the Shared access policies and add a New SAS Policy.

  2. Add the access policies Send and Listen.

Add the Primary Connection String to the Key Vault.

  1. Click on sharedcpro to open the configuration.

  2. Copy the Primary Connection String which is needed for the Key Vault setting.

  1. Select the Key Vault and click on the Secrets and add a new secret by clicking on Generate/Import.

  1. Create a secret:

  • Name: ServiceBus—ConnectionString.

  • Secret value:

    • The primary connection string you copied earlier.

  • Example:

    • Endpoint=sb://servicebuscproarchive.servicebus.windows.net/;SharedAccessKeyName=sharedcpro;SharedAccessKey=......

  1. You will now have the following secrets in Key Vault.

hashtag
API Management Configuration

If the Azure API Management is used, then the following API calls to the archive connector need to be configured.

The curl commands below do not include the body or the Authorization (Bearer Token).

Highlighted parts are parameters that change between calls:

Last updated