Roll Out empower® in Your Corporate Cloud

Hosting Option: Corporate Cloud 

Required Permissions: IT Admin 

If you host empower® in your corporate cloud, you need to set up all required resources within your Azure environment.

To simplify this process for you, this article contains detailed instructions as well as an ARM (Azure Resource Manager) template you can use.

ARM templates are a form of infrastructure as code, a concept where you define the infrastructure that needs to be deployed. They use declarative syntax, meaning you define the resources for Azure to deploy without specifying how the resources are created.

The ARM template offered in this article has been designed specifically to set up all required resources within your Azure environment, to fit the needs of empower® and have a high functional and high-performance empower® Backend.

In the following, you will find a step-by-step guide on what exactly to configure in the ARM Deployment Mask and on the SQL Server side.

Note

For further information regarding the setup and deployment of ARM templates, see Create and deploy template spec.

Note

If you need further assistance, contact empower® Support.

Use the ARM Template

If you use the provided ARM template, the following resources are created:

  • SQL Server

  • SQL Database

    • .bacpac file required

  • VM (Virtual Machine)

  • NIC (Network Interface)

  • VNet (Virtual Network)

  • NSG (Network Security Group)

  • IP Address

  • Extension:

    • Anti-Malware

    • Custom script execution (in order to run PowerShell scripts)

      • PowerShell script is loaded from the following link:

        https://madeinoffice.blob.core.windows.net/azure-arm/Account_Policies.ps1   

Step-by-Step Guide for ARM Template Deployment

To deploy the ARM template, follow the following steps:

  1. Download the ARM template via the following link:

    Download ARM Template

    Alternatively, you can copy the template from Copy the ARM Template.

  2. Extract the .zip folder.

    The unzipped folder contains the file Customer_ARM_Template_v2_4.json.

  3. Open the Azure Portal.

  1. In the search bar, search for Template specs.

  2. Choose the option Template specs.

  3. Click on the button Import template (Figure 1, “Section Template specs).

Figure 1. Section Template specs

Section Template specs

  1. Click on the folder symbol (Figure 2, “Import Template”).

  2. Select the template you want to upload.

Figure 2. Import Template

Import Template

  1. In the following section, fill in the required fields (Figure 3, “Fill in Fields for Import”, Figure 4, “Fill in Version Information”).

Figure 3. Fill in Fields for Import

Fill in Fields for Import

Figure 4. Fill in Version Information

Fill in Version Information

  1. Then, click on the button Next: Edit Template.

    Do not make any changes here (Figure 5, “Section Edit Template)!

Figure 5. Section Edit Template

Section Edit Template

  1. Click on the button Next: Tags.

  2. If required, add tags (Figure 6, “Add Tags”).

Figure 6. Add Tags

Add Tags

  1. Click on the button Next: Review + Create.

  2. Here, click on the button Create (Figure 7, “Create Template”).

Figure 7. Create Template

Create Template

  1. Navigate back to the section Template specs.

  2. Select the created template and click on the button Deploy (Figure 8, “Deploy Template”).

Figure 8. Deploy Template

Deploy Template

  1. In the following screen, fill in the required fields (Figure 9, “Fill in Fields for Deployment”).

    For further information regarding the field values, see Fill in Required Fields for Deployment.

  2. Then, click on the button Review + create.

    While the deployment is in progress, you can check it by clicking on Deployment in progress….

Figure 9. Fill in Fields for Deployment

Fill in Fields for Deployment

  1. Once the deployment has finished, check the section Outputs (Figure 10, “Section Outputs).

    Here, you will find the generated host name and the password for the empower_serviceuser.

  2. Save these values for the backend installation.

Figure 10. Section Outputs

Section Outputs

  1. Before you install the empower® Backend on the VM, make sure to perform the following configuration on the SQL server:

    1. Connect to the Azure SQL Server with a tool that can be used for SQL requests, e.g. SQL Server Management Studio.

    2. Create a SQL login.

      The login needs to be created on the master database. The following excerpt provides an example:

      CREATE LOGIN [empower_CustomerName]WITH PASSWORD =
'Enter_Safe_Password_Here'GO

    3. Then, create a user for the previously created login.

      The user needs to be created on the empower® Database. The following excerpt provides an example:

      CREATE USER[empower_CustomerName]FOR LOGIN [empower_CustomerName]WITH DEFAULT_SCHEMA = dbo
GO

    4. Add the empowerRole and the hangfireRole to the SQL user you have created.

      The following excerpt provides an example:

      EXECsp_addrolemember N'empowerRole',
N'empower_CustomerName'GO
EXEC
sp_addrolemember N'hangfireRole',
N'empower_CustomerName'GO

  1. Now, proceed by installing the empower® Backend on your Azure VM.

Important

The empower® Database can be provided either after a finished customizing by your Onboarding Team or will have a raw format in order to perform customizing directly in your environment.

Please note that for the latter, your Onboarding & Professional Services Specialist will need a guest access in your Microsoft Entra ID.

For further information regarding guest users in your Microsoft Entra ID, see Guest User in Microsoft Entra ID.

Note

To set up empower® with Microsoft Entra ID, an app registration in Microsoft Entra ID needs to be created before the installation of the empower® Backend.

For further information regarding the app registration in Microsoft Entra ID for empower®, see Script for App Registration in Microsoft Entra ID.

For further information regarding the installation of the empower® Backend, see Install the empower® Backend (Version >= 9.7).

Note

The user interface in the Azure Portal may change any time. If you are unsure about an aspect, refer to Microsoft documentation.

Fill in Required Fields for Deployment

The following table provides an overview of the fields you need to fill in during deployment and which values are required for those fields:

Field

Description

Required?

Subscription

Select the active subscription model.

Yes

Resource Group

Create a new resource group or choose an existing one.

Yes

Region

This field is filled-in automatically according to the selected resource group.

Yes

Location

This field is filled-in automatically.

Do not change this value!

Yes

Company Name

Enter your company name.

The value must not contain spaces and may have a maximum of 10 characters.

Yes

VM Admin Username

Enter the user name for the administrator account on the VM.

Yes

VM Admin Password

Enter the password for the administrator account on the VM.

Yes

VM Size

Enter the VM size.

For further information from Microsoft, see Größen für virtuelle Computer in Azure.

Yes

Windows OS Version

Enter the Windows operating system version you want to use.

The default value for this field is Windows Data Center 2022.

Yes

Create SQL Resources

Decide whether all required SQL resources should be created upon deployment.

Yes

SQL Server Name

Enter the name for the SQL Server.

If Create SQL Resources is set to true:

Yes

SQL DB Name

Enter the name for the SQL Database.

If Create SQL Resources is set to true:

Yes

SQL Admin User

Enter the login name for the SQL Server Admin User.

If Create SQL Resources is set to true:

Yes

SQL Admin Password

Enter the password for the SQL Server Admin User.

If Create SQL Resources is set to true:

Yes

Storage Account Key

Enter the access key for the uploaded .bacpac file from your blob storage.

To generate the token, navigate to the respective container in the Azure Portal and generate an SAS token.

ARM_DeployTemplate_Generate_Access_Token.png

If Create SQL Resources is set to true:

Yes

Bacpac URL

Enter the URL to access the .bacpac file.

The URL can be copied from the respective Blob Overview.

ARM_DeployTemplate_Copy_bacpac_URL.png

If Create SQL Resources is set to true:

Yes

Copy the ARM Template

As mentioned above, you can download the template via the following link:

Download ARM Template

Alternatively, you can copy the content of the file from the section below:

 
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.24.24.22086",
      "templateHash": "295844188305582502"
    }
  },
  "parameters": {
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Specifies the Azure location where the key vault should be created."
      }
    },
    "companyName": {
      "type": "string",
      "maxLength": 52,
      "metadata": {
        "description": "Please provide your company name without spaces."
      }
    },
    "vmAdminUsername": {
      "type": "string",
      "defaultValue": "empower_admin",
      "metadata": {
        "description": "Please provide the adminUsername without spaces."
      }
    },
    "vmAdminPassword": {
      "type": "securestring",
      "minLength": 24,
      "metadata": {
        "description": "Password for the Virtual Machine."
      }
    },
    "vmSize": {
      "type": "string",
      "defaultValue": "Standard_B2ms",
      "allowedValues": ["Standard_DS1_v2", "Standard_B2s", "Standard_B2ms"],
      "metadata": {
        "description": "The VM size"
      }
    },
    "windowsOSVersion": {
      "type": "string",
      "defaultValue": "2022-Datacenter-smalldisk",
      "allowedValues": [
        "2022-Datacenter-smalldisk",
        "2019-Datacenter-smalldisk"
      ],
      "metadata": {
        "description": "The Windows version for the VM."
      }
    },
    "createSQLResources": {
      "type": "bool",
      "metadata": {
        "description": "Should the SQL-Resources created.? Please check then all Parameters below."
      }
    },
    "sqlServerName": {
      "type": "string",
      "defaultValue": "empowerSQL",
      "metadata": {
        "description": "The name of the SQL Server"
      }
    },
    "sqlDBName": {
      "type": "string",
      "defaultValue": "empower",
      "metadata": {
        "description": "The name of the SQL Database"
      }
    },
    "sqlAdminUser": {
      "type": "string",
      "defaultValue": "Admin_User_for_the_SQLServer",
      "metadata": {
        "description": "The administrator username of the SQL server."
      }
    },
    "sqlAdminPassword": {
      "type": "securestring",
      "defaultValue": "",
      "maxLength": 24,
      "metadata": {
        "description": "The administrator password of the SQL server."
      }
    },
    "storageAccountKey": {
      "type": "securestring",
      "defaultValue": "",
      "metadata": {
        "description": "Specifies the key of the storage account where the BACPAC file is stored."
      }
    },
    "bacpacUrl": {
      "type": "string",
      "defaultValue": "URL_to_BlobContainer_ where_bacpac_file_is_located",
      "metadata": {
        "description": "Specifies the URL of the BACPAC file."
      }
    }
  },
  "variables": {
    "adminUsername": "[parameters('vmAdminUsername')]",
    "dnsLabelPrefix": "[format('empower-{0}', toLower(parameters('companyName')))]",
    "nicName": "empower-NIC",
    "addressPrefix": "10.1.0.0/24",
    "subnetName": "empower-Subnet",
    "subnetPrefix": "10.1.0.0/24",
    "publicIPAddressName": "empower-IP",
    "vmName": "empower",
    "virtualNetworkName": "empower-VNET",
    "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
    "nsgName": "empower-nsg",
    "service_user_pw": "[format('P{0}y.', uniqueString(resourceGroup().id, 'a40d309d-3aad-4828-ab53-17e8e8b88439'))]",
    "scriptLocation": "[format('https://madeinoffice.blob.{0}/azure-arm/', environment().suffixes.storage)]"
  },
  "resources": [
    {
      "type": "Microsoft.Resources/deployments",
      "apiVersion": "2021-04-01",
      "name": "pid-a4869ce2-9844-521e-be75-67e904da97b3",
      "properties": {
        "mode": "Incremental",
        "template": {
          "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
          "contentVersion": "1.0.0.0",
          "resources": []
        }
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2022-07-01",
      "name": "[variables('publicIPAddressName')]",
      "location": "[parameters('location')]",
      "properties": {
        "publicIPAllocationMethod": "Dynamic",
        "dnsSettings": {
          "domainNameLabel": "[variables('dnsLabelPrefix')]"
        }
      }
    },
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2022-07-01",
      "name": "[variables('nsgName')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "empower-services",
            "properties": {
              "description": "Allow inbound traffic for the empower 8 backend",
              "protocol": "*",
              "sourcePortRange": "*",
              "destinationPortRange": "443",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 109,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2022-07-01",
      "name": "[variables('virtualNetworkName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": ["[variables('addressPrefix')]"]
        },
        "subnets": [
          {
            "name": "[variables('subnetName')]",
            "properties": {
              "addressPrefix": "[variables('subnetPrefix')]",
              "networkSecurityGroup": {
                "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
              }
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkSecurityGroups', variables('nsgName'))]"
      ]
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2022-07-01",
      "name": "[variables('nicName')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig1",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]"
              },
              "subnet": {
                "id": "[variables('subnetRef')]"
              }
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]"
      ]
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[variables('vmName')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmSize')]"
        },
        "osProfile": {
          "computerName": "[variables('vmName')]",
          "adminUsername": "[variables('adminUsername')]",
          "adminPassword": "[parameters('vmAdminPassword')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "MicrosoftWindowsServer",
            "offer": "WindowsServer",
            "sku": "[parameters('windowsOSVersion')]",
            "version": "latest"
          },
          "osDisk": {
            "createOption": "FromImage",
            "diskSizeGB": 256
          }
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
      ]
    },
    {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}/{1}', variables('vmName'), 'empowerAntiMalware')]",
      "location": "[parameters('location')]",
      "properties": {
        "publisher": "Microsoft.Azure.Security",
        "type": "IaaSAntimalware",
        "typeHandlerVersion": "1.5",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "AntimalwareEnabled": true,
          "RealtimeProtectionEnabled": "true",
          "ScheduledScanSettings": {
            "isEnabled": "true",
            "scanType": "Quick",
            "day": "7",
            "time": "120"
          }
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]"
      ]
    },
    {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}/{1}', variables('vmName'), 'empowerAccount_Policies_and_Disk_Management')]",
      "location": "[parameters('location')]",
      "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.7",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "fileUris": [
            "[format('{0}Account_Policies_and_Disk_Management.ps1', variables('scriptLocation'))]"
          ],
          "commandToExecute": "[format('powershell.exe -ExecutionPolicy Unrestricted -File Account_Policies_and_Disk_Management.ps1 -pw \"{0}\" ', variables('service_user_pw'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Compute/virtualMachines', variables('vmName'))]"
      ]
    },
    {
      "condition": "[parameters('createSQLResources')]",
      "type": "Microsoft.Sql/servers",
      "apiVersion": "2021-11-01",
      "name": "[parameters('sqlServerName')]",
      "location": "[parameters('location')]",
      "properties": {
        "administratorLogin": "[parameters('sqlAdminUser')]",
        "administratorLoginPassword": "[parameters('sqlAdminPassword')]",
        "version": "12.0"
      }
    },
    {
      "condition": "[parameters('createSQLResources')]",
      "type": "Microsoft.Sql/servers/firewallRules",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}/{1}', parameters('sqlServerName'), 'AllowAllAzureIps')]",
      "properties": {
        "startIpAddress": "0.0.0.0",
        "endIpAddress": "0.0.0.0"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
      ]
    },
    {
      "condition": "[parameters('createSQLResources')]",
      "type": "Microsoft.Sql/servers/databases",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}/{1}', string(parameters('sqlServerName')), string(parameters('sqlDBName')))]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "S1",
        "tier": "Standard",
        "size": "S1",
        "capacity": 20
      },
      "properties": {},
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
      ]
    },
    {
      "condition": "[parameters('createSQLResources')]",
      "type": "Microsoft.Sql/servers/databases/extensions",
      "apiVersion": "2021-11-01",
      "name": "[format('{0}/{1}/{2}', split(format('{0}/{1}', string(parameters('sqlServerName')), string(parameters('sqlDBName'))), '/')[0], split(format('{0}/{1}', string(parameters('sqlServerName')), string(parameters('sqlDBName'))), '/')[1], 'Import')]",
      "properties": {
        "storageKeyType": "SharedAccessKey",
        "storageKey": "[format('?{0}', parameters('storageAccountKey'))]",
        "storageUri": "[parameters('bacpacUrl')]",
        "administratorLogin": "[parameters('sqlAdminUser')]",
        "administratorLoginPassword": "[parameters('sqlAdminPassword')]",
        "operationMode": "Import"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers/databases', split(format('{0}/{1}', string(parameters('sqlServerName')), string(parameters('sqlDBName'))), '/')[0], split(format('{0}/{1}', string(parameters('sqlServerName')), string(parameters('sqlDBName'))), '/')[1])]"
      ]
    }
  ],
  "outputs": {
    "hostname": {
      "type": "string",
      "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName')), '2022-07-01').dnsSettings.fqdn]"
    },
    "service_user_pw": {
      "type": "string",
      "value": "[variables('service_user_pw')]"
    }
  }
}

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.