Manual deployment
Last updated
Last updated
The deployment steps detailed below are intended for manual/local deployment via Bicep. The steps for Azure Marketplace deployment can be found here.
Follow the steps detailed below to deploy the app through bicep deployment, where a PowerShell script is run.
Download the PowerShell files.
Extract the folder and open it in Visual Studio Code (VS Code). The loaded files should look like this:
From the top menu bar, select Terminal -> New Terminal to access the PowerShell terminal window.
This step is required to bypass an execution policy that doesn't allow the ZIP file to work with the PowerShell scripts.
Execute command “powershell -ExecutionPolicy Bypass -File ".\Master.ps1"” in the terminal. This command will execute a PowerShell script named "Master.ps1" while bypassing the execution policy.
The system will display a variety of prompts. Provide the information as requested. More details regarding the prompts are provided below.
Follow the steps below to find your subscription ID:
Type “Subscriptions" in the Azure portal search bar and select said option as it appears.
Once on the page, you will see a list of subscriptions displayed. Select the subscription used earlier/you want to deploy your resources to.
Copy the subscription ID as shown below.
In the PowerShell terminal, paste/enter the subscription ID from the previous step.
After completing one prompt, another will enter. In this case, it will now prompt you to enter your tenant ID.
Navigate to your Azure Active Directory --> Overview and copy the tenant ID as shown below. Paste/enter the ID into the PowerShell terminal.
Log into Azure (with the account used in the previous steps).
Follow the steps below to find the name of your resource group:
Type “Resource groups" in the search bar of the Azure home page and select said option as it appears.
Once on the page, you will see a list of resource groups displayed. Select the resource group that you have created earlier/want to deploy your resources to.
Find the name of your resource group at the top left corner of your page.
Enter the resource group name in the PowerShell terminal like the previous steps.
Create and enter a name for your application. The names for all underlying Azure resources will be based on this application name. For example, if you want to deploy a web app for admin, it will be deployed as admin-<YourAppName>-web-app.
Choose an SKU that fits your needs. Example inputs: B1, B2, S1, S2, etc.
This client ID is obtained from the overview page of the app registration previously created for the EmbedFAST API as part of the pre-deployment steps. Follow the steps below to find your client ID:
Type “App registrations" in the Azure portal search bar and select said option as it appears.
Click on Owned applications to see a list of applications you registered, including the ones for the API and Power BI Service done in the pre-deployment steps.
Next to the Display name column is the Application (client) ID column which contains the information needed. Find the application registration created for the EmbedFAST API on the list and note down its client ID.
Alternatively, clicking the app's name takes you to its summary page where you can also find the client ID and copy it directly to your clipboard.
This application ID is obtained from the overview page of the app registration previously created for the Power BI Service as part of the pre-deployment steps.
Note:
You can follow steps 1-3 detailed above to obtain your service principal application ID for the Power BI Service. After step 3, find the application registration created for the Power BI Service on the list and note down its client ID.
The object ID is obtained from the enterprise application created for the Power BI Service, which is created by default once we create an app registration for it. Follow the steps below to find the ID:
Type "Enterprise applications" in the Azure portal search bar and select said option as it appears.
Search for the name of the app registration created for Power BI Service in the search bar. Your enterprise application will be under the same name.
Click on the application's name to access its details page.
Copy the object ID from the Object ID field displayed on the application details page, as shown below.
On the same page where the object ID was obtained from, you can find the name of your service principal at the top left corner of your page.
Follow the steps below to create a client secret:
Note: The client secret will only be visible at the time of creation. Take note of it and store it securely for future use for whenever the client secret is required.
Navigate to the App registrations page as shown in the Enter your subscription ID step.
Search for the application created for the Power BI Service once on this page.
Click on the application's name to access its details page.
Select Certificates & secrets (under Manage) from the left pane.
Click on New client secret to create a client secret.
Click on Add to add a client secret. Enter a description and select when the secret expires.
Copy the value of the newly created client secret as shown below.
Reminder: Take note of the client secret and store it securely for future use for whenever it is required. The client secret is only visible at the time of creation and will NOT be visible again.
Enter the sender email: Provide an email address. This email will be used for sending subscription emails to other users.
Enter the sender email password: Provide the password for the email address provided in the previous step.
Enter the SQL admin login username: Provide the username you use for logging into the database as a SQL Admin.
Enter the SQL admin login password: Provide the password for the username login provided in the previous step.
After entering a database login password, a menu displaying various options to deploy resources to Azure will appear.
A pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).
This option will initiate the deployment of all the resources one by one in a sequential manner, as outlined below.
The code imports multiple module files to deploy different Azure resources:
The ‘SQLDB’ module will deploy SQL DB using SQL Script.
The ‘FunctionApp’ module deploys a function app to Azure using the provided parameters.
The ‘AdminWebApp’ module deploys an admin web app application using the provided parameters.
The ‘AdminAppInsights’ module deploys application insights for the admin web app application, with a dependency on the ‘AdminWebApp’ module.
The ‘WebApp’ module deploys a user web application using the provided parameters.
The ‘UserAppInsights’ module deploys application insights for the user web application, with a dependency on the ‘WebApp’ module.
The ‘KeyVault’ module deploys a key vault, with dependencies on both the ‘AdminWebApp’ and ‘WebApp’ modules.
The ‘blob’ module deploys a blob storage resource.
The ‘Role’ module will provide access to all the webapps and function app to blob storage.
The code includes output variables ‘AdminWebAppObjectId’ and ‘UserWebAppObjectId’ that capture the object IDs of the deployed web applications.
On selecting option 2, a pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).
A menu displaying the available deployment options numbered from 1 to 8 will appear. You are prompted to enter an option:
For options 1 to 6, a Bicep script is executed to deploy Azure resources. The code utilizes the ‘New-AzResourceGroupDeployment’ cmdlet to deploy resources according to the selected option. It uses a Bicep template and parameter files to configure the deployment.
Option 1: Azure SQL Database with bacpac
This option initiates the deployment of an Azure SQL Database using a bacpac file.
Option 2: Azure Web Application & Azure Key Vault:
Selecting this option initiates the deployment of an Azure Web Application and an Azure Key Vault.
Option 3: Admin Azure App Insights:
This option triggers the deployment of Azure Application Insights for the Admin web application.
Option 4: User Azure App Insights:
Selecting this option initiates the deployment of Azure Application Insights for the user web application.
Option 5: Azure blob storage:
This option deploys the Azure Blob Storage.
Option 6: Azure Role Based Access for connection between WebApp, KeyVault and Blob.
A role resource deployment is initiated. The code performs necessary actions to deploy roles that require admin access.
If option 7 is selected, it allows the you to go back to the previous menu.
If option 8 is selected, you will exit the program.
On selecting option 3, a menu with the following options will appear where you are prompted to enter a selection. You should select the options in order as per the numbering:
Option/step 1: The code initiates the publishing process for the admin web application. It uses the ‘Publish-AzWebApp’ cmdlet to publish the build from the specified archive path to the admin web application.
Option/step 2: The code initiates the publishing process for the build to the function application.
Option/step 3: The code initiates the publishing process for the build to the web application.
Option/step 4: It takes you back to the main menu.
Option/step 6: The code exits the program.
For any other invalid option: An error message is displayed, indicating that an invalid value was provided.
This option will:
Add your client IPv4 address to Set Server Firewall.
Grant the necessary permissions to the service principal app registration on the Database. It will give admin access on the Database created.
Add the Power BI App Service principal as an external Azure AD user.
A pre-run validation function will perform resource validation. This function is designed to be used before executing a run, primarily to ensure the availability or correctness of any required resources with the same name that have been previously deployed.
