# Manual deployment
{% hint style="warning" %}
The deployment steps detailed below are intended for **manual/local deployment via Bicep**. The steps for Azure Marketplace deployment can be found [here](/embedfast-technical-documentation/setting-up/deployment/deploy-from-azure-marketplace.md).
{% endhint %}
## **Load the Bicep and PowerShell files to Visual Studio Code**
Follow the steps detailed below to deploy the app through bicep deployment, where a PowerShell script is run.
1. To initiate the deployment of the EmbedFAST offer, please contact the [MAQ support team](mailto:embedfastdev@maqsoftware.com) for assistance.
2. Extract the folder and open it in Visual Studio Code (VS Code). The loaded files should look like this:
### **Open a terminal window**
From the top menu bar, select **Terminal** -> **New Terminal** to access the PowerShell terminal window.
## **Execute the PowerShell script while bypassing the execution policy**
This step is required to bypass an execution policy that doesn't allow the ZIP file to work with the PowerShell scripts.
1. Execute command “***powershell -ExecutionPolicy Bypass -File ".\Master.ps1"***” in the terminal*.* This command will execute a PowerShell script named "Master.ps1" while bypassing the execution policy.
2. The system will display a variety of prompts. Provide the information as requested. More details regarding the prompts are provided below.
### **Enter your subscription ID**
Follow the steps below to find your subscription ID:
1. Type “**Subscriptions**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
2. Once on the page, you will see a list of subscriptions displayed. Select the subscription used [earlier](https://maqsoftware.gitbook.io/embed-fast-technical-documentation/setting-up/prerequisites/set-up-power-bi-and-azure#owner-role-within-the-azure-subscription) you want to deploy your resources to.
3. Copy the subscription ID as shown below.
4. In the PowerShell terminal, paste/enter the subscription ID from the previous step.
5. After completing one prompt, another will enter. In this case, it will now prompt you to enter your tenant ID.
### **Enter your tenant ID**
Navigate to your **Azure Active Directory** --> **Overview** and copy the tenant ID as shown below. Paste/enter the ID into the PowerShell terminal.
### **Log into Azure through the PowerShell pop-up window**
Log into Azure (with the account used in the previous steps).
### **Enter your resource group name**
Follow the steps below to find the name of your resource group:
1. Type “**Resource groups**" in the search bar of the Azure home page and select said option as it appears.
2. Once on the page, you will see a list of resource groups displayed. Select the resource group that you have created [earlier](https://maqsoftware.gitbook.io/embed-fast-technical-documentation/setting-up/prerequisites/set-up-power-bi-and-azure#resource-group) want to deploy your resources to.
3. Find the name of your resource group at the top left corner of your page.
4. Enter the resource group name in the PowerShell terminal like the previous steps.
### **Enter your application name**
Create and enter a name for your application. The names for all underlying Azure resources will be based on this application name. For example, if you want to deploy a web app for admin, it will be deployed as **admin-<*****YourAppName*****>-web-app.**
### **Enter the SKU Name**
Choose an [SKU](https://azure.microsoft.com/en-us/pricing/details/app-service/windows/) that fits your needs. Example inputs: B1, B2, S1, S2, etc.
### **Enter your client ID**
This client ID is obtained from the overview page of the app registration previously created for the EmbedFAST API as part of the pre-deployment steps. Follow the steps below to find your client ID:
1. Type “**App registrations**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
3. Click on **Owned applications** to see a list of applications you registered, including the ones for the API and Power BI Service done in the pre-deployment steps.
4. Next to the **Display name** column is the **Application (client) ID** column which contains the information needed. Find the application registration created for the EmbedFAST API on the list and note down its client ID.
5. Alternatively, clicking the app's name takes you to its summary page where you can also find the client ID and copy it directly to your clipboard.
### **Enter your service principal client ID**
This application ID is obtained from the overview page of the app registration previously created for the Power BI Service as part of the pre-deployment steps.
{% hint style="info" %}
**Note:**
You can follow steps 1-3 [detailed above](#enter-your-azure-a-d-client-id) to obtain your service principal application ID for the Power BI Service. After step 3, find the application registration created for the Power BI Service on the list and note down its client ID.
{% endhint %}
### **Enter your service principal object ID**
The object ID is obtained from the enterprise application created for the Power BI Service, which is created by default once we create an app registration for it. Follow the steps below to find the ID:
1. Type "**Enterprise applications**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
3. Search for the name of the app registration created for Power BI Service in the search bar. Your enterprise application will be under the same name.
4. Click on the application's name to access its details page.
5. Copy the object ID from the **Object ID** field displayed on the application details page, as shown below.
### **Enter your service principal name**
On the same page where the [object ID](#enter-your-service-principal-object-id) was obtained from, you can find the name of your service principal at the top left corner of your page.
### **Enter your service principal client secret**
Follow the steps below to create a client secret:
{% hint style="warning" %}
**Note: The client secret will only be visible at the time of creation.** Take note of it and store it securely for future use for whenever the client secret is required.
{% endhint %}
1. Navigate to the **App registrations** page as shown in the [Enter your subscription ID](#enter-your-subscription-id) step**.**
2. Search for the application created for the Power BI Service once on this page.
3. Click on the application's name to access its details page.
4. Select **Certificates & secrets** (under Manage) from the left pane.
5. Click on **New client secret** to create a client secret.
6. Click on **Add** to add a client secret. Enter a description and select when the secret expires.
7. Copy the value of the newly created client secret as shown below.
{% hint style="warning" %}
**Reminder:** Take note of the client secret and store it securely for future use for whenever it is required. The client secret is only visible at the time of creation and will **NOT** be visible again.
{% endhint %}
### **Enter Email Client**
1. Email Client must be either **SMTP** or **SendGrid**.
2. If you enter **SMTP**, you will be prompted to enter the **Email Password**.
3. If you enter **SendGrid**, you will be prompted to enter the **SendGrid API Key**.
**Enter the sender email**
Provide an email address. This email will be used for sending subscription emails to other users.
**Enter the sender email password (If email client is SMTP)**
Provide the password for the email address provided in the previous step.
**Enter the SendGrid API key (If email client is SendGrid)**
Provide the SendGrid API key.
## **Enter Capacity resource group**
1. Enter the name of the resource group in which the capacity is present. This resource group name will be used for capacity.
### **Other details**
* **Enter the SQL admin login username:** Provide the username you use for logging into the database as a SQL Admin.
* **Enter the SQL admin login password:** Provide the password for the username login provided in the previous step.
### **Enter Open AI API Key (This field is not mandatory)**
1. Type “**Azure AI Foundry**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
2. Select **Azure AI Foundry** and go to youe AI Foundry resource.
3. Within this resource, select **Click here to view endpoints**.
4. Copy and paste **Key 1** into Open AI API Key.
### **Enter Open AI Client (This field is not mandatory)**
1. Type “**Azure AI Foundry**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
2. Select **Azure AI Foundry** and go to youe AI Foundry resource.
3. Within this resource, select **Click here to view endpoints**.
4. Click **OpenAI**, then select and copy the **first endpoint** displayed.
### **Enter GPT Model (This field is not mandatory)**
1. Type “**Azure AI Foundry**" in the [Azure portal](https://portal.azure.com) search bar and select said option as it appears.
2. Select **Azure AI Foundry** and go to youe AI Foundry resource.
3. Within this resource, click the **Go to Azure AI Foundry portal** button.
4. In the **Azure AI Foundry portal**, select **Model + endpoints** from the left pane.
.png)
5. You will find the **GPT model name** displayed on this page.
## **Resource Deployment Options**
After entering a database login password, a menu displaying various options to deploy resources to Azure will appear.
### **Option 1:** Deploy all resources in one go
* A pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).
* This option will initiate the deployment of all the resources one by one in a sequential manner, as outlined below.
* The code imports multiple module files to deploy different Azure resources:
* The ‘**SQLDB**’ module will deploy SQL DB using SQL Script.
* The ‘**FunctionApp**’ module deploys a function app to Azure using the provided parameters.
* The ‘**AdminWebApp**’ module deploys an admin web app application using the provided parameters.
* The ‘**AdminAppInsights**’ module deploys application insights for the admin web app application, with a dependency on the ‘AdminWebApp’ module.
* The **‘WebApp**’ module deploys a user web application using the provided parameters.
* The ‘**UserAppInsights**’ module deploys application insights for the user web application, with a dependency on the ‘WebApp’ module.
* The ‘**KeyVault**’ module deploys a key vault, with dependencies on both the ‘AdminWebApp’ and ‘WebApp’ modules.
* The ‘**blob**’ module deploys a blob storage resource.
* The ‘**Role**’ module will provide access to all the webapps and function app to blob storage.
* The ‘**Service Bus**’ module deploys service bus resource and queues using the provided parameters.
* The code includes output variables ‘**AdminWebAppObjectId**’ and ‘**UserWebAppObjectId**’ that capture the object IDs of the deployed web applications.
### **Option 2: Deploy resources one by one**
* On selecting option 2, a pre-run validation function will be triggered to validate that will perform the resources (check for any existing resources with the same name already exists).
* A menu displaying the available deployment options numbered from 1 to 8 will appear. You are prompted to enter an option:
* For options 1 to 7, a Bicep script is executed to deploy Azure resources. The code utilizes the ‘**New-AzResourceGroupDeployment**’ cmdlet to deploy resources according to the selected option. It uses a Bicep template and parameter files to configure the deployment.
* **Option 1**: Azure SQL Database with bacpac
* This option initiates the deployment of an Azure SQL Database using a bacpac file.
* **Option 2**: Azure Web Application & Azure Key Vault:
* Selecting this option initiates the deployment of an Azure Web Application and an Azure Key Vault.
* **Option 3**: Admin Azure App Insights:
* This option triggers the deployment of Azure Application Insights for the Admin web application.
* **Option 4**: User Azure App Insights:
* Selecting this option initiates the deployment of Azure Application Insights for the user web application.
* **Option 5**: Azure blob storage:
* This option deploys the Azure Blob Storage.
* **Option 6**: Azure Role Based Access for connection between WebApp, KeyVault and Blob.
* A role resource deployment is initiated. The code performs necessary actions to deploy roles that require admin access.
* **Option 7**: Azure Service Bus and Queues:
* Selecting this option initiates the deployment of Azure Service Bus and Queues.
* If **option 8** is selected, it allows the you to go back to the previous menu.
* If **option 9** is selected, you will exit the program.
### **Option 3:** Publish SDK Build to WebApp one by one
* On selecting option 3, a menu with the following options will appear where you are prompted to enter a selection. You should select the options in order as per the numbering:
* **Option/step 1**: The code initiates the publishing process for the admin web application. It uses the **‘Publish-AzWebApp**’ cmdlet to publish the build from the specified archive path to the admin web application.
* **Option/step 2**: The code initiates the publishing process for the build to the function application.
* **Option/step 3**: The code initiates the publishing process for the build to the web application.
* **Option/step 4**: It takes you back to the main menu.
* **Option/step 5**: The code exits the program.
* For any other invalid option: An error message is displayed, indicating that an invalid value was provided.
### **Option 4**: Deploy and Publish UI resources.
* This option will:
* **Option/step 1**: This option triggers the deployment of UI App Insights.
* **Option/step 2**: The code initiates the publishing process for the build to the UI service.
* **Option/step 3**: It takes you back to the main menu.
* **Option/step 4**: The code exits the program.
### **Option 5**: Perform Post Deployment Operation.
This option will:
* Add your client IPv4 address to Set Server Firewall.
* Grant the necessary permissions to the service principal app registration, User API web app, Admin API web app, and Function app. It will give admin access on the Database created.
* Add the Power BI App Service principal as an external Azure AD user.
### **Option 6: Validate Resources**
A pre-run validation function will perform resource validation. This function is designed to be used before executing a run, primarily to ensure the availability or correctness of any required resources with the same name that have been previously deployed.
***
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://maqsoftware.gitbook.io/embedfast-technical-documentation/setting-up/deployment/manual-deployment.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.