How to deploy SquaredUp DS for Azure from the Azure Marketplace

Which installation method should I choose?

There are a couple of options for installing SquaredUp DS for Azure:

Deployment via the Azure Marketplace
Installation via the installer

The easiest way to install SquaredUp DS for Azure is via the Azure Marketplace.

Use the installer if you don't want to use the Marketplace (for example, because you want to install SquaredUp DS for Azure on an existing Azure virtual machine, a VM outside of the tenant you're connecting to, on a non-Azure machine, or because of security factors).

For step-by-step information about installingSquaredUp DS for Azure using the downloadable installer please see How to install SquaredUp DS for Azure using the installer.

What you need

An Azure Active Directory global admin account, or account that can deploy applications to Azure Active Directory (AD).

Where to deploy

The Marketplace deployment will create a Windows virtual machine with the minimum requirements and lead you through the configuration process.
The location of the SquaredUp server has no bearing on the Azure resources you will be able to see and dashboard in SquaredUp DS. You will be able to select the relevant Azure tenant during the setup process.

What we create

A virtual machine in your Azure tenant, running our web application and IIS, with a small data disk and a public IP address.
A read-only Azure application in your Azure AD that will populate your dashboards by querying Azure APIs
SquaredUp DS has a number of prerequisites that will be automatically installed by the setup process (e.g. the IIS Web Server role)

The installer makes some changes to Azure Active Directory to give SquaredUp DS permission to access the Graph API. These steps occur automatically. To read about what modifications are made during setup and why please see Reference - Azure Active Directory modifications

Azure Marketplace

Browse to the Azure Marketplace using this link to deploy SquaredUp DS.
A 30 day trial key will automatically be sent to the account with which you are logged in to the Azure portal. This license key will be used during the SquaredUp DS setup wizard later. If you do not receive a license key please contact SquaredUp Support.
If you have not already signed in, sign in with an Azure Active Directory global admin account, or account that can deploy applications to Azure AD.
Click on the Get it now button.
Enter your contact details and click Continue.
Click the Create button.
Select the Subscription you wish to use.
Select an existing Resource Group, or create a new one.
Select a suitable region, close to where most of the SquaredUp DS users will be located.
Accept the suggested virtual machine name or rename if you prefer.
Windows computer names cannot be more than 15 characters long in Azure, or contain special characters other than "-".
The default virtual machine size suggested is based on a small test environment. If you are deploying for production use please select the appropriate virtual machine size required. See System Requirements, Server Spec and Sizing
Click the Next button to move on to Administration.
Here you need to enter details to create a new administrator account for the new Windows VM. You will not need this to use SquaredUp DS, but you will need it later to access the new VM, for example to update SquaredUp DS or view diagnostics logs.
Click the Next button to move on to Networking.
A public IP address is required and will be created automatically with the suggested label. Enter a domain name label for this virtual machine. This is the URL you will use to access SquaredUp DS for the first time.
Click the Next button to move on to SSL.
HTTPS is required to login to SquaredUp DS using Azure Active Directory.. For HTTPS you can either use a self-signed certificate, which may cause a browser warning that the website is insecure and users will need to explicitly agree to proceed, or you can use a Let's Encrypt® certificate.
Using a Let's Encrypt certificate stops a browser warning appearing to users.
If you choose to use a Let's Encrypt certificate then you need to provide an email address and agree to terms of service. The email is used to contact you if there is a problem with the renewal of the certificate. The Let's Encrypt certificate is valid for 90 days, but it will renew automatically every 55 days, as long as it is accessible through port 80, as that is how the http challenge is conducted.
To install the Let's Encrypt certificate a self-signed certificate is temporarily installed, so a browser warning may appear in the first 2 minutes before the Let's Encrypt certificate is applied.
Click the Next button to move on to Tags. It can be useful to tag resources now, or you can do this later in the Azure console.
Click the Next button to move on to Configuration. Click on the URL displayed, which will open a new tab. The resource cannot be reached straight away because it hasn't been created yet, but once it has been created following this Marketplace deployment you will need to go to this address to complete the SquaredUp DS setup process.
Click the Next button to move on to Review + create.
Check the details and click the Create button to agree to the terms and create the virtual machine.

You will see a message that the deployment is underway. This may take a few minutes.

Logon to SquaredUp DS for Azure for the first time

Browse to the VM you created by using the new tab you opened from the Marketplace link.

Alternatively, browse to https://DNSName. You can find the DNS name by browsing to the VM in the Azure portal, click the Go to resource button and copy the name of the virtual machine.

If you are using a self-signed SSL certificate so you will see a browser warning and will need to explicitly agree to proceed. In Chrome this is done by clicking Advanced.

Before you can get started, SquaredUp DS has to complete some final configuration of your environment, which includes activating your license and Azure AD authorization.

SquaredUp DS setup wizard

If you are not able to log in with an account that is an Azure Active Directory global admin account, or an account that can deploy applications to Azure Active Directory (AD), you will not be able to complete the setup wizard. You can ask a global admin user to run the wizard or to follow the article: How to manually configure SquaredUp DS for Azure.

Browse to SquaredUp DS for Azure and the SquaredUp DS setup wizard will appear.
Click the Setup button to configure the Azure Active Directory.
Next we need to add the SquaredUp DS setup application to Azure AD. This application is created using the Microsoft device login process and impersonates the current user.
Information about the SquaredUp DS Setup enterprise application in Azure Active Directory (AAD)
During the setup process you will be prompted to grant permissions to SquaredUp DSAzure Setup to use permissions from your Azure and Microsoft accounts.
Explanation
In order to access Azure data and authenticate users, your SquaredUp server will need its own unique AD application specific to your Azure tenant.
The SquaredUp DS Azure Setup application obtains the permissions necessary to automatically create such an AD application:
- The Azure Setup AD application is added to your Azure tenant
- The setup wizard uses the application's permissions to create a new AD application unique to your SquaredUp server
- The SquaredUp server uses its unique AD application to access Azure data and perform user authentication
Permissions requested
This setup application requests the following permissions from whomever logs into their Microsoft account during the setup process:
- Access to the directory as the current user
- Impersonation of the current user to access Azure service management
- Sign in and read the profile of the current user
These are the permissions required to create a subsequent AD application for the SquaredUp server.
Granting consent for your organization is unnecessary unless you want to set up multiple SquaredUp servers.
Permission removal
Once SquaredUp DS has been set up, you are free to delete this application ("SquaredUp DS for Azure Setup") from your directory by using the Azure portal.
In the portal this application is typically visible in the "Enterprise Applications" blade.
This application is only used to setup SquaredUp DS and does not affect its operation. It ceases to have any permissions within your tenant as soon as it is removed.
You will see the message Awaiting authorization... and should follow the steps as described below.
Click the copy link to copy the authorization code.
Click on the URL on the screen (in step two) which opens the address in a new tab.
Paste in the copied code and click next.
On the Microsoft Sign in or Pick an account screen login with the Azure AD admin account you wish to use to deploy the SquaredUp DS setup application.
You may need to ask a global admin user to run the wizard or to follow the article: How to manually configure SquaredUp DS for Azure.
or
Close this tab when you see the message confirming that you have signed in to the SquaredUp DS for Azure Setup application.
Return to the tab showing the SquaredUp DS setup screen. After a few seconds it should say that SquaredUp DS is correctly configured for Azure AD Authentication.
You will see the message 'Starting...' and then a Microsoft screen Permissions requested.
Tip: Copy the name of the SquaredUp Enterprise Application with its GUID and save it for later use. If you have several SquaredUp DS instances it may be useful later to paste this in to the Azure portal when configuring Open Access or making users SquaredUp DS administrators.
A privileged user will see a checkbox to 'Consent on behalf of your organization'. Enabling this will grant these permissions for all users and disable this dialog for future first time logins.
Information about the SquaredUp Enterprise Application in Azure Active Directory (AAD)
The setup application creates an enterprise application specific to your current server. If you deployed via Marketplace the application is named in the form SquaredUpAzure on <hostname>. If you used the installer the application is named in the form SquaredUpAzure<GUID>.
This is the application that the SquaredUp DS web application uses to authenticate users. Each user that logs into SquaredUp DS shares the following permissions with the SquaredUp server:
- Impersonation of the current user to access Azure service management
- Reading all directory data
- Reading all groups
- Sign in and read the profile of the current user
- Read all user's basic profiles
All of these permissions are delegated: SquaredUp DS cannot make use of them if the signed in user does not already have them.
Let's Encrypt is a trademark of the Internet Security Research Group. All rights reserved.
Click Accept to allow SquaredUp DS to access Azure as you. You will be returned to the SquaredUp DS setup wizard at the Activation screen.
Paste in your activation key, and click Activate.
You will have received your activation key by email following your purchase or free trial.
If you have not received a license key please contact SquaredUp Support.
If your server is not connected to the internet (or the online activation didn't work because of proxy settings) click offline activation (see How to activate your license offline (manual activation))
Click Import to install the default dashboards and perspectives.
SquaredUp DS for Azure will then open.
The newly-created SquaredUp DS Azure enterprise application will now need to be modified in order to assign the "SquaredUp DSAdministrator" role to the relevant users (or groups) that will administer SquaredUp DS, see How to make a user a SquaredUp DS administrator. If this is not completed then only the account that deployed SquaredUp DS will be able to manage SquaredUp DS.

Next steps

Take a look at the SquaredUp DS v5 playlist on YouTube.
Manage which users can access SquaredUp DS: How to manage Named Users
Set up a SquaredUp DS administrator(s). To manage SquaredUp DS you will need to be a SquaredUp DS administrator, see How to make a user a SquaredUp DS administrator
Give dashboard authors permission to create dashboards. A SquaredUp DS administrator will need to give users or groups author permission to a Team Folder, within which they can create and edit dashboards. See Team Folders
Get access to your API data: How to add a Web API provider
Configure Open Access dashboards. Open Access enables easy sharing of dashboards, that do not require authentication to view. See Sharing Dashboards with anyone - Open Access
Create your first dashboard: How to create a dashboard

Troubleshooting SquaredUp DS deployment

Submit a request

If configuration fails, a large volume of diagnostic text will be produced, followed by a red failure message. If you experience this, please contact SquaredUp Support and we can help diagnose the cause.

Note that the diagnostic text may reveal sensitive details - such as your username, installed AD applications and IDs. Please be conscious of this when sending us details - for example, it is not appropriate to send us this text over email.

Reference - Azure Active Directory modifications

This reference section specifies what modifications are made during setup and why. These steps occur automatically.

SquaredUp DS Setup enterprise application in Azure Active Directory (AAD)

During the setup process you will be prompted to grant permissions to SquaredUp DSAzure Setup to use permissions from your Azure and Microsoft accounts.

Explanation

In order to access Azure data and authenticate users, your SquaredUp server will need its own unique AD application specific to your Azure tenant.

The SquaredUp DS Azure Setup application obtains the permissions necessary to automatically create such an AD application:

The Azure Setup AD application is added to your Azure tenant
The setup wizard uses the application's permissions to create a new AD application unique to your SquaredUp server
The SquaredUp server uses its unique AD application to access Azure data and perform user authentication

Permissions requested

This setup application requests the following permissions from whomever logs into their Microsoft account during the setup process:

Access to the directory as the current user
Impersonation of the current user to access Azure service management
Sign in and read the profile of the current user

These are the permissions required to create a subsequent AD application for the SquaredUp server.

Granting consent for your organization is unnecessary unless you want to set up multiple SquaredUp servers.

Permission removal

Once SquaredUp DS has been set up, you are free to delete this application ("SquaredUp DS for Azure Setup") from your directory by using the Azure portal.

In the portal this application is typically visible in the "Enterprise Applications" blade.

This application is only used to setup SquaredUp DS and does not affect its operation. It ceases to have any permissions within your tenant as soon as it is removed.

SquaredUp Enterprise Application in Azure Active Directory (AAD)

The setup application creates an enterprise application specific to your current server. If you deployed via Marketplace the application is named in the form SquaredUpAzure on <hostname>. If you used the installer the application is named in the form SquaredUpAzure<GUID>.

This is the application that the SquaredUp DS web application uses to authenticate users. Each user that logs into SquaredUp DS shares the following permissions with the SquaredUp server:

Impersonation of the current user to access Azure service management
Reading all directory data
Reading all groups
Sign in and read the profile of the current user
Read all user's basic profiles

All of these permissions are delegated: SquaredUp DS cannot make use of them if the signed in user does not already have them.

DS AZURE LIVE KB.10.log-77581390.zip
7 KB Download