Deploy an Identity Router Virtual Machine in Microsoft Azure

Identity router (IDR) supports deployment in Microsoft Azure. With this capability, you can build, deploy, and manage IDR on Azure using virtual hard disk (VHD) images, ensuring seamless authentication integration for a secure and efficient deployment.

This topic outlines the steps to deploy a virtual machine in Microsoft Azure using a VHD:

• Upload VHD Image to Azure

• Create VHD Image

• Create a Virtual Machine (VM) from the VHD Image

Before you begin 

• You must be a Super Admin in the Cloud Administration Console.

• Obtain the required virtual hard disk (VHD) file to use as the base image for deployment in Azure. See Obtain the Identity Router Image

• Ensure that you have the required Azure roles and permissions, including Contributor (or Virtual Machine Contributor), Network Contributor, and Storage Account Contributor in the relevant resource group or subscription.

Upload VHD Image to Azure

This section explains how to upload the virtual hard disk (VHD) file to Azure Blob Storage for virtual machine deployment.

Procedure

1. Sign in to the Azure Portal using your credentials.

2. Use an existing Storage account or create a new one if necessary.

3. Navigate to Storage browser > Blob containers, then click Add container to create a new container.

4. Upload the VHD file to the newly created container using the blob type "Page Blob."

5. In the CONTENT-MD5 field, enter the copied Checksum.

6. After the upload, click the VHD file and copy its URL.

Create VHD Image

This section explains how to generate or prepare a virtual hard disk (VHD) file that meets Azure’s requirements, ensuring compatibility for virtual machine deployment.

Procedure

1. Sign in to Azure Services.

2. Navigate to Images and click Create.

3. Enter the following details:

   1. In the Region field, select your preferred region from the available options.

   2. In the OS type field, select Linux.

   3. In the VM generation field, select any generation.

   4. In the Storage blob field, paste the copied VHD file URL.

   5. In the Account type field, select Premium SSD.

   6. In the Host caching field, select Read/write.

4. Click Review + create to validate the configuration.

5. Once validation is complete, click Create to generate the image.

6. After the image creation process finishes, navigate to Resource overview to verify the image.

Create a Virtual Machine (VM) from the VHD Image

This section explains how to create a virtual machine (VM) in Azure by converting the uploaded VHD into a managed disk and configuring the necessary settings for deployment.

Procedure 

1. Sign in to Azure Services.

2. Select the image created from the VHD file in Azure, and then click Create VM.

3. In the Basics tab, enter the following details:

   1. In the Image field, use the default option.

   2. In the VM architecture field, select x64.

   3. In the Size field, select a 'D' Family size (for example, D2s_v3, D2s_v4, or similar) with at least 2 vCPUs and 8 GiB RAM.

   4. In the Authentication type field, select Password (recommended option).

   5. In the Public inbound ports field, select Allow selected ports.

   6. In the Selected inbound ports field, select SSH (22).

   7. In the License type field, select Other.

4. In the Disks tab, enter the following details:

   1. In the OS disk size field, select 50 GiB or larger, as the IDR disk size must be at least 50 GiB.

   2. In the OS disk type field, select Premium SSD.

   3. Select the Delete with VM checkbox.

5. In the Networking tab, enter the following details:

   1. In the Virtual network field, select the appropriate Azure Virtual Network. This selection defines the network environment in which the identity router will be deployed.

   2. In the Subnet field, select a subnet within the selected virtual network. This subnet determines where the identity router will be deployed. The subnet can be public or private, depending on how users and resources will connect to the identity router.

   3. In the Public IP field, select None (recommended, as public access is unnecessary).

   4. In the NIC network security group field, select Basic. Do not select "None," as SSH access will not work.

   5. Select the Delete NIC when VM is deleted checkbox.

6. Review the configuration and click Review + create once validated. Wait for the VM deployment to complete.

7. Navigate to the Resource Overview page and verify the following:

   • Status: VM is running.

   • Agent status: Ready.

   • Private IP address: Available and ready to be copied for further configuration.

    

After you finish 

• Add an Identity Router Using the Cloud Administration Console

• Connect the Identity Router to the Cloud Administration Console