This article describes how to deploy SquaredUp for Azure from the Azure Marketplace. This is the easiest way to install SquaredUp for Azure. If you don't wish to use the Marketplace you can use the SquaredUp for Azure downloadable installer. For example, if you wish to deploy on an existing Azure virtual machine, or non-Azure machine, or because of security factors.
For step-by-step information about installing SquaredUp for Azure using the downloadable installer please see How to install SquaredUp for Azure using the installer.
What you need
- Browse to the Azure Marketplace using the link provided below and deploy the SquaredUp offering. We will email you a free 30 day fully featured trial license to get you started.
- An Azure Active Directory global admin account, or account that can deploy applications to Azure Active Directory (AD).
Where to deploy
- The Marketplace deployment will create a Windows virtual machine with the minimum requirements and lead you through the configuration process.
- The location of the SquaredUp server has no bearing on the Azure resources you will be able to see and dashboard in SquaredUp. You will be able to select the relevant Azure tenant during the setup process.
What we create
- A virtual machine in your Azure tenant, running our web application and IIS, with a small data disk and a public IP address.
- A read-only Azure application in your Azure AD that will populate your dashboards by querying Azure APIs.
SquaredUp has a number of prerequisites that will be automatically installed by the setup process (e.g. the IIS Web Server role)
The installer makes some changes to Azure Active Directory to give SquaredUp permission to access the Graph API. These steps occur automatically. To read about what modifications are made during setup and why please see Reference - Active Directory Modifications.
Azure Marketplace
-
Deploy from the Azure Marketplace using this link.
A 30 day trial key will automatically be sent to the account with which you are logged in to the Azure portal. This licence key will be used during the SquaredUp setup wizard later. If you do not receive a licence key please contact Support.
- If you have not already signed in, sign in with an Azure Active Directory global admin account, or account that can deploy applications to Azure AD.
- Click on the Get it now button.
- Enter your contact details and click Continue.
- Click the Create button.
-
Select the Subscription you wish to use.
- Select an existing Resource Group, or create a new one.
- Select a suitable region, close to where most of the SquaredUp users will be located.
-
Accept the suggested virtual machine name or rename if you prefer.
Windows computer names cannot be more than 15 characters long in Azure, or contain special characters other than "-".
- The default virtual machine size suggested is based on a small test environment. If you are deploying for production use please select the appropriate virtual machine size required. See SquaredUp Spec and Sizing Guidelines
- Click the Next button to move on to Administration.
- Here you need to enter details to create a new administrator account for the new Windows VM. You will not need this to use SquaredUp, but you will need it later to access the new VM, for example to update SquaredUp or view diagnostics logs.
- Click the Next button to move on to Networking.
- A public IP address is required and will be created automatically with the suggested label. Enter a domain name label for this virtual machine. This is the URL you will use to access SquaredUp for the first time.
-
Click the Next button to move on to SSL.
HTTPS is required to login to SquaredUp for Azure. You can either use a self-signed certificate, which may cause a browser warning that the website is insecure and users will need to explicitly agree to proceed, or you can use a Let's Encrypt® certificate.
Using a Let's Encrypt certificate stops a browser warning appearing to users.
If you choose to use a Let's Encrypt certificate then you need to provide an email address and agree to terms of service. The email is used to contact you if there is a problem with the renewal of the certificate. The Let's Encrypt certificate is valid for 90 days, but it will renew automatically every 55 days, as long as it is accessible through port 80, as that is how the http challenge is conducted.
To install the Let's Encrypt certificate a self-signed certificate is temporarily installed, so a browser warning may appear in the first 2 minutes before the Let's Encrypt certificate is applied.
- Click the Next button to move on to Tags. It can be useful to tag resources now, or you can do this later in the Azure console.
- Click the Next button to move on to Configuration. Click on the URL displayed, which will open a new tab. The resource cannot be reached straight away because it hasn't been created yet, but once it has been created following this Marketplace deployment you will need to go to this address to complete the SquaredUp setup process.
- Click the Next button to move on to Review + create.
-
Check the details and click the Create button to agree to the terms and create the virtual machine.
You will see a message that the deployment is underway. This may take a few minutes.
To complete the SquaredUp deployment you must browse to the virtual machine using either the new tab you opened or https://DNSName
as described below.
Logon to SquaredUp for Azure for the first time
Browse to the VM you created by using the new tab you opened from the Marketplace link.
Alternatively, you can browse to the VM in the Azure portal, click the Go to resource button and copy the name of the virtual machine. Paste the DNS name in a new tab after https://
.
If you are using a self-signed SSL certificate so you will see a browser warning and will need to explicitly agree to proceed. In Chrome this is done by clicking Advanced.
Before you can get started, SquaredUp for Azure has to complete some final configuration of your environment, which includes activating your licence and Azure AD authorisation, as explained below.
SquaredUp setup wizard
- When you browse to
https://DNSName
you will see SquaredUp starting and then the SquaredUp setup wizard. -
On the Azure AD screen click the Setup button to configure the Azure Active Directory.
-
Next we need to add the SquaredUp setup application to Azure AD. This application is created using the Microsoft device login process and impersonates the current user. For more information see The SquaredUp Setup enterprise registration
You will see the message Awaiting authorization... and you should follow the steps described below to authorize SquaredUp.
- Click the copy link to copy the authorization code.
- Click on the URL in step two which open the address in a new tab.
-
Paste in the copied code and click next.
-
On the Microsoft Sign in or Pick an account screen login with the Azure AD admin account you wish to use to deploy the SquaredUp setup application.
or -
You will see a message confirming that that you have signed in to the SquaredUp for Azure Setup application. Close this tab.
-
Return to the tab showing the SquaredUp setup screen. After a few seconds it will say that SquaredUp is correctly configured for Azure AD Authentication.
-
You will see the message 'Starting...' and then a Microsoft screen Permissions requested.
Copy the name of the SquaredUp enterprise application with its GUID and save it for later use. If you have several SquaredUp instances it may be useful later to paste this in to the Azure portal when configuring Open Access or making users SquaredUp administrators.A privileged user will see a checkbox to 'Consent on behalf of your organisation'. Enabling this will grant these permissions for all users and disable this dialogue for future first time logins. For more information see SquaredUp Setup enterprise application.
- Click Accept to allow SquaredUp to access Azure as you.
-
You will be returned to the SquaredUp setup wizard at the Activation screen.
-
You will have received a free trial licence key to the email address you used to start this Marketplace deployment. Paste this key in now, and click Activate. If you have not received a licence key please contact Support.
-
Click Import to install the default dashboards and perspectives.
SquaredUp for Azure will then open.
- The newly-created SquaredUpAzure enterprise application will now need to be modified in order to assign the "SquaredUpAdministrator" role to the relevant users (or groups) that will administer SquaredUp, see How to make a user a SquaredUp administrator. If this is not completed then only the account that deployed SquaredUp will be able to manage SquaredUp.
Next steps
- Set up a SquaredUp administrator(s). To manage SquaredUp you will need to be a SquaredUp administrator, see How to make a user a SquaredUp administrator.
- Give dashboard authors permission to create dashboards. A SquaredUp administrator will need to give users or groups author permission to a Team Folder, within which they can create and edit dashboards. See Team Folders.
- Configure Open Access dashboards. Open Access enables easy sharing of dashboards, that do not require authentication to view. See How to configure Open Access.
Troubleshooting SquaredUp deployment
HTTP Error 500 (Static) after logging in when multi-factor authentication is required for the Microsoft Azure Management application
This error is shown when an Azure Active Directory Conditional Access policy is configured requiring multi-factor authentication (MFA) for the Microsoft Azure Management application.
See Troubleshooting users being unable to log on - HTTP Error 500 (Static)
Submit a request
If configuration fails, a large volume of diagnostic text will be produced, followed by a red failure message. If you experience this, please submit a request and we can help diagnose the cause.
Note that the diagnostic text may reveal sensitive details - such as your username, installed AD applications and IDs. Please be conscious of this when sending us details - for example, it is not appropriate to send us this text over email.
Reference - Azure Active Directory modifications
This reference section specifies what modifications are made during setup and why. These steps occur automatically.
SquaredUp Setup enterprise application in Azure Active Directory (AAD)
During the setup process you will be prompted to grant permissions to SquaredUp Azure Setup to use permissions from your Azure and Microsoft accounts.
Explanation
In order to access Azure data and authenticate users, your SquaredUp server will need its own unique AD application specific to your Azure tenant.
The SquaredUp Azure Setup application obtains the permissions necessary to automatically create such an AD application:
- The Azure Setup AD application is added to your Azure tenant
- The setup wizard uses the application's permissions to create a new AD application unique to your SquaredUp server
- The SquaredUp server uses its unique AD application to access Azure data and perform user authentication
Permissions requested
This setup application requests the following permissions from whomever logs into their Microsoft account during the setup process:
- Access to the directory as the current user
- Impersonation of the current user to access Azure service management
- Sign in and read the profile of the current user
These are the permissions required to create a subsequent AD application for the SquaredUp server.
Granting consent for your organisation is unnecessary unless you want to set up multiple SquaredUp servers.
Permission removal
Once SquaredUp has been set up, you are free to delete this application ("SquaredUp for Azure Setup") from your directory by using the Azure portal.
In the portal this application is typically visible in the "Enterprise Applications" blade.
This application is only used to setup SquaredUp and does not affect its operation. It ceases to have any permissions within your tenant as soon as it is removed.
SquaredUp enterprise application in Azure Active Directory (AAD)
The setup application creates an enterprise application specific to your current server. The application is named in the form SquaredUpAzure on <hostname>
.
This is the application that the SquaredUp web application uses to authenticate users. Each user that logs into SquaredUp shares the following permissions with the SquaredUp server:
- Impersonation of the current user to access Azure service management
- Reading all directory data
- Reading all groups
- Sign in and read the profile of the current user
- Read all user's basic profiles
All of these permissions are delegated: SquaredUp cannot make use of them if the signed in user does not already have them.
Let's Encrypt is a trademark of the Internet Security Research Group. All rights reserved.