Deploy and Configure in a Microsoft Azure

Deploying

The following steps will walk you through the deployment:

1. Log onto the Microsoft Azure portal.

2. From the Microsoft Azure dashboard click the Create a resource option.

3. Within the Create a resource window, type Osirium EPM in the search window and press ENTER.

   

4. Select Osirium EPM from the listings presented.

5. Within the Osirium EPM window, the search results will show the Osirium offerings. We recommend you use the latest version for a new installation, alternatively select the version you require.

   

6. Click Create.

7. Within the Create virtual machine window, Basics tab, enter the Virtual appliance information.

   PROJECT DETAILS

   Field name	Description
   Subscription	Select based on your own deployment requirements.
   Resource group	Select based on your own deployment requirements.

   INSTANCE DETAILS

   Field name	Description
   Virtual machine name	Enter a name you want the server to be identified as. The name given will also be used as the hostname of the virtual appliance. NOTE: The name can not contain non-ACSII or special characters.
   Region	Select based on your own deployment requirements.
   Availability options	Select based on your own deployment requirements.
   Image	Leave as default.
   Azure Spot instance	Leave as default.
   Size	Select from the recommended sizes listed.

   ADMINISTRATORS ACCOUNT

   Field name	Description
   Authentication type	Select SSH public key.
   Username	Enter a username. NOTE: You cannot use admin or support as these are reserved names within Azure.
   SSH public key source	Generate a new key pair.
   Key pair name	Enter a name you want your key pair to be given when created.

   Example:

8. Click Next : Disks >.

9. Within the Create virtual machine window, Disks tab, click Create and attach a new data disk.

   

10. Selected the required size.

11. Click Next : Networking >.

12. Within the Create virtual machine window, Networking tab, select your preferred settings.

    Note

    As default the virtual appliance is given a public IP address and a corresponding Network security group (firewall) setting.

    This allows the EPM Server to be accessed and managed through the stated public IP address.

    If you don't want to access via a public IP address then adjust the settings as required. If you are using a public IP address then set the Assignment to Static.

13. Click Next : Management >, and select your preferred settings.

14. Click Next : Monitoring >, and select your preferred settings.

15. Click Next : Advanced >, and select your preferred settings.

16. Click Next : Tags >, and select your preferred settings.

17. Click Next : Review + Create >. Wait while the virtual machine is validated.

18. Review the setup and click Create. Wait while the virtual appliance is created and deployed.

19. When prompted, download the SSH private key for virtual appliance and store in a secure location.

    

Configuration

Add FQDN for the EPM Server

Once the deployment has completed, add a Fully Qualified Domain Name (FQDN) for the EPM Server. The EPM admin users will use the FQDN to navigate to the Management Interface in a browser.

To add an FQDN:

1. Select the deployed EPM Server.

2. In the left menu, select Properties.

3. Under Public IP address\DNS name label, select the IP address.

4. In the IP address assignment window, under DNS name label, enter the prefix you want to use.

   

5. Click Save at the top of the page.

6. Select Overview in the left menu and verify that the DNS name appears correctly.

7. Use the clipboard to copy the DNS name and paste in a browser session to test the access to the EPM Server using the FQDN. You will be presented with the EPM Server login.

   

Register a new application

For the EPM Server to communicate with the Microsoft Entra ID tenant, an application registration is required.

1. In the Azure portal, search for your Microsoft Entra ID.

2. Select App registrations in the left menu.

3. Click New registration.

   

4. Within the Register an application window, enter the following details:

   Field name	Description
   Name	Enter a suitable name for the EPM Server.
   Supported account types	Select Accounts in this organizational directory only.

   

5. Click Register.

6. On the Overview page of your application registration, make a note of the following information as it will be required later:

   • Application (client) ID
   • Directory (tenant) ID

   

Authentication setting

1. In the left menu, select Authentication.

2. Within the Platform configurations window, select Add a platform.

3. Within the Single-page application section, click Add URI and add a redirect URI of https://[EPM SERVER FQDN]/login.

4. Within the Mobile and desktop application section, click Add URI and add a redirect URI of ms-appx-web://Microsoft.AAD.BrokerPlugin/[APPLICATION (CLIENT) ID].

   

API permissions

1. In the left menu, select API permissions.

2. Within the Configured permissions window, select Add a permission.

3. Within the Request API permissions window, select Microsoft APIs, and then select Microsoft Graph.

   

4. Now select Application permissions.

   

5. Select the following permissions:

   • Device.Read.All
   • Group.Read.All
   • User.Read.All

6. Close the Request API permissions window.

7. Within the Configured permissions window, select the box above the permissions table to Grant admin consent for your tenant.

   Info

   User requires the Global Administrator role to grant this setting.

8. Each of the permissions should now have a green tick in the Status column.

   

Next steps

The EPM Server has now been deployed and configured. The next step is to complete the system settings which will allow you to start rolling out EPM to users.

See System settings of the EPM Server.