Microsoft Azure Prerequisites for PMC

You need the meet the following prerequisites in Microsoft Azure. Please review each one in turn to ensure your subscription meets the minimum requirements and extract the information you need.

Subscription Requirements

If you do not yet have an Azure subscription, go to https://azure.microsoft.com/ to get started. Please read these instructions to ensure your quota is adequate.

There are two considerations for your subscription that you must check before you proceed:

If you employ regex rules for naming conventions in your Azure subscription, be sure to name any new resources per your regex requirements; otherwise, you will receive resource naming errors, such as the ones shown in the image.

$Error example: 'resourceGroupName' does not match expected pattern '&[-\w._]+$'.$

Location for Deployment

Within your subscription, you may not be able to deploy PMC to some regions. You can optionally check which regions are available before you start to ensure you can deploy PMC there. This information is also validated before PMC is deployed.

In the instance of PowerShell.exe that you have on your deployment machine:

Type Get-AzureRmComputeResourceSku and press Enter to determine which regions are available to you.

In this screenshot, the westus location is not available in this subscription for Standard_D1_V2.

Choose the location closest to you that does not have anything listed in the Restriction column. Deploying PMC to a region that is farther away can result in deployment errors caused by network latency.

Make a note of your chosen location now, as you will be prompted for it when you deploy PMC.

You can further filter this by region to check it for restrictions if you know the name of the region you want to deploy to:

Get-AzureRmComputeResourceSku | where {$_.Locations.Contains("westus")};

Usage and Quotas

To deploy PMC, you need a Microsoft Azure subscription that has the following minimum quota:

Quota: Standard Dv2 Family vCPUs
Provider: Microsoft.Compute
Location: Select one geographically close to you
Usage: 14 free

This is checked and validated prior to deployment.

Subscription ID

You need to obtain your Subscription ID, as this is used when you deploy PMC. Please make a note of the Subscription ID from this section.

In the provided image, the orange boxes indicate where the name of your Azure subscription is displayed. The Subscription ID is also shown.

Directory ID

Please make a note of the Directory ID, as you will need it when you deploy PMC.

To obtain your Directory ID:

Go to Azure Active Directory > Properties. The Directory ID is shown on the right, in the Directory properties pane.
Click the icon to the right to copy it to your clipboard. Also make note of it in your list of prerequisite attributes.

PMC Application User

A user is created as part of your Azure subscription. To view the users in your subscription, go to Azure Active Directory > Users.

Because PMC authenticates with an Azure Active Directory, the username must take the form pmcadmin@companyname.onmicrosoft.com.

This user is the first administration user that will access PMC. This user does not need to be added to any specific privileges or group assignments.

If you are working with a federated Azure Active Directory, the username format can be username@domain.com.

Make a note of the full username in the form shown, as well as the password, as you need it for the PMC deployment.

For instructions on creating a new user, please see Add or delete users using Azure Active Directory.

PMC Application

You need to create one application in Azure for PMC. This application needs some specific configuration once you have created it. You need to know the DNS Name of your SSL certificate.

To create a new application in Azure:

Click Azure Active Directory > App registrations.
Click New registration and enter the following details:
- Name: The name of your application. We recommend PMC-application.
- Application Type: Leave the default selection of Web.
- Sign-on URL: This should be in the format of a valid domain name, which can be anything, as long as it can be resolved by DNS. We recommend you use the DNS Name of your SSL certificate, as it forms part of your Reply URLs. For example, https://PMC.ssldns.name. These are added in the next step.
Click Create. The application is created.
Click Authentication and enter the following values as two new URLs in addition to the value that's already there. You don't need the original Redirect URL; you can delete this if you want to. For example, if the DNS Name of your SSL certificate is PMC.ssldns.name, the Redirect URLs would be:
```
https://PMC.ssldns.name:8443/oauth/signin-oidc
https://PMC.ssldns.name:8443/oauth/signout-callback-oidc
```

Click Save.

For more information, please see DNS Name of SSL Certificate Prerequisites.

Microsoft Azure Application ID

You need the Application ID of your application for the deployment script. Please make a note of your Application ID now.

To find your Application ID, navigate to the application you just created. The Application ID is shown to the right, in the Overview pane.

Client Secret

You need the Client secret for the deployment script. Once it has been generated, please make a note of it. You will not be able to view it again.

You need to generate a secret string for your PMC application.

In your application, click Certificates & secrets.
Enter a description for the new key. We recommend PMC-key. Select the expiration parameters. We recommend you set the key to Never expires. If the key expires, you will need to re-deploy PMC.
Click Save. The key value is displayed. You cannot retrieve this key after you leave this page in Microsoft Azure.