Deploy Privilege Management Console

The infrastructure setup script provisions the hardware your PMC installation runs on.

The deployment tool turns off IIS logging on the portal VM. When turned off, logging is off for all IIS sites on the portal VM. If you require logging to be enabled for any other sites, you must enable logging at the site level for those specific sites.

The arguments you supply here are not validated until you have entered all the parameters and have started to deploy PMC to Microsoft Azure.

Please verify the arguments you provide, specifically that:

  • All passwords meet the password policy.
  • The location you choose is available in your subscription.
  • The keyvault resource group name is unique in Microsoft Azure, not just in your subscription.
  • The information you are providing from your subscription is correct.
  1. If you supply your own SSL certificate, rename your SSL certificate sslCertificate.pfx and place it in the Certs folder of the AzurePaaS folder.
  2. In the same PowerShell window where you ran the prerequisites, change to the AzurePaaS folder.
  3. Type PMCAzurePaaSInstall.ps1 and press Enter.
  4. Enter the following parameters when requested and press Enter after each one.
    • Azure Subscription ID: You made a note of this when you configured your subscription. For example, 6d01f381-e870-4964-83f3-6cc0cbb1c048.
    • SSL DNS Name: The DNS Name of the SSL certificate you supplied or the DNS Name of the SSL certificate you want the deployment tool to generate. For example, PMC.ssldns.name.
    • Resource Group Name: The name of the resource group that will be created in Microsoft Azure. We recommend you prefix it with PMC. For example, PMC-rg-mycompany.
    • KeyVault Name: The name of the keyvault that will be created in Microsoft Azure. We recommend you prefix it with PMC. For example, PMC-kv-mycompany.

     

    The keyvault name must be unique within Microsoft Azure, not just in your subscription. The uniqueness of this name is not validated until deployment.

    • KeyVault Resource Group Name: The name of the resource group for the keyvault in Microsoft Azure. For example, PMC-kv-rg-mycompanyname.
    • Location: The location in Microsoft Azure that you will deploy PMC to.
    • The deployment script will now try and log in to your Microsoft Azure account and validate the number of free cores in your chosen Location. If your Microsoft Azure credentials are known to the deployment machine prior to this point, it will log in automatically. Otherwise, you are prompted to enter your credentials for Microsoft Azure. Please enter your details to continue. If you do not have enough free cores, the deployment will not proceed.
    • Do you require an internal Azure load balancer to be configured?: By default, PMC does not use an internal load balancer, however you can enter y here to configure one. Otherwise, enter n.
    • What is your public IP address?: You can obtain your public IP address by opening a browser on your deployment machine and navigating to https://www.whatismyip.com/what-is-my-public-ip-address/.
    • Enter the username for the scale set VMs administrator login. This is the administrator username that you will use to access the node virtual machines that are created by the deployment script. For example, PMCscalesetadmin.
    • Enter the password for the scale set VMs administrator login. This is the administrator password that you will use to access the node virtual machines that are created by the deployment script. All passwords must conform to the policy in Azure.
    • Enter the username for the Portal & jump box VMs administrator login. This is the administrator username that you will use to access the jump box and portal virtual machines that are created by the deployment script. For example, PMCvmadmin.
    • Enter the password for the Portal & jump box VMs administrator login. The jump box is a virtual machine that is created by the deployment and is subsequently used to administer aspects of PMC. This is the administrator password that you will use to access the jump box and portal virtual machines that are created by the deployment script. All passwords must conform to the policy in Azure.
    • Enter the username for the SQL Administrator accounts. This is the SQL administrator username that will be used to create the databases by the deployment script. For example, PMCsqladmin.
    • Enter the password for the SQL Administrator accounts. This is the SQL administrator password that will be used to create the databases by the deployment script. All passwords must conform to the policy in Azure.
    • Supplied SSL. If you have renamed your own SSL certificate to sslcertificate.pfx and put it in the Cert folder, type y, otherwise type n.
    • Enter the username of the PMC application SQL user to be created. This is the SQL PMC application user that manages communication on a day to day basis with the PMC databases. For example, PMCsqlapplication.

     

    The PMC application SQL username must be different to the SQL Administrator username as the users are inserted into the same databases by the deployment script.

    • Enter the password of the PMC application SQL user to be created. This is the SQL PMC application password that manages communication on a day to day basis with the PMC databases. All passwords must conform to the policy in Azure.
    • If you supplied your own SSL certificate, you are prompted to enter the password for it now.
    • If you supplied your own SSL certificate, you are prompted to enter the thumbprint for it now.
    • Configuring Reporting? Enter y to configure Reporting in PMC; otherwise enter n.

      If you selected y to Configuring Reporting:

      • Enter the username of the Reporting application SQL user to be created. This is the SQL username that will be used to manage communication to the Reporting database. For example, PMCsqlreporting.
      • Enter the password of the Reporting application SQL user to be created. This is the SQL password that will be used to manage communication to the Reporting database. All passwords must conform to the policy in Azure.
    • Enter the initial portal administrator username. This is the administrator username you will use to log in to the PMC portal for the first time. You set this up in Azure. For example, PMCadmin@companyname.onmicrosoft.com.
    • Enter Azure AD Authentication Domain. This is the following link with your Directory ID appended to it. For example, https://login.microsoftonline.com/e15aa783-748b-4010-4010-ebfe2de03b72.
    • Enter Azure AD App ID. This is your Microsoft Azure PMC Application ID. For example, 4a01d381-e860-7352-83b3-6dd4cbb1b048.
    • Enter Azure AD App key. This is the key you created in your PMC Azure Application. For example, AHN9Rqp0Paa9ahwbW24fbcW4phZCp3GdmnBTrcuOPaa=.

When you deploy PMC to Azure, run the Deploy-iC3Application.ps1 installation script and provide the parameters when prompted. Passing parameters into the script using a text file is not supported functionality.

When you press Enter, the script will start to deploy PMC to Microsoft Azure.

Deployment Errors

If you receive any errors during the deployment, you can terminate the script by pressing CTRL+C. You can rerun the script at any time and provide the same parameters using the Up and Down arrows to select them. If you receive an error message, please contact BeyondTrust Technical Support.