Deployment steps

1. Initiate the setup

1. In Microsoft Azure Portal, open Azure Marketplace.
2. If Unity provides the offer Unity through a private plan, that is, a plan that is restricted to your specific subscription, go to My Marketplace > Private Plans. Otherwise, stay on the home page to get started.
3. Search for the Virtual Private Cloud offer, and then select it. The search results may include several plans. Ensure that you select the appropriate plan.
4. To start the setup, select Create.

2. Configure the basics

1. Select the subscription where you want to deploy the solution. If you have selected a private plan at the previous step, then the list might show all subscriptions. Ensure that you select the appropriate subscription.
2. Select or create a resource group for the managed application synthetic resource that represents the whole offer. The recommended practice is to have a separate group for this resource to avoid any confusion.
3. Select a region for the deployment.
4. Enter a project name prefix with these characteristics:
   • The prefix is a string.
   • The prefix contains at most six characters.
   • The prefix contains only lowercase alphanumeric characters, but no underscores or dashes.
   This prefix is used for all the resources that you deploy to Azure for this offer.
5. Enter the username and the password for the Unity container registry that you previously requested from Unity. Read more about prerequisites.
6. Enter this information:
   • The name of the managed application, which is the name of the above mentioned synthetic resource
   • The name of the managed resource group where you want to deploy the solution and that meets these requirements:
     • This resource group is distinct from the resource group for the managed application synthetic resource.
     • The name doesn't already exist.
7. Select Next.

3. Configure the network settings

1. If you chose the BYO VNet mode to deploy the solution to a precreated VNet, select BYO VNet.
2. Specify the IP range for the VNet:
   • If you chose full deployment, specify this information:
     1. Enter the IP range that you have chosen for the solution VNet.
     For important considerations on selecting an IP range for the solution VNet, refer to the deployment prerequisites. Ensure that the subnet ranges are correct. If required, amend the ranges.
     2. Select the network mask for this VNet.
     For deployment, Azure doesn't use any other change in the settings on this tab, including the VNet name. Azure uses these values only to collect IP ranges of the VNet and subnets, if they differ from the default range.
   • If you chose the BYO VNet mode, select the precreated VNet from the list. This list shows only the resources from the same subscription and from the selected region. For the requirements for this VNet, refer to the deployment prerequisites.
3. For the AKS cluster, specify the IP ranges for the pods and services, in CIDR notation, which that you have collected as part of the prerequisites.
4. Select Next. Do not select Review + create at this stage.

4. Configure the Kubernetes cluster

1. Select the deployment size:

   Small

   ,

   Medium

   , or

   Large

   . Using this setting, Azure prefills the node pool settings, that is, the size of the virtual machine (VM) and the number of nodes for each pool. This prefilling might take 10 to 20 seconds, because Azure initializes several VM size controls.
2. Optionally, when Azure displays the corresponding values, amend the settings for each node pool.
   Tip

   At any time after deployment, you can adjust the number of CPUs and the RAM. To do this, the recommended practice is to change the number of nodes in each pool at any time rather than modify the VM size. If you modify the VM size, you must recreate the corresponding node pools, which involves more effort and some downtime for the solution.
3. Verify that the total number of CPUs and the number of CPUs per each VM family fit into the remaining subscription quotas. If required, request quota increases.
4. Select Next. Do not select Review + create at this stage.

5. Configure the DNS and TLS settings

1. Enter the domain name that the end users will use to access the Virtual Private Cloud solution. You will create the corresponding DNS entry during postdeployment.
   Tip

   We strongly recommend that you set the correct name from the beginning. If you change this name after deployment, you must perform several updates in various places.
2. Select Provide TLS certificate, and then enter the TLS certificate and its private key, both in .pem format.
   Note

   You might want to add or replace this TLS certificate later, for example, for certificate rotation scenarios. In this case, you must perform these operations:

   • If you haven't provided a certificate during deployment, create the relevant secrets ingress-tls-cert and ingress-tls-key in the solution key vault.
   • Set the secret values to the certificate and the private key respectively, in .pem format. Because these values spread over multiple lines, you can't set them directly in the Azure Portal. You must use a command-line interface (CLI) or Microsoft PowerShell.
3. Select Next. Do not select Review + create at this stage.

6. Configure the license

1. Enter the contents of the license file that Unity has provided.
2. Select Next. Don't select Review + create at this stage.

7. Configure the MongoDB connection

1. Enter the connection string for the MongoDB instance. Read more in the prerequisites. This connection string must follow this standard form:

   mongodb+srv://Username:Password@FqdnName/?parameter=value&parameter=value

2. Select Review + create.

8. Review the setup and start deployment

1. On the Review + create tab, complete these steps:
   1. Review the settings that you have set, and then, to start deployment, select Create.

Deployment stages

1. Azure creates the Azure resources.
2. Azure deploys the application components and dependencies inside the AKS cluster:
   1. Azure monitors the first stage. You can track deployment from the Azure portal as for any other Azure deployment. If this stage fails, then Azure provides an error message that explains the reason. If this stage fails, then Azure provides an error message that explains the reason. After you have fixed the issue, complete these steps:
      1. Delete the synthetic managed application resource.
      2. Verify that Azure has deleted these elements:
         • The managed resource group
         • The AKS infrastructure resource group
      3. Start deployment again.
   2. The second stage starts after Azure has successfully deployed the Azure resources. To monitor progress in the AKS cluster properties, go to Settings > GitOps. The status of each entry is represented by a color:
      • If the MongoDB cluster is accessible during deployment, then all the entries turn green by the end of deployment.
      • If access to MongoDB is allowed only after deployment, then some components stay red until they can access a MongoDB cluster and create the required databases in this cluster.
      If some entries remain red even when MongoDB is accessible, troubleshoot the corresponding components. Use the container logs in the Log Analytics workspace.

• Azure Kubernetes Service RBAC Cluster Admin
• Key Vault Administrator

Next steps