Deploying ERM in Microsoft Azure

You can deploy ERM in Microsoft Azure. Pexip publishes a disk image for the ERM Installer virtual machine that you can run on a VM instance in Azure.

In summary, you need to

Follow the deployment guidelines to prepare your Azure environment and SSH keys.
Create your ERM variables initialization script.
Copy and save the ERM Azure deployment script.
Run the scripts to deploy the Pexip ERM Installer.

Full details on how to perform these tasks are described below.

Deployment guidelines

This section provides information about what you need to prepare before you can deploy ERM in Azure.

Assumptions and prerequisites

These deployment instructions assume that you already have an Azure subscription.

Recommended instance types

Azure instances come in many different sizes. ERM is not compute intensive, it functions as a web server and database, and therefore a general purpose instance type such as the Dsv4 series should suffice.

The deployment script is preconfigured to use a Standard_D4s_v4 instance type.

See https://docs.microsoft.com/en-us/azure/virtual-machines/sizes-general for more information.

Security and SSH keys

You can optionally assign an SSH key to the VM instance in Azure that will host ERM.

You can create key pairs with third-party tools such as PuTTYgen, or you can use an existing SSH key pair.

Azure virtual network, NSG and firewall rules

The deployment script automatically creates a suitable Azure virtual network and Network Security Group (NSG) to allow the appropriate access to the VM instance running ERM as described in ERM network port requirements, however you can nominate and use your own existing resources in Azure if required.

Azure IP addressing

The deployment script requests and reports a public IP address for your ERM instance in Azure by default, but you can configure this via the $PxErmPublicIp installation variable if you do not want to assign a public IP address to your ERM instance.

Note that the VM starts up with default configuration running DHCP. You get or set a specific IP address during the VM deployment. When running in DHCP mode you cannot currently set and override the DNS server using the onboarding wizard. If you set the DNS servers while running in DHCP mode they will be overwritten on the next boot. The workaround in this case is to change from DHCP to static IP on the VM and configure your DNS servers again.

ERM software disk image

You do not need to download any ERM software packages or prepare a disk image. Pexip publishes an ERM virtual hard disk (VHD) to Azure and the deployment script uses it to create an appropriate Azure image in your Azure subscription.

No changes should be made to any Pexip ERM system or the provided deployment scripts (other than as described within this documentation for installing and maintaining your deployment) unless directed to do so by Pexip support. This includes (but is not limited to) any changes to the operating system or the installation of any third-party code/applications. If you encounter any issues, please contact your Pexip authorized support representative.

Creating and specifying the ERM Azure variables initialization script

You need to specify a range of PowerShell variables that are used during the installation process.

Copy and save this variables initialization script on your local computer as, for example, erm_variables.ps1.
Edit the script and assign the appropriate values for your environment to each of the variables, as described in the table below.
Save your updated script.

The PowerShell variables initialization script is listed below. Note that this script does not produce any output. It only sets some variables for subsequent use in the installation script.

Copy to clipboard


# The Azure Subscription ID for your ERM resources. This takes the GUID format "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee".
$PxErmSubscriptionId = ""

# The name of the Azure region into which you are deploying the Pexip ERM resources, for example "westeurope", "southcentralus" etc.
$PxErmAzureLocation = ""

# Name prefix for all ERM resources, e.g. company name.
# PxErmBaseName can have a minimum of 2 and maximum of 10 characters
# It cannot contain dashes, spaces or other non a-z chars.
$PxErmBaseName = ""

# Name of the resource group to use for VM
$PxErmResourceGroupName = ""

# Deploy ERM using existing Virtual Network, Subnet and Network resource group resources
$PxErmDeployInExistingResources = $False # replace with $True or $False
# If $PxErmDeployInExistingResources = $True uncomment below lines to set the variables
#$networkName = ""
#$subnetName = ""
#$nsgName = ""
#$vnetResourceGroup = $PxErmResourceGroupName # If the resource groups is not the same specified above please enter the correct vnet resource group in ''

# Deploy the ERM VM with a public IP address
$PxErmPublicIp = $True # replace with $True or $False

# Public-facing IP address of management networks used for SSH, Web UI, Installer Web UI, feedback events, CDR, API...
# If not specified (default) access is enabled from internet (should be only used for testing!)
# Any security scans should not come from these IPs
# Example:
# x.x.x.x - Management IP address #1
# y.y.y.y - Management IP address #2
# z.z.z.0/24 - Management subnet
# $PxMgmtSrcAddrPrefixes = @( "x.x.x.x", "y.y.y.y", "z.z.z.0/24" )
$PxMgmtSrcAddrPrefixes = @()

# VM Name
# Azure resource names cannot contain special characters \/""[]:|<>+=;,?*@&, whitespace, or begin with '_' or end with '.' or '-'.
# VM names may only contain letters, numbers, '.', and '-'.
$PxErmVmName = ""

# VM settings
# Below variables needs to follow the requirements of the Azure VM OS Profile:
# https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/create-or-update#osprofile
# Disallowed username values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1",
# "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner",
# "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5", "1".
$PxErmAdminUsername = ""
# The password must include at least 3 of the following: 1 lower case character,
# 1 upper case character, 1 number, 1 special character that is not "\" or "-" or "$"
# It must be between 6 and 72 characters
$PxErmAdminPassword = ""

# Optional (can be left empty)
# Optional public ssh key (can be left empty) https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats
$PxErmAdminSshKey = ""

The variables initialization script contains the following variables:

Variable name

Description and example usage

$PxErmSubscriptionId

The Azure Subscription ID for your ERM resources. This takes the GUID format "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee".

Example: $PxSubscriptionId = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"

$PxErmAzureLocation

The name of the Azure region into which you are deploying the ERM resources, for example "westeurope", "southcentralus" etc.

Example: $PxErmAzureLocation = "westeurope"

$PxErmBaseName

This is a prefix used when naming all ERM resources. We recommend using your own company name.

PxErmBaseName can have a minimum of 2 characters and a maximum of 10 characters. It cannot contain dashes, spaces or other non a-z characters.

Note that if you are setting up multiple test environments within the same Azure subscription, ensure that each ERM deployment has a unique $PxErmBaseName.

Example: $PxErmBaseName = "pexample"

$PxErmResourceGroupName

The name of the resource group to use for ERM resources. We recommend setting this variable to something in the format <company name>-erm-RG.

Example: $PxErmResourceGroupName = "pexample-erm-RG"

$PxErmDeployInExistingResources

Controls whether to use the existing resources in your Azure subscription.

When set to $False (the default) the deployment script will create and use new resources in Azure.

If you have existing resources in Azure that you want to use for your ERM deployment, change the setting to $True and then remove the comment (#) markers from the following lines and specify the additional resource variables:

$networkName	The name of the Azure virtual network to use.
$subnetName	The name of the Azure virtual network subnet to use.
$nsgName	The name of the Azure network security group (NSG) to use.
$vnetResourceGroup	The name of the Azure resource group used to host the virtual network. This defaults to the same value as specified in $PxErmResourceGroupName but you can change it to a different resource group is required, for example: $vnetResourceGroup = "pexample-ermvnet-RG"

$PxErmPublicIp

Controls whether to deploy the ERM VM with a public IP address or not. You can set this value to $True (the default) or $False.

Example: $PxErmPublicIp = $True

$PxMgmtSrcAddrPrefixes

Specifies the public-facing IP addresses of any management workstations/networks that may be required to administer ERM.

You should not perform any security scans from these addresses.

For example to allow access from:

x.x.x.x     Management IP address #1
y.y.y.y     Management IP address #2
z.z.z.0/24  Management subnet

you would specify $PxMgmtSrcAddrPrefixes = @( "x.x.x.x", "y.y.y.y", "z.z.z.0/24" )

If no addresses are specified i.e. $PxMgmtSrcAddrPrefixes = @( ) then all access via the internet is enabled.

Example: $PxMgmtSrcAddrPrefixes = @( "192.168.7.4", "192.168.3.0/24" )

$PxErmVmName

The name of the virtual machine used to run ERM:

It can be up to 64 characters long.
Azure resource names cannot contain special characters \/""[]:|<>+=;,?*@&, whitespace, or begin with '_' or end with '.' or '-'.
VM names may only contain letters, numbers, '.', and '-'.

Example: $PxErmVmName = "PexipERM"

$PxErmAdminUsername

The account username for the VM that will be created in Azure. This is used if you need to connect over SSH into the VM.

See https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/create-or-update#osprofile for details about account name restrictions.

Example: $PxErmAdminUsername = "PexAdmin"

$PxErmAdminPassword

The associated password for $PxErmAdminUsername for the virtual machine. (You are asked at the end of the process to specify the password for the ERM Installer admin account.)

See https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/create-or-update#osprofile for details about password restrictions.

Example: $PxErmAdminPassword = "Pexip123!"

$PxErmAdminSshKey

An optional SSH public key to assign to the VM.

Example: $PxErmAdminSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkxR4blOhK0okFHu7Nmnu9xEtktjGAQh/zxugTRnUdkLx7AN2QZSqNf6oJjSC0SY2BFN6kCTsFeiDTxNJ4bHBc7EtlIghqJPP3LvgCv1Q82o+xgVY/L8P6ojglLA44YcPgqh8F74v5aKoiqIY2vevJqS+tUes0kfcjKwz4LH9GZUj6toA6VOqvkyQSSkGl8xazucpsZtlT0Sw7T1lLSPvUIrIqbs80mZGmqIb5mIDsqve4GMTQyr3P admin"

Copying and saving the ERM Azure deployment script

You need to copy and save the ERM Azure deployment PowerShell script:

Copy the ERM Azure deployment script listed below into a plain text editor.
Save the script as deploy_pexip_erm_vm.ps1 into the same folder as your variables initialization script.

Do not change the contents of this script.

This is the ERM Azure deployment script:

Copy to clipboard

param(
  [Parameter(Mandatory = $True)]
  [ValidateNotNullOrEmpty()]
  [string] $PxErmSubscriptionId,

  [Parameter(Mandatory = $True)]
  [ValidateNotNullOrEmpty()]
  [string] $PxErmAzureLocation,

  [Parameter(Mandatory = $True)]
  [ValidateNotNullOrEmpty()]
  [string] $PxErmResourceGroupName,

  [Parameter(Mandatory = $True)]
  [ValidateNotNullOrEmpty()]
  [ValidatePattern('^[a-z]{2,10}$')]
  [string] $PxErmBaseName,

  [Parameter(Mandatory = $True)]
  [ValidateNotNullOrEmpty()]
  [System.Management.Automation.PSCredential] $PxErmVmAdminCredential,

  [Parameter(Mandatory = $False)]
  [ValidateNotNullOrEmpty()]
  [string] $PxErmVmName,

  [Parameter(Mandatory = $False)]
  [string] $PxErmAdminSshKey,

  [Parameter(Mandatory = $False)]
  [string] $PxErmDeployInExistingResources,

  [Parameter(Mandatory = $False)]
  [string] $networkName,

  [Parameter(Mandatory = $False)]
  [string] $subnetName,

  [Parameter(Mandatory = $False)]
  [string] $nsgName,

  [Parameter(Mandatory = $False)]
  [string] $vnetResourceGroup,

  [Parameter(Mandatory = $True)]
  [string] $PxErmPublicIp,

  [Parameter(Mandatory = $False)]
  [string[]] $PxMgmtSrcAddrPrefixes = @()
)

$PxErmVmSize = 'Standard_D4s_v4'
$PxStorageContainerName = 'erm'

# Version info
$sourceVersion = "1.0.8"
$sourceBuildNumber = "11879"
$ermOsDiskCopy = "pexip-erm-osDisk-$sourceVersion-$sourceBuildNumber.vhd"
$ermOsDiskSrc = "https://pexipas.blob.core.windows.net/erm/1-0-8/Pexip_ERM_v$($sourceVersion)_generic_$($sourceBuildNumber).0.0_azure.vhd"

$ErrorActionPreference = "Stop"
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"

function Get-UniqueString {
  param(
    [Parameter(Mandatory = $True)]
    [string]$Id,

    [Parameter(Mandatory = $False)]
    [int]$Length
  )

  $hashArray = (New-Object System.Security.Cryptography.SHA512CryptoServiceProvider).ComputeHash($Id.ToCharArray())
  -join ($hashArray[1..$Length] | ForEach-Object { [char]($_ % 26 + [byte][char]'a') })
}

function Take {
  param(
    [Parameter(Mandatory = $True)]
    [string]$Id,

    [Parameter(Mandatory = $True)]
    [int]$Length
  )
  return $(if ($Id.length -gt $Length) { $Id.substring(0, $Length) } else { $Id })
}

$randomId = Get-UniqueString -Id $PxErmResourceGroupName -Length 10

Import-Module Az -MinimumVersion 7.0.0
Connect-AzAccount

Write-Host "Using the subscription with id: $PxErmSubscriptionId"
Set-AzContext -Subscription $PxErmSubscriptionId

# Create RG if it doesn't exist
if (!(Get-AzResourceGroup $PxErmResourceGroupName -ErrorAction SilentlyContinue)) {
  Write-Host "Creating resource group: $PxErmResourceGroupName"
  New-AzResourceGroup -Name $PxErmResourceGroupName -Location $PxErmAzureLocation
}
else {
  Write-Host "Using the existing resource group: $PxErmResourceGroupName"
}

# StorageAccount - For boot diagnostics and image import
$storageAccountName = -join ($(Take -Id $( -join ($PxErmBaseName, $randomId).toLower()) -Length 14), "ermstorage")

$storageAccount = Get-AzStorageAccount -Name $storageAccountName -ResourceGroupName $PxErmResourceGroupName -ErrorAction SilentlyContinue
if (!$storageAccount) {
  Write-Host "Creating storage account: $storageAccountName"
  $storageAccount = New-AzStorageAccount -ResourceGroupName $PxErmResourceGroupName -Name $storageAccountName -Location $PxErmAzureLocation -SkuName Standard_LRS -Kind StorageV2
}
else {
  Write-Host "Using the existing storage account: $storageAccountName"
}


# Network
if ($PxErmDeployInExistingResources -eq $True -And $networkName) {
# use set parameter from variable script
}
else {
$networkName = -join ($PxErmBaseName, "-", $randomId, "-VNET")
}

if ($PxErmDeployInExistingResources -eq $True -And $vnetResourceGroup) {
$virtualNetwork = Get-AzVirtualNetwork -ResourceGroupName $vnetResourceGroup -Name $networkName -ErrorAction SilentlyContinue
}
else {
$virtualNetwork = Get-AzVirtualNetwork -ResourceGroupName $PxErmResourceGroupName -Name $networkName -ErrorAction SilentlyContinue
}


if (!$virtualNetwork) {
  Write-Host "Creating virtual network: $networkName"
  $virtualNetwork = New-AzVirtualNetwork -ResourceGroupName $PxErmResourceGroupName -Location $PxErmAzureLocation -Name $networkName -AddressPrefix 10.0.0.0/24
}
else {
  Write-Host "Using the existing virtual network: $networkName"
}

if ($PxErmDeployInExistingResources -eq $True -And $subnetName) {
# use set parameter from variable script
}
else {
$subnetName = "Default"
}

$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $virtualNetwork -ErrorAction SilentlyContinue
if (!$subnet) {
  Write-Host "Creating subnet: $subnetName"
  $virtualNetwork = Add-AzVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24 -VirtualNetwork $virtualNetwork | Set-AzVirtualNetwork
  $subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $virtualNetwork
}
else {
  Write-Host "Using the existing subnet: $subnetName"
}

if ($PxErmDeployInExistingResources -eq $True -And $nsgName) {
# use set parameter from variable script
}
else {
# Network security group
$nsgName = -join ($PxErmBaseName, "-", $randomId, "-NSG")
}

if (!$PxMgmtSrcAddrPrefixes) {
  $PxMgmtSrcAddrPrefixes = "Internet"
}

if ($PxErmDeployInExistingResources -eq $True -And $vnetResourceGroup) {
$nsg = Get-AzNetworkSecurityGroup -Name $nsgName -ResourceGroupName $vnetResourceGroup -ErrorAction SilentlyContinue
}
else {
$nsg = Get-AzNetworkSecurityGroup -Name $nsgName -ResourceGroupName $PxErmResourceGroupName -ErrorAction SilentlyContinue
}

if (!$nsg) {
 Write-Host "Creating network security group: $nsgName"
 $rule1 = New-AzNetworkSecurityRuleConfig -Name ssh-rule -Description "Allow SSH" `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
  $PxMgmtSrcAddrPrefixes -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22
 $rule2 = New-AzNetworkSecurityRuleConfig -Name http-rule -Description "Allow HTTP" `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
  Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
 $rule3 = New-AzNetworkSecurityRuleConfig -Name https-rule -Description "Allow HTTPS" `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 102 -SourceAddressPrefix `
  Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
 $rule4 = New-AzNetworkSecurityRuleConfig -Name installer-rule -Description "Allow Pexip installer" `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 103 -SourceAddressPrefix `
  $PxMgmtSrcAddrPrefixes -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 8999
 $rule5 = New-AzNetworkSecurityRuleConfig -Name LDAP-rule -Description "Allow Inbound LDAP" `
  -Access Allow -Protocol Tcp -Direction Inbound -Priority 104 -SourceAddressPrefix `
  Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 389
 $nsg = New-AzNetworkSecurityGroup -ResourceGroupName $PxErmResourceGroupName -Location $PxErmAzureLocation -Name `
  $nsgName -SecurityRules $rule1 , $rule2, $rule3, $rule4, $rule5
}
else {
  Write-Host "Using the existing network security group: $nsgName"
}

# Download
# Obtain the access key for the storage account
$storageAccountKey = Get-AzStorageAccountKey -ResourceGroupName $PxErmResourceGroupName -Name $storageAccountName
$storageAccountKey = $storageAccountKey[0].Value
# Create the storage access context
$ctx = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
if (!(Get-AzStorageContainer -Name $PxStorageContainerName -Context $ctx -ErrorAction SilentlyContinue)) {
  Write-Host "Creating blob storage container: $PxStorageContainerName"
  New-AzStorageContainer -Name $PxStorageContainerName -Context $ctx | Out-Null
}
else {
  Write-Host "Using the existing blob storage container: $PxStorageContainerName"
}

$osDisk = Get-AzStorageBlob -Container $PxStorageContainerName -Blob $ermOsDiskCopy -Context $ctx -ErrorAction Silent
$osDiskCopy = $null
if (!$osDisk) {
  # Start copying the OS Disk Image
  Write-Host "Going to copy ERM disk from $ermOsDiskSrc to $ermOsDiskCopy"
  $osDiskCopy = Start-AzStorageBlobCopy -AbsoluteUri $ermOsDiskSrc -DestContainer $PxStorageContainerName -DestBlob $ermOsDiskCopy -DestContext $ctx
}
else {
  Write-Host "OS disk $ermOsDiskCopy has been already copied to $PxStorageContainerName blob container"
  $osDisk = $osDisk[0].ICloudBlob
}
if ($osDiskCopy) {
  # Wait for the OS Disk to finish copying
  $status = Get-AzStorageBlobCopyState -Blob $osDiskCopy.Name -Container $PxStorageContainerName -Context $ctx
  While ($status.Status -eq "Pending") {
    $status
    $status = Get-AzStorageBlobCopyState -Blob $osDiskCopy.Name -Container $PxStorageContainerName -Context $ctx
    Start-Sleep 10
  }
  $status
  $osDisk = $osDiskCopy.ICloudBlob
}

$diskImage = Get-AzImage -ResourceGroupName $PxErmResourceGroupName -ImageName $ermOsDiskCopy -ErrorAction SilentlyContinue
if (!$diskImage) {
  # Create Azure images from the vhd files
  Write-Host "Creating Azure images from the vhd file"
  $osImageConfig = New-AzImageConfig -Location $PxErmAzureLocation
  Set-AzImageOsDisk -Image $osImageConfig -OsType "Linux" -OsState "Generalized" -StorageAccountType "Premium_LRS" -BlobUri $osDisk.Uri.AbsoluteUri | Out-Null
  $diskImage = New-AzImage -Image $osImageConfig -ImageName $ermOsDiskCopy -ResourceGroupName $PxErmResourceGroupName
  $diskImageId = $diskImage.Id
  Write-Host "Created Pexip ERM Disk image with resource ID: $diskImageId"
}
else {
  $diskImageId = $diskImage.Id
  Write-Host "Using the exisiting Pexip ERM Disk image with resource ID: $diskImageId"
}

# Public IP
# If the $PxErmPublicIp parameter is set to True create a public IP
if ($PxErmPublicIp -eq $true) {
$pipName = -join ($PxErmBaseName, "-", $randomId, "-PIP")
$pip = Get-AzPublicIpAddress -ResourceGroupName $PxErmResourceGroupName -Name $pipName -ErrorAction SilentlyContinue
if (!$pip) {
  Write-Host "Creating public IP address: $pipName"
  $pip = New-AzPublicIpAddress `
    -ResourceGroupName $PxErmResourceGroupName `
    -Location $PxErmAzureLocation `
    -AllocationMethod Static `
    -IdleTimeoutInMinutes 4 `
    -Name $pipName
}
else {
  Write-Host "Using the existing public IP address: $pipName"
}
}

# NIC
$nicName = -join ($PxErmBaseName, "-", $randomId, "-NIC")
$nic = Get-AzNetworkInterface -Name $nicName -ResourceGroupName $PxErmResourceGroupName -ErrorAction SilentlyContinue
if (!$nic) {
  Write-Host "Creating network interface: $nicName"
  # if $PxErmPublicIp is set to True set the public IP on the nic
  if ($PxErmPublicIp -eq $true) {
  $nic = New-AzNetworkInterface `
    -Name $nicName `
    -ResourceGroupName $PxErmResourceGroupName `
    -Location $PxErmAzureLocation `
    -SubnetId $subnet.Id `
    -PublicIpAddressId $pip.Id `
    -NetworkSecurityGroupId $nsg.Id
  } else {
  $nic = New-AzNetworkInterface `
    -Name $nicName `
    -ResourceGroupName $PxErmResourceGroupName `
    -Location $PxErmAzureLocation `
    -SubnetId $subnet.Id `
    -NetworkSecurityGroupId $nsg.Id
  }
$getprivip = Get-AzNetworkInterface -Name $nicname -ResourceGroupName $PxErmResourceGroupName -ErrorAction SilentlyContinue
$PrivateIP = $getprivip.IpConfigurations.PrivateIpAddress
}
else {
  $PrivateIP = $nic.IpConfigurations.PrivateIpAddress
  Write-Host "Using the existing network interface: $nicName with private IP: $PrivateIP"
}

# VM
# Create a virtual machine configuration
$vmConfig = New-AzVMConfig `
  -VMName $PxErmVmName `
  -VMSize $PxErmVmSize | `
  Set-AzVMOperatingSystem `
  -Linux `
  -ComputerName $PxErmVmName `
  -Credential $PxErmVmAdminCredential | `
  Set-AzVMSourceImage `
  -Id $diskImageId | `
  Set-AzVMBootDiagnostic `
  -Enable -StorageAccountName $storageAccountName -ResourceGroupName $PxErmResourceGroupName | `
  Add-AzVMNetworkInterface `
  -Id $nic.Id

# Configure the SSH key
if ($PxErmAdminSshKey) {
  $vmConfig = $vmConfig | Add-AzVMSshPublicKey `
    -KeyData $PxErmAdminSshKey `
    -Path "/home/$($PxErmVmAdminCredential.UserName)/.ssh/authorized_keys" | `
    Set-AzVMOperatingSystem -Linux -DisablePasswordAuthentication -ComputerName $PxErmVmName -Credential $PxErmVmAdminCredential
}

Write-Host "Deploying Pexip ERM VM: $PxErmVmName"
$vm = New-AzVM -ResourceGroupName $PxErmResourceGroupName -Location $PxErmAzureLocation -VM $vmConfig
if ($vm.IsSuccessStatusCode) {
  Write-Host "Successfully deployed Pexip ERM VM (version: $sourceVersion, build number: $sourceBuildNumber)."
  Write-Host ""
  if ($PxErmPublicIp -eq $true) {
  Write-Host "******************************************************************************************"
  Write-Host "To start your Pexip ERM installer configuration, browse to:"
  Write-Host "https://$($pip.IpAddress):8999"
  Write-Host ""
  Write-Host "When you connect with SSH, you must use the username: $($PxErmVmAdminCredential.UserName)@$($pip.IpAddress)"
  Write-Host ""
  Write-Host "******************************************************************************************"
  } else {
  Write-Host "******************************************************************************************"
  Write-Host "To start your Pexip ERM installer configuration, browse to:"
  Write-Host "https://$($PrivateIP):8999"
  Write-Host ""
  Write-Host "When you connect with SSH, you must use the username: $($PxErmVmAdminCredential.UserName)@$($PrivateIP)"
  Write-Host ""
  Write-Host "******************************************************************************************"
  }
  if ($PxErmDeployInExistingResources -eq $true) {
  Write-Host "You deployed ERM in an existing virtual network and Network security group. Make sure to open up the correct ports described in the documentation:"
  Write-Host "https://docs.pexip.com/erm/installation/vm-deployment/network-ports.htm"
  Write-Host ""
  Write-Host "******************************************************************************************"
  }
}
else {
  Write-Host "Deployment failed."
}
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "false"

Running the scripts to deploy the Pexip ERM Installer in Azure

You can now deploy the ERM Installer in your Azure subscription — this section describes the PowerShell commands used to install ERM.

Deploying the Pexip ERM Installer

From your PC, run PowerShell ISE as Administrator by right-clicking on it and selecting Run as Administrator.
If you are connecting to Azure Resource Manager from your Windows PC for the first time, you must run the following PowerShell command:

Install-Module -Name Az -MinimumVersion 9.0.1 -MaximumVersion 9.7.1 -AllowClobber -Scope AllUsers

To check your installed version you can run:
Get-InstalledModule -Name Az -AllVersions
Change directory to the folder (cd <path>) into which you have saved the variables initialization script and deployment script.

You must ensure that the folder containing your scripts is in your PowerShell PATH environment variable (you can use $env:path to check this).
Open and run your erm_variables.ps1 variables initialization script.

Copy and run the following installation commands.

It sets the execution policy for the current PowerShell process — when prompted type A (Yes to All).
It prepares the credentials to apply to the VM (based on what you supplied in the variables initialization script).
Then it runs deploy_pexip_erm_vm.ps1 to deploy the ERM Installer.

These are the installation commands:

Copy to clipboard

# ERM installation script. Do not modify the contents of this script

# Set execution policy for the current PowerShell process, when prompted type A (Yes to All)
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process

# Prepare the credentials to apply to the VM
$securePassword = ConvertTo-SecureString $PxErmAdminPassword -AsPlainText -Force
$PxErmVmAdminCredential = New-Object System.Management.Automation.PSCredential ($PxErmAdminUsername, $securePassword)

# Call the deployment script
./deploy_pexip_erm_vm.ps1 -PxErmSubscriptionId $PxErmSubscriptionId `
  -PxErmAzureLocation $PxErmAzureLocation `
  -PxErmBaseName $PxErmBaseName `
  -PxErmVmName $PxErmVmName `
  -PxErmResourceGroupName $PxErmResourceGroupName `
  -PxMgmtSrcAddrPrefixes $PxMgmtSrcAddrPrefixes `
  -PxErmVmAdminCredential $PxErmVmAdminCredential `
  -PxErmAdminSshKey $PxErmAdminSshKey `
  -PxErmDeployInExistingResources $PxErmDeployInExistingResources `
  -networkName $networkName `
  -subnetName $subnetName `
  -nsgName $nsgName `
  -PxErmPublicIp $PxErmPublicIp `
  -vnetResourceGroup $vnetResourceGroup

At the start of this process you are asked to sign in to Azure — follow the prompts to do this.

The sign-in window may not automatically appear on top of your existing windows. If your PowerShell session appears to be hanging, check that the Azure sign-in window is not being obscured by any other windows.
While the script runs it outputs several messages stating what is being created. Wait for the script to finish. This may take several minutes.

When the script completes, a "Successfully deployed Pexip ERM VM" message is displayed, for example:

(A different message is displayed if you decided to use your own existing resources in Azure.)
Follow the instructions presented on the screen: browse to the specified address with the given username to access your ERM Installer.
At the Welcome screen you can define the password you want to use to access the ERM Installer (you will use this in the future along with the admin username you specified in your variables initialization script) and then enter your license key.

See ERM Installer: initial setup and license management for full details.