Azure Ascend Cluster Overview

Ascend provides customers with two options for deployment. The services can be fully
hosted within a customer owned Azure account and VPC, or hosted by Ascend in a
dedicated Azure VPC. Regardless of deployment option, services within these environments are managed by Ascend, and isolated from all other Ascend customers.

Resources

Azure Services

Ascend currently makes use of the following services:

  • Virtual Private Network
    • One subnet
    • Service Endpoints (per subnet)
      • Microsoft.Sql
  • Cloud Storage
    • Kind: StorageV2
    • Performance: Standard
    • Container count: 9 (subject to change)
  • AKS (Azure Kubernetes Service):
    • Cluster count: 1
    • Preview features
      • VMSSPreview
      • AKSAzureStandardLoadBalancer
      • AvailabilityZonePreview
      • SpotPoolPreview
  • Static IP Addresses (Ingress and Egress)
  • Azure Database for MySQL server

In the future, Ascend may use additional Azure services.

Ascend Services

Ascend will run its software within the Azure account, and all services will be maintained by
Ascend. Ascend’s platform utilizes a variety of microservices that run on multiple
auto-scaled Kubernetes clusters.

Setup

Ascend hosted account

Ascend is responsible for all accounts and provisioning; no customer setup is required.

Customer owned Azure Account

Customers will be responsible for creating the Azure accounts required to support the
Ascend Platform. Account setup can be done with one of the following two options:

  1. Create a dedicated Azure subscription within your Active Directory.
  2. Create a dedicated resource group in an existing subscription.

Create Subscription

Create Resource Group

Record Subscription and Resource Group IDs, required for step 5.

Create App Registration:

The App Registration is used as a Service Principal. Once the App Registration creation is complete, you will need to set a password for the App Registration and assign the App Registration as a "Owner" to the selected Resource Group or Subscription. Please Note: "Owner" permissions are required for each resource listed above in the Ascend Services list.

Take note of the App Registration Password and Application ID, you'll be sending these along with some other values at the end of these instructions.

Create Service Principal:

Set App Registration Password:

Add App Registration as Owner to Resource Group:

Example App Registration:

Record Application ID, Service Principal password and Tenant ID, required for step 5.

Request vCPU Quota increase:

  1. Open support request under the proper subscription ID
  2. Deployment model - resource Manager
  3. Request region - your preferred region
  4. vCPU Types:
    1. Team Size
      1. Standard: 100
      2. Spot: 100
      3. Series ESv3
    2. Standard Size
      1. Standard: 500
      2. Spot: 500
      3. Series ESv3

Create Support Request:

Register Preview features: (requires azure command line)

  1. Feature (provider: Microsoft.ContainerService)

    1. VMSSPreview
    2. AKSAzureStandardLoadBalancer
    3. AvailabilityZonePreview
    4. SpotPoolPreview
  2. Provider

    1. Microsoft.ContainerService
    2. Microsoft.DBforMySQL
    3. Microsoft.Network
    4. Microsoft.Storage
    #! /usr/bin/env bash
    az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService
    az provider register --subscription {subscriptionId} --namespace Microsoft.DBforMySQL
    az provider register --subscription {subscriptionId} --namespace Microsoft.Network
    az provider register --subscription {subscriptionId} --namespace Microsoft.Storage
    az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name VMSSPreview
    az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AKSAzureStandardLoadBalancer
    az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AvailabilityZonePreview
    az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name SpotPoolPreview
    az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService
    

Securely provide Ascend with account details.

Keybase.io is a preferred service for securely exchanging credentials and you can encrypt messages to send to Ascend at this link

  1. Application ID
  2. Service Principal password
  3. Tenant ID
  4. Subscription ID
  5. Subscription/Resource group region

Ascend Setup

Ascend will configure the environment and provision the appropriate resources. Ascend will
then deploy services to the environment.

Customer Review & Acceptance

Customers will have an opportunity to review the environment and configuration details.

Maintenance & Security

Ascend will be responsible for setup and maintenance of all services within the Azure
account.

Ascend Access

Ascend Infrastructure and On-call teams require access to the Azure account at all times to
ensure reliability, performance, and code deployments.

If additional data security is required, you may upgrade to the Enterprise Security package.
Enterprise Security restricts Ascend’s access to customer data.

Customer Access

Customers will also retain access to this account for auditing purposes only.


Did this page help you?