Azure
Ascend Cluster Overview
Ascend services can be fully hosted within a customer owned Azure account and VPC. Services within these environments are managed by Ascend, and isolated from all other Ascend customers.
Resources
Azure Services
Ascend currently makes use of the following services:
- Virtual Private Network
- One subnet
- Service Endpoints (per subnet)
- Microsoft.Sql
- Cloud Storage
- Kind: StorageV2
- Performance: Standard
- Container count: 9 (subject to change)
- AKS (Azure Kubernetes Service):
- Cluster count: 1
- Preview features
- VMSSPreview
- AKSAzureStandardLoadBalancer
- AvailabilityZonePreview
- SpotPoolPreview
- EncryptionAtHost
- LiveResize
- Static IP Addresses (Ingress and Egress)
- Azure Database for MySQL server
In the future, Ascend may use additional Azure services.
Ascend Services
Ascend will run its software within the Azure account, and all services will be maintained by
Ascend. Ascend’s platform utilizes a variety of microservices that run on multiple
auto-scaled Kubernetes clusters.
Setup
Ascend hosted account
Ascend is responsible for all accounts and provisioning; no customer setup is required.
Customer owned Azure Account
Customers will be responsible for creating the Azure accounts required to support the
Ascend Platform. Account setup can be done with one of the following two options:
- Create a dedicated Azure subscription within your Active Directory.
- Create a dedicated resource group in an existing subscription.
Option 1 - Create Subscription
Option 2 - Create Resource Group
Create App Registration:
The App Registration is used as a Service Principal. Once the App Registration creation is complete, you will need to set a password for the App Registration and assign the App Registration as a "Owner" to the selected Resource Group or Subscription. Please Note: "Owner" permissions are required for each resource listed above in the Ascend Services list.
Take note of the App Registration Password and Application ID, you'll be sending these along with some other values at the end of these instructions.
Create Service Principal:
Set App Registration Password:
Add App Registration as Owner to Resource Group:
Example App Registration:
Request vCPU Quota increase:
- Open support request under the proper subscription ID
- Deployment model - resource Manager
- Request region - your preferred region
- vCPU Types:
- Standard: 500
- Spot: 600
- Series Eads_v5
Create Support Request:
Register Preview features: (requires azure command line)
-
Feature (provider: Microsoft.ContainerService)
- VMSSPreview
- AKSAzureStandardLoadBalancer
- AvailabilityZonePreview
- SpotPoolPreview
- EncryptionAtHost
- LiveResize
-
Provider
- Microsoft.ContainerService
- Microsoft.DBforMySQL
- Microsoft.Network
- Microsoft.Storage
#! /usr/bin/env bash az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService az provider register --subscription {subscriptionId} --namespace Microsoft.DBforMySQL az provider register --subscription {subscriptionId} --namespace Microsoft.Network az provider register --subscription {subscriptionId} --namespace Microsoft.Storage az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name VMSSPreview az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AKSAzureStandardLoadBalancer az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AvailabilityZonePreview az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name SpotPoolPreview az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService az feature register --subscription {subscriptionId} --namespace "Microsoft.Compute" --name EncryptionAtHost az feature register --subscription {subscriptionId} --namespace "Microsoft.Compute" --name LiveResize az provider register --subscription {subscriptionId} --namespace Microsoft.Compute
Securely provide Ascend with account details.
Keybase.io is a preferred service for securely exchanging credentials and you can encrypt messages to send to Ascend at this link
- Application ID
- Service Principal password
- Tenant ID
- Subscription ID
- Subscription/Resource group region
Ascend Setup
Ascend will configure the environment and provision the appropriate resources. Ascend will
then deploy services to the environment.
Customer Review & Acceptance
Customers will have an opportunity to review the environment and configuration details.
Maintenance & Security
Ascend will be responsible for setup and maintenance of all services within the Azure
account.
Ascend Access
Ascend Infrastructure and On-call teams require access to the Azure account at all times to
ensure reliability, performance, and code deployments.
If additional data security is required, you may upgrade to the Enterprise Security package.
Enterprise Security restricts Ascend’s access to customer data.
Infrastructure Updates
Ascend will periodically need to update the infrastructure of the installed environment. In these circumstances, please re-run the commands to Register Preview Features (if they're already registered it should succeed in a couple seconds).
Customer Access
Customers will also retain access to this account for auditing purposes only.
Updated 10 months ago