Docs
Developer HubDocsSDK

Azure

Suggest Edits

Ascend Cluster Overview

Ascend services can be fully hosted within a customer owned Azure account and VPC. Services within these environments are managed by Ascend, and isolated from all other Ascend customers.

Resources

Azure Services

Ascend currently makes use of the following services:

  • Virtual Private Network
    • One subnet
    • Service Endpoints (per subnet)
      • Microsoft.Sql
  • Cloud Storage
    • Kind: StorageV2
    • Performance: Standard
    • Container count: 9 (subject to change)
  • AKS (Azure Kubernetes Service):
    • Cluster count: 1
    • Preview features
      • VMSSPreview
      • AKSAzureStandardLoadBalancer
      • AvailabilityZonePreview
      • SpotPoolPreview
      • EncryptionAtHost
      • LiveResize
  • Static IP Addresses (Ingress and Egress)
  • Azure Database for MySQL server

In the future, Ascend may use additional Azure services.

Ascend Services

Ascend will run its software within the Azure account, and all services will be maintained by
Ascend. Ascend’s platform utilizes a variety of microservices that run on multiple
auto-scaled Kubernetes clusters.

Setup

Ascend hosted account

Ascend is responsible for all accounts and provisioning; no customer setup is required.

Customer owned Azure Account

Customers will be responsible for creating the Azure accounts required to support the
Ascend Platform. Account setup can be done with one of the following two options:

  1. Create a dedicated Azure subscription within your Active Directory.
  2. Create a dedicated resource group in an existing subscription.

Option 1 - Create Subscription

1335

Option 2 - Create Resource Group

1336

Record Subscription and Resource Group IDs, required for step 5.

Create App Registration:

The App Registration is used as a Service Principal. Once the App Registration creation is complete, you will need to set a password for the App Registration and assign the App Registration as a "Owner" to the selected Resource Group or Subscription. Please Note: "Owner" permissions are required for each resource listed above in the Ascend Services list.

Take note of the App Registration Password and Application ID, you'll be sending these along with some other values at the end of these instructions.

Create Service Principal:

Set App Registration Password:

Add App Registration as Owner to Resource Group:

Example App Registration:
1424

Record Application ID, Service Principal password and Tenant ID, required for step 5.

Request vCPU Quota increase:

  1. Open support request under the proper subscription ID
  2. Deployment model - resource Manager
  3. Request region - your preferred region
  4. vCPU Types:
    1. Standard: 500
    2. Spot: 600
    3. Series Eads_v5

Create Support Request:

Register Preview features: (requires azure command line)

  1. Feature (provider: Microsoft.ContainerService)

    1. VMSSPreview
    2. AKSAzureStandardLoadBalancer
    3. AvailabilityZonePreview
    4. SpotPoolPreview
    5. EncryptionAtHost
    6. LiveResize

  2. Provider

    1. Microsoft.ContainerService
    2. Microsoft.DBforMySQL
    3. Microsoft.Network
    4. Microsoft.Storage
    #! /usr/bin/env bash
az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService
az provider register --subscription {subscriptionId} --namespace Microsoft.DBforMySQL
az provider register --subscription {subscriptionId} --namespace Microsoft.Network
az provider register --subscription {subscriptionId} --namespace Microsoft.Storage
az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name VMSSPreview
az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AKSAzureStandardLoadBalancer
az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name AvailabilityZonePreview
az feature register --subscription {subscriptionId} --namespace "Microsoft.ContainerService" --name SpotPoolPreview
az provider register --subscription {subscriptionId} --namespace Microsoft.ContainerService
az feature register --subscription {subscriptionId} --namespace "Microsoft.Compute" --name EncryptionAtHost
az feature register --subscription {subscriptionId} --namespace "Microsoft.Compute" --name LiveResize
az provider register --subscription {subscriptionId} --namespace Microsoft.Compute

Securely provide Ascend with account details.

Keybase.io is a preferred service for securely exchanging credentials and you can encrypt messages to send to Ascend at this link

  1. Application ID
  2. Service Principal password
  3. Tenant ID
  4. Subscription ID
  5. Subscription/Resource group region

Ascend Setup

Ascend will configure the environment and provision the appropriate resources. Ascend will
then deploy services to the environment.

Customer Review & Acceptance

Customers will have an opportunity to review the environment and configuration details.

Maintenance & Security

Ascend will be responsible for setup and maintenance of all services within the Azure
account.

Ascend Access

Ascend Infrastructure and On-call teams require access to the Azure account at all times to
ensure reliability, performance, and code deployments.

If additional data security is required, you may upgrade to the Enterprise Security package.
Enterprise Security restricts Ascend’s access to customer data.

Infrastructure Updates

Ascend will periodically need to update the infrastructure of the installed environment. In these circumstances, please re-run the commands to Register Preview Features (if they're already registered it should succeed in a couple seconds).

Customer Access

Customers will also retain access to this account for auditing purposes only.

Updated 9 months ago

© Ascension Labs Inc. | All Rights Reserved