Azure Client Stack Deployment

CAM Azure Stack utilizes Microsoft Azure services and resources to provide the ability to move documents and content and sync metadata between multiple Document Management Systems (DMS). CAM Content Mover and Data Sync (Content Sync) use Azure storage blobs as an intermediary place while moving content between the supported Document Management Systems.

To deploy the CAM Azure Stack, you need to deploy the Azure template into your Azure environment. The template deploys a complete solution that contains multiple resources such as function apps, MySQL instances, Blob Storages, and others. These resources are provided and hosted by Microsoft Azure in your Azure account to provide more control over moving content.

Azure & CAM Integration Notes

As of January 30, 2021, Azure is not allowing custom token expiry settings. The conditional access policies determine how the token expires are configured. This requires at least a P1 license in Azure. See the Microsoft link here.

 

CAM Azure Stack Architecture

  • Content Mover in CAM uses REST APIs to work with 7 functions, 4 queues, and two triggers to move content.

  • Data Sync (Content Sync) uses REST APIs to work with 3 functions, 1 queue, and one trigger to sync content.

Prerequisites to the CAM Azure Stack Deployment

The following items are needed to begin the Azure Stack deployment process. Without these pieces, your stack deployment may fail or you won’t have the necessary pieces to finish.

  • Administrative access to an Azure subscription where you plan to deploy the CAM Azure stack ( within http://portal.azure.com )- you need this to configure the stack

  • Administrative access to your organization’s CAM instance- you need this to configure CAM modules to use the stack.

  • Your CAM instance Tenant Id, Client Encrypted Key, and CAM Secret Key. You need to contact Litera’s Customer Care team (Support@litera.com) to obtain the Tenant Id before you start the deployment process. It may take some time for them to gather this information. Those keys are unique for each CAM instance. If your organization has multiple CAM instances, then you need to request the keys for each instance separately. If you do not have the Tenant Id create a ticket with Litera’s DevOps or Support team before deploying the Azure Client stack. The Encrypted keys and secret key you can obtain in Microsoft’s Azure panel.

Deploying and Configuring the CAM Azure Stack

 

Create a Resource Group

  1. From the Azure services section, on the Azure portal home page, click on Resource groups to open the resource groups page.

2. Click Create from the Resource groups toolbar.

3. Enter the following resource group details on the Create a Resource group page:

Fields

Description

Fields

Description

Subscription

Select the appropriate Azure subscription from the dropdown list.  A P1 license and Azue Standard must be set as minimal.

Resource groups

Enter a unique name for your resource group in the Resource group field.

Note: Resource group names must have only alphanumeric characters, periods, underscores, hyphens, and parentheses and must not have a full stop (.) at the end.

Region

Select the region where you want to create your resource group from the Region drop-down list.

4. Click Review + Create to validate and create new resource groups.

5. Click Next: Tags > to navigate to the next screen. Please skip entering any tags as they aren’t required.

6. Click Review + Create to validate and create new Resource groups successfully. The Validation passed message is displayed if validation passes successfully.

  1. When validation passes successfully, click Create to add new Resource groups.

Deploying CAM Azure Stack to the Azure Subscription

  1. Using a browser, navigate to the CAM Azure Stack GitHub repository using the URL GitHub - Prosperoware/cam-azure-deployment -

  2. Navigate to the repository home page and click on the Deploy to Azure button as the image shows in this section.

  3. The link redirects you to the MS Azure Portal and displays the CAM Azure Stack deployment form.

  4. Click the Deploy to Azure button. Log into the Azure user portal. The Custom Deployment screen is displayed.



4. Enter the following project details for your Azure deployment:

Fields

Description

Fields

Description

Project Details

Subscription

Selects the subscription from the dropdown list. Selects the same subscription used to create the resource group.

Resource groups

Pick the resource group that you created from section 1

Instance Details (Template Parameters) - Includes the following parameters

Region

Displays the region automatically on your created Resource group selection.

Litera Tenant Id

Enter the Tenant id from the received mail.

Litera Encrypted Key

Enter Litera Encrypted Key from the received mail.

Litera Secret Key

Enter Litera Secret Key from the received mail.

Features

You can select one of the features while deploying the Azure Stack:

ETL: Deploys Azure Stack for only Content Mover. You can use this feature when you want to move content across DMS systems permanently.
Content Sync: Deploys Azure Stack for only Content Sync. You can use this feature when you want to move content to the Azure blob storage temporarily.
Both: Deploys both Content Mover and Content Sync operations or features with the Azure Stack.

  • For business continuity, one sets the Content Sync option.

Is Production

Selects the Boolean value from the dropdown list.

Tip: Litera recommends to select the True option, if your environment is a production environment. This parameter controls some Azure resources tier.

Environment Stage

Enter the environment stage name. In continuation with the above mentioned example:

The Environment Stage would be like: yourenvironment.prosperowaredev.com

Instance Unique Name

Enter an unique instance name. In continuation with above mentioned example:

The Instance Unique Name would be like: yourenvironment.prosperowaredev.com

 

Top Level Domain

Enter the Top Level Domain.

The Top Level Domain would be like: yourenvironment.prosperowaredev.com

Administrator Login

Enter a new username for Azure CAM Stack MySQL Database admin user.

Administrator Login Password

Provide a password for Azure CAM Stack MySQL Database admin user.

  1. For additional VNet settings based on the part of the stack (MySQL, Cosmos) visit the following section for the vnet security setup:

6. Click Review + Create - Validates and create the template if the validation passes as displayed in the following screen.

7. If the form is valid, then the message Validation passed will be displayed. Now, click the Create button to start the deployment process.

 

  1. Click Previous to navigate to the previous screen.

2. The deployment process takes a few minutes to complete. The resources are created one after the other.

 

Fields

Description

Fields

Description

Resource

Displays the name of the created resources.

Type

Displays the type of the resources.

Status

Displays the status of resource creation.

Operation details

You can view the details against created resources.

3. Once the deployment is completed successfully, you can see the following screen.

 

Options

Description

Options

Description

Delete

Click Delete to remove the deployment.

Cancel

Click Cancel to cancel the deployment.

Redeploy

Click Redeploy to redeploy the template, if the deployment isn’t successfully completed.

Refresh

Click Refresh to re-load all the resources.

Flexible Server from Single Server Configuration

These steps are used to convert a single server deployment to the flexible server as designated by Azure.


1. Follow the Microsoft tutorial steps. Tutorial: Migrate Azure Database for MySQL - Single Server to Flexible Server online using DMS via the Azure portal - Azure Database Migration Service | Microsoft Learn

Those steps we need to do are:

a. Update the compute tier to General Purpose from Burstable S2 by:

b. Go to the MySQL Resource in the Resource Group in Azure.

c. Open Overview.

 

c. Click On Configuration.

 

d. Pick Compute Tier General Purpose. Pick Compute Size Standard_D2ads_v5 if staying on the Standard tier.

e. Finish the wizard upgrade.

 

Update the server configuration within the CAM config yml file next.

  1. Go to Storage account container.

  2. Find application config container (<instanceUniqueName-topLevelDomain>-application-config eg:tenantname-io-application-config).

  3. Go to yml folder.

  4. Update 3 attributes (host, username, password) with the new flexible server configuration in appconfig yml (appconfig-<environmentStage>.yml) which is in the yml folder.

Note: Single server username format is username@servername eg: abc@mysql-clientname-io

 

Flexible Server FAQs

 

  1. Why do I need to create a new resource for flexible server and migrate the data?
    Azure Database for MySQL - Single Server is on the retirement path and is scheduled for retirement by September 16, 2024. For more details see this article: What's happening to Azure Database for MySQL single server?

  2. How is the connection established to this sql instance?
    CAM Azure functions connect to this SQL instance using the connection string stored in the YML config file.

  3. I can’t find any relevant config in the account?
    In the storage account, there should be a bucket with a name ending with “-application-config”, in that bucket, there should be a file with a name that follows the convention “appconfig-<environmentStage>.yml”, that is the file they need to update.

Initialize CAM Azure Stack Configuration

  1. After the deployment is completed successfully, CAM Azure Stack needs to be initialized. The initialization URL is in the template deployment output.

2. Click Outputs, from the template deployment page left panel.

3. The following screen is displayed. Copy the initializeFunctionUrl and paste it into your Internet browser’s URL address bar.

 

4. The initialization function process URL will respond with the initialization status in JSON format. A successful response looks like the following:

5. Display the bucketname.

6. Display the apiEndPointBaseUrl.

Updating the Client Stack

Updating MySQL 7 to 8

For Existing Clients Stacks:

  1. We can't upgrade the MySQL version in single server configurations. We need to upgrade to flexible server configurations first if you are not on a flexible server, then we can update the MySQL version afterwards.

  2. If you were on MySQL 5.7, a parameter is set that isn’t supported in 5.8 that needs to be removed.

    1. That parameter is NO_AUTO_CREATE_USER

    2. Go into Server Parameter.

c. Search for the deprecated config in Parameter-> sql_mode.

d. Deselect the NO_AUTO_CREATE_USER parameter.

  1. Now we can update MySQL. The following shows when clicking into the MySql resource.

 

 

  1. Click the MySQL version link that says upgrade. Click 8.0 to upgrade to and hit Upgrade.

For info on what changes in MYSQL 8, visit: https://dev.mysql.com/blog-archive/upgrading-to-mysql-8-0-here-is-what-you-need-to-know/

 

Prerequisites

  1. Azure CLI: Ensure Azure CLI is installed on your machine. You can download it from Microsoft here: Azure Command-Line Interface (CLI) - Overview

  2. Administrator Access: Open Powershell with the “Run as administrator“ privilege.

  3. Go to the Github repo: GitHub - Prosperoware/cam-azure-deployment .

  4. Download functionAppsCodeUpdate.ps1

  5. Function App: The function app should already be created in the Client stack otherwise this Powershell script will fail.

Executing the Script

Azure login:

  1. If you haven’t logged in via az login , The script will prompt you to log in through a browser. Please use the Azure account associated with your client stack deployment.

    1. If the wrong account is used , you will be prompted to log in again , with up to three attempts allowed.

Resource group Input:

  1. The script will prompt you to enter the resource group name where your stack is deployed.

    1. If an incorrect resource group is entered, you will be prompted to re-enter the correct name, with up to three attempts allowed.

Function App Identification:

  1. The script will list all function apps targeted for the JAR upgrade.

  2. It will automatically determine whether to update ETL (Content Mover), ContentSync (Data Sync), or both options, based on the function apps present in your resource group.

Logging:

  1. The script will maintain a log file named CAM_Azure_Stack_log_timestamp.txt to record the latest operations

  2. Older logs will be deleted each time the script runs.

File Management:

  1. The script will download and upload the ZIP file from the same directory where 'functionAppsCodeUpdate.ps1' is located.

Upgrading Jar Files:

  1. After running the functionappsCodeupdate script the jar files will be updated automatically.

 

Configure CAM Content Mover to Utilize your Azure Stack

  1. The below steps can be done for Content Mover or Data Sync (Content Sync).

2. Navigate to your CAM instance, click Administration > click Content Mover. The following screen appears:

3. Navigate to the Configuration tab, the following screen appears:

Fields

Description

Fields

Description

Choose Cloud Provider

Selects “Azure“ from the list.

Choose Storage

Displays automatically based on cloud provider value.

Choose Storage Type

Selects the Private Encrypted Storage as storage type.

Bucket Name

Enter the Bucket name.

API Endpoint Base Url

Enter the API Endpoint Base Url.

API Secret Key

Enter the API Secret key which is received in your email.

Validate

Click “Validate” to validate the form data. If the form data is correct, then the message “Validated successfully” will be displayed.

4. Click Save to save the configuration.

5. Click Cancel to close the configuration screen without saving any changes to the fields.

6. If using Data Sync, repeat the above steps but after clicking Administration- Data Sync

Configure CAM Data Sync to Utilize your Azure Stack

  1. The below steps can be done for Content Mover or Data Sync (Content Sync).

2. Navigate to your CAM instance, click Administration >> click Data Sync, and the following screen appears.

3. Navigate to the Content Sync Settings tab, and the following screen appears:

 

Fields

Description

Fields

Description

Choose Cloud Provider

Selects “Azure“ from the list.

Choose Storage

Displays automatically based on cloud provider value.

Choose Storage Type

Selects the Private Encrypted Storage as storage type.

Bucket Name

Enter the Bucket name.

API Endpoint Base Url

Enter the API Endpoint Base Url.

API Secret Key

Enter the API Secret key which is received in your email.

Validate

Click “Validate” to validate the form data. If the form data is correct, then the message “Validated successfully” will be displayed.

4. Click Save to save the configuration.

5. Click Cancel to close the configuration screen.

Storage Bucket Retention Rules and Deletions

Azure Pricing and Cost Calculator

CAM Azure Stack Security

 

SSL for the MySQL Database

To Setup SSL on the MYSQL database, set the following on the appconfig.yml in Content Mover:

  • useSSL = True

  • requireSSL = True

 

Creating a Personal Access Token:

  1. Log into Azure DevOps at the https://dev.azure.com/

  2. In the right-hand corner select User Settings and then Personal access tokens

 

 

  1. Create the PAT for the deployment - This token will be used only for the setup and the Expiration can be set for only 1 day.

a.       Select the New Token option.

b.       Select a Name for the token, and organization where you will deploy, and expiration. For the expiration select one day using the Custom Defined option.

 

c.       In the scope section select:

Agent Pools

Read & manage

Build

Read & execute

Code

Read & write

Connected Server

Connected Server

Deployment Groups

Read & manage

Environment

Read & manage

Project & Team

Read, write & manage

Release

Read, write, execute & manage

Secure Files

Read, create & manage

Service Connections

Read, query & manage

Variable Groups

Read, create & manage

 

Create PAT for push code (Service account)

a.       Select New Token”option.

b.       Select a Name for the token, organization where you will deploy, and expiration. For the expiration, select at least 12 months. This token will have to be rotated when it is close to the expiration date.

 

c.       In the scope section select:

Code

Read & write

 

 

Additional Info

Configure CAM SSO

Related Topics

Syncing Content from M365 to DMS | Configuring Data Sync

 

Let's Connect📌

☎ +1 630.598.1100
☎ ‪+44 20 3880 1550‬
📧 support@litera.com
💻 https://www.litera.com/support/

📝 Support is available:
4 am - 8 pm US Eastern
(9 am - 1 am GMT/BST
7 pm - 11 am AET) on normal business days (excluding holidays)

© 2024 Litera