Deploying Cloud Access Manager with an Existing Domain with Azure Cloud Shell¶
The following section outlines how to deploy Cloud Access Manager using pre-defined domain information with Azure Cloud Shell.
Assigning a Certificate to the Cloud Access Connector
When you install the Cloud Access Connector you will receive a default certificate that will expire after 1 year. Teradici strongly recommends assigning a certificate to the application gateway within the Microsoft Azure portal. This will prevent a security certificate error from occuring when you HTTPS to Cloud Access Manager. For information on how to do this, see Assigning a Certificate to the Application Gateway.
Cloud Shell Storage Requrement
Azure Cloud Shell requires an Azure file share to persist files, for more information on this, see Cloud Shell Storage.
Mozilla Firefox Issue
If you are using Mozilla Firefox as your browser the multi-line copy-and-paste function does not work with Azure Cloud Shell. The lines in the script appear backwards after you paste them. Ensure that you copy each line individually to paste the script correctly.
- Go to the Azure Portal and select the account you want to access.
- Click the cloud shell icon from the top panel to open a PowerShell instance.
- Ensure that you select PowerShell as your environment by clicking the icon in the cloud shell window
- Run the following script:
cd $HOME Invoke-WebRequest -UseBasicParsing ` https://raw.githubusercontent.com/teradici/deploy/master/Deploy-CAM.ps1 ` -OutFile Deploy-CAM.ps1 .\Deploy-CAM.ps1
- If you are using basic settings and select a subscription, a Resource Group, Storage Account and File Share will be created in the supported region that is closest to you. For more information on these resource groups, see Cloud Shell Resource Groups.
- Enter the resource group of the Cloud Access Manager deployment root. This can be a new resource group or a pre-defined group listed under the ResourceGroupName heading.
- Available Azure regions will be listed. Select a region from one of the listed options and enter it into the Location field.
- Enter Yes if you want to connect to an existing Domain.
- Select the VNet information for the VNet Cloud Access Connector, gateways, and remote workstations you will be using by entering the correct VNet number, as outlined in the image below:
- Enter the Connection Service Subnet number from the displayed list.
- Enter the Application Gateway Subnet number from the displayed list.
- Enter the Remote Workstation Subnet number from the displayed list.
- Enter the fully qualified domain name (FQDN) of the domain you are connecting to. Ensure it finishes in .something (e.g, .com, .local, etc).
- Enter the service account username and password for the FQDN you just entered, as outlined in the image below:
- You will be asked to enter the Distinguished Name of the user group you want to use to log into the Cloud Access Manager management interface. If you do not specify a user group then the Domain Admins group will be used as the default.
- You will be asked if you want to enable Multi-Factor Authentication using your RADIUS Server. For more information on Multi-Factor Authentication and Cloud Access Manager deployment, see Cloud Access Manager Multi-factor Authentication. If you select yes you will be requested to provide your servers Hostname, Listening port and shared secret, as outlined below:
- Enter your Cloud Access registration code that you received from Teradici.
- You will be asked if you want to connect to and use an existing service principal. Cloud Access Manager will generate a service principal for you if you do not want to connect to an existing one.
Azure Cloud Shell
The Azure Cloud Shell will disconnect after 20 minutes of inactivity. This is expected behavior. Once the deployment has begun, Azure will handle processing the deployment and the Azure Cloud Shell is no longer needed.
To check if the deployment has been successful, check that all resources within the resource groups in your deployment have succeeded and have been created without error. You can now connect to the Management Interface and use Cloud Access Manager, see Signing into the Cloud Access Manager Management Interface.