Versions Compared

Old Version 1

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick) Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (error) Kyvos AWS Marketplace

...

Parameter 

Description 

Subscription* 

Your account subscription. 

Resource Group* 

Enter the name of your resource group. The resource group is a collection of resources that share the same lifecycle, permissions, and policies. 

Region* 

Azure region that's right for you and your customers. Not every resource is available in every region. 

vnetAddress

Enter the CIDR notation for the new VPC that will be created in the deployment.
NOTE: This option is displayed only when the CreateVPC option is selected.
If a new VPC is created and you have enabled WebPortal HA (from the Kyvos Manager), then you must perform the post deployment steps after deploying the cluster.

NetworkSecurityGroupIpWhiteList

Provide the range of IP addresses allowed to access Kyvos Instances. Use 0.0.0.0/0 to allow all users access.

NOTE: This parameter is displayed only when a new network security group is created within the deployment. 

Virtual Network Name* 

Name of Virtual Network in which your VMs will run. 

App Service Plan Name 

Name of the service plan which is being used for the deployment. If left blank it will be created automatically. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

VM Subnet Name* 

Name of Subnet in which your VMs will run. This Subnet should be part of the above Virtual Network. 

Kubernetes Subnet Name

Name of the subnet in which Azure Kubernetes Service (AKS) will be created. The subnet must be part of the specified Virtual Network and be a separate /23 subnet specifically for AKS.

ApplicationGatewaySubnetName *  

Name of the Subnet in which Application Gateway will be created. The Subnet should be part of the above Virtual Network. 

NOTE: This parameter will display only if an existing VPC is used for deployment.

Azure Function Subnet Name* 

Name of the Subnet in which Azure Functions will be running. The Subnet should be part of the above Virtual Network. A separate subnet is required for Azure Functions with a delegation to Microsoft.Web/serverFarms
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Virtual Network Resource Group Name* 

Name of Resource Group in which Virtual Network and Subnet are deployed. 

Security Group Name*

Name of the Security group that can be used to access the VMs.

Security Group Resource Group Name* 

Name of the Resource Group in which the Security Group is deployed. 

Network Resource Group Name* 

Name of the Resource Group in which the Virtual Network, Subnet, and Security Group are deployed. 

Enable Managed Identity Creation 

Select True to create a new managed identity for Kyvos. 
Select False to use an already existing managed identity. 

Managed Identity Name* 

Enter the name of the User-Managed Identity to be attached to all Kyvos VMs. 

Managed Identity Resource Group Name 

Name of the Resource Group in which Managed Identity is deployed. 

Gallery Resource Group Name* 

Name of Resource Group in which Gallery resides.

NOTE: This field is displayed only if you selected the Use Custom Image checkbox when creating the template. 

Gallery Subscription ID 

Subscription ID in which Gallery resides. 
NOTE: This field is displayed only if you selected the Use Custom Image checkbox when creating the template. 

Gallery Name* 

Name of the Shared Image Gallery. 
An Azure image gallery is a repository for managing and sharing custom images. An image source can be an existing Azure VM. 
NOTE: This field is displayed only if you selected the Use Custom Image checkbox when creating the template. 

Gallery Image Definition Name* 

Name of the Image Definition. 
Image definitions are created within a gallery and carry information about the image and requirements for using it internally. This includes whether the image is Windows or Linux, release notes, and minimum and maximum memory requirements. It is a definition of a type of image. 
NOTE: This field is displayed only if you selected the Use Custom Image checkbox when creating the template. 

Gallery Image Version Name* 

Name of the Image Version - should follow <MajorVersion>.<MinorVersion>.<Patch>. 
NOTE: This field is displayed only if you selected the Use Custom Image checkbox when creating the template. 

Databricks Token* 

Enter the value of the token used to connect to Databricks Cluster. 

Databricks Authentication 

Shows the authentication type selected while creating the template from Kyvos Manager.

NOTE: If you selected the Personal Access Token option while creating the template from Kyvos Manager, you must provide the Databricks Token. For AAD, it is not required.

Kyvos Work Directory 

Enter the path for the Kyvos work directory. 

SSH Public Key* 

Provide an RSA public key in the single-line format (starting with "ssh-rsa") or the multi-line PEM format. 
You can generate SSH keys using ssh-keygen on Linux and OS X, or PuTTYGen on Windows. 

Additional Tags 

Enter the additional tags to put on all resources. 
Use the syntax as: {"Key1": "Value1", "Key2" : "Value2"} 

Storage Account Name 

Enter the name of the Storage Account to be used for Kyvos. 

Storage Account Container Name 

Enter the name of the Container in the Storage Account which will be used for Kyvos. 

CustomPrefixVirtualMachines

Enter a custom prefix that you want to append before the name of the virtual machines to be used for Kyvos.

CustomPrefixVPC

Enter the custom prefix you want to append before the name of VPC in case a new VPC is created for use with Kyvos.

CustomPrefixNSG

Enter the custom prefix you want to append before the name of the Network Security Group in case a new group is created for use with Kyvos.

CustomPrefixKeyVault

Enter the custom prefix you want to append before the name of Key Vault in case a new Key Vault is created for use with Kyvos.

CustomPrefixScaleSet

Enter the custom prefix you want to append before the name of Scaleset that will be created for use with Kyvos.

Vault URL 

Provide the URL for your existing Azure Key vault. If the Key Vault is not provided, Kyvos will create a new Key Vault named kyvosvault<XXXXX>. Here, XXXXX is a unique five-digit identity generated as a suffix to the Kyvos vault. 

Vault Resource Group 

Name of Resource group in which the Key Vault is deployed. 

Boot Diagnostics Storage Account Resource ID 

Resource ID of a storage account of type gen1 for enabling Boot Diagnostics of VMs. If left blank Storage Account of type gen1 will be created. 

Log Analytics Workspace Name 

Name of Log Analytics Workspace. Leave blank if you don't wish to enable the Log Analytics agent for VMs. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Log Analytics Resource Group 

NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Firewall Ip White List 

Provide a comma-separated list of the IP rules to be set for the Key Vault and Azure Storage Account. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Azure Function Crontab

Crontab entry to call Azure functions for use with cluster scheduling.

Default value: [utcNow('u')]

Storage Account Resource Group 

Enter the name of the Resource Group in which the Storage Account is deployed. 

Object Id of Service Principal* 

The Object ID assigned to the Service principal. This maps to the ID inside the Active Directory. 

Databricks Vpc Type*

CustomerManagedVnet: Select this option to allow Network ACLs of the storage account to include Databricks and Kyvos V-net as whitelisted in it.

DatabricksManagedVnet: Select this option to disable Network ACLs for the storage accounts. In this case, the Databricks managed VNET will be used. 

NOTE: This option is displayed only if you selected the Deploy with Enhanced Security option at the time of creating the template from the Kyvos Manager.

Databricks Virtual Network Name 

Enter the name of the Databricks Virtual Network to be used. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Databricks Private Subnet Name 

Enter the name of the Private Subnet in which Databricks VMs will be running. The Subnet should be part of the above Virtual Network. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Databricks Public Subnet Name 

Enter the name of the Public Subnet in which Databricks VMs will be running. The Subnet should be part of the above Virtual Network. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Databricks Network Resource Group Name 

Enter the name of the Resource Group in which Databricks Virtual Network and Subnet are deployed. 
NOTE: This field is displayed only if you had selected the Deploy with Enhanced Security checkbox at the time of creating the template. 

Azure Postgres Server Sku Tier 

Azure Database for PostgreSQL pricing tier. 

SSH public key source

Select the required option from the SSH public key source list. 
NOTE: If you select the Use Existing public key option from the list, the SSH Public Key field is displayed. 

SSH Private Key* 

Provide the RSA private key in the single-line format. 

Kyvos Cluster Name 

Provide a name for your Kyvos cluster. 

Kyvos Installation Path 

 

Provide the installation path to be used for deploying the Kyvos cluster. 

Databricks URL* 

Provide the URL in <https://<account>.cloud.databricks.com> format. 

Example: https://centralus.azuredatabricks.net/ 

Databricks Cluster Id* 

Enter the ID of the cluster you created. 

To obtain this ID, click the Cluster Name on the Clusters page in Databricks. The page URL shows <https://<databricks-instance>/#/settings/clusters/<cluster-id>. 

Databricks Cluster Organization ID* 

Enter the Cluster Organization ID of your Azure cluster. To obtain this ID, click the Cluster Name on the Clusters page in Databricks. 
The number after o= in the workspace URL is the organization ID. For example, if the workspace URL is https://westus.azuredatabricks.net/?o=7692xxxxxxxx, then the organization ID is 7692xxxxxxxx. 

Postgres Password* 

Provide the value of the password used for Postgres 

License File Value* 

Enter a valid Kyvos License. 

Secret Key For Kyvos Bundle Download* 

Enter the Secret key to access the Kyvos bundle. 

Enable Public IP 

Select True to enable Public IP for the Kyvos Web portal. 

Dns Label Prefix 

Unique DNS Name for the Public IP used to access the Virtual Machine. 

Type of Public IP

Type of Public IP address for Kyvos Web portal from Dynamic or Static.

Host Name Based Deployment

Select True to use hostnames instead of IP Addresses for instances during cluster deployment. 

Perform Env Validation

Select True to perform environment validation before cluster deployment to ensure all the resources are created correctly.

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

To access the Usage Dashboard, you need to provide permissions after completing the deployment.

If you have deployed the cluster with  Web Portal HA, you can enable TLS for Web Portal using Post Deployment steps listed here.

Flexible Server details for Kyvos and Kyvos Manager Repository
Anchor
FlexibleServer
FlexibleServer

...