Deploying on Azure with multiple directories

762
3
07-03-2019 01:40 AM
by Anonymous User
Not applicable

Hiya. Our organisation is moving to the cloud (azure to be precise), and the task has fallen to me to deploy ArcGIS. And while I've done so in the past on Azure, I've not done it recently. My goal is to leverage an as cloud native deployment as possible, for roughly 3000 users, while retaining a certain degree of control for our dev team. To use that, I'd like to start building a POC. To that end, our IT partner has provided me with an azure subscription in our second directory, named Stedin POC:

I've got "contributor" right to this group, and I'm able to deploy resources/resource groups/etc...

The OTHER directory also has a subscription, but it is of the 'free' kind without any rights whatsoever... Now I'd like to use cloudbuilder to deploy, however, there's no option whatsoever to swap to the POC directory...

I've had a look through the cloud builders' directory, to see if I could tune the CloudBuilder-10-7-1.exe.config file to allow a dir-shift, but no such luck...

Is there a way, or a hidden command switch I can use to swap directories? Currently the tool goes straight after signin (I even tried forcing it to avoid single-signon using a system account, which indeed allowed me to enter credentials yet not select the azure directory) to the "new deployment" page:

and while I created a resource group previously in the poc-subscription, and pre-added the images to my subscription to allow programmatic deployment:

It's just not showing up in the builder, nor does it give me rights to create one FROM builder, illustrating it's in the wrong subscription and as such, the wrong directory:

0 Kudos
3 Replies
JamesJacoby
New Contributor

Very similar to the problem I've been having. I basically cannot use cloud builder for Azure deployments at the moment because of it. Were you ever able to find a solution?

0 Kudos
by Anonymous User
Not applicable

Hey James,

Sadly I never was. We raised a support incident with our reseller (esri Netherlands) and although they were really helpful and even filmed the whole scenario, all they got back from esri Inc. was an "unable to reproduce".

We managed to work around it by forcing the builder to NOT be able to find subscriptions (by just emptying the primary directory...), so we could enter the tenant + subscription manually, but frankly: that feels horrible, which together with not being believed, gives a bit of a sour taste to cloudbuilder.

It actually got worse gradually, as we got further:

* Our staging/production environment, by our CSO's directive, needs to be deployed form a sub-account with higher rights. Cloudbuilder insists on using SSO to sign in. Naturally this is tough to combine... having a button "manual signin" instead of being over-friendly with SSO would be great. My work-around: go taksmanager; find the actual .exe for builder (as it's a clickonce application that's kind of obfuscated...), and execute "run as"... to get to the sub-account... Yay... I wish esri/microsoft had consulted with our CSO before building it this way

* Using keyvaults is broken. Once you do, in the final step, you're unable to export artefacts (message: illegal character). Similar tools using the same keyvault work. With keyvault on a deploy won't work either...

* If using a pre-peered network (after all, ArcGIS will have to fit in with the rest of the application landscape and ETL tools...), the tool outright refuses on occasion to deploy certificates to the webserver...

* A delete-environment whilst retaining a public IP (which our CSP provides) keeps all the tags on said IP. Cool, except it prevents you from being able to re-run the tool until those tags are removed. Those tags are where cloudbuilder stores its information about it being an ArcGIS deployment

What could be improved:

* When using Azure storage (blobs & tables, please start cosmosdb as well!), there's still dependance on the fileserver. I'd kill for that to go to fileshare, to potentially negate the fileserver altogether

* The device selection sometimes allows for VM & Storage sizes that are mismatched to be selected. Validate is only WAY WAY WAY in the actual deployment, causing a hard-crash. Even the web-portal on azure pre-validates before deploying now...

Honestly, I'm really a bit saddened on this tool. There's a huge reluctance to adopt a more cloud-native strategy and on paper the Azure Builder qualifies. It supports pre-made networks, keyvaults, etc, etc... but it's execution is lacking. What's worse: the way it is now, it's barely useable. Though in part due to our CSO office, off-course, it's largely in part as well due to wanting to be TOO user friendly. Don't be afraid to expose some advanced parameters (or heck... outright allowing us to create the post-config artefact out of the bat rather than dancing around in a GUI for ages).

What also struck me as saddening was how esri went and treated us. Both our sales rep and us said we'd be more than happy to have some sort of teams/remote session with esri inc to further clarify/demonstrate the problems. We even offered to help with the solution. Yet all we got was a "can't replicate, no problem" issue. That's a huge vote of "no trust" to not just ourselves, but also to their local colleagues.

As it stands now, I'd sadly accept the fact that you might end up having to build your own stuff/environments. You'll miss out on some really cool features like the ability to seperate content (which goes in azure storage) and functionality (which is the VM's for now), allowing for some really cool scaling/CI-CD scenario's...

JamesJacoby
New Contributor

Thanks so much for the detailed description, Guus. I had been coming to the conclusion that cloud builder was not going to be sufficient for my situation and this is pretty much the last nail in the coffin. I guess I will have to spend some time understanding the ArcGIS powershell module and scripting the deployment out manually.

(In case others come across this thread, the presentation from the 2019 user conferences is a decent place to start and lists the documents and repos for chef and cloudbuilder deployments: https://www.esri.com/content/dam/esrisites/en-us/about/events/media/UC-2019/technical-workshops/tw-6... )