Installing kdb Insights Enterprise on Azure
This page describes the process of using the installation wizard to install kdb Insights Enterprise through the Azure Marketplace.
Before starting, ensure you meet all the Azure prerequisites.
Getting started
Follow the below steps to begin the installation process through Azure Marketplace:
-
Sign in to your Azure account.
-
Search for Managed kdb Insights Enterprise Deployment in Azure Marketplace and select Get it now.
Alternatively, follow this direct link to Azure Marketplace.
If prompted, click Continue to progress with the installation.
-
Review the Offer Details.
- Overview: product summary.
- Plans + Pricing: details each Plan type, description, and its Pricing structure.
- Usage Information + Support: useful links to get started, License Agreements, Privacy Policy, and links to our Support site, where you can raise support tickets.
-
Select the Plan from the dropdown and click Create.
The Basics section is displayed.
KX License Agreement
By clicking through the Marketplace and deploying the Software, you have Accepted the Terms & Conditions in the KX License Agreement.
1. Basics
-
Select the Subscription in which to install the infrastructure and application.
-
Create a new resource group, or select an existing empty resource group from the dropdown.
Existing resource group must be empty
Do not select an existing resource group which is not empty.
If you plan to deploy multiple instances of kdb Insights Enterprise, then each deployment from the Azure Marketplace must have a unique resource group name.
-
Under the "Instances details" header, select the Region you wish to deploy kdb Insights Enterprise into. Remember to select an Azure region that has availability zones.
If the selected Region in the Subscription does not have valid VM types for the deployment, the installation wizard displays a warning and you must select a different Region or Subscription.
-
Enter a name in the "Application name" text entry box.
-
Click Next.
The 'Client information' section is displayed.
2. Client information
Enter the information required. This enables KX to issue you with a license.
Click Next to open the Credentials section.
3. Credentials
- Add a valid email address. Azure uses this address to register your license and your certificate.
- Create a username and password to log in to the kdb Insights Enterprise User Interface.
-
Create a password to log in to Keycloak. The default username is 'user'.
Passwords must fulfill the minimum requirements.
Password
Ensure your passwords are stored safely. Some special characters are forbidden.
-
Click Next to open the Node pools section.
4. Node pools
The default values for AKS System and User Node pools are the minimum needed for a base deployment and general workload purposes.
-
The System Node Pool hosts the Azure tools and services with the kdb Insights Enterprise core system services. If you select a different System Node Pool, you must select the same minimum size as the default.
-
The User Node Pool hosts the kdb Insights Enterprise assembly resources and should be sized according to your use case, workloads and performance needs.
You should only adjust the User Node Pool to a larger size if you have specific workload requirements. If you need to change the node pool VM size, refer to the User node pool sizing guidance section.
KX doesn't support node pools that are sized smaller than the default settings. Both the AKS System node pool VM size and the User System node pool VM size dropdowns only include valid VM types in the chosen Subscription and Region.
If the default VM size options for the AKS System or AKS User node pools are not valid in this Subscription and Region, kdb Insights Enterprise displays warnings. You must choose VM types for the dropdowns if you want your deployment to succeed.
If desired, enable Use Premium Storage for ReadWriteOnce volumes to use Azure Premium LRS to create the managed disks. Default storage is backed by Standard SSDs and delivers cost-effective Locally Redundant Storage (LRS) while still delivering reliable performance. You should use the default settings unless you have specific performance requirements.
If desired, enable Deploy Rook Ceph. When this is enabled, Rook CephFS is automatically selected in the ReadWriteMany volumes dropdown below to ensure optimal performance results. If not enabled, Azure Storage Class defaults to Azure Files NFS for your shared file system. If you choose to deploy Rook Ceph and have high performance requirements, leave the ReadWriteMany volumes dropdown set to Rook CephFS.
This type of storage provides higher throughput and lower latency for optimal performance, but it is not persisted. Your data is stored across three nodes for resiliency however if two nodes go offline, data stored on the SSDs is lost.
If you use Rook Ceph, you can't bring down your nodes to save costs without losing data.
Azure Storage protects your data by automatically encrypting it before persisting it to the cloud. If this is important to you, use the default Azure Files NFS shared storage option instead of Rook Ceph.
For more information, refer to Microsoft's Azure Storage service-side encryption documentation.
-
Click Next to open the Encryption section.
5. Encryption
-
In-Transit Data Encryption is enabled by default. When enabled, kdb Insights Enterprise encrypts your data while it moves through the system. You can disable this setting during deployment if desired.
-
You have the option to choose the password used to access the encryption key used for Data at Rest Encryption (DARE).
6. Networking
-
You can optionally configure the AKS cluster to use an HTTP and HTTPS proxy for outbound internet access.
This feature enables you to secure required external network traffic in proxy-dependent environments. When this feature is enabled, both AKS nodes and pods are configured to use the HTTP proxy.
The following scenarios are not supported:
- Different proxy configurations per node pool
- User/Password authentication
- Custom certificate authorities (CAs)
- Configuring existing AKS clusters with an HTTP proxy is not supported; you must enable the HTTP proxy feature when you create a cluster
To disable injection of the proxy environment variables, annotate the Pod with
"kubernetes.azure.com/no-http-proxy-vars":"true"
.Refer to HTTP proxy support in Azure Kubernetes Service (AKS) for further guidance.
-
You can set the Networking Model setting to either Traditional or Overlay.
The traditional Azure Container Networking Interface (CNI) assigns a fixed Azure Virtual Network (VNet) IP address to every pod. It assigns this IP address either from a limited set of reserved IPs on every node or from a separate subnet reserved for pods.
This approach requires planning your IP address assignment and could lead to address exhaustion, which introduces difficulties with scaling your clusters as your application demands grow.
With this approach, Azure CNI Overlay creates a new layer where you can programmatically direct traffic through new virtual network routes or paths instead of requiring fixed links.
Kubernetes cluster nodes are deployed into a VNet and assigned IPs from subnets. Pods use IP addresses from a private CIDR provided at the time of cluster creation and logically different from the VNet hosting the nodes.
This solution saves a significant number of VNet IP addresses and enables you to scale your cluster to larger sizes.
For more information, refer to Microsoft's Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS) documentation.
-
Select the way you would like to access kdb Insights Enterprise UI and API endpoints.
Network traffic between the clients and kdb Insights Enterprise is routed on the Microsoft backbone network, which separates this traffic from the public internet. Follow the instructions on the Azure Security page to enable users to connect to the UI or the REST endpoints.
Enables encrypted client access over the public internet. If you select this option, you can immediately login to the kdb Insights Enterprise UI when the deployment has successfully completed.
-
Select the method to set up the Virtual Network for kdb Insights Enterprise. There are two methods available:
-
The deployment creates a brand new Virtual Network and attaches it to your AKS cluster. This is the default setting.
-
Manually set up a Virtual Network to be used by your AKS Cluster. You can use this to repurpose an existing Virtual Network in another resource group. You can use a manual Virtual Network to configure VNet peering if required. Then, you can select this pre-existing Virtual Network located in another resource group.
You can only have one kdb Insights deployment per Virtual Network.
If you select a pre-existing Virtual Network, you must ensure the following conditions are met first:
- The Virtual Network is created before starting the deployment and must be in the same Azure region as the deployment.
- The required Subnets (2 for Public IP or 3 for Private IP) are created before starting the deployment.
- The required Managed Identity is created before starting the deployment.
- It has either the Owner, Contributor, or Network Contributor applied on the Virtual Network before starting the deployment.
For more details, refer to: Azure Virtual Network concepts and best practices.
By selecting Edit Virtual Network, you can define the address space with one or more IPv4 or IPv6 address ranges with subnets. For more information, refer to Security.
-
-
Click Next to open the Identity section.
7. Identity
This section only applies if you selected an existing Virtual Network in the previous step.
If you created a new Virtual Network, go to the Advanced section of this documentation, click Next in the Azure Marketplace installation window to open the Advanced section. Otherwise, follow the below instructions to select an existing Managed Identity to access your existing Virtual Network.
When you use an existing Virtual Network present in a resource group, you must select a Managed Identity to access the existing Virtual Network. To deploy successfully, the Managed Identity must have at least the Writing permission at the Subnet level (Microsoft.Network/virtualNetworks/subnets/write) on the selected existing Virtual Network.
-
Click Add to select an Identity that satisfies the role requirements.
When you select an Identity, the tool indicates if that Identity satisfies the minimum role requirements to successfully access the existing Virtual Network.
If the Identity does not have the correct permissions to access the existing Virtual Network, an error message is displayed. Adjust the chosen Identity permissions and try again.
When the Identity satisfies the minimum requirements, a success message is displayed and you can continue to the next section.
-
Click Next to open the Advanced section.
8. Advanced
-
Entitlements is currently a beta feature and is turned off by default. You can enable it as part of your deployment if required.
-
You can optionally enable the Enable Microsoft Defender for Containers setting if desired. This is a solution to improve the security of your AKS cluster. Refer to Microsoft's Container protection in Defender for Cloud documentation for more information.
-
There are three fields where you can choose to change the log retention policy, depending on your company policy, or cost considerations. You can change these fields post-deployment so you can leave the defaults, and modify later if needed.
Optional email notifications
E-mail notifications are optional. To enable them, select
Turn on client alert notifications
and add an email address.KX have pre-packaged some useful Alert logic which trigger email notifications to the Insights Managed Service (IMS) operational team to assist with monitoring the health of the application.
Populate this field if you want to add your own email distribution list in addition to the KX IMS Support team. For more information, refer to kdb Insights Enterprise alerts and notifications.
-
Click Next.
9. Review + submit
At this stage you should have a Validation Passed message which brings you to the final page, Review + submit.
You must agree to the Terms and Conditions to proceed. This is required to provide the Managed Services.
Warning
Do not select 'Download a template for automation'. There is no Back button available if you select this option and you will need to start the workflow again. Although you can download a template after deploying, KX only supports the Marketplace deployment method on Azure in this scenario.
Click Create to deploy.
If you encounter any errors during deployment, refer to Troubleshooting. Don't click the Redeploy button.
After you click Create, Azure redirects you to the Deployment Details Overview page.
You can find the output of the deployment in the Outputs tab on this page.
To provide users access to the application, follow the instructions in Create kdb Insights Enterprise users.