Skip to content

Installing kdb Insights Enterprise on Azure

This page describes the process of using the installation wizard to install kdb Insights Enterprise through the Azure Marketplace.

Before starting, ensure you meet all the Azure prerequisites.

Getting started

Follow these steps to begin the installation process through Azure Marketplace:

  1. Sign in to your Azure account.

  2. Search for Managed kdb Insights Enterprise Deployment in Azure Marketplace and select Get it now.

    Alternatively, follow this direct link to Azure Marketplace.

    If prompted, click Continue to progress with the installation.

  3. Review the Offer Details.

    1. Overview: This tab provides a summary of Managed kdb Insights Enterprise.
    2. Plans + Pricing: This tab details each Plan type, with a description, and its Pricing structure.
    3. Usage Information + Support: This tab provides useful links to get started, License Agreements, Privacy Policy, and links to our Support site, where you can raise support tickets.

  4. Select the Plan from the dropdown and click Create.

The Basics tab, the first tab of the installation wizard, is displayed, and described in the following section. Subsequent tabs are described in the sections below. Go through each sequentially.

KX License Agreement

By clicking through the Marketplace and deploying the Software, you have Accepted the Terms & Conditions in the KX License Agreement.

1. Basics

In the Basics tab provide the following information.

  1. Under Project details set the following:

    Setting Description
    Subscription Select the subscription in which to install the infrastructure and application.
    Resource group Create a new resource group , or select an existing empty resource group from the dropdown.

    If you plan to deploy multiple instances of kdb Insights Enterprise, then each deployment from the Azure Marketplace must have a unique resource group name.

    Existing resource group must be empty

    Do not select an existing resource group which is not empty.

  2. Under Instances details set the following:

    Setting Description
    Region Select the region you wish to deploy kdb Insights Enterprise into. Remember to select an Azure region that has availability zones.

    If the selected Region in the Subscription does not have valid VM types for the deployment, the installation wizard displays a warning and you must select a different Region or Subscription.

  3. Under Managed Application Details set the following:

    Setting Description
    Application Name Enter a name in the text entry box.
    Managed Resource Group Enter the name of the managed resource group that contains the resources that are deployed for the managed application. Refer to Microsoft documentation for further details.

  4. Click Next to open the Client information section.

2. Client information

  1. Enter the client information, including name, company, phone number and email. This information is required for KX to issue you with a license.

  2. Click Next to open the Credentials section.

3. Credentials

  1. Configure the following Credentials settings:

    Setting Description
    License e-mail address Add a valid email address. Azure uses this address to register your license and your certificate.
    kdb Insights Enterprise username Create a username to log in to the kdb Insights Enterprise Web Interface.
    kdb Insights Enterprise password Create a password to log in to the kdb Insights Enterprise Web Interface. Then enter this again in the Confirm password field.
    Keycloak admin password Create a password to log in to Keycloak. The default username is 'user' and enter it again in the Confirm Keycloak admin password field.

    Password

    Ensure your passwords are stored safely. Some special characters are forbidden. Passwords must meet the minimum requirements.

  2. Click Next to open the Node pools section.

4. Node pools

In the Node pools tab configure information about the node pools. When kdb Insights Enterprise is being deployed two node pools are configured:

  • The System Node Pool that hosts the Azure tools and services with the kdb Insights Enterprise core system services.

  • The User Node Pool that hosts the kdb Insights Enterprise package resources and must be sized according to your use case, workloads, and performance needs.

Node pool sizes

KX doesn't support node pools that are sized smaller than the default settings. These default settings are the minimum required for a base deployment and general workload purposes.

If you have specific workload requirements and you change the node pool settings you must ensure the size is at least that of the default setting.

When changing the User node pool settings refer to the User node pool sizing guidance section.

  1. Configure the following Node pool settings:

    Setting Description Default
    AKS System node pool VM CPU family selector Select from the valid VM types in the chosen Subscription and Region, selecting a CPU family that is best suited for your typical workloads. Minimum
    AKS System node pool VM size Select the size according to your use case, workloads, and performance needs Minimum
    AKS User node pool VM CPU family selector Select from the valid VM types in the chosen Subscription and Region, selecting a CPU family that is best suited for your typical workloads. Minimum
    AKS User node pool VM size Select the size according to your use case, workloads, and performance needs Minimum
    Use Premium Store for ReadWriteOnce volumes When unchecked storage is backed by Standard SSD in a zone-redundant configuration called ZRS

    When checked Premium SSD in a zone-redundant configuration called ZRS is used.

    The default settings is recommended, unless you have specific performance requirements, as this provides more performance, in exchange for higher costs.    		 Unchecked
    Deploy Rook Ceph When checked a Rook-Ceph storage system is deployed and configured. Checked
    Managed Disk type Select a disk type to be used, referring to the Disk type comparison for guidance as there is always a trade-off between performance, cost, and availability.

    Only visible when Deploy Rook Ceph is checked.
    Managed disk size Select a disk size, referring to the sizing guides below:
    - Standard SSD
    - Premium SSD
    - Premium SSD v2: Any supported size you prefer.
    - Ultra Disks: Increments of 1 TiB above 2,048 GiB.

    Only visible when Deploy Rook Ceph is checked.
    Enable on-demand bursting For Premium SSDs (both LRS and ZRS) larger than 512 GiB you have the option to enable On-demand bursting. This increases the throughput of the disks temporarily in exchange for higher cost. See the Billing for details.

    Only visible when Deploy Rook Ceph is checked.
    Storage Class for ReadWriteMany volumes Select the Storage Class for kdb Insights Enterprise.

    If you choose to deploy Rook Ceph and have high performance requirements, we recommend you leave this set to Rook CephFS.    		 This defaults to Rook CephFS if Rook Ceph is deployed.
    Otherwise it defaults to Azure Files NFS.

    Invalid node pool VM size options

    If the default VM size options for the node pools are not valid in this Subscription and Region, kdb Insights Enterprise displays warnings. You must choose valid VM types for the dropdowns if you want your deployment to succeed.

  2. Click Next to open the K8s Version section.

5. K8s Version

An AKS cluster has regular maintenance performed on it automatically, however this has an impact on cluster availability. The Planned Upgrade feature allows you to run maintenance in a cadence of your choice, minimizing any workload impact. Read more in the Microsoft documentation.

  1. Configure the following K8S Version settings:

    Setting Description
    Automatic upgrade of K8s version Specify if and how the cluster is upgraded in the event of a new Kubernetes version release on Azure portal.

    Read about each upgrade type in the Microsoft documentation.

    This option is not visible if you enabled Rook-Ceph in the previous step.
    Node security channel type Specify the timing of node OS upgrades.

    This setting controls how disruptive the updates are. Learn more in the Microsoft documentation.

    In the case of critical workloads we recommend leaving Automatic upgrade of K8s version disabled and upgrading manually at a convenient time.

    For non-critical workloads you can specify one of the upgrade types from the dropdown.

  2. Click Next to open the Encryption section.

6. Encryption

  1. Configure the following Encryption settings:

    Setting Description
    Enabled In-Transit Data Encryption is enabled by default. When enabled, kdb Insights Enterprise encrypts your data while it moves through the system. You can disable this setting during deployment if desired.
    Optional password/confirm password You have the option to specify the password used to access the encryption key used for Data at Rest Encryption (DARE).

  2. Click Next to open the Networking section.

7. Networking

  1. Configure the following Networking settings:

    Setting Description
    Proxy configuration (optional) You can optionally configure the AKS cluster to use an HTTP and HTTPS proxy for outbound internet access.

    This feature enables you to secure required external network traffic in proxy-dependent environments. When this feature is enabled, both AKS nodes and pods are configured to use the HTTP proxy.

    The following scenarios are not supported:

    - Different proxy configurations per node pool
    - User/Password authentication
    - Custom certificate authorities (CAs)
    - Configuring existing AKS clusters with an HTTP proxy is not supported; you must enable the HTTP proxy feature when you create a cluster.

    To disable injection of the proxy environment variables, annotate the Pod with "kubernetes.azure.com/no-http-proxy-vars":"true".

    Refer to HTTP proxy support in Azure Kubernetes Service (AKS) for further guidance.
    Network model to use You can set the Networking Model setting to either Traditional or Overlay.

    Traditional

    The traditional Azure Container Networking Interface (CNI) assigns a fixed Azure Virtual Network (VNet) IP address to every pod. It assigns this IP address either from a limited set of reserved IPs on every node or from a separate subnet reserved for pods.

    This approach requires planning your IP address assignment and could lead to address exhaustion, which introduces difficulties with scaling your clusters as your application demands grow.

    Overlay

    With this approach, Azure CNI Overlay creates a new layer where you can programmatically direct traffic through new virtual network routes or paths instead of requiring fixed links.

    Kubernetes cluster nodes are deployed into a VNet and assigned IPs from subnets. Pods use IP addresses from a private CIDR provided at the time of cluster creation and logically different from the VNet hosting the nodes.

    This solution saves a significant number of VNet IP addresses and enables you to scale your cluster to larger sizes.

    For more information, refer to Microsoft's Configure Azure CNI Overlay networking in Azure Kubernetes Service (AKS) documentation.
    Network accessibility Select the way you would like to access kdb Insights Enterprise Web Interface and API endpoints.

    Private IP address

    Network traffic between the clients and kdb Insights Enterprise is routed on the Microsoft backbone network, which separates this traffic from the public internet. Follow the instructions on the Azure Security page to enable users to connect to the web interface or the REST endpoints.

    Public IP address

    Enables encrypted client access over the public internet. If you select this option, you can immediately login to the kdb Insights Enterprise Web Interface when the deployment has successfully completed.
    The following fields appear after you select a Network accessibility option
    Virtual Network You have a choice of 2 options here:

    1. Use the automatically generated Virtual Network.

    The first item listed is an automatically created Virtual Network attached to your AKS cluster. This is the default setting.

    If you select this the values for the following subnet fields are also pre-defined and you have no further configuration to do here.

    2. Use a pre-existing Virtual Network

    Alternatively you can select a Virtual Network from the list of preconfigured VNs listed. This is a list of VNs that have been manually setup to be used by your AKS Cluster.

    You can only see existing virtual networks from the Region you selected on the basics tab.

    You can use a manual Virtual Network to configure VNet peering if required. Then, you can select this pre-existing Virtual Network located in another resource group.

    You can only have one kdb Insights deployment per Virtual Network.

    Refer to Microsoft documentation for further details on Azure Virtual Networks.
    Subnet for cluster nodes Refer to Subnets documentation for details. Note that Subnet for cluster nodes is referred to as akssubnet on this page.
    Subnet for private endpoints Refer to Subnets documentation for details. Note that Subnet for private endpoints is referred to as epSubnet on this page.
    Subnet for internal load balancer This option is not displayed if Public IP address is selected. Refer to Subnets documentation for details. Note that Subnet for cluster nodes is referred to as lbSubnet on this page.

    Using a pre-existing Virtual Network

    If you select a pre-existing Virtual Network, you must ensure the following conditions are met first:

    The Virtual Network is created before starting the deployment and must be in the same Azure region as the deployment.
    The required Subnets (2 for Public IP or 3 for Private IP) are created before starting the deployment.
    The required Managed Identity is created before starting the deployment.
    It has either the Owner, Contributor, or Network Contributor applied on the Virtual Network before starting the deployment.

    Learn more about Azure Virtual Networks

    Refer to Azure Virtual Network concepts and best practices for further information on Azure virtual networks.

  2. By selecting Edit Virtual Network, you can define the address space with one or more IPv4 or IPv6 address ranges with subnets. For more information, refer to Security.

  3. Click Next to open the Identity section.

8. Identity

This section only applies if you selected an existing Virtual Network in the previous step.

If you created a new Virtual Network, the default option, go to the Advanced section of this documentation by clicking Next to open the Advanced section.

If you select an existing Virtual Network you need to select a Managed Identity to access the existing Virtual Network. To deploy successfully, the Managed Identity must have at least the Writing permission at the Subnet level (Microsoft.Network/virtualNetworks/subnets/write) on the selected existing Virtual Network.

Follow these instructions to setup a User assigned managed identify.

  • Initially the table is empty as there are no managed identifies assigned to this resource.

  • Click Add to select an Identity that satisfies the role requirements.

    When you select an Identity, the wizard indicates if that Identity satisfies the minimum role requirements to successfully access the existing Virtual Network.

    If the Identity does not have the correct permissions to access the existing Virtual Network, an error message is displayed. Adjust the chosen Identity permissions and try again.

    When the Identity satisfies the minimum requirements, a success message is displayed and you can continue to the next section.

  • Click Next to open the Advanced section.

9. Advanced

  1. Configure the following Advanced settings:

    Setting Description
    Enable Data entitlements (Beta) Entitlements is currently a beta feature and is turned off by default. You can enable it as part of your deployment if required.
    Enable Log Analytics for Monitoring You can enable log analytics for Monitoring of your Kubernetes environment.
    Enable Microsoft Defender for Containers This field is displayed when Enable Log Analytics for Monitoring is checked. This gives you the option to enable Microsoft Defender for Containers to enhance the security of your AKS cluster. For details, see Microsoft's Container protection in Defender for Cloud documentation for more information.
    AKS Container insights retention This field is displayed when Enable Log Analytics for Monitoring is checked. Use this field to change the number of days AKS container insights are retained. The setting here depends on your company policy, or cost considerations. This can be changed post-deployment so you can accept the default, and modify later if needed.
    Kubernetes audit log retention Use this field to change the number of days Kubernetes audit logs are retained. The setting here depends on your company policy, or cost considerations. This can be changed post-deployment so you can accept the default, and modify later if needed.
    Kubernetes metrics retention Use this field to change the number of days Kubernetes metrics are retained. The setting here depends on your company policy, or cost considerations. This can be changed post-deployment so you can accept the default, and modify later if needed.
    Turn on client alert notifications E-mail notifications are optional. To enable them, tick this checkbox and add an email address.

    KX have pre-packaged some useful Alert logic which trigger email notifications to the Insights Managed Service (IMS) operational team to assist with monitoring the health of the application.

    Populate this field if you want to add your own email distribution list in addition to the KX IMS Support team. For more information, refer to kdb Insights Enterprise alerts and notifications.
    KX License Upload your K4 license file here if you have one.

  2. Click Next to proceed to Review + Submit.

10. Review + submit

At this stage you have a Validation Passed message which brings you to the final page, Review + submit.

  1. Accept the Terms and Conditions to enable Managed Services.

    Do not select Download a template for automation

    Do not select "Download a template for automation" as there is no Back button, and you'll have to restart the workflow. While you can download a template post-deployment, KX only supports deployment via the Azure Marketplace for this scenario.

  2. Click Create to deploy.

  3. If you encounter any errors during deployment, refer to Troubleshooting. Don't click the Redeploy button.

  4. After you click Create, Azure redirects you to the Deployment Details Overview page.

  5. You can find the output of the deployment in the Outputs tab on this page.

Next Steps

To provide users access to the application, follow the instructions in Create kdb Insights Enterprise users.