Bodo Managed Cloud Platform on Azure¶
Registration¶
a. Contact Bodo to be onboarded onto Bodo Cloud Platform on Azure. You will be provided with an onboarding link.
b. The provided link will take you to Bodo Platform's registration page.
c. Fill out the fields with your information. If this is your individual account, use a unique name such as firstname_lastname for the Organization Name field.
d. Check the box for accepting terms and conditions and click on
SIGN UP
:
e. A page confirming that an activation link was sent to your email will appear. Please open the email and click on the activation link: Clicking on the confirmation link will take you to the bodo platform page where you can use your newly created credentials to sign in:
Setting Azure Credentials¶
To use Bodo on Azure, you need to link your Azure account to the Bodo platform. This can be done either using the Settings page in the left bar or the first item in the Onboarding list highlighted in green as shown in the picture below:
In order to use the Bodo Platform to launch clusters and notebooks, you must grant it permission to access your Azure account and provision the required resources in it. You can do this by creating a Service Principal for the Bodo Platform application and assigning a role to it.
Create a Service Principal¶
Login to your Azure Portal. Click on the icon next to the search bar to open a Cloud-Shell. Execute the following command to create a service principal:
where APP_ID
is the Application ID for Bodo-Platform which
is displayed on the Settings Page.
Once you have created a service principal, you need to assign a role to
it. You can assign a role to this service principal at either a
subscription level or a resource group level. Subscription level
permissions are only required if you want Bodo to create a new resource
group. If you provide an existing resource group, only permissions at
the resource group level are required. As shown below, go to the IAM
section of your subscription or resource group and add a
Contributor
Role to the service principal you created for
the Bodo Platform Application.
See Also
Once you have created the service principal and assigned a role to it, you are now ready to fill the Settings Form on the Bodo Platform.
-
Enter your Azure subscription ID in the Subscription ID field. You can find this in the Subscription Overview.
-
Enter your Azure Tenant ID in the Tenant ID field. You can find this in Azure AD.
-
If you've given Bodo subscription level permissions and want Bodo to create a new resource group in your Azure subscription, enter the name of the resource group you want it to create in the Resource Group field. A suggested name is pre-filled for you. If you've given Bodo resource group level permissions to an existing resource group, enter the name of this resource group.
-
Select a region from the dropdown list. This is the region that all Bodo resources will be deployed in. If you're providing an existing resource group, this must be the region this resource group is located in.
-
Click on
SAVE
.
Note
We highly recommend that you ensure sufficient limits on your Azure subscription to launch resources. See here for the resources required for Bodo Cloud Platform.
Required Resource Providers on Azure subscription¶
Ensure that the following resource providers are registered on your Azure subscription:
- Microsoft.Authorization
- Microsoft.Compute
- Microsoft.KeyVault
- Microsoft.ManagedIdentity
- Microsoft.Network
- Microsoft.Resources
- Microsoft.Storage
See Also
Resources Created in Your Azure Environment¶
Bodo deploys cluster/notebook resources in your own Azure environment to ensure security of your data. Below is a list of Azure resources that the Bodo Platform creates in your account to enable clusters and notebooks.
Azure Service | Purpose |
---|---|
Virtual Machines | Cluster/notebook workers |
Storage Accounts, File-Shares | Shared file system for clusters |
Virtual Network with Subnets and NAT Gateway, Public IP, NIC, Proximity Placement Groups, Availability Sets, Security Groups, ... | Secure networking for clusters/notebooks |
Blob Containers, | Resource states |
KeyVault | Cluster secrets (e.g. SSH keys) |
VM Identity for Clusters | Allow cluster workers to access resources above |
Note
These resources incur additional Azure infrastructure charges and are not included in the Bodo Platform charges.
Azure Account Cleanup¶
As explained in earlier, the platform creates two types of resources in the users'
Azure environments: organization level resources and cluster specific
resources. Organization level resources are created by the platform to
set up shared resources (such as a VNets, File-Share, etc) that are used
later by all created resources. Cluster specific resources (such as
virtual machines, NICs, etc) are created by the platform to host/manage
a specific cluster. This includes notebooks and corresponding resources
as well. The cluster specific resources are removed when you request a
cluster to be removed. The organization level resources persist in the
user account so they can be used by clusters deployed in the future.
However, if you need to remove these resources for any reason (Azure
resource limits, etc.), an option to do so is provided. Navigate to the
Settings page and click on Show Advanced
in the bottom-right corner.
This will bring up a section called Azure Resource Cleanup.
Select the region from which you would like to remove these resources
(i.e. the region in which the resources you want to delete have been
created), and click CLEANUP AZURE RESOURCES
. Note that this will only
work if you don't have any active clusters in that region deployed
through the platform. Else, the request will be rejected, and you'll be
asked to remove all clusters in that region before trying again.
Removing active clusters (including clusters with a FAILED status) is
necessary because this process will make them inaccessible to the
platform.
The KeyVault deleted as part of this process needs to be purged manually through the Azure Portal if you plan to create resources on the platform again. See how to manually purge Azure KeyVault.
Manually Purge Azure Keyvault¶
Purging key vaults requires subscription level permissions. You can read more about this here and here. To avoid having to assign subscription level roles to Bodo Platform's service principal, we require users to do this step manually.
-
Navigate to Key vaults on your Azure Portal.
-
Click on
Manage deleted vaults
. In the form, select the subscription associated with Bodo KeyVault to see a list of deleted key vaults. -
Select the key vault with
bodo
in its name, click onPurge
and confirm by clickingDelete
. -
As shown in the notification, the purge process can take up to 10 minutes to complete. The purged key vault may continue to show up on the list of deleted key vaults until it has been successfully purged.
-
Once the key vault has been successfully purged, the list of deleted keyvaults should not feature it. At this point you can use the Bodo Platform again to provision clusters, etc.