Configuring Mode¶
To enable the Automated Mode, click the menu Configuration > Automated mode.
Note
When accessing the Solution Manager from Agora the menu automated mode is renamed to Execution Plane Info. This menu will only have information about the IAM Role used for the execution plane, since Agora automatically configures the automated mode.
General¶
AWS¶
In General AWS tab, you can configure:
AWS Credentials Access Keys: enter the access key ID and the secret access key of the AWS account of your organization.
You can check the page Access Keys of the AWS documentation for further details. The Solution Manager stores these encrypted.
We suggest reading What is IAM? and Security best practices in IAM of the documentation of AWS to understand how identity management works in AWS.
Additionally, when the Solution Manager is running in an EC2 instance, and this instance has an IAM role assigned, you can use the role for authentication, avoiding the need to provide specific AWS credentials.
IAM Role & Logging & Updates (optional):
IAM role: the instance profile that will be assigned to the instances launched. Please check Instance Profiles for further details.
S3 base location URL: The URL where the Solution Manager will store logs or updates downloaded from the Denodo updates repository. For instance s3://my-bucket/denodo/. When input, an IAM role must be defined.
Note
See an example of minimum permissions for S3 access
.
Azure¶
In General Azure tab, you can configure:
Azure Credentials: the values that identifies the Azure Credentials of your organization. Please check Understanding Azure Active Directory application and service principal to access resources for further details.
Additionally, when the Solution Manager is running in an Azure Virtual Machine, and this has enabled the System assigned managed identity, you can use it for authentication, avoiding the need to provide specific Azure credentials.
Logging & Updates (optional): to enable Blob storage centralized logging, enter this:
Blob storage base location URL: URL of the blob storage with container and prefix where the logs will be saved. For instance https://my-storage-account.blob.core.windows.net/my-container/denodo-logs/.
Storage account connection string: The connection string that can be used to authorize access to data in your storage account via Shared Key authorization.
Please check Introduction to Azure Blob storage for further details.
Role Assignment (optional):
Role: the Azure custom role that will be assigned to the virtual machines launched. It must previously exist in the Azure portal, where it is configured with the desired permissions and assignable scopes. Please check Azure custom roles for further details.
Scope: an Azure custom role has assignable scopes, here you can configure the scope to use when assigning the role to the virtual machines. It is possible to configure a subscription or resource group scope. Please check the Azure documentation for further details.
Note
The next permissions are required to manage role assignments: Microsoft.Authorization/roleAssignments/write
and Microsoft.Authorization/roleAssignments/delete
Denodo Support¶
In General Denodo Support tab, you can configure the Denodo Support Access Keys (optional): enter the access key ID and secret access key provided by Denodo Support. The Solution Manager will use these credentials to:
Download the updates from the Denodo Support site.
Obtain the identifier of the Amazon Machine Images (AMI) generated by Denodo. These AMIs include the Denodo Platform pre-installed and are configured to be managed with the Solution Manager.
Obtain the identifier of the Azure Virtual Machines generated by Denodo. These Virtual Machines include the Denodo Platform pre-installed and are configured to be managed with the Solution Manager.
To get the credentials of the Denodo Support account of your organization, follow the instructions in the Denodo Support Site Quick Start Guide
Server Access¶
Normally, you can leave the boxes in Server access empty. If you installed the Solution Manager or the License Manager on a computer that the AWS EC2 instances or the Azure Virtual Machines will not be able to resolve using its hostname or use different ports, expand Server access and fill in the boxes:
This may occur if the Solution Manager or the License Manager are installed on a computer on your premises, and there is no direct access to this computer from outside, only through a VPN. Or they are accessed through a load balancer.
Note
The hostname or IP indicated should be reachable from the AWS server instances and/or Azure Virtual Machines.
You can specify the hostname, ports and protocol to be used from the AWS server instances and/or Azure Virtual Machines to connect to the Solution manager or License Manager. Leaving any field empty means using the default values.
If the values need to be different for AWS and Azure, it exists the possibility to specify concrete values for each platform:
Default Region & Images¶
AWS¶
In Default region & Images AWS tab, configure:
Default region: the region that will be used by default when you create a new AWS cloud environment.
The default AMIs for each type of product (Virtual DataPort, Scheduler and Data Catalog).
Custom: the AMI id that you provide will be the default value for each type of server when you create a new cluster in automated mode. To create a custom AMI follow the instructions of the appendix Creating A Custom AWS AMI for the Denodo Platform.
Provided: You can select an AMI provided by Denodo if you have Denodo Support Access Keys configured with correct values.
Azure¶
In Default region & Images Azure tab, configure:
Default region: the region that will be used by default when you create a new Azure cloud environment.
Resource group: the resource group that will be used by default when you create a new Azure cloud environment.
The default Images for each type of product (Virtual DataPort, Scheduler and Data Catalog).
Custom: The image name that you provide will be the default value for each type of server when you create a new cluster in automated mode. To create a custom image follow the instructions of the appendix Creating A Custom Azure Image for the Denodo Platform.
Provided: You can select an Image provided by Denodo if you have Denodo Support Access Keys configured with correct values.