Agora Quick Start Guide

Last modified on: 23 Oct 2025

Download original document


You can translate the document:

The goal of this guide is to serve as a quick start to the main functionalities in Agora, the Denodo Cloud Service, like creating a new account and instantiating a new subscription. For general documentation and tutorials on how to use Denodo, please refer to the Denodo Community site

Before you start: the architecture of Agora

Agora operates using two different planes: a Control Plane and an Execution Plane. The following diagram represents the architecture and data flows:

  • The Control Plane: managed by Denodo in its cloud accounts. It includes all the capabilities related with account and subscription management. Additionally, the Control Plane also includes a modified version of the Denodo Solution Manager adapted to the needs of Agora (which allows you to manage the environments and clusters of your Execution Plane), and hosts the web-based clients (Design Studio, Scheduler Administration Tool and the Monitoring and Diagnostics tool). This part of the Control Plane is deployed in a dedicated isolated instance.
  • The Execution Plane: where your data is processed. It includes the VDP and Scheduler servers, and the Data Catalog. The Execution Plane is hosted in your cloud account.

To further clarify the concepts covered in this section, you can watch our detailed video tutorial here: https://youtu.be/rXQE99qUxK8 

Getting started

If it is your first time using Agora you need to register a new user. In the login page, click on "Register", fill the form and click on the “Register” button to create a new user. If you already have a user, simply enter your username and password and click on “Sign In”.

In order to register a new user, you need to provide basic information like first name, last name, email, and password. Please keep in mind that this user will be the global administrator of the account for your organization. You will be able to create additional users later on.

Register your organization

Once you have registered and logged in, you need to register your organization. An organization can have multiple subscriptions, which is useful for example if you want to have multiple Denodo deployments in different cloud providers or in different regions, but manage them all under the same account.  

For a quick overview and step-by-step walkthrough, watch the following video tutorial: https://youtu.be/mmDCxwR8wY4 

Create a subscription

Once the organization is registered, the next step is to create your Agora subscription.

There is a wizard with several steps that will guide you through this process. First, you will need to select the plan for your subscription (Standard, Enterprise, or Enterprise Plus).

In the second step you will select a billing account (you can select an existing billing account or create a new one in the Billing Accounts section). You can only select billing accounts that are associated with the plan selected for the subscription.

The third step includes general settings like name, subscription identifier, and description.

Regarding the subscription identifier, note that it will be part of the URI of the service when you are accessing this particular subscription (e.g. https://console.agora.denodo.com/acme-inc/subscriptions/<my-subscription-id>). Be sure to verify if your organization has any rules about the naming of your services (e.g. including “denodo” or “agora” in your subscription id may generate a URI for your subscription that is not approved by your organization). Also, take into account that if you select something like “my-org-name” as your department’s subscription’s id, other departments in your organization will not be able to use the same subscription identifier for their own subscription.

Finally, in the last step you will select the cloud provider (AWS or Azure) and the region where the infrastructure will be deployed.

Here is a list of currently available regions:

AWS

Europe (Ireland) eu-west-1

Europe (Frankfurt) eu-central-1

US East (N. Virginia) us-east-1

US West (Oregon) us-west-1

Asia Pacific (Singapore) ap-southeast-1

Asia Pacific (Sydney) ap-southeast-2

Asia Pacific (Tokyo) ap-northeast-1

South America (São Paulo) sa-east-1

Azure

(Canada) Canada Central

Once you click on “create” your subscription is initialized and the application starts provisioning the resources needed to deploy the service, including Denodo’s Solution Manager (the Control Plane).

For a quick overview and step-by-step walkthrough, watch the following video tutorial: https://youtu.be/2U4oYhMjntE 

Billing accounts

A billing account is the logical entity used to manage payments and it is associated with a subscription plan (Standard, Enterprise or Enterprise Plus). Billing accounts are established at the organization level and can be associated with multiple subscriptions configured with the same plan.

Create a new billing account

To create a new billing account, you will need to access the billing account section in the Organization admin panel and click the “New billing account” button.

First you must choose the subscription plan associated with the billing account.

Then, you need to enter a name for the billing account and set an optional description.

Options

Once the billing account is created, you can configure a payment method or edit its information.

Configure payment method

In this option, you will be able to configure the payment method. To do this, you need to enter an email address, a name, and an address. When configuring the payment method, the corresponding subscription is automatically generated in Stripe, a payment platform that allows you to set up the payment method for the account.

After completing the initial configuration, you will be able to access the Stripe portal from this same options menu. There, you will be able to set up a credit card and finish the configuration process. Check the details on the Billing portal section.

Edit billing account

With this option, you can edit the name and description of a billing account.

For a quick overview and step-by-step walkthrough, watch the following video tutorial: https://youtu.be/3sjxaVSGXPA 

Billing portal

In the billing portal, you can review your current plan and your invoice history, add or edit your payment method and view or modify your billing information.

Complete the subscription configuration

As part of the subscription configuration you need to connect the Control Plane of Agora with your cloud account. The Control Plane needs credentials in your cloud account, in order to deploy and manage the resources of the Execution Plane. In the following sections we will go into detail about this for both AWS and Azure.

AWS

You must provide the ARN of an IAM role created as indicated below.

For a more visual explanation of this process, refer to the video tutorial: https://youtu.be/p62nhSpcGyA 

Create a role to be assumed by the Control Plane of Agora

You must create an AWS role for an AWS account of your choice, by following these steps:

  1. Create an IAM policy for Agora:
  1. Log into your AWS Console as a user with administrator privileges on the desired AWS account and go to the IAM console.
  2. Click the Policies tab in the sidebar.
  3. Click Create policy.

  1. Click JSON and use the following JSON, instead of the default one, to configure all the permissions required by the Execution Plane of Agora.

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "autoscaling:AttachInstances",

                "autoscaling:AttachLoadBalancerTargetGroups",

                "autoscaling:CreateAutoScalingGroup",

                "autoscaling:DeleteAutoScalingGroup",

                "autoscaling:DescribeAutoScalingGroups",

                "autoscaling:DescribePolicies",

                "autoscaling:DescribeScalingActivities",

                "autoscaling:DescribeScheduledActions",

                "autoscaling:DetachInstances",

                "autoscaling:DetachLoadBalancerTargetGroups",

                "autoscaling:UpdateAutoScalingGroup",

                "autoscaling:PutScalingPolicy",

                "autoscaling:PutScheduledUpdateGroupAction",

                "autoscaling:ResumeProcesses",

                "autoscaling:SuspendProcesses",

                "ec2:AcceptVpcPeeringConnection",

                "ec2:AllocateAddress",

                "ec2:AssociateIamInstanceProfile",

                "ec2:AssociateRouteTable",

                "ec2:AttachInternetGateway",

                "ec2:AuthorizeSecurityGroupIngress",

                "ec2:CreateImage",

                "ec2:CreateInternetGateway",

                "ec2:CreateKeyPair",

                "ec2:CreateLaunchTemplate",

                "ec2:CreateLaunchTemplateVersion",

                "ec2:CreateNatGateway",

                "ec2:CreateRoute",

                "ec2:CreateRouteTable",

                "ec2:CreateSecurityGroup",

                "ec2:CreateSubnet",

                "ec2:CreateTags",

                "ec2:CreateVpc",

                "ec2:CreateVpcPeeringConnection",

                "ec2:DeleteInternetGateway",

                "ec2:DeleteKeyPair",

                "ec2:DeleteLaunchTemplate",

                "ec2:DeleteLaunchTemplateVersions",

                "ec2:DeleteNatGateway",

                "ec2:DeleteRoute",

                "ec2:DeleteRouteTable",

                "ec2:DeleteSecurityGroup",

                "ec2:DeleteSnapshot",

                "ec2:DeleteSubnet",

                "ec2:DeleteTags",

                "ec2:DeleteVpc",

                "ec2:DeleteVpcPeeringConnection",

                "ec2:DeregisterImage",

                "ec2:DescribeAccountAttributes",

                "ec2:DescribeAvailabilityZones",

                "ec2:DescribeIamInstanceProfileAssociations",

                "ec2:DescribeImages",

                "ec2:DescribeInstances",

                "ec2:DescribeInternetGateways",

                "ec2:DescribeInstanceTypeOfferings",

                "ec2:DescribeInstanceTypes",

                "ec2:DescribeKeyPairs",

                "ec2:DescribeLaunchTemplateVersions",

                "ec2:DescribeNatGateways",

                "ec2:DescribeRegions",

                "ec2:DescribeRouteTables",

                "ec2:DescribeSecurityGroups",

                "ec2:DescribeSubnets",

                "ec2:DescribeTags",

                "ec2:DescribeVpcAttribute",

                "ec2:DescribeVpcPeeringConnections",

                "ec2:DescribeVpcs",

                "ec2:DetachInternetGateway",                

                "ec2:DisassociateIamInstanceProfile",

                "ec2:ModifyInstanceAttribute",

                "ec2:ModifyLaunchTemplate",

                "ec2:ModifySubnetAttribute",

                "ec2:ModifyVpcAttribute",

                "ec2:ModifyVpcPeeringConnectionOptions",

                "ec2:RebootInstances",

                "ec2:ReleaseAddress",

                "ec2:ReplaceRoute",

                "ec2:RunInstances",

                "ec2:StartInstances",

                "ec2:StopInstances",

                "ec2:TerminateInstances",

                "elasticloadbalancing:CreateListener",

                "elasticloadbalancing:CreateLoadBalancer",

                "elasticloadbalancing:CreateTargetGroup",

                "elasticloadbalancing:DeleteListener",

                "elasticloadbalancing:DeleteLoadBalancer",

                "elasticloadbalancing:DeleteTargetGroup",

                "elasticloadbalancing:DeregisterTargets",

                "elasticloadbalancing:DescribeListeners",

                "elasticloadbalancing:DescribeLoadBalancers",

                "elasticloadbalancing:DescribeTargetGroups",

                "elasticloadbalancing:DescribeTargetHealth",

                "elasticloadbalancing:ModifyListener",

                "elasticloadbalancing:ModifyTargetGroupAttributes",

                "elasticloadbalancing:RegisterTargets",

                "iam:AddRoleToInstanceProfile",

                "iam:CreateInstanceProfile",

                "iam:CreateRole",

                "iam:DeleteInstanceProfile",

                "iam:DeleteRole",

                "iam:DeleteRolePolicy",

                "iam:GetInstanceProfile",

                "iam:GetRole",

                "iam:GetRolePolicy",

                "iam:GetUser",

                "iam:ListInstanceProfiles",

                "iam:ListInstanceProfilesForRole",

                "iam:PassRole",

                "iam:PutRolePolicy",

                "iam:RemoveRoleFromInstanceProfile",

                "iam:UpdateAssumeRolePolicy",

                "s3:DeleteObject",

                "s3:GetBucketLocation",

                "s3:PutObject",

                "sts:DecodeAuthorizationMessage"

            ],

            "Resource": "*"

        },

        {

            "Effect": "Allow",

            "Action": [

              "iam:CreateServiceLinkedRole"

            ],

"Resource":"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",

            "Condition": {

              "StringLike": {

                "iam:AWSServiceName": "autoscaling.amazonaws.com"

              }

            }

        },

        {

            "Effect": "Allow",

            "Action": [

              "iam:CreateServiceLinkedRole"

            ],

            "Resource":"arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing",

            "Condition": {

              "StringLike": {

                "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"

              }

            }

        }

    ]

}

  1. Click the Next button and fill the name field with Agora_Execution_Plane_PolicyPermissions_v1 (or any other name you prefer) and the description field if desired.
  2. Press the Create policy button.

  1. Create a cross-account IAM role:
  1. Log into your AWS Console as a user with administrator privileges on the desired account and go to the IAM console.
  2. Click the Roles tab in the sidebar.
  3. Click Create role.

  1. In Select type of trusted entity, click the AWS account tile.
  2. Check the Another AWS account checkbox.
  3. In the Account ID field, enter the Agora AWS account ID indicated in the Configuration of the Cross-account IAM role wizard of Agora.

  1. Optional: to use an External ID, check Required external ID. Then, in the External ID field, enter the external ID indicated in the Agora configuration wizard when checking Require external ID

  1. Click Next to go to the add permissions section.
  2. Search for the Agora_Execution_Plane_PolicyPermissions_v1 (or the name you gave to the policy in the previous step 1.e) and assign it.

  1. Click on the Next button to go the Name, review, and create section.
  2. Fill the role name field with Agora_Execution_Plane_IAM_Role (or any other name you prefer) and press the Create role button.

  1. Press on the View role button.

  1. Copy the role’s ARN and use it to fill the wizard in the Configuration of the Cross-account IAM role wizard of the Control Plane application of Agora.

You can, optionally, configure a S3 bucket to store the monitorization logs of your Virtual DataPort servers.

Azure

You must provide the subscription in which you want to deploy the Execution Plane and the credentials of an app registration configured as indicated below.

Create an app registration for the Control Plane and assign it a custom role

You must create an app registration for the Control Plane to deploy Azure resources in your subscription and give it the necessary permissions by following these steps:

  1. Create an app registration for Agora:
  1. Log into your Azure subscription as a user with administrator privileges and go to Microsoft Entra ID.
  2. Click the App registrations tab in the sidebar.
  3. Click New registration.

  1. Choose a name, for example, AgoraExecutionPlaneAppRegistration.
  2. Use default settings for supported account types and redirect URI, you can change them later based on your specific requirements.
  3. Click register.
  4. Once created go to the tab Certificates & Secrets in the left panel.
  5. Create a new client secret, with the desired expiration date and copy its value. Please be aware of the following Azure warning: ‘Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page’.

  1. Create a custom role:
  1. Go to the overview of your subscription.
  2. Click the Access Control (IAM) tab in the sidebar.
  3. Click Add > Add a custom-role. (If the option is disabled contact your Azure Administrator).
  4. Go to the JSON tab, click Edit, paste the following JSON, and click Save:

{

    "properties": {

        "roleName": "agora_custom_role",

        "description": "",

        "assignableScopes": [],

        "permissions": [

            {

                "actions": [

                    "Microsoft.Compute/availabilitySets/delete",

                    "Microsoft.Compute/availabilitySets/read",

                    "Microsoft.Compute/availabilitySets/vmSizes/read",

                    "Microsoft.Compute/availabilitySets/write",

                    "Microsoft.Compute/disks/beginGetAccess/action",

                    "Microsoft.Compute/disks/delete",

                    "Microsoft.Compute/disks/endGetAccess/action",

                    "Microsoft.Compute/disks/read",

                    "Microsoft.Compute/disks/write",

                    "Microsoft.Compute/images/delete",

                    "Microsoft.Compute/images/read",

                    "Microsoft.Compute/images/write",

                    "Microsoft.Compute/locations/publishers/artifacttypes/offers/read",

                    "Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/read",

                    "Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/versions/read",

                    "Microsoft.Compute/locations/publishers/artifacttypes/types/read",

                    "Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read",

                    "Microsoft.Compute/locations/publishers/read",

                    "Microsoft.Compute/locations/runCommands/read",

                    "Microsoft.Compute/locations/usages/read",

                    "Microsoft.Compute/locations/vmSizes/read",

                    "Microsoft.Compute/skus/read",

                    "Microsoft.Compute/snapshots/beginGetAccess/action",

                    "Microsoft.Compute/snapshots/delete",

                    "Microsoft.Compute/snapshots/endGetAccess/action",

                    "Microsoft.Compute/snapshots/read",

                    "Microsoft.Compute/snapshots/write",

                    "Microsoft.Compute/virtualMachines/assessPatches/action",

                    "Microsoft.Compute/virtualMachines/cancelPatchInstallation/action",

                    "Microsoft.Compute/virtualMachines/capture/action",

                    "Microsoft.Compute/virtualMachines/convertToManagedDisks/action",

                    "Microsoft.Compute/virtualMachines/deallocate/action",

                    "Microsoft.Compute/virtualMachines/delete",

                    "Microsoft.Compute/virtualMachines/extensions/delete",

                    "Microsoft.Compute/virtualMachines/extensions/read",

                    "Microsoft.Compute/virtualMachines/extensions/write",

                    "Microsoft.Compute/virtualMachines/generalize/action",

                    "Microsoft.Compute/virtualMachines/installPatches/action",

                    "Microsoft.Compute/virtualMachines/instanceView/read",

                    "Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read",

                    "Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read",

                    "Microsoft.Compute/virtualMachines/patchInstallationResults/read",

                    "Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read",

                    "Microsoft.Compute/virtualMachines/performMaintenance/action",

                    "Microsoft.Compute/virtualMachines/powerOff/action",

                    "Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write",

                    "Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read",

                    "Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Compute/virtualMachines/read",

                    "Microsoft.Compute/virtualMachines/reapply/action",

                    "Microsoft.Compute/virtualMachines/redeploy/action",

                    "Microsoft.Compute/virtualMachines/reimage/action",

                    "Microsoft.Compute/virtualMachines/restart/action",

                    "Microsoft.Compute/virtualMachines/retrieveBootDiagnosticsData/action",

                    "Microsoft.Compute/virtualMachines/runCommand/action",

                    "Microsoft.Compute/virtualMachines/runCommands/delete",

                    "Microsoft.Compute/virtualMachines/runCommands/read",

                    "Microsoft.Compute/virtualMachines/runCommands/write",

                    "Microsoft.Compute/virtualMachines/simulateEviction/action",

                    "Microsoft.Compute/virtualMachines/start/action",

                    "Microsoft.Compute/virtualMachines/vmSizes/read",

                    "Microsoft.Compute/virtualMachines/write",

                    "Microsoft.Compute/virtualMachineScaleSets/deallocate/action",

                    "Microsoft.Compute/virtualMachineScaleSets/delete",

                    "Microsoft.Compute/virtualMachineScaleSets/delete/action",

                    "Microsoft.Compute/virtualMachineScaleSets/extensions/delete",

                    "Microsoft.Compute/virtualMachineScaleSets/extensions/read",

                    "Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read",

                    "Microsoft.Compute/virtualMachineScaleSets/extensions/roles/write",

                    "Microsoft.Compute/virtualMachineScaleSets/extensions/write",

                    "Microsoft.Compute/virtualMachineScaleSets/forceRecoveryServiceFabricPlatformUpdateDomainWalk/action",

                    "Microsoft.Compute/virtualMachineScaleSets/instanceView/read",

                    "Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action",

                    "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read",

                    "Microsoft.Compute/virtualMachineScaleSets/osRollingUpgrade/action",

                    "Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read",

                    "Microsoft.Compute/virtualMachineScaleSets/performMaintenance/action",

                    "Microsoft.Compute/virtualMachineScaleSets/powerOff/action",

                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write",

                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read",

                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read",

                    "Microsoft.Compute/virtualMachineScaleSets/read",

                    "Microsoft.Compute/virtualMachineScaleSets/redeploy/action",

                    "Microsoft.Compute/virtualMachineScaleSets/reimage/action",

                    "Microsoft.Compute/virtualMachineScaleSets/reimageAll/action",

                    "Microsoft.Compute/virtualMachineScaleSets/restart/action",

                    "Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/action",

                    "Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read",

                    "Microsoft.Compute/virtualMachineScaleSets/scale/action",

                    "Microsoft.Compute/virtualMachineScaleSets/setOrchestrationServiceState/action",

                    "Microsoft.Compute/virtualMachineScaleSets/skus/read",

                    "Microsoft.Compute/virtualMachineScaleSets/start/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/redeploy/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimage/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/retrieveBootDiagnosticsData/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action",

                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write",

                    "Microsoft.Compute/virtualMachineScaleSets/vmSizes/read",

                    "Microsoft.Compute/virtualMachineScaleSets/write",

                    "Microsoft.Insights/AutoscaleSettings/Write",

                    "Microsoft.Insights/AutoscaleSettings/Delete",

                    "Microsoft.Insights/AutoscaleSettings/Read",

                    "Microsoft.Network/connections/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read",

                    "Microsoft.Network/loadBalancers/backendAddressPools/delete",

                    "Microsoft.Network/loadBalancers/backendAddressPools/join/action",

                    "Microsoft.Network/loadBalancers/backendAddressPools/read",

                    "Microsoft.Network/loadBalancers/backendAddressPools/write",

                    "Microsoft.Network/loadBalancers/delete",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/delete",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/join/action",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/write",

                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/read",

                    "Microsoft.Network/loadBalancers/inboundNatPools/read",

                    "Microsoft.Network/loadBalancers/inboundNatRules/read",

                    "Microsoft.Network/loadBalancers/loadBalancingRules/read",

                    "Microsoft.Network/loadBalancers/networkInterfaces/read",

                    "Microsoft.Network/loadBalancers/outboundRules/read",

                    "Microsoft.Network/loadBalancers/probes/join/action",

                    "Microsoft.Network/loadBalancers/probes/read",

                    "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Network/loadBalancers/read",

                    "Microsoft.Network/loadBalancers/virtualMachines/read",

                    "Microsoft.Network/loadBalancers/write",

                    "Microsoft.Network/natGateways/delete",

                    "Microsoft.Network/natGateways/join/action",

                    "Microsoft.Network/natGateways/read",

                    "Microsoft.Network/natGateways/write",

                    "Microsoft.Network/networkInterfaces/delete",

                    "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",

                    "Microsoft.Network/networkInterfaces/effectiveRouteTable/action",

                    "Microsoft.Network/networkInterfaces/ipconfigurations/join/action",

                    "Microsoft.Network/networkInterfaces/ipconfigurations/read",

                    "Microsoft.Network/networkInterfaces/join/action",

                    "Microsoft.Network/networkInterfaces/loadBalancers/read",

                    "Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Network/networkInterfaces/read",

                    "Microsoft.Network/networkInterfaces/UpdateParentNicAttachmentOnElasticNic/action",

                    "Microsoft.Network/networkInterfaces/write",

                    "Microsoft.Network/networkProfiles/read",

                    "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",

                    "Microsoft.Network/networkSecurityGroups/delete",

                    "Microsoft.Network/networkSecurityGroups/join/action",

                    "Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Network/networkSecurityGroups/read",

                    "Microsoft.Network/networkSecurityGroups/securityRules/read",

                    "Microsoft.Network/networkSecurityGroups/write",

                    "Microsoft.Network/publicIPAddresses/delete",

                    "Microsoft.Network/publicIPAddresses/dnsAliases/read",

                    "Microsoft.Network/publicIPAddresses/join/action",

                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Network/publicIPAddresses/read",

                    "Microsoft.Network/publicIPAddresses/write",

                    "Microsoft.Network/publicIPPrefixes/delete",

                    "Microsoft.Network/publicIPPrefixes/join/action",

                    "Microsoft.Network/publicIPPrefixes/read",

                    "Microsoft.Network/publicIPPrefixes/write",

                    "Microsoft.Network/operations/read",

                    "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",

                    "Microsoft.Network/virtualNetworks/customViews/read",

                    "Microsoft.Network/virtualNetworks/delete",

                    "Microsoft.Network/virtualNetworks/join/action",

                    "Microsoft.Network/virtualNetworks/joinLoadBalancer/action",

                    "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",

                    "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read",

                    "Microsoft.Network/virtualNetworks/read",

                    "Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read",

                    "Microsoft.Network/virtualNetworks/subnets/delete",

                    "Microsoft.Network/virtualNetworks/subnets/join/action",

                    "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",

                    "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",

                    "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",

                    "Microsoft.Network/virtualNetworks/subnets/read",

                    "Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read",

                    "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read",

                    "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",

                    "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",

                    "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",

                    "Microsoft.Network/virtualNetworks/subnets/write",

                    "Microsoft.Network/virtualNetworks/virtualMachines/read",

                    "Microsoft.Network/virtualNetworks/write",

                    "Microsoft.Authorization/roleAssignments/write",

                    "Microsoft.Authorization/roleAssignments/delete",

                    "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",

                    "Microsoft.Network/virtualNetworks/peer/action",

                    "Microsoft.ClassicNetwork/virtualNetworks/peer/action",

                    "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",

                    "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",

                    "Microsoft.Resources/subscriptions/resourcegroups/delete",

                    "Microsoft.Resources/subscriptions/resourceGroups/read",

                    "Microsoft.Resources/subscriptions/resourceGroups/write",

                    "Microsoft.Storage/storageAccounts/read",

                    "Microsoft.Subscription/aliases/read",

                    "Microsoft.Insights/MetricDefinitions/Read",

                    "Microsoft.Insights/Components/Query/Read",

                    "Microsoft.Insights/Components/MetricDefinitions/Read",

                    "Microsoft.Insights/Components/Metrics/Read",

                    "Microsoft.Insights/MetricDefinitions/Microsoft.Insights/Read",

                    "Microsoft.Insights/MetricDefinitions/providers/Microsoft.Insights/Read",

                    "Microsoft.Insights/Metricnamespaces/Read",

                    "Microsoft.Insights/Metrics/Read",

                    "Microsoft.Insights/Metrics/Microsoft.Insights/Read",

                    "Microsoft.Insights/Metrics/providers/Metrics/Read",

                    "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read",

                    "Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write"

                ],

                "notActions": [],

                "dataActions": [],

                "notDataActions": []

            }

        ]

    }

}      

  1. The role name will automatically be set to ‘agora_custom_role’, you can change this name and the description if you need it.
  2. In the assignable scopes tab restrict these permissions to the desired subscription or resource group.
  3. Click on Review + create, if there are no warnings or validation errors, click on Create.
  1. Assign the custom role to the app registration:
  1. Go to the desired subscription or resource group, if you’re choosing an existing one.
  2. Click on tab Access Control (IAM).
  3. Click Add > Add role assignment.
  4. Select the ‘agora_custom_role’ and click Next.

  1. In the Members tab choose User, group, or service principal and type in the exact name of the service principal (Azure automatically creates one with the same name as the app registration), add it and click Next.

  1. In the Conditions tab choose the recommended option ‘Allow user to assign all roles except privileged administrator roles Owner, UAA, RBAC’.

  1. Click Review + Assign.
  1. Now you have an Azure app registration with the required permissions. You must extract the client id, tenant id, and secret from its details, and then configure these credentials along the id of your desired subscription in the Agora console.

Choose a deployment template

We are now ready to deploy. In order to simplify this step, the application allows you to choose a template that will create the environments, clusters and servers in your infrastructure. Each template is focused on a specific scenario, ranging from a basic evaluation to a full-blown production-ready deployment with three environments.

Alternatively, you can also configure all the settings manually using Denodo’s Solution Manager, by clicking on the “Provision Manually” button.