Cloudockit's Optimal Setup - Enterprise - Azure

Before you start, let us help you navigate all of the steps to Cloudockit Optimal Setup. Simply book a call with one of our experts.

Book a call

Introduction

The purpose of this document is to provide the detailed steps to install and configure Cloudockit Desktop in an optimal way so you can get going as quickly as possible with your automated documentation generation for your Azure environment.

Cloudockit desktop can be installed in many ways. On a workstation, on a server, or on a virtual machine.

Based on our experience, we have identified that the optimal way is to create a virtual machine using the image available on Azure Marketplace which includes Cloudockit Desktop.

PDF Document

Step 1 – Creating the virtual machine

Connect to the Azure portal and go to Virtual Machines

From the Virtual Machines page, press Add in the upper left corner and then Virtual Machine.

Basics

Project Details

Add the Virtual Machine to the Resource Group of your choice.

Instance Details

Virtual Machine Name: Name your virtual machine

Region: Select Region

Availability options: Select from the drop-down.

Image:

Click: Browse all public and private images

In Select an image, enter Cloudockit in the search bar and select Cloudockit Desktop.

Azure Spot Instance: No

Size: Standard_A2_v2 – 2vcpus, 4 GiB memory (Suggested)

Administrator Account

Define the Username and Password

Inbound port rules

Public Inbound ports: Allow selected ports

Select Inbound ports: RDP (3389)

Licensing

Would you like to use an existing Windows Server license? Based on your own preferences.

Click: Disk

Disks

Click: Networking

Networking

Network Interface

Define the configuration as shown in the image below.

Note : 

    • This setup with the Public IP can be done in different ways depending on your environment. If you have an isolated Virtual Network with a Jumpbox to access your virtual machines, you can absolutely use that instead of the Public IP 
    • If you use the Public IP, we strongly recommend that you activate the Just In Time Accessto add additional security 

Load Balancing 

Do you want to place this virtual machine behind an existing load balancing solution?: No 

Click: Management

Management

Define Management as shown on the image below.

Click: Advanced

Advanced

Define the Advanced tab as shown in the image below.

Click: Tags

Tags

Define tags based on your organization’s tagging policy.

Click: Review + Create

Review & Create

Review the parameters of the virtual machine and press Create.

Step 2 – Creating the Storage Account

The Storage Account will allow you to save the documentation that you create and be available to employees in your organization.

From the Azure Portal, select Storage Accounts

Press Add in the upper left corner.

Basics

Define the Basics section as shown in the image below.

Click: Networking

Networking

Define the Networking based on your organizations’ policies.

Click: Data Protection

Data Protection

Define the Data Protection based on your organization’s policies.

Click: Advanced

Advanced

Define the Advanced tab as shown in the image below or based on your organization’s policies.

Click: Tags

Tags

Define Tags based on your organization’s tagging policy.

Click: Review & Create

Review & Create

Review the parameters of the virtual machine and press Create.

Step 3 – Giving the Proper Permissions

By enabling System Assigned Managed identity, this gives you the possibility to add permissions to the virtual machine instead of giving them to a user or a service principal.

The advantage of adding permissions to a virtual machine is to start document generation on new subscriptions without having to do any manual configuration in Cloudockit Desktop.

Giving Permissions to the Virtual Machine on your subscription

The only access needed to generate documentation with Cloudockit Desktop is “reading” privileges.

Access the subscription you want to give access to.

Click on the subscription name and select Access Control (IAM).

Press the Add button in the Add a role assignment box.

In the Add a role assignment section, select the following:

Role: Reader

Select: Select the virtual machine you have created

Make sure the Virtual machine is in the Selected Members section.

Click: Save

Giving the Virtual Machine Permissions on the Storage Account

Access the list of storage accounts in your subscription and select the account where you want documents from Cloudockit Desktop to be saved.

Click: Access Control (IAM)

Press the Add button in the Add a role assignment box.

In the Add a role assignment section, select the following:

Role: Contributor

Select: Select the Virtual Machine you have created.

Make sure the Virtual Machine is in the Selected Members section.

Click: Save

Additional permissions

Azure Classic Resources

Classic resources will not display in the documentation with reader privileges. You must add the credentials to the “Classic Administrator” of the subscription.

https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles

Azure Active Directory

Cloudockit cannot retrieve data from Azure Directory with reader privileges.

The credentials used to generate the documentation must have “Azure AD Global Administrator”.

Azure Billing

Limited billing information can be retrieved with reader privileges.

To get access to additional billing information you must give the credentials “Billing Reader” privileges.

Azure Security Center

To read information from the Azure Security Center through the compliance rules, the credentials used to generate the documentation must have “SecurityReader” privileges.

Dependencies Detection in Azure App Services

Cloudockit automatically detects dependencies between components like Azure App Services & Functions and components like storages, queues, etc.

To do that, Cloudockit scans the App Settings and App Connection Strings to detect the components the App Service is communicating with.

“Contributor” access (on the App Service only) is needed so Cloudockit can list the App Settings and Connection Strings. If you have only Reader privileges, you will see the App Service Details but not the dependencies.

Azure Kubernetes Services

The credentials used to generate the documentation must have “Azure Kubernetes Service RBAC Writer” access (on the Kubernetes Cluster only) so Cloudockit can connect to the cluster and retrieve the details.

Step 4 – Cloudockit Endpoints

Cloudockit uses Azure’s public APIs to collect the metadata which is used to create the reports and diagrams that you use. If the Virtual Machine that you use has internet connectivity, no need to worry about endpoints.

If you do not want to open this Virtual Machine to the internet, here is the list of endpoints that you will potentially need to open for Cloudockit to collect the data.

Endpoints

Cloudockit license validationgenerate.cloudockit.com:443
Azure APIslogin.microsoftonline.com:443
management.core.windows.net:443
management.azure.com:443
ratecard.azure-api.net
graph.windows.net
Azure GOV APIslogin.microsoftonline.us
management.usgovcloudapi.net
management.core.usgovcloudapi.net
Lucid chart diagramsapp.lucidchart.com:443
Email Notificationapi.sendgrid.com:443

Step 5 – Launch Cloudockit Desktop and Schedule a Document Generation

Connect to the Virtual Machine just created.

Create a shortcut

The first step is to create a shortcut to launch Cloudockit from your desktop.

Open Windows Explorer and go to this folder, C:\Program Files\CloudocKit

Identify the file named Cloudockit.exe

Create a shortcut and place it on your desktop.

Activating Cloudockit

Click on the desktop shortcut of Cloudockit to launch the application.

You will need to enter your product key to activate Cloudockit Desktop.

If you have not purchased a product key yet, please visit our Pricing Page.

You will see a message confirming that the activation was done successfully.

Click: OK

Connecting to an Azure platform

Press Start or Schedule a document generation.

Select Microsoft Azure from the list of platforms.

Select Managed Identity (Preview).

Select your Cloud Type and press Login.

Select All subscriptions and press Continue.

Schedule a Document Generation

Now that you are logged in, it is time to define what information you want to generate using Cloudockit.

Set the desired parameters under Documents, Workloads, and Organize Content.

Track Changes

Use the storage account created previously to track changes. This will allow you to see the differences that have occurred between a previous document and the one running right now.

Select Track Changes from the menu to the left.

Enter the name of the storage account in the Account Name box and press validate.

A confirmation message will confirm that the storage account is valid.

Check the box Save a snapshot for comparison.

This will save a JSON file in the storage account every time a new document is generated.

Check the box Compare with a previously generated document.

Select the first empty row that appears below.

This will always select the most recent file in the storage account to compare.

Drop-Off

In the Drop-Off settings, the same storage account as defined in the Track Changes section is automatically selected.

Scheduling

Define the desired schedule for your documentation to run and save your schedule.

Configuration

Enter a unique name to the parameters you have set and press Save Current Configuration.

Your configuration is saved, you can load or edit it in the future.

Step 6 – Validate that documents are successfully generated

Once your scheduled document generation is complete, let’s validate that it has been scheduled properly.

From the main menu, select View all schedules.

In the list, you will see the scheduled documentation you have configured.

You can now press run to generate a manual document generation or wait for the schedule to run its course.

Once your document is completed, you will be able to access it from the Storage Account or from the desktop application.

Press View all document generations from the main menu.

You will see the list of the documents that have been generating.

You can access the documents from the View Documents button on the right.