The Cycloud product installer automates several steps required for Cycloud provisioning to work within an Azure tenant. From the user / installers perspective the process is extremely simple, and wizard driven requiring the installer to answer several simple questions to complete the installation.
There are several technical pre-requisites that are required prior to beginning the installation and this document will explain these requirements in detail.
It is strongly advised that the required information is at hand prior to beginning the installation to prevent any confusion that can terminate the installation. Again, this document will highlight the required information and where it can be obtained.
An important point is that to install the Cycloud Product an existing tenant can be used, or a new tenant can be created. This link explains how to create a tenant if required.
Azure administrative user account credentials including username, password, Azure subscription ID and Azure tenant ID. Your subscription ID and tenant ID can be found from within the Azure Admin Console. This article may be of assistance.
The user installing the Cycloud Product will also need information regarding the Microsoft file share that is to be used for the Cycloud Data Store. This is simply the UNC path to the share location. This could be an existing file share (with the appropriate permissions etc) or a file share created using the process explained later in this guide. In either case the Microsoft Share information is simply the file share name in UNC format. Example: <\\ServerName\ShareName>
Installation Process and Flow
The following diagram shows the full Cycloud installation process. For the rest of this document, we will be focusing on the Cycloud Product Installer.
The two steps completed during the Cycloud Product installation process are the setup of all required Cycloud objects within Azure along with the setup of the Cycloud Data Store file structure.
In order for Cycloud services to operate correctly the Product Installer creates necessary Azure objects. The objects created include a “Registered App”, “Service Principal Account”, “Role Assignment” and “Custom Role” along with associated Cycloud specific custom permissions.
Cycloud Product Installation Order
There are a number of steps involved in installing the Cycloud Product software outlined in the following diagram.
Let us look at each of these steps in detail.
Microsoft File Share (Cycloud Datastore)
Cycloud uses a Microsoft file share to store various configuration data and logging information as well as some of the Cycloud Controller and Agent logic. The Cycloud Data Store is an essential component of the Cycloud Provisioning solution.
It is necessary to create a file share (Cycloud Date Store Share) prior to running the Cycloud Product Installer. It is important that the Microsoft user account under which the Cycloud Product Installer is running (meaning the user account running the Cycloud Product installer) has read and write permissions to the share in order to create the file structure within the share.
Share Permissions and Security
It is advised that a Microsoft group be created and given full permissions to the Cycloud Data Store Share so that any users that require access to the share can simply be added to the group. In order to provide the best security, the “Everyone” object (which is normally given access to any share by default) is removed.
It is suggested that the file share used for the Cycloud file share should also be hidden from public browsing by appending a $ to the share name. This is common practice in Microsoft environments when creating shares that are not providing user storage facilities. The screenshot below is an example of the suggested file share configuration. Note that the Cycloud Admin group has full access whereas the default “Everyone” object has been removed.
It is important to note that Azure file shares are not supported at this time. With this in mind it is possible to use an Azure instance to host this service as long as it is available from both Cycloud Controllers and Agents. This usually means that the machine hosting the Cycloud Data Store (If an Azure instance) is located within the same virtual network as the Cycloud Controller and Agents or if the machine is on-premises it be contactable via the appropriate VPN technology from the Azure tenant hosting Cycloud Controllers and Agents.
A single Microsoft user account is required for the Cycloud Provisioning solution although it is not required for the Product Installer however it is logical to create it at this point as it is going to be needed when the Cycloud Controller and Agent Services are installed. It is important to note that the Cycloud user should not be used for regular use as this user account should be dedicated for Cycloud processes.
The “Cycloud” user needs to be a member of the Domain Admin and Cycloud (Admins) groups in addition to the default Domain Users group.
The only requirement of the Cycloud user is that it should not have any forced password policies. This is because the Cycloud user account is to effectively be used as a Service account for Cycloud Services, so it is crucial that the password that is created does not expire. The complexity of the password is not important and can align with company policy if required.
It is a requirement that the selected machine that is to run the Cycloud Product installer is domain joined. This is a requirement prior to the Cycloud Product installer being run. This article explains this process. The selected machine has to be domain joined to provide authentication to the Cycloud Datastore.
It is also possible to run the Cycloud Product installer on a Windows Domain Controller should this be a requirement. This has been made possible to reduce the number of Servers required for the Cycloud solution. This has been tested and is fully supported however it is recommended that the selected machine should be a Domain joined Server or client operating system if possible.
Azure PowerShell Module
The AZ PowerShell module is required to be installed prior to running the Cycloud Product Installer. This component and its installation processes are explained in detail at this link. There are no further software prerequisites required for the Cycloud Product Installer however if the machine is also planned to be used as either a Cycloud Controller or Agent then it will also be necessary to run the the Cycloud Primer installer which will install further prerequisites as required. Details to the Cycloud Primer can be found at this link.
Running the Cycloud Product Installer
The Cycloud Product Installer can be run on any machine that has had the prerequisites explained in step 2 and running a supported Microsoft Windows operating system. Supported operating systems are as follows.
- Windows Server 2016 (All Editions)
- Windows Server 2019 (All Editions)
- Windows Server 2022 (All Editions)
- Windows 10 (All Versions)
- Windows 11 (All Versions)
It is assumed that the machine used to run the Cycloud Product Installer will be an Azure instance. Azure marketplace images are supported at this time even though there is no foreseen reasons why custom images could not be used or physical machines.
The Cycloud Product Installer will not actually install any components on the machine it is run on. This is because it is purely a means of setting up the required Azure objects within Azure as well as the Cycloud Datastore. Therefore there is no uninstall required as there are no items to uninstall on the machine itself.
To begin the Cycloud Product installation process follow the following steps.
- Ensure all required prerequisites have been installed and completed.
- Download the Cycloud product software from the Cycloud download page. Unzip it and save it to a location on the machine that has been selected to run the Cycloud Product Installer.
- Go to the Cycloud Product Setup directory and locate the “Cycloud-Share-Installer.exe” file. Double clicking on this file will automatically run the Cycloud Product Installer as Administrator.
- Read and accept the Cycloud EULA
- Enter the path to the Cycloud Data Store in UNC format. (Help bubbles are provided if required)
- Select the cloud platform from the dropdown box. (Microsoft Azure is supported at this time).
- If this is the first time the Cycloud Product Installer has been run it is essential that the “Register Cycloud App” checkbox is selected. This is required to register Cycloud with Azure. If the checkbox is not selected then the installer will setup the Cycloud Datastore only and is useful when Cycloud has already been registered with Azure.
- Accept the message that informs the user that a new directory structure will be created. If the installer finds an existing directory structure a backup will be made of it before a new directory structure is created.
- Enter your Azure subscription ID and Azure tenant ID.
- You will be asked to authenticate to Azure using the Microsoft form. Please enter your Azure login credentials along with any two factor details (if enabled). The Azure user needs to have administrative permissions sufficient to create the following Azure objects.
- Azure App Registration
- Azure Role Assignments
- Azure Custom Roles
- Azure Service Principal Accounts
- After a few moments the Cycloud Product Installer will inform the user that Cycloud Services were successfully registered with Azure. It is at this point the Cycloud Product Installer has completed the Cycloud App registration process.
The following screenshots are of the above process.
Browse to the Cycloud-Share-Installer.exe file and run it
Provide the Cycloud Datastore path in UNC format and select the cloud platform from the dropdown box.
If the Cycloud Product Installer is being run for the first time it is necessary to ensure that the “Register Cycloud App” checkbox is selected.
If the UNC path entered previously is correct and a valid share path is found the above message will be displayed.
A new Cycloud directory structure will then be created.
The user will then need to provide their Azure Subscription ID and their Azure Tenant ID.
The user will then need to provide their Azure login credentials (as well as two factor details if enabled) to authenticated to Azure.
As the process may take a few moment a wait screen will be displayed until the various Cycloud component are fully installed.
The last message shown by the Cycloud Product Installer is when it has completed the creation of all Azure objects. At this point the Cycloud Project Installer has completed all its task and the Cycloud software is registered with Azure and considered complete.
The following screenshots show the various objects after the Product Installer has successfully created them. The user installing the Cycloud Product may wish to look at the various object after installation to confirm their presence although this is not a required step in the installation process.
The Cycloud Product Installer creates an App Registration that can be found within Azure Active Directory. Simply open “Azure Active Directory” within the Azure management portal and navigate to “App Registrations” which can be found in the left pane of the interface. Once at this point select “All Application” option and browse to the application called “CycloudProvisioningServices”. This is the app that the Cycloud installer registered.
The Cycloud Product Installer also creates a custom “Role Assignment” called “CycloudProvisioningServices” that can be found by opening “Subscriptions” from the Azure management portal and selecting the appropriate Azure subscription. After that select “Access Control (IAM)” from the centre pane and then “Role Assignments”. If the “CycloudProvisioningServices” role assignment does not appear it may be necessary to search for it using the “Search by name or email” field.
The last item the Cycloud Product Installer creates is a custom “Role” called “CycloudProvisioningServices”. This object can be found by opening “Subscriptions” from the Azure management portal and selecting the appropriate Azure subscription. After that select “Access Control (IAM)” from the centre pane and then “Roles”. If the “CycloudProvisioningServices” role does not appear it may be necessary to search for it using the “Search by name or email” field.
Potential Issues and Clarification Information
If any issues are encountered during the installation of the Cycloud Product Installation a log file (Install.log) of the installation can be found in the directory where the “Cycloud-Share-Installer.exe” file was run.
It is suggested that if clarification of each stage of the Cycloud Product Installation is required the following points maybe helpful.
After installation of the Cycloud Product has completed the Cycloud Azure objects would have been created. These can be found using the Azure Management Portal as described in the preceding sections.
As part of the installation the file structure of the Cycloud Data Store would have been created. This should look like the following screenshot.
There should be four directories off the root of the share. There will be various subdirectors within these directories each having significance to the operational running of the Cycloud solution however if the four top level directories are seen then it is highly likely that the file structure was created successfully and the Cycloud Data Store is operational.
As long as this document is followed correctly then there are seldom any issues experiences with the Cycloud Product Installation process. The actual installation process take just a few minutes to complete but attention to detail at this point will yield better results than if not.