UPDATE: 10 October 2018 SailPoint now support and provide guidance on deploying IdentityNow Virtual Appliances in Azure. See this document on Compass for more details
The CentOS image that SailPoint provide for the IdentityNow Virtual Appliance that performs integration between ‘Sources’ and IdentityNow is VMWare based. I don’t have any VMWare Infrastructure to run it on and really didn’t want to run up any VMWare environments for this component. All my other infrastructure is in Azure. I’d love to run my VA(s) in Azure too.
In discussions with SailPoint I understand it is simply a case that they haven’t certified their CentOS image on Azure. So I figured I’d convert the VM, get it into Azure and see if it works from my Sandpit environment. This blog post details deploying the SailPoint IdentityNow Virtual Appliance in Azure and how I got it working.
Disclaimer: If you use this for more than a Sandpit/Test environment let your SailPoint CSM know. This isn’t an approved process or a support configuration. That said it works for me.
This is the high-level process I threw together that worked for me.
To download the CentOS VMWare Image login to the Admin section of your IdentityNow Tenant. Under Admin => Connections => Virtual Appliances create a New Cluster. Select that Cluster then Virtual Appliances => New
Download the Appliance Package
I already had Virtual Box installed on my computer. I had to give the full path to VBoxManage (as shown below) and called it with the switches to convert the image;
vboxmanage clonehd –format VHD –variant Fixed
The –variant Fixed switch takes the dynamic image and converts it to Fixed as this is a requirement in Azure.
The image conversion started and completed in under ten minutes.
In the Azure Portal I created a New Resource and chose CoreOS.
I gave it a name, chose HDD as the disk type and gave it a Username and Password.
I chose sizing in line with the recommendations for a Virtual Appliance.
And kept everything else simple (for my sandpit environment).
After the VM had deployed I had a Resource Group with the necessary Virtual Network, Storage Account etc.
I created a vhd container (in the Storage Group associated with the VM I just created) to hold the new VHD. Using Azure Storage Explorer I then uploaded the converted image. Select Page Blob for the blob type.
You’ll want to have a decent internet connection to do this. I converted the SailPoint image on an Azure VM (to which I added a 256Gb data disk too). I then uploaded the new 128Gb VHD disk image from within Azure to the target Resource Group in about 75 minutes.
Below I show the SailPoint Virtual Appliance CentOS OS converted disk image uploaded to Azure Storage Account Blob Storage.
We won’t used a SAS Token, but this just gives easy access to the Storage Blob URL. Right click on the VHD Blob and select Generate Shared Access Signature. Select Create.
Copy the URL. We’ll need parts of this for the script to create a new CentOS VM with our VA Disk Image.
Update the script below for:
Each of those are easily obtained from the Seed VM Summary as highlighted below.
After stepping through the script to create the new VM, and happy with the new name etc, I executed the New-AzureRMVM command.
And the VM was created in a couple of minutes.
Getting the IP address from the new VM Summary I SSH’d into it.
And logged in with the default credentials from SailPoint. (Windows Subsystem for Linux is awesome).
Below shows my Azure based Virtual Appliance connected and all setup.
Whilst not officially supported it is possible to convert the SailPoint Virtual Appliance VMWare based image to an Azure compatible Hyper-V image and assign it as the Operating System disk on an Azure Linux (CoreOS) Virtual Machine. If you need to do something similar I hope my approach gives you some ideas.
If you then need to create another Virtual Appliance in Azure you have a Data Disk you can assign to a VM and upload to wherever it needs to be for creation of another Virtual Appliance VM.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.