Skip to main content

Post Deployment Steps

Before you start using Apporetum, you may need to complete a few final steps while we finish setting up your account. Depending on the options you selected in the deployment wizard, certain tasks may be required. You can verify these tasks by checking the health status on your deployment status page. Please note that all deployments must grant the requested Graph Permissions and may need to link additional resources to their VNets.

Verify the health of your deployment​

Health Check Page After a successful deployment, we recommend that you verify your deployment Apporetum using our health check tool located on the API App Service. This tool will validate and recommend common fixes to deployments when problems are detected. You can find the URL using the following proceedure.

The tool provides helpful troubleshooting steps and actions which can be used to manually fix any present deployment issues.

Locate the API App Service​

  1. From the Managed Application, click the Managed Resource Group under Essentials section. Managed Resource Group list of Resources for Private link
  2. Open the apporetum-####-api-####### resource (You may search 'app service' to find it easier)
  3. On the API App Service overview page click the Browser button on the command bars
  4. On the home page click the Status link. NOTE: this may take a couple of seconds to run

Grant Microsoft Graph Permissions​

To enable Apporetum to talk directly to Microsoft Graph we must first grant all the new permissions requested by the deployment script.The following instructions steps you through how to find and grant the necessary permissions.

warning

Please carefully read through the permissions which are required by Apporetum and understand the impact they have on your organisation. We have chosen the minimal required permissions to operate and without these Apporetum will not be able to operate all features for this Data Source.

  1. Ensure you are using your Global Admin or Application Administrator Account
  2. From the Azure Portal, navigate to your Entra ID (formerly Azure Active Directory) App Registrations (Entra ID (formerly Azure Active Directory) > App Registration)
  3. Search for 'Apporetum-' and open the corresponding NEW app registration which has the same ID as your Managed Application Resource Group (this should be 4 - 5 random characters as the end of your resources)
  4. On the App Registration page, navigate to the "API Permissions" tab
  5. Click the "Grant admin consent for Default Directory" button and accept the popups
  6. Verify using the Health Checks that your permissions were successfully granted

Existing VNet Post-Deployment Steps​

Due to limitations in the Azure Managed Application offer, Apporetum can't completely set up everything if you use an existing VNet. As such, you will need to follow a few short guides to get all of our infrastructure connected to yours. These connections can be verified on your deployed Apporetum API app service.

Connect Private DNS​

To securely connect to Apporetum's database and keyvault we use private endpoints. To enable us to resolve the private IPs of these resources you will need to link the Private DNS records to your VNet.

Private DNS Zones​

  1. privatelink.database.windows.net
  2. privatelink.vaultcore.azure.net
  1. From the Managed Application, click the Managed Resource Group under Essentials section.
  2. Open the respective Private DNS Zone (You may search 'privatelink' to find them easier) Managed Resource Group list of Resources for Private link
  3. Navigate to the Virtual Network Links page under the Settings section on the left blade
  4. Click Add to open the link form
  5. Name the link accordingly and select the same VNet which was used in the deployment script Managed Resource Group list of Resources for Private link
  6. Save the form
tip

To see these changes reflected immediately in your health check please Restart the API App service after these links are successfully created. DNS cache may take up to 4 hours to update without intervention before Apporetum can use these private DNS links/

Connect App Service​

Apporetum's App Services must be manually connected to the respective Subnet.

  1. From the Managed Application, click the Managed Resource Group under Essentials section.

  2. Open the apporetum-####-api-####### resource (You may search 'app service' to find it easier) Managed Resource Group list of Resources for App Service Managed Resource Group list of Azure resources

  3. Navigate to the Networking page under the Settings section on the left blade

  4. Click VNet integration to open the VNet integration page

  5. Click Add to open the link form

  6. Select the same VNet and the appropriate subnet for the API App Service which was used in the deployment script Managed Resource Group list of Resources for App Service Add VNet Integration popup for App Service

  7. Save the form (This will show an error ) App Service Successful Connection Failure notification after linking an existing Virtual Network successfully

tip

This action will show an Error notification with the following description "Failed to update VNet Route All Configuration". This is expected and will not affect your installation. Please verify that your desired VNet shows on the App Service's VNet Integration page.

Confirm your license​

Whitelist Internet Services​

NameDomainRequirement
License Serverlicense.apporetum.comRequired
Deployment Manager Serverdeploy.apporetum.comRequired
License Server (backup)license2.apporetum.comOptional
Deployment Manager Server (backup)deploy2.apporetum.comOptional

Connect VNet to On-Premise Infrastructure​

To allow Apporetum to connect to on-premise identity providers such as Active Directory, a separate VNet should be considered, peered or bridged to the existing infrastructure in Azure.

Whilst the VNet requirements will vary between organisations, the following considerations should be made:

  • VNet Peering between different resource groups same subscription: Make sure that the defined subnets don’t clash, and the resource group names are not the same between the Apporetum VNet and existing VNets you want to peer between. Learn More
  • VNet Peering between different subscriptions: Make sure that the defined subnets don’t clash between the Apporetum VNet and existing VNets you want to peer between. Learn More
  • Creating new VNet Infrastructure and establishing a VPN to on-premise infrastructure: When creating new infrastructure to VPN between Azure and the Apporetum VNet make sure the appropriate ADDS ports are opened. Learn More