Slack CommunityCatalyst LoginPrism Login

Evaluation Deployment Guide for Azure

Table of Contents

  1. Prerequisites

  2. Initial Setup

  3. VM Deployment Options

  4. Monitoring Setup

  5. Installation and Access

  6. Post-Installation Steps

Prerequisites

Azure Account Requirements

  • Active Azure subscription

  • Owner or Contributor role permissions

  • Registered Microsoft namespaces:

    • Microsoft.Network

    • Microsoft.Compute

  • Minimum 16 vCPUs available in your subscription/region for Standard Ds v3 Family

Technical Requirements

  • Azure CLI installed locally

  • Installation command from RagaAI team

  • SSH client for VM access

Initial Setup

1. Authentication

# Initiates the Azure login process and opens a web browser for authentication
az login

2. Resource Group Creation

# Creates a new resource group named 'RagaCatalystRG' in the West US region
# Resource groups help organize and manage Azure resources
az group create --name RagaCatalystRG --location 'West US'

VM Deployment Options

Option A: Public VM Deployment

Network Configuration

  1. Create Public Subnet

# Creates a virtual network with a public subnet
# - address-prefix: Defines the IP range for the entire VNet (10.0.0.0/16)
# - subnet-prefix: Defines the IP range for the subnet (10.0.1.0/24)
az network vnet create \
  --resource-group RagaCatalystRG \
  --address-prefix "10.0.0.0/16" \
  --subnet-prefix "10.0.1.0/24" \
  --subnet-name RagaCatalyst-publicSN \
  --name RagaCatalystVnet

  1. Network Security Group Setup

# Creates a new Network Security Group for managing inbound/outbound traffic
az network nsg create --resource-group RagaCatalystRG --name RagaCatalyst-public-NSG

# Creates rules for inbound traffic:
# Allow HTTP traffic (port 80) for web access
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Allow-HTTP --priority 1000 --direction Inbound --access Allow --protocol Tcp --destination-port-ranges 80

# Allow SSH traffic (port 22) for remote access
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Allow-SSH --priority 1010 --direction Inbound --access Allow --protocol Tcp --destination-port-ranges 22

# Creates rules for outbound traffic:
# Allow HTTPS traffic (port 443) for secure web access
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Allow-443-Outbound --protocol Tcp --direction Outbound --access Allow --priority 100 --source-address-prefixes '*' --destination-port-ranges 443

# Allow email traffic (port 587) for SMTP
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Allow-587-Outbound --protocol Tcp --direction Outbound --access Allow --priority 200 --source-address-prefixes '*' --destination-port-ranges 587

# Allow temporary HTTP outbound (port 80) - will be removed later
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Allow-80-Outbound --protocol Tcp --direction Outbound --access Allow --priority 300 --source-address-prefixes '*' --destination-port-ranges 80

# Block all other outbound traffic for security
az network nsg rule create --resource-group RagaCatalystRG --nsg-name RagaCatalyst-public-NSG --name Deny-TCP-Outbound --protocol '*' --direction Outbound --access Deny --priority 2000 --source-address-prefixes '*' --destination-port-ranges '*'

  1. Network Interface Setup

# Associates the NSG with the subnet for security rule enforcement
az network vnet subnet update --resource-group RagaCatalystRG --vnet-name RagaCatalystVnet --name RagaCatalyst-publicSN --network-security-group RagaCatalyst-public-NSG

# Creates a public IP address for external access
az network public-ip create --resource-group RagaCatalystRG --name RagaCatalystPublicIP

# Creates a network interface card (NIC) with the public IP and NSG
az network nic create --resource-group RagaCatalystRG --name RagaCatalystPublicNIC --vnet-name RagaCatalystVnet --subnet RagaCatalyst-publicSN --network-security-group RagaCatalyst-public-NSG --public-ip-address RagaCatalystPublicIP

  1. Create VM

# Creates the virtual machine with specified configurations:
# - Uses Ubuntu 24.04 LTS image
# - Standard_D16s_v3 size (16 vCPUs)
# - 128GB SSD storage
# - TrustedLaunch security
az vm create \
--resource-group RagaCatalystRG \
--name RagaCatalystVM \
--location 'West US' \
--image 'Canonical:ubuntu-24_04-lts:server:latest' \
--size 'Standard_D16s_v3' \
--admin-username ubuntu \
--admin-password 'WYlvZ5#HZeRPAfJ9P' \
--nics RagaCatalystPublicNIC \
--storage-sku StandardSSD_LRS \
--os-disk-size-gb 128 \
--security-type TrustedLaunch \
--custom-data 'boeing' \
--output json

Monitoring Setup

Azure Monitor Agent Installation

# Retrieves the VM's unique identifier for use in other commands
az vm show --name RagaCatalystVM --resource-group RagaCatalystRG --query "id" --output tsv

# Installs the Azure Monitor Agent for VM monitoring and metrics
az vm extension set --name AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --enable-auto-upgrade true --ids <vm-id>

Installation and Access

Installing Raga Catalyst

# SSH into the VM using the public IP address
ssh ubuntu@<VM-IP>

# Clones the installation repository and runs the build script
# Logs are saved to /tmp/build-raga-catalyst-amd.log
git clone https://<gh-token>/whoosh-labs/raga-evaluation-scripts.git /home/ubuntu/raga-evaluation-scripts && bash /home/ubuntu/raga-evaluation-scripts/components/build-raga-catalyst-amd.sh >> /tmp/build-raga-catalyst-amd.log

Post-Installation Steps

Remove Temporary Access

# Removes the temporary outbound port 80 access for security
# Use public or private in the NSG name based on your deployment option
az network nsg rule delete --resource-group RagaCatalystRG --nsg-name RagaCatalyst-<private|public>-NSG --name Allow-80-Outbound

Important Notes:

  • Wait 30 minutes after installation before accessing the portal

  • Portal access: http://<vm_ip>

  • API endpoint: http://<vm_ip>/api

  • Change default passwords immediately after installation

  • Keep the GitHub token secure and do not share it

  • Monitor the build logs at /tmp/build-raga-catalyst-amd.log for any issues

PreviousEvaluation Deployment Guide for AWSNextRagaAI AAEF (Agentic Application Evaluation Framework)

Last updated