Enterprise Deployment Guide for Azure

Deploy Prism seamlessly on Azure. Follow best practices for scalable, compliant AI evaluation.

Deploying RagaAI Prism on your Azure infrastructure ensures that your data remains secure and within your control. Follow these steps to set up RagaAI Prism in your Azure account.

Provision Base Infrastructure

To get started quickly, you can use the Terraform Templates and scripts provided by the Raga team:

Pre-Requirements

Set Up Azure User: The user running the installation should have Contributor and User Access Administrator roles. Alternatively, create a dedicated custom role with specific permissions.
Resource Provider Quotas: Ensure that you have sufficient quota for the Standard_D8a_v4 VMs, each with minimum 24 available vCPUs, in your target region for AKS Node Pools.
Ensure that your system supports Bash commands
The following CLI tools should be installed:

Option B: Using Service Principal

export AZURE_CLIENT_ID=your-client-id
export AZURE_CLIENT_SECRET=your-client-secret
export AZURE_TENANT_ID=your-tenant-id
export AZURE_SUBSCRIPTION_ID=your-subscription-id

Validate Azure CLI Login:

az account show

Execute the following command to Provision the Environment:

Extract the TAR file provided by the RagaAI team:

tar -zxvf raga-prism-terraform-azure-<version>.tar

Create Azure Storage Account and Blob Container :

az storage account create \
  --name <storage-account-name> \
  --resource-group <resource-group-name> \
  --location <region> \
  --sku Standard_LRS

az storage container create \
  --name <container-name> \
  --account-name <storage-account-name>

Replace placeholders:

region: Azure deployment region
resource-group-name: Azure Resource Group name
storage-account-name: Azure Storage Account name
container-name: Blob container name (e.g., tfstate)

Update Terraform Variables

Update the terraform.tfvars with the required values:

customer_name: This will be the prefix for all Azure resources
region: Deployment region
vnet_cidr: Your preferred CIDR range
resource_group_name: Azure resource group name

Terraform Initialization

Execute the following command for terraform init:

  terraform init \
    -backend-config="resource_group_name=<resource-group-name>" \
    -backend-config="storage_account_name=<storage-account-name>" \
    -backend-config="container_name=<container-name>" \
    -backend-config="key=tf/raga/terraform.tfstate" \
    -backend-config="region=<region>" \
    -var-file=terraform.tfvars

Terraform Apply

Execute the following command for provision the infra with terraform:

terraform apply -var-file=terraform.tfvars -auto-approve

Terraform Output

Get the required details to install Raga Prism in the next step:

terraform output infrastructure_summary

List of Azure Resources Provisioned by RagaAI Terraform Infrastructure

Note: You can also set up your cloud environment using the following requirements as an Alternative to the RagaAI Terraform templates

Storage Account

Create Storage Account with Blob Container and configure CORS with the following settings:

Allowed Methods: GET, PUT
Allowed Origins: * (all origins)
Allowed Headers: * (all headers)
Exposed Headers: none
Max Age: 3000 seconds

AKS Cluster

Kubernetes v1.24+ (Recommend containerd runtime)
Ensure sufficient quota for compute resources
Node Pool Configuration: Minimum of 3 nodes, with each node having the following specifications
- Memory: 32GB
- vCPU: 8
- Disk: 64GB
- Architecture: x86_64
Cluster Add-ons
- Azure Disk CSI Driver
Cluster Autoscaler
- Enable cluster autoscaler for node pools

Azure Database for MySQL

SKU: General Purpose
Compute: 2 vCore
Memory: 8 GiB RAM
Storage: 50 GB
Version: MySQL 8.0

Virtual Machine

Create a VM in a public subnet to act as a bastion/jump box
- Size: Standard_B1s (1 vCPU and 1 GB Memory)
- OS Disk: 8 GB
Network Security Group for bastion host
- Inbound Rules:
  - Allow SSH (port 22)
- Outbound Rules:
  - Allow all outbound within VNet
Network Security Group for internal load balancer
- Inbound Rules:
  - Allow HTTP (port 80) from VNet
  - Allow HTTPS (port 443) from VNet
- Outbound Rules:
  - Allow all outbound within VNet

Virtual Network

Virtual Network with address space
2 Public and 2 private subnets
Route table for private subnets
NAT Gateway for private subnet outbound

Install Raga Prism

Install Raga Prism:

SSH into the bastion VM and run the installation command
Configure azure cli
Configure kubectl to interact with your AKS cluster
Copy the TAR file provided by the RagaAI team into he instance & extract the file
Update the .env file with the values that you get when you execute the terraform output command

Execute the following command to deploy Prism::

python3 azure-prism.py

Run the Database Migration

helm install db-migration db-migration -n raga --set release-tag=<release-tag>

Install Raga Services

helm install raga raga -n raga \
  --set ReleaseTag=<release-tag>,AzureStorageContainer=<azure-storage-container-name>,AzureStorageConnectionstring=<azure-storage-connectionstring>

Access Raga Prism

Access Prism UI with the private load balancer IP/DNS

Portal: http://<Load_Balancer_IP>
API: http://<Load_Balancer_IP>/api

For any issues during the deployment process or additional assistance, please contact our support team at [email protected].

PreviousEnterprise Deployment Guide for AWS NextEnterprise Deployment Guide for GCP

Last updated 8 months ago

Was this helpful?

hashtagProvision Base Infrastructure

hashtagPre-Requirements

hashtagAzure Login using CLI

hashtagExecute the following command to Provision the Environment:

hashtagCreate Azure Storage Account and Blob Container :

hashtagUpdate Terraform Variables

hashtagTerraform Initialization

hashtagTerraform Apply

hashtagTerraform Output

hashtagList of Azure Resources Provisioned by RagaAI Terraform Infrastructure

hashtagInstall Raga Prism

hashtagInstall Raga Prism:

hashtagAccess Raga Prism