azure-om-deploy.html.md.erb

---
title: Launching an Ops Manager Director Instance on Azure without an ARM Template
owner: Ops Manager
---

<strong><%= modified_date %></strong>
<html class="list-style-none"></html>

This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure by using individual commands to create resources in Azure instead of using an Azure Resource Manager (ARM) template. For information about using the ARM template, see the [Launching an Ops Manager Director Instance with an ARM Template](azure-arm-template.html) topic.

Before you perform the procedures in this topic, you must have completed the procedures in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic. After you complete the procedures in this topic, follow the instructions in the [Configuring Ops Manager Director on Azure](azure-om-config.html) topic.

<p class="note"><strong>Note</strong>: The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.</p> 

##<a id='network'></a> Step 1: Create Network Resources

1. Navigate to the Azure portal, click **Resource groups**, and click **Add** to create a new resource group for your PCF deployment. 

1. Enter a **Resource group name**, select your **Subscription**, and select a **Resource group location**. Click **Create**.
1. Export the name of your resource group as the environment variable `$RESOURCE_GROUP`.
    <pre class="terminal">
    $ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
    </pre>
    <p class="note"><strong>Note</strong>: If you are on a Windows machine, you can use <code>set</code> instead of <code>export</code>.</p>
1. Export your location. For example, `westus`.
    <pre class="terminal">
    $ export LOCATION="YOUR-LOCATION"
    </pre>
    <p class="note"><strong>Note</strong>: For a list of available locations, run <code>azure location list</code>.</p>
1. Create a network security group named `pcf-nsg`.
    <pre class="terminal">
    $ azure network nsg create $RESOURCE_GROUP pcf-nsg $LOCATION
    </pre> 
1. Add a network security group rule to the `pcf-nsg` group to allow traffic from the public Internet.
    <pre class="terminal">
    $ azure network nsg rule create $RESOURCE_GROUP pcf-nsg internet-to-lb \
    --protocol Tcp --priority 100 --destination-port-range '*'
    </pre>
    <p class="note"><strong>Note</strong>: Because the VMs do not have public IP addresses, this network security group rule only affects the load balancer.</p>
1. Create a network security group named `opsmgr-nsg`.
    <pre class="terminal">
    $ azure network nsg create $RESOURCE_GROUP opsmgr-nsg $LOCATION
    </pre> 
1. Add a network security group rule to the `opsmgr-nsg` group that allow HTTP traffic to the Ops Manager VM.
    <pre class="terminal">
    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg http \
    --protocol Tcp --destination-port-range 80 --priority 100
    </pre>
1. Add a network security group rule to the `opsmgr-nsg` group that allow HTTPS traffic to the Ops Manager VM.
    <pre class="terminal">
    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg https \
    --protocol Tcp --destination-port-range 443 --priority 200
    </pre>
1. Add a network security group rule to the `opsmgr-nsg` group that allow SSH traffic to the Ops Manager VM.
    <pre class="terminal">
    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg ssh \
    --protocol Tcp --destination-port-range 22 --priority 300
    </pre>
1. Create a virtual network named `pcf-net`.
    <pre class="terminal">
    $ azure network vnet create $RESOURCE_GROUP pcf-net $LOCATION \
    --address-prefixes 10.0.0.0/16
    </pre>
1. Add a subnet to the network for PCF VMs.
    <pre class="terminal">
    $ azure network vnet subnet create $RESOURCE_GROUP pcf-net pcf \
    --address-prefix 10.0.0.0/20
    </pre>
    <p class="note"><strong>Note</strong>: To use the <a href="http://docs.pivotal.io/p-identity/index.html">Single Sign-On for PCF</a> service, you must configure a network that contains only one subnet.</p>

##<a id='storage'></a> Step 2: Create BOSH and Deployment Storage Accounts

Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH account, and the other components share five or more deployment storage accounts.

1. Choose a name for your BOSH storage account, and export it as the environment variable `$STORAGE_NAME`. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers. 
    <pre class="terminal">
    $ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
    </pre>
1. Create a standard storage account for BOSH with the following command, replacing `SUBSCRIPTION_ID` with your subscription ID.  This account will be used for BOSH book-keeping and running the Ops Manager VM itself, but does not have to be used for running any other VMs.
    <pre class="terminal">
    $ azure storage account create $STORAGE\_NAME --resource-group $RESOURCE\_GROUP \
    --sku-name LRS --kind Storage --subscription SUBSCRIPTION\_ID \
    --location $LOCATION
    </pre>
    If the command fails, ensure you have followed the rules for naming your storage account. Re-export a new storage account name if necessary.
1. Configure the Azure CLI to use the BOSH storage account as its default.
    1. Retrieve the connection string for the account.
    <pre class="terminal">
    $ azure storage account connectionstring show $STORAGE\_NAME \
    --resource-group $RESOURCE\_GROUP
    </pre>
    The command returns output similar to the following:
    <pre class="terminal">
    info:    Executing command storage account connectionstring show
    <span>+</span> Getting storage account keys
    data:    connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
    info:    storage account connectionstring show command OK
    </pre>
    1. From the `data:` field in the output above, record the full value of **connectionstring** from the output above, starting with and including `DefaultEndpointsProtocol=`.
    1. Export the value of **connectionstring** as the environment variable `$AZURE_STORAGE_CONNECTION_STRING`.
    <pre class="terminal">
    $ export AZURE\_STORAGE\_CONNECTION\_STRING="YOUR-ACCOUNT-KEY-STRING"
    </pre>
1. Create three blob containers in the BOSH storage account, named `opsmanager`, `bosh`, and `stemcell`.
    <pre class="terminal">
    $ azure storage container create opsmanager
    $ azure storage container create bosh
    $ azure storage container create stemcell --permission blob
    </pre>
1. Create a table named `stemcells`.
    <pre class="terminal">
    $ azure storage table create stemcells
    </pre>
1. Choose a set of unique names for five or more deployment storage accounts. As with the BOSH storage account above, the names must be unique, alphanumeric, lowercase, and 3-24 characters long. The account names must also be sequential or otherwise identical except for the last character. For example: `xyzdeploystorage1`, `xyzdeploystorage2`, `xyzdeploystorage3`, `xyzdeploystorage4`, and `xyzdeploystorage5`.
1. Register your subscription with Microsoft.Storage:
    <pre class="terminal">$ azure provider register Microsoft.Storage</pre>
1. Decide which type of storage to use and run the corresponding command below:
    <p class="note"><strong>Note</strong>: Pivotal recommends five Premium storage accounts, which provides a reasonable amount of initial storage capacity. You can use either Premium or Standard storage accounts, but they have very different scalability metrics.  Pivotal recommends creating 1 Standard storage account for every 30 VMs, or 1 Premium storage account for every 150 VMs.  You can increase the number of storage accounts later by provisioning more and following the naming sequence.</p>
    * To use Premium storage (recommended):
    <pre class="terminal">
    $ export STORAGE\_TYPE=PLRS
    </pre>
    *  To use Standard storage:
    <pre class="terminal">
    $ export STORAGE\_TYPE=LRS
    </pre>
1. For **each deployment storage account**, do the following:
    1. Create the storage account with the following command, replacing `MY_DEPLOYMENT_STORAGE_X` with one of your deployment storage account names and `SUBSCRIPTION_ID` with your subscription ID.
    <pre class="terminal">
    $ azure storage account create MY\_DEPLOYMENT\_STORAGE\_X \
    --resource-group $RESOURCE\_GROUP --sku-name $STORAGE\_TYPE --kind Storage \
    --subscription SUBSCRIPTION\_ID --location $LOCATION
    </pre>
    If the command fails, try a different set of account names.

    1. Retrieve the connection string for the account.
    <pre class="terminal">
    $ azure storage account connectionstring show MY\_DEPLOYMENT\_STORAGE\_X \
    --resource-group $RESOURCE\_GROUP
    </pre>
    The command returns output similar to the following:
    <pre class="terminal">
    info:    Executing command storage account connectionstring show
    <span>+</span> Getting storage account keys
    data:    connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
    info:    storage account connectionstring show command OK
    </pre>
    1. From the `data:` field in the output above, record the full value of **connectionstring** from the output above, starting with and including `DefaultEndpointsProtocol=`.
    1. Create two blob containers named `bosh` and `stemcell` in the account.
    <pre class="terminal">
    $ azure storage container create bosh \
    --connection-string "YOUR-ACCOUNT-KEY-STRING"
    </pre>
    <pre class="terminal">
    $ azure storage container create stemcell \
    --connection-string "YOUR-ACCOUNT-KEY-STRING"
    </pre>

##<a id='lb'></a> Step 3: Create a Load Balancer

1. Create a load balancer named `pcf-lb`.
    <pre class="terminal">
    $ azure network lb create $RESOURCE_GROUP pcf-lb $LOCATION
    </pre>
1. Create a static IP address for the load balancer named `pcf-lb-ip`.
    <pre class="terminal">
    $ azure network public-ip create $RESOURCE_GROUP pcf-lb-ip $LOCATION --allocation-method Static
    info:    Executing command network public-ip create
    warn:    Using default --idle-timeout 4
    warn:    Using default --ip-version IPv4
    <span>+</span> Looking up the public ip "pcf-lb-ip"
    <span>+</span> Creating public ip address "pcf-lb-ip"
    data:    Id                              : /subscriptions/222e8ffe-81ce-33ee-e3e2-1a405ffc4134/resourceGroups/pcf-resource-group/providers/Microsoft.Network/publicIPAddresses/pcf-lb-ip
    data:    Name                            : pcf-lb-ip
    data:    Type                            : Microsoft.Network/publicIPAddresses
    data:    Location                        : westus
    data:    Provisioning state              : Succeeded
    data:    Allocation method               : Static
    data:    IP version                      : IPv4
    data:    Idle timeout in minutes         : 4
    data:    IP Address                      : <%= vars.example_ip_2 %>
    info:    network public-ip create command OK
    </pre>

1. Record the **IP Address** from the output above. This is the public IP address of your load balancer.

1. Add a front-end IP configuration to the load balancer.
    <pre class="terminal">
    $ azure network lb frontend-ip create $RESOURCE_GROUP pcf-lb pcf-fe-ip \
    --public-ip-name pcf-lb-ip
    </pre>
1. Add a probe to the load balancer.
    <pre class="terminal">
    $ azure network lb probe create $RESOURCE_GROUP pcf-lb tcp80 \
    --protocol Tcp --port 80
    </pre>
1. Add a backend address pool to the load balancer.
    <pre class="terminal">
    $ azure network lb address-pool create $RESOURCE_GROUP pcf-lb pcf-vms
    </pre>
    <p class="note"><strong>Note</strong>: This backend pool is empty when you create it.</p>
1. Add a load balancing rule for HTTP.
    <pre class="terminal">
    $ azure network lb rule create $RESOURCE_GROUP pcf-lb http --protocol tcp \
    --frontend-port 80 --backend-port 80
    </pre>
1. Add a load balancing rule for HTTPS.
    <pre class="terminal">
    $ azure network lb rule create $RESOURCE_GROUP pcf-lb https --protocol tcp \
    --frontend-port 443 --backend-port 443
    </pre>
1. Add a load balancing rule for SSH.
    <pre class="terminal">
    $ azure network lb rule create $RESOURCE_GROUP pcf-lb diego-ssh --protocol tcp \
    --frontend-port 2222 --backend-port 2222
    </pre>

1.  Navigate to your DNS provider, and create an entry that points `*.YOUR-SUBDOMAIN` to the public IP address of your load balancer that you recorded in a previous step. For example, create an entry that points `azure.example.com` to `198.51.100.1`.
    <p class="note"><strong>Note</strong>: If you did not record the IP address of your load balancer earlier, you can retrieve it by navigating to the Azure portal, clicking <strong>All resources</strong>, and clicking the <strong>Public IP address</strong> resource that ends with <code>pcf-lb-ip</code>.</p>
 
##<a id='boot'></a> Step 4: Boot Ops Manager

1. Navigate to [Pivotal Network](https://network.pivotal.io/products/ops-manager) and download the latest release of **Pivotal Cloud Foundry Ops Manager for Azure**.

1. View the downloaded PDF and locate the Ops Manager image URL appropriate for your region.

1. Export the Ops Manager image URL as an environment variable.
    <pre class="terminal">$ export OPS\_MAN\_IMAGE\_URL="YOUR-OPS-MAN-IMAGE-URL"</pre>

1. Copy the Ops Manager image into your storage account.
    <pre class="terminal">
    $ azure storage blob copy start $OPS\_MAN\_IMAGE\_URL opsmanager \
    --dest-connection-string $AZURE\_STORAGE\_CONNECTION\_STRING \
    --dest-container opsmanager \
    --dest-blob image.vhd 
    </pre>

1. Copying the image may take several minutes. Run the following command and examine the output under `Status` to check the status:
    <pre class="terminal">
    $ azure storage blob copy show opsmanager image.vhd
    info:    Executing command storage blob copy show
    <span>+</span> Getting storage blob information
    data:    Copy ID                               Progress                 Status
    data:    ------------------------------------  -------------            -------
    data:    069d413d-be05-4b12-82bc-c96dacee230e  31457280512/31457280512  success
    info:    storage blob copy show command OK
    </pre>
    When `Status` reads `success`, continue to the next step.

1. Create a public IP address named `ops-manager-ip`.
    <pre class="terminal">
    $ azure network public-ip create $RESOURCE_GROUP ops-manager-ip $LOCATION --allocation-method Static
    info:    Executing command network public-ip create
    warn:    Using default --idle-timeout 4
    warn:    Using default --ip-version IPv4
    <span>+</span> Looking up the public ip "ops-manager-ip"
    <span>+</span> Creating public ip address "ops-manager-ip"
    data:    Id                              : /subscriptions/222e8ffe-81ce-33ee-e3e2-1a405ffc4134/resourceGroups/pcf-resource-group/providers/Microsoft.Network/publicIPAddresses/ops-manager-ip
    data:    Name                            : ops-manager-ip
    data:    Type                            : Microsoft.Network/publicIPAddresses
    data:    Location                        : westus
    data:    Provisioning state              : Succeeded
    data:    Allocation method               : Static
    data:    IP version                      : IPv4
    data:    Idle timeout in minutes         : 4
    data:    IP Address                      : <%= vars.example_ip_1 %>
    info:    network public-ip create command OK
    </pre>

1. Record the **IP Address** from the output above. This is the public IP address of Ops Manager.

1. Create a network interface for Ops Manager.
    <pre class="terminal">
    $ azure network nic create --subnet-vnet-name pcf-net --subnet-name pcf \
    --network-security-group-name opsmgr-nsg \
    --private-ip-address 10.0.0.5 --public-ip-name ops-manager-ip \
    $RESOURCE_GROUP ops-manager-nic $LOCATION
    </pre>

    <p class="note"><strong>Note</strong>: If the command fails with a <code>parameters must be provided</code> error, run it again and ensure that you place <code>$RESOURCE_GROUP ops-manager-nic $LOCATION</code> at the end of the command as specified above. The Azure CLI requires that you specify options before other parameters.</p>

1. Create a keypair on your local machine with the username `ubuntu`. For example, enter the following command:
   <pre class="terminal">
   $ ssh-keygen -t rsa -f opsman -C ubuntu
   </pre>
   <br>
   When prompted for a passphrase, press the `enter` key to provide an empty passphrase.

1. Create a VM against the Ops Manager image, replacing `PATH-TO-PUBLIC-KEY` with the path to your public key `.pub` file.
    <pre class="terminal">
    $ azure vm create $RESOURCE\_GROUP ops-manager $LOCATION \
    Linux --nic-name ops-manager-nic \
    --os-disk-vhd https://$STORAGE\_NAME.blob.core.windows.net/opsmanager/os\_disk.vhd \
    --image-urn https://$STORAGE\_NAME.blob.core.windows.net/opsmanager/image.vhd \
    --admin-username ubuntu --storage-account-name $STORAGE\_NAME \
    --vm-size Standard\_DS2_v2 --ssh-publickey-file PATH-TO-PUBLIC-KEY
    </pre>
    <br>
    If you are using Azure China, Azure Government Cloud, or Azure Germany, replace `blob.core.windows.net` with the following:
    <br><br>
    * For Azure China, use `blob.core.chinacloudapi.cn`. See the [Azure documentation](https://msdn.microsoft.com/en-us/library/azure/dn578439.aspx) for more information.
    * For Azure Government Cloud, use `blob.core.usgovcloudapi.net`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-services-storage) for more information.
    * For Azure Germany, use `blob.core.cloudapi.de`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/germany/germany-developer-guide) for more information.

1. The VM may take several minutes to boot. Run the following command, and examine the output under **PowerState** to check the status of the VM.
    <pre class="terminal">
    $ azure vm list
    info:    Executing command vm list
    <span>+</span> Getting virtual machines
    data:    ResourceGroupName  Name                 ProvisioningState  PowerState  Location  Size
    data:    -----------------  -------------------  -----------------  ----------  --------  ---------------
    data:    PCF                ops-manager          Succeeded          VM running  westus    Standard\_DS2\_v2
    info:    vm list command OK
    </pre>

    The **PowerState** displays `VM running` when the Ops Manager deployment successfully completes. 

##<a id='resize'></a> Step 5: Resize Ops Manager VM Disk (Required)

The default OS disk size is too small for deploying PCF. Perform the following steps to increase the size of the OS disk of the Ops Manager VM:

1. Stop and deallocate the Ops Manager VM before resizing:
    <pre class="terminal">$ azure vm deallocate --resource-group $RESOURCE\_GROUP --name ops-manager</pre>

1. Increase the size of the OS disk of the Ops Manager VM to 120 GB:
    <pre class="terminal">$ azure vm set --resource-group $RESOURCE\_GROUP --name ops-manager --new-os-disk-size 120</pre>

1. Start the Ops Manager VM:
    <pre class="terminal">$ azure vm start --resource-group $RESOURCE\_GROUP --name ops-manager</pre>

1. SSH into the Ops Manager VM, replacing `YOUR-OPS-MAN-IP` with the public IP address of Ops Manager that you recorded in a previous step:
    <pre class="terminal">$ ssh -i opsman YOUR-OPS-MAN-IP</pre>
    If the private key you generated is not `opsman`, provide the correct filename instead.

1. From the Ops Manager VM, use `df` to confirm that the OS disk has been resized:
    <pre class="terminal">
    $ df -h
     Filesystem      Size  Used Avail Use% Mounted on
     udev            1.7G     0  1.7G   0% /dev
     tmpfs           344M  5.0M  340M   2% /run
     /dev/sda1        119G  1.3G   48G   3% /
    </pre>

##<a id='post-deploy'></a> Step 6: Complete Ops Manager Director Configuration

1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) to the public IP address of Ops Manager. As a best practice, always use the FQDN to access Ops Manager.

1. Continue to the [Configuring Ops Manager Director on Azure](azure-om-config.html) topic.