You will need to have a few things ready before you can start creating projects and adding resources.
You will only have to set these steps once and you can then use them for multiple projects.
Step | Description | Related Documentation |
---|---|---|
Step 1: Setup an Agent | An agent will be used to connect to your resources. | Here is a link to learn more about the agent. |
Step 2: Add users (Optional) | These roles will give permissions to your selected users. You can select which users can create projects and which can see read-only resources. | Find more information about user application roles here. |
Step 3: Create a Cost Center | This will help organize your spending. | Read more about cost centers. |
Step 4: Create an Account | This will be the link to your Azure account, region and subscription | Learn about accounts here. |
Step 5: Create Affiliations | Affiliations are used to categorize your projects. | Learn more about affiliations here. |
Step 6: Create your Project | A project will contain its resources and keep track of its budget. | Read about projects here. |
Step 7: Add a Data Repository (Optional) | You can choose the storage size you want to be available in a Data Repository and you can then upload data. | Find out more about data repositories here. |
Step 8: Create a Workstation Template (Optional) | Create a workstation template that users can choose from when creating a workstation. | You can read more about workstation templates here. |
Step 9: Add a Workstation (Optional) | A workstation will be specific to this project and can be enabled and disabled. | Learn more about workstations here. |
The following sections will show you how to complete each step needed to start your project.
See our application roles page to learn which roles have permission to take the following actions.
Follow the instructions below to add an agent. You will have to download and run the Loome agent installer for your platform of Windows, Linux or Azure Container instances.
Follow this link to learn more about installing an agent.
Find the application role page from the top right settings menu, as shown in the image below.
Beside the role that you would like to add a user to, click on Add in the top right corner of that role and a slide-out will be expanded.
In this slide-out, type in the email address of the user and then click Add.
Click on Invite and this user will now be able to log in as this role.
You can click on this link to learn more about application roles.
To add a cost center, click on New Cost Center at the top right of the page.
Type in a name that will help easily identify this cost center.
Save and create by clicking on Create.
Find more information about cost centers here.
Click on New Account at the top right of the page to add an account.
Provide a name that will easily identify this account.
Then add a description. Here you can write a summary about this account.
The third step on this page is to select a cost center for this account.
Select your agent from this dropdown list. This agent will manage your resources in Azure.
You must ensure that managed identity and ‘Contributor’ permissions have been granted for this agent in the Azure subscription you wish to use in Loome Assist. Learn more about agents here.
Select the Azure subscription that you want to map to this account for spending, budgeting and alerting.
Once you select your subscription, the available regions will display in the next dropdown.
Specify the regional location where the resources for this account will be deployed.
Next you will have to select the budget specifications that will apply to all projects that use this account.
First, set whether users can choose a project’s budget from your selected maximum and minimum, or whether you want to provide users with an unlimited budget.
If you choose an unlimited budget, you can move onto the next step.
If you choose to set a maximum and minimum, you will next have to complete the next few options.
The default budget set here will define the minimum and maximum values that can be set for each project.
Provide the minimum and maximum amount.
Next, you can select the users that will be notified if a project passes an alert threshold.
Your account will be added here by default.
If any project that uses this account passes an alert threshold you have set here, all users you have added to this field will be notified with an email every four hours. These users cannot be deleted from the list of alert recipients in a project that uses this account by its project creator.
First add the email address of your selected recipient and then click on Add beside this field.
If you would like to add multiple email addresses at once, separate them by a semi-colon as shown in the image above.
You can see that each email address has been added in the following image.
Next you can choose the alert threshold, which is the percentage of the budget that needs to be met, that will cause an email to be sent to your selected recipients above.
Add in the percentage of the budget that when reached will send an email to your selected recipients.
Once you have added your alert thresholds, click on Next at the bottom right.
On this page, you can choose which users can create a project using this account. This account will be visible only to the users you add here. Please note that administrators have the ability to see all accounts.
You can choose to enable a Secure VNET when creating an account that will connect all resources that are deployed using this account.
Important: Resources that are connected to the secure VNET will not have access to the internet. You must configure a VPN, jump box, or similarly secure connection to the VNET so that users can access those resources.
Once enabled, you can specify which VNET, selected from the dropdown, will be used for this account.
Please note that the selected VNET and address space cannot be changed once you have created the account.
You will then need to provide an address space for this account in the selected VNET.
Provide the maximum number of virtual machines created per project for the projects that use this account.
You also have the option to select a default gateway.
Provide the address of the gateway or proxy server that will route communication to and from the VNET.
If you leave this field blank, virtual machines will be able to make direct outbound requests to the internet.
Network Security Group Rules are the rules for network security groups of VNETs deployed with this account. They can be inbound or outbound, and Loome has default inbound security rules for an enabled Secure VNET.
You can configure new rules for network security groups of VNETs deployed with this account, or you can use the default rules below.
If you choose to add a new security rule, click on ‘Add’ at the top right corner of this section. It will expand a slideout where you can provide the specifications to your rule.
Please note that rules will be processed in the order of priority. Rules with a lower number will be processed first. When selecting a port for the source or destination, please also note that you can choose a single port, a range, or an asterisk ‘*‘, which will allow traffic on any port.
You can choose to set up scripts and notifications that will run when a virtual machine is created, deleted, or started, or when a project role is modified, in a project that uses this account.
These scripts can be an action you would like completed when one of the above scenarios occur.
Once you select the checkbox to enable a script, you can provide your script and add tokens. These tokens will be replaced with details from the project and virtual machine, and run on the account agent.
The notifications will be sent as an email to your selected email addresses, if you have enabled notifications for one of the above scenarios.
Once you have selected this checkbox, you can add the email addresses you would like notified when one of the scenarios above occur.
Make sure you click on Add beside the email field, once you have typed in an email address to save this email. You can provide multiple email addresses by using a semi-colon, e.g., Example1@bizdata.com.au; Example2@bizdata.com.au; Example3@bizdata.com.au.
As an administrator, you can configure remote connections for Virtual Machines within Loome Assist. If you enable a Secure VNET for an account, you will also need to configure your remote desktop settings to enable users to connect.
In this next window, you can choose whether your remote connection for this account will be direct, a web based gateway or a client based gateway.
If you choose a direct remote connection, it is selected by default, you can proceed to the next step.
If you choose a web based gateway, you will need to provide the Web URL.
In workstations of projects that use this account, the user can open a new tab to this URL, rather than downloading the RDP or a SSH login.
If you choose to use a client based gateway, you need to provide a Windows remote desktop gateway address and a Linux SSH jumphost.
In Windows, this will provide a RDP that users can download when connecting to a workstation in a project that uses this account.
In Linux, the user will see SSH details in your workstation, but Loome will inject the gateway.
You also have the ability to specify proxy settings for virtual machines that are created in Loome Assist for projects that use this account.
You can enable a secure proxy by selecting the checkbox. By default, this is not enabled.
You can then choose to use a proxy server, an automatic configuration script, or you can use both. If you select both, tick the two checkboxes and provide the details in the next few steps.
For a proxy server, you need to provide an IP address or proxy server address and a port.
In Windows, you can also choose to use an automatic configuration script.
You will need to provide a web URL to the configuration script.
This script will only work in Windows and will not have any effect on Linux.
You can then review each selection made for this account on this final review page.
Once you have confirmed these choices, you can click on Create to save this account.
Learn about more accounts using this link.
To create an affiliation, find ‘Affiliations’ in the top-right settings dropdown.
On this page, click on Add Affiliation at the top-right.
Type in the name of the affiliation you would like to create.
Click on Create to save and it will be ready to use in a project.
You can learn more about affiliations in our guide here.
You can create a project from both the action slideout on the right, or you can use the ‘Add Project’ button in the left-hand slideout.
Provide a name that will easily identify this project.
You can also add a description to provide further information about this project.
Next choose an affiliation.
On this next page, you can choose the data classification level, which will direct how data in your project is managed behind the scenes.
You can choose from:
Data Classification Level | Description |
---|---|
Restricted | Confidential information requiring the highest level of security and privacy protection. |
Internal | Confidential information that can be shared within the organization on a need to know basis. |
Public | Information may be published and shared freely. |
Then we can select the account that will be used for this project. This account will link your project to your Azure subscription and region so that any spending will be through this account.
After you have selected an account you will have the option to add collaboration tools and document libraries.
If you would like to add collaboration tools, select ‘Yes’.
If an administrator has set the collaboration settings to ‘No Collaboration’ you will not have this option to add collaboration tools and document libraries. Please contact your administrator to discuss your settings if you would like to use collaboration tools.
Loome will then check that the account agent has been configured to manage Microsoft Teams.
You can then choose the total spending budget for this project. You can also set alerts by selecting a percentage of the budget and Loome will send you an alert when that percentage has been reached.
Type in your budget in the Total Budget field.
The maximum budget that you can choose is dependent on your previously selected account.
Then select your Alert Recipients. These recipients are the people that should be notified if the project passes your selected budget.
When your budget spend reaches the alert percentage, Loome will send an email to these users.
Your account may have pre-selected email addresses that have been automatically added to this field. These have been added by the account creator as required alert recipients and cannot be removed.
You can then add Alerts. These are the percentages that when met will trigger an alert to be sent to the users you have selected above.
In the image below, you can see that there has been pre-set alert thresholds. These have been selected by the account creator and cannot be deleted. When the budget has been spent and reaches the selected percentage, for example at 50% therefore $5000 in the image below, an email will be sent to all recipients.
The blue icon highlighted in the image below displays which values have been provided by the account.
The next step is choosing the other members of this project and their roles. These users will be able to find this project when they log in on their home page. This project will be hidden from all other users except administrators (administrators can see all projects).
The person who created this project will automatically be added as the project owner. You cannot delete your own email from this role.
When you add members to this project, you can choose from these project specific roles:
Project Level Role | Description |
---|---|
Project Owners | A project owner can deploy and use resources, and manages that specific project. |
Project Contributors | This user can deploy and use resources, but cannot add other users to a project. |
Project Readers | Users with this role can use resources, but cannot deploy them or make changes to a project. |
These roles won’t allow these users access to any other projects except the project you have added them to.
If you add an email address that has not been added to your Loome Assist tenant before, this user will be added to the ‘Consumer’ role for your Loome Assist tenant. Learn more about application roles here.
To add a user to a role, type in their email address into your selected role. If you are adding more than one email address, you can separate them with a semi-colon, and then click on add.
Once you complete these fields, you can click Create in the bottom right corner to save this project.
You can then view this project on the ‘My Projects’ page. On each project card you can view the description and spend.
You can read about creating projects in our guide here.
In the project you would like to add this data repository to, find the option to add a data repository in the right action slide-out. If you do not have any other resources in a project, you will also be able to add a data repository using the button in the center of the page.
Provide a name so that you can easily identify this data repository.
Select your quota. This is the amount of storage that you want to enable.
You can change this value by dragging the slider left and right. You can view the amount of TB from the display on the right of the slider.
You can then review this data repository and click Create to save.
You can then view this added data repository in your project.
Find out more about data repositories here.
IMPORTANT: Ensure that you select VM sizes for which the Azure subscription that you are using has sufficient VM cores quota for the family of Azure VM that you want to deploy as a workstation, and that the quota is assigned to the Azure region where you will be deploying. For more information, see more here. To request VM cores quota, learn more here.
Find workstation templates from the top right menu.
Here you can create a template using New Workstation Template at the top-right corner.
Provide a name and description that will help you easily identify this template later on.
Then select an agent. It will be used to retrieve available VM sizes and images.
Once you have selected an agent, it will ask you to specify the regional location.
Next, choose VM sizes. Users who use this template will be able to choose from your selected VM sizes.
You can filter the VM sizes by name using the filter at the top of the ‘Available’ section.
Select the VM sizes that you want to make available to users, and your selection will be highlighted.
Click on the button with the right arrow to confirm your selection.
Once selected, it will be in the ‘Selected’ section on the right.
If you decide to change your selection, you can deselect it by moving it back to ‘Available’ using the button with the left arrow.
Next, you can select any public images you would like to be available for users creating a workstation.
You can choose more than one image if you would like multiple options.
Choose the images you would like to select and then click on the right arrow button.
You can deselect an image by selecting it and clicking the left arrow button.
Next, you have the option to choose private images. You can follow the same process above to select an image.
If there are no private images or you would not like to choose one, you can skip to the next step.
If you would like to use Shared Image Galleries for private images, learn more here.
Confirm your choices, click Create and this template can be used to create workstations.
IMPORTANT: Before attempting to deploy a workstation, verify that the Azure subscription that you are using has sufficient VM cores quota for the family of Azure VM that you want to deploy as a workstation, and that the quota is assigned to the Azure region where you will be deploying. For more information, learn more here. To request VM cores quota, see here.
Find Add Workstation in the right action slide-out of your selected project. If you do not have any other resources in a project, you will also be able to add a workstation using the button in the center of the page.
First, provide a name so you can easily identify this workstation later.
Then select a template from the dropdown below. Machine size and workstation image will be populated depending on your selected template.
Next create a username and password to connect to this workstation.
You will need a password with a minimum of 12 characters. It must also include at least one uppercase character, one lowercase character, one number and special character.
You can choose to select a data repository and it will be available in this workstation as a local drive. You can choose to skip this step and select next if you would not like provide a data repository.
Or you can select a data repository as shown in the image below.
Then you can review all settings for this workstation and click Create to save this workstation.
Learn more about workstations here.
IMPORTANT: If you see an error message stating that the operation could not be completed as it results in exceeding approved cores quota, verify that the Azure subscription that you are using has sufficient VM cores quota for the family of Azure VM that you want to deploy as a workstation, and that the quota is assigned to the Azure region where you will be deploying. For more information, learn more here. To request VM cores quota, see here..
When you have first added a workstation, it will automatically be enabled. The green icon will indicate that it is online.
To start an existing workstation, you can find the ‘Start’ button on the workstation card.
Once enabled, you can connect to this workstation using the ‘Connect’ button on the workstation card, and you can copy the IP address to connect to the workstation or you can download an RDP file.
You can view the details of your workstation using the Manage button on the workstation card.
You can find the Stop button on the workstation card to deallocate your workstation.
It will flash red as it deallocates the workstation.
Once it has completed, you will see the pause symbol in the red icon.