An Astra private Azure cloud can be deployed via an Azure Bicep Template and resides in a dedicated Azure Subscription or Resource Group. The following diagram shows the deployed resources and their relations.
Astra Resource and Flow Diagram
Resources:
CosmosDB is the database that holds all the data in Astra.
Storage holds all the large data objects such as screenshots.
Function does the compute intensive machine learning operations without impacting the Browser session performance.
KeyVault stores all the recorded passwords.
Insights holds all the logs of the resources.
VM host the Astra web app in ISS, browsers and Selenium web drivers.
Installation checklist:
Provide access to a dedicated Azure subscription
Provide a dedicated Resource Group, Network Security Group and VNet with on-premise integration
Deploy the Azure template provided by your LogicFlow deployment expert
Firewall configuration for the users to access the VM and for the VM to access the systems under test
Check an Astra recording/replay
[Optional] Configure an SSL certificate and DNS entry for the private Astra VM
Remark: Depending on context, the customer Azure Subscription and the customer network can be the same entities. Furthermore, depending on security needs, the system under test and the Astra user don’t necessarily need to be in the same network.
The creation of all the necessary resources, as well as their connections to each other, is managed by a standardized Azure Resource Manager Bicep template. For the private cloud deployment, the setup is done with the following template, which allows various end point configuration options:
the default setting "Service Endpoint", which secures traffic analogously to a firewall setup and restricts routing through the Azure Backbone only and is the recommended option according to Azure, or
"Private Endpoint", which restricts traffic between components to a given virtual network.
Azure Resource Manager Template which will create all necessary resources for a Private Azure Cloud deployment
Hybrid On-Premise & Azure Cloud Deployment
Alternatively to the full Cloud deployment, it is possible to perform a hybrid deployment where a custom Windows Server VM is provided on-premise. This can facilitate the access of Astra to the system under test.
Hybrid Astra Deployment
Additional installation steps
Whitelist the access to the Azure Cloud components in the Company Firewall
Collect the outgoing IP address (or possible outgoing IP adrdress range) of the VM hosting the Astra App
Create a custom App registration with a client secret, and collect the client secret, object ID, and client ID. This is required to authenticate the Astra App to the key vault.
The corresponding Azure Resource Manager Bicep template will then have the following options:
Azure Resource Manager template for the creation of a hybrid on-premise/Azure cloud deployment.
The object ID of the service principal is indicated in the "Custom App Id" field of the template, whereas the client ID will be indicated when configuring the IIS website hosting the Astra App.
Deployment With STEP
Astra can export executions as STEP keywords. These keywords can be run on STEP agents and the execution result can be analyzed in Astra.
Astra Deployment in Combination with exense STEP
Additional installation steps:
Provide a STEP user for Astra
Configure the firewall for Astra to access the STEP controller
Configure the firewall for the STEP agents to access the Astra VM
Configure the STEP Agent driver paths for Astra Keywords
Configure Astra with the STEP Controller URL and Credentials
Check that the keyword export and run works
For cases such as this, more advanced templates are available which allow customized, in-detail setup:
Detailed Azure Resource Manager Bicep templates which allows custom resource names and STEP setup
