/
Before you begin with Kyvos on Azure Marketplace

Before you begin with Kyvos on Azure Marketplace

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

Before you start the automated installation of the Kyvos application on Azure, ensure that you have the following information.

Basic Configurations

To install Kyvos in your Azure environment, you must have an Azure account with an active subscription. 

Permissions 

Kyvos can be deployed from the Azure Marketplace using an existing or new resource group.

Important

  • To deploy Kyvos, you must have the required  permissions, as explained below. To obtain these permissions, contact your Azure Administrator. 

  • To verify your access, refer to Microsoft documentation. 

  • To verify access for a user to Azure resources, refer to Microsoft documentation. 

  • If you have an Owner/Contributor/Managed Application Contributor Role at the subscription level, you can skip the prerequisites for both new and existing resource groups.

  • Deploying Kyvos in a new Resource Group

  • Deploying Kyvos using the existing Resource Group 

    1. The Owner role must be assigned to the user on the Resource Group in which Kyvos is being created. 

    2. The custom role must be assigned to the user at the subscription level. Contact your administrator to create or share the name of the custom role.  

Quota

Certain quotas need to be checked for availability before deploying the Kyvos application. 

The required quota depends on the instance type, the number of Query Engines, and High Availability configurations (BI Server and Kyvos Web Portal). Refer to the following example for more details.

  • If you enable High Availability with Standard_D16s_v4 VM Size for BI Server Instance, you must ensure that a total of 40 Standard Dsv4 Family vCPUs Quota is available (2 VMs * 16 vCPUs for BI servers and 2 VMs* 4 vCPUs for Web Portal instance)

  • If you select a Standard_E16ds_v4 VM Size for the Query Engine server instance and set the instance count to 5, then you must ensure that a total of 80 Standard EdSv4 Family vCPUs Quota is available (5 VMs* 16 vCPUs)

If you already have the required quota limit to deploy Kyvos resources, you can skip increasing the quota limit. To learn about how to check quotas, refer to Microsoft view quotas documentation

If you require to increase the quota limit to deploy Kyvos resources, refer to the Microsoft quota increase documentation to learn about how to request a quota increase in the Azure portal.   

Register Microsoft Resource Providers at the Subscription Level 

To deploy Kyvos, ensure that the following Microsoft Resource Providers are registered at the subscription level.

To learn about how to verify and register Resource Provider, see the Verifying and Registering Microsoft Providers section. 

Important

If you are unable to register Microsoft Resource Providers, contact your Azure Account Administrator to do so. 

Microsoft Resource Providers

  • Microsoft.Storage 

  • Microsoft.Compute

  • Microsoft.ManagedIdentity

  • Microsoft.Network

  • Microsoft.KeyVault

  • Microsoft.insights

  • Microsoft.Web

  • Microsoft.Databricks

Network Configurations 

For existing virtual network, you must have the following permissions on the existing network:

Note

This is not required if you are creating network resources using the Kyvos provided template.

  • Network/virtualNetworks/subnets/read

  • Network/virtualNetworks/read

  • Network/virtualNetworks/subnets/joinViaServiceEndpoint/action

  • Network/virtualNetworks/subnets/write

  • Network/virtualNetworks/subnets/join/action

OR

The Network Contributor role must be assigned to the user. See the Configuring Roles for Deployment User section for details on creating and assigning roles.

Prerequisites

  1.  Two subnets must be available for the deployment of Kyvos. These subnets must be within the required CIDR Range for the deployment of Kyvos Azure Marketplace:

    1. Subnet for Kyvos Instances: /16 to /26

    2. Subnet for Application Gateway: /16 to /27

  2. No subnet delegations attached to any of the subnets.

  3. Service Endpoints are required on the Subnet for Kyvos Instances:

    1. Azure Storage (Microsoft.Storage): This model secures and controls the level of access to your storage accounts so that only applications requesting data over the specified set of networks or through the specified set of Azure resources, can access a storage account.

    2. Azure Key Vault (Microsoft.KeyVault): The virtual network service endpoints for Azure Key Vault allow you to restrict access to a specified virtual network and a list of IPv4 (Internet Protocol version 4) address ranges.

    3. Azure App Service (Microsoft.Web): By setting up access restrictions, you can create a priority-ordered allow/deny list to control network access to your application.

Databricks Configurations

The Kyvos application requires a Databricks cluster for processing semantic models and data profiling jobs.

Copyright Kyvos, Inc. 2025. All rights reserved.