Creating external resources for Kyvos on Azure

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)

You can create the Kyvos resources externally on Azure. For this, perform the steps mentioned in the sections below.

Kyvos Manager Node

To create the Kyvos Manager node, perform the following steps.

1. Go to Azure Portal.

2. Click create a virtual machine.

3. Select the Subscription and Resource Group that you want to use.

4. Provide the Virtual Machine name.

5. From the Image drop-down, choose the supported RHEL version from the list.

   • Red Hat Enterprise Linux 8.6 - Gen 2 option (recommended).

   • Red Hat Enterprise Linux 9.4 - Gen 2

   • Red Hat Enterprise Linux 7.8 - Gen 1

6. Change the Username to adminuser

7. In SSH public key source, use the existing public key and put its value, and click Next.

8. Create and attach a disk for the Kyvos Manager node and click Next.

9. Choose Virtual Network, Subnet, and Public IP (if needed).

10. In NIC network Security Group, click Advance and then select a Security Group. Click Next.

11. Add tags (optional).

12. Click Review and Create.

13. Next, perform the steps mentioned here.

14. Switch to Deployment user, then go to /data/kyvos/installs location and run the following commands after entering the required values:

    export CLIENT_SECRET={Enter client secret here}

    export AZCOPY_SPA_CLIENT_SECRET=$CLIENT_SECRET && bin/azcopy login --service-principal --application-id (application-id) --tenant-id (tenant-id) && bin/azcopy copy https://kyvossetupbucket.blob.core.windows.net/thirdparty/(release_version)/prereq/kyvosprereq.tar.gz /data/kyvos/installs/

    tar -xzvf kyvosprereq.tar.gz

    rm -rf kyvosprereq.tar.gz jre/
    Note: The release_version should be the release version. For example, 2025.8

15. Run the following command with the root user.

    keyctl new_session && /data/kyvos/installs/bin/azcopy copy
    https://kyvossetupbucket.blob.core.windows.net/thirdparty/(release_version)/fontconfig/fontconfig-2.13.0-4.3.el7.x86_64.rpm /tmp/
    echo yes | yum localinstall /tmp/fontconfig*.rpm

16. Switch to the Deployment user, then go to /data/kyvos/installs location and run the following commands after entering the required values:

    The name of the KyvosBundle is
    export AZCOPY_SPA_CLIENT_SECRET=$CLIENT_SECRET && /data/kyvos/installs/bin/azcopy login --service-principal --application-id (application-id) --tenant-id (tenant-id) && /data/kyvos/installs/bin/azcopy list <https://kyvossetupbucket.blob.core.windows.net/kyvossetup/(release_version)/latest/>

    KyvosBundleName is
    echo $KyvosBundleName | grep -oP 'Kyvos[^[:blank:]]*' | awk -F '.tar.gz' '{print $1".tar.gz"}' | head -1

    export AZCOPY_SPA_CLIENT_SECRET=$CLIENT_SECRET && /data/kyvos/installs/bin/azcopy login --service-principal --application-id (application-id) --tenant-id (tenant-id) && /data/kyvos/installs/bin/azcopy copy https://kyvossetupbucket.blob.core.windows.net/kyvossetup/(release_version)latest/$KyvosBundleName /data/kyvos/installs/

    tar -xzvf $KyvosBundleName
    rm -rf $KyvosBundleName

17. Run the below command with the root user. Replace $user with the the deployment user name.

    chown -R $user:$user /data/kyvos/
    Switch to $user and run the following command:
    cd /data/kyvos/installs/kyvosmanager_war/kyvosmanager/bin
    ./start-km.sh

Kyvos Web Portal, BI Server, Query Engine Nodes, and Dedicated Compute Cluster

1. Go to Azure Portal. 

2. Click On create a virtual machine.

3. Select Subscription, Resource Group, and provide the Virtual Machine name.

4. Orchestration mode for Query Engine and dedicated compute cluster must be Uniform only. See the Working with dedicated compute cluster for more information.

5. From the Image drop-down, choose the supported RHEL version from the list.

   • Red Hat Enterprise Linux 8.6 - Gen 2 option (recommended).

   • Red Hat Enterprise Linux 9.4 - Gen 2

   • Red Hat Enterprise Linux 7.8 - Gen 1

6. Change the Username to adminuser

7. In SSH public key source, use existing public key and put its value, and click Next.

8. Create and attach a disk for BI/QE Installation and click Next.

9. Choose Virtual Network, Subnet, and Public IP (if needed).

10. In NIC network Security Group, click Advance and then select a Security Group.

11. Click Next.

12. Add tags and click Review and Create.

13. Next, perform the steps mentioned here.