Version: 1.3.14

Azure Setup

Follow this process to install an Azure VM with Cortex Certifai Pro running on it. Cortex Certifai Pro is a single-user server version of Certifai, available from the Azure Marketplace.

Azure Marketplace Setup

  1. Go to the Azure Marketplace, search for, and select Cortex Certifai.

  2. In the left panel of the Cortex Certifai information page click GET IT NOW.

    Azure Marketplace 1

  3. Accept the terms and conditions of the Azure portal by clicking CONTINUE.

    Azure Marketplace 2

  4. At the top of the Cortex Certifai page in the Azure portal click CREATE.

    Azure Marketplace 3

  5. Create a virtual machine by completing the Basics configuration as follows:

    • a. Select your subscription.
    • b. Select a resource group or click Create new and enter a name for your resource group and save it.
    • c. Provide virtual machine name
    • d. Select a region.
    • e. Select the image "CognitiveScale Cortex Certifai Pro Edition"
    • f. Select a size that is 4 or more vcpus (fewer is not recommended).
    • g. Select an authentication type.
    • h. Click NEXT.

    Azure Marketplace 4

  6. On the Disks tab make no changes and click NEXT.

    Azure Marketplace 5

  7. On the Networking tab select a virtual network or create one. This is the endpoint where your models are deployed so Certifai can access them. Click NEXT.

    Azure Marketplace 6

  8. On the Management tab make selections or leave as is and click NEXT.

    Azure Marketplace 7

  9. Leave the Advanced tab config as is and click REVIEW AND CREATE.

    Azure Marketplace 8

  10. Validate your settings and click CREATE.

Azure Storage Account Setup

  1. Click Microsoft Azure at the top left to go to the home screen.

  2. Click Storage Accounts (or search for Storage Accounts)

    Azure Storage link

  3. Click + Add in the top bar at the far left to create a storage account.

    Azure Storage accounts

  4. Complete the Basics as follows:

    • Subscription: Select a subscription to apply the storage account to.
    • Resource group: Select an existing resource group or create a new one.
    • Storage account name: Enter a storage account name (no caps, spaces, or special characters)
    • Location: Select a storage location
    • Performance: Select Standard
    • Account kind: Select BlobStorage
    • Replication: Select RA-GRS
    • Access tier (default): Select Hot
  5. Click Review + Create at the bottom left.

    Create Azure Storage Container

  6. A message is displayed that states Validation passed. At the bottom left click Create.

    Create Azure Storage Account

  7. When the deployment is complete click Go to resource.

    Validate Azure Storage Account

  8. Click Storage Explorer (preview) in the left navigation panel. An empty blob containers list is displayed.

  9. Right click Blob Containers in the middle panel and select Create Blob Container.

  10. Complete the dialog in the panel on the right as follows:

  • Name: Enter a name for the blob container
  • Public Access level: Select Private
  1. Click Create at the bottom of the panel.

    Create Azure Storage Container

Certifai Console storage setup

To complete the configuration and login to the Certifai Console you will need to obtain four pieces of information from the Azure portal.

From your Azure virtual machine home, you will need:

  • Blob Container Name: enter this as the Scan Directory name in the Certifai storage setup.

  • Public IP address of your Certifai VM: enter this into a browser to bring up your Certifai Console following provisioning

  • Virtual Machine Name: you entered during provisioning.

    Azure marketplace Certifai VM setup

From your Azure blob storage Access Keys page, to configure your reports storage from the Console storage configuration page, you will need:

  • Storage Name : This is the name of your Azure Storage Account
  • Key 1 - Key : Access Key for this Azure Storage Account
  • Storage Container Name: The name of the Storage Container in this Storage Account (any permission level).

Please ensure that you have:

  • A Storage Account with the supplied Storage Name.
  • A key for this account that has read-write access to the account.
  • A Storage Container created whose name is entered in the Scan Directory field below, which uses a location (Container) in blob storage where your Certifai scan reports are stored in Azure, and the Console reads them from. Make note of this name; it is required to configure your storage in Certifai Console.

Azure marketplace blob storage Access Keys

  1. Enter https://<Public IP address> into a browser window to open the Certifai Console login page. (Chrome is the recommended browser)

    Console login 1

  2. On the initial Certifai Console Login page enter your VM Name and click SUBMIT.

    Console login 2

  3. The "Set Password" page is displayed. You cannot proceed without setting a new password. Enter a strong password in the New Password field. Enter the same password into the Confirm Password field. Then click SUBMIT.

    (We recommended 8 or more characters with one of each of the following: lowercase letter, uppercase letter, number, special character, no spaces)

    Console login 3

  4. You are redirected back to the login page where you must enter your new password for the "certifai" user and click SUBMIT. (NOTE: Do not change the username.)

  5. A Storage configuration page opens in Certifai Console with a warning displayed at the top. This is expected.

    • a. Create and enter your Blob storage container name in the Scan Directory Name field. This creates a location (Container) in blob storage where your Certifai scan reports are stored in Azure, and where the Console reads them from. Make note of this name; it is required to run remote scans.

    • b. From the Azure Blob Storage Access Keys page in the Azure portal copy the value in the field Key 1 into the Console field labeled Account Key.

    • c. From the Azure Blob Storage Access Keys page in the Azure portal copy the value in the field Storage Name into the Console field labeled Account Name.

    • d. If you want to install the sample scan reports available by default with Certifai, leave Install Sample Reports checked. If you uncheck it the sample reports will not be installed.

    • e. In order to run remote scan jobs, leave Download Kubernetes File checked. Uncheck only if you do not need this functionality. When this option is checked the certifai-kubeconfig.json file is automatically download to your local drive.

    • f. Click SUBMIT

      Certifai Console Blob Storage Configuration

  6. Bookmark the IP address/URL. This will be where you access Certifai Console. Each time you return you must login to view sample scan reports or your own scan job results.

To learn more about navigating through the Console click here.

To learn more about the reports that are visualized in the Certifai Console click here.

Disable the "Forgot Password" link option

For improved security Certifai Pro users may want to disable the "Forgot Password" link on the Login page. This precaution prevents other people from your organization from using your account by changing the password.

  1. Go to the Login page.
  2. Check the DISABLE FORGOT PASSWORD checkbox.
  3. Accept the verification message.
  4. Click SUBMIT.

When you return to the Login page, the "Forgot Password" link is no longer displayed.

Next steps

  1. Click the help icon at the top right to expose the right menu.

  2. Download and install the Toolkit.

  3. Run scan jobs in the Azure Cloud and view result visualizations in the remote Console.