Skip to content

Latest commit

 

History

History
232 lines (138 loc) · 10.2 KB

README.md

File metadata and controls

232 lines (138 loc) · 10.2 KB
Raw

Deploying Chat Copilot

This document details how to deploy Chat Copilot's required resources to your Azure subscription.

Things to know

  • Access to Azure OpenAI is currently limited as we navigate high demand, upcoming product improvements, and Microsoft’s commitment to responsible AI. For more details and information on applying for access, go here. For regional availability of Azure OpenAI, see the availability map.

  • With the limited availability of Azure OpenAI, consider sharing an Azure OpenAI instance across multiple resources.

  • F1 and D1 SKUs for the App Service Plans are not currently supported for this deployment in order to support private networking.

  • Chat Copilot deployments use Azure Active Directory for authentication. All endpoints (except /healthz and /authInfo) require authentication to access.

Configure your environment

Before you get started, make sure you have the following requirements in place:

  • Azure AD Tenant
  • Azure CLI (i.e., az) (if you already installed Azure CLI, make sure to update your installation to the latest version)
  • (Linux only) zip can be installed by running "sudo apt install zip"

App registrations (identity)

You will need two Azure Active Directory (AAD) application registrations -- one for the frontend web app and one for the backend API.

For details on creating an application registration, go here.

NOTE: Other account types can be used to allow multitenant and personal Microsoft accounts to use your application if you desire. Doing so may result in more users and therefore higher costs.

Frontend app registration

  • Select Single-page application (SPA) as platform type, and set the redirect URI to http://localhost:3000
  • Select Accounts in this organizational directory only ({YOUR TENANT} only - Single tenant) as supported account types.
  • Make a note of the Application (client) ID from the Azure Portal for use in the Deploy Frontend step below.

Backend app registration

  • Do not set a redirect URI
  • Select Accounts in this organizational directory only ({YOUR TENANT} only - Single tenant) as supported account types.
  • Make a note of the Application (client) ID from the Azure Portal for use in the Deploy Azure infrastructure step below.

Linking the frontend to the backend

  1. Expose an API within the backend app registration

    1. Select Expose an API from the menu

    2. Add an Application ID URI

      1. This will generate an api:// URI

      2. Click Save to store the generated URI

    3. Add a scope for access_as_user

      1. Click Add scope

      2. Set Scope name to access_as_user

      3. Set Who can consent to Admins and users

      4. Set Admin consent display name and User consent display name to Access Chat Copilot as a user

      5. Set Admin consent description and User consent description to Allows the accesses to the Chat Copilot web API as a user

    4. Add the web app frontend as an authorized client application

      1. Click Add a client application

      2. For Client ID, enter the frontend's application (client) ID

      3. Check the checkbox under Authorized scopes

      4. Click Add application

  2. Add permissions to web app frontend to access web api as user

    1. Open app registration for web app frontend

    2. Go to API Permissions

    3. Click Add a permission

    4. Select the tab APIs my organization uses

    5. Choose the app registration representing the web api backend

    6. Select permissions access_as_user

    7. Click Add permissions

Deploy Azure Infrastructure

The examples below assume you are using an existing Azure OpenAI resource. See the notes following each command for using OpenAI or creating a new Azure OpenAI resource.

PowerShell

./deploy-azure.ps1 -Subscription {YOUR_SUBSCRIPTION_ID} -DeploymentName {YOUR_DEPLOYMENT_NAME} -AIService {AzureOpenAI or OpenAI} -AIApiKey {YOUR_AI_KEY} -AIEndpoint {YOUR_AZURE_OPENAI_ENDPOINT} -BackendClientId {YOUR_BACKEND_APPLICATION_ID} -FrontendClientId {YOUR_FRONTEND_APPLICATION_ID} -TenantId {YOUR_TENANT_ID}
  • To use an existing Azure OpenAI resource, set -AIService to AzureOpenAI and include -AIApiKey and -AIEndpoint.
  • To deploy a new Azure OpenAI resource, set -AIService to AzureOpenAI and omit -AIApiKey and -AIEndpoint.
  • To use an an OpenAI account, set -AIService to OpenAI and include -AIApiKey.

Bash

chmod +x ./deploy-azure.sh
./deploy-azure.sh --subscription {YOUR_SUBSCRIPTION_ID} --deployment-name {YOUR_DEPLOYMENT_NAME} --ai-service {AzureOpenAI or OpenAI} --ai-service-key {YOUR_AI_KEY} --ai-endpoint {YOUR_AZURE_OPENAI_ENDPOINT} --client-id {YOUR_BACKEND_APPLICATION_ID} --frontend-client-id {YOUR_FRONTEND_APPLICATION_ID} --tenant-id {YOUR_TENANT_ID}
  • To use an existing Azure OpenAI resource, set --ai-service to AzureOpenAI and include --ai-service-key and --ai-endpoint.
  • To deploy a new Azure OpenAI resource, set --ai-service to AzureOpenAI and omit --ai-service-key and --ai-endpoint.
  • To use an an OpenAI account, set --ai-service to OpenAI and include --ai-service-key.

Azure Portal

You can also deploy the infrastructure directly from the Azure Portal by clicking the button below:

Deploy to Azure

This will automatically deploy the most recent release of Chat Copilot binaries (link).

To find the deployment name when using Deploy to Azure, look for a deployment in your resource group that starts with Microsoft.Template.

Deploy Application

To deploy the application, first package it, then deploy it to the Azure resources created above.

PowerShell

./package-webapi.ps1

./deploy-webapi.ps1 -Subscription {YOUR_SUBSCRIPTION_ID} -ResourceGroupName {YOUR_RESOURCE_GROUP_NAME} -DeploymentName {YOUR_DEPLOYMENT_NAME}

Bash

chmod +x ./package-webapi.sh
./package-webapi.sh

chmod +x ./deploy-webapi.sh
./deploy-webapi.sh --subscription {YOUR_SUBSCRIPTION_ID} --resource-group {YOUR_RESOURCE_GROUP_NAME} --deployment-name {YOUR_DEPLOYMENT_NAME}

Deploy Hosted Plugins

NOTE: This step can be skipped if the required resources for the web searcher plugin are not deployed. The required resources include a Bing resource and an Azure Function. The required resources are NOT deployed by default. To deploy the required resources, use the -DeployWebSearcherPlugin or --deploy-web-searcher-plugin flag when running the deploy-azure.ps1/deploy-azure.sh script.

NOTE: This step can be skipped if the previous Azure Resources creation step, including the resources required by the Web Search plugin, succeeded without errors. The deployPackages = true setting in main.bicep ensures that the WebSearcher is deployed.

NOTE: More hosted plugins will be available.

To deploy the plugins, build the packages first and deploy them to the Azure resources created above.

PowerShell

./package-plugins.ps1

./deploy-plugins.ps1 -Subscription {YOUR_SUBSCRIPTION_ID} -ResourceGroupName rg-{YOUR_DEPLOYMENT_NAME} -DeploymentName {YOUR_DEPLOYMENT_NAME}

Bash

chmod +x ./package-plugins.sh
./package-webapi.sh

chmod +x ./deploy-plugins.sh
./deploy-webapi.sh --subscription {YOUR_SUBSCRIPTION_ID} --resource-group rg-{YOUR_DEPLOYMENT_NAME} --deployment-name {YOUR_DEPLOYMENT_NAME}

(Optional) Deploy Memory Pipeline

NOTE: This step can be skipped if the WebApi is NOT configured to run asynchronously for document processing. By default, the WebApi is configured to run asynchronously for document processing in deployment.

NOTE: This step can be skipped if the previous Azure Resources creation step succeeded without errors. The deployPackages = true setting in main.bicep ensures that the latest Chat Copilot memory pipeline is deployed.

To deploy the memorypipeline, build the deployment package first and deploy it to the Azure resources created above.

PowerShell

.\package-memorypipeline.ps1

.\deploy-memorypipeline.ps1 -Subscription {YOUR_SUBSCRIPTION_ID} -ResourceGroupName {YOUR_RESOURCE_GROUP_NAME} -DeploymentName {YOUR_DEPLOYMENT_NAME}

Bash

chmod +x ./package-memorypipeline.sh
./package-memorypipeline.sh

chmod +x ./deploy-memorypipeline.sh
./deploy-memorypipeline.sh --subscription {YOUR_SUBSCRIPTION_ID} --resource-group {YOUR_RESOURCE_GROUP_NAME} --deployment-name {YOUR_DEPLOYMENT_NAME}

Your Chat Copilot application is now deployed!

Appendix

Using custom web frontends to access your deployment

Make sure to include your frontend's URL as an allowed origin in your deployment's CORS settings. Otherwise, web browsers will refuse to let JavaScript make calls to your deployment.

To do this, go on the Azure portal, select your Semantic Kernel App Service, then click on "CORS" under the "API" section of the resource menu on the left of the page. This will get you to the CORS page where you can add your allowed hosts.

PowerShell

$webApiName = $(az deployment group show --name {DEPLOYMENT_NAME} --resource-group {YOUR_RESOURCE_GROUP_NAME} --output json | ConvertFrom-Json).properties.outputs.webapiName.value

az webapp cors add --name $webapiName --resource-group $ResourceGroupName --subscription $Subscription --allowed-origins YOUR_FRONTEND_URL

Bash

eval WEB_API_NAME=$(az deployment group show --name $DEPLOYMENT_NAME --resource-group $RESOURCE_GROUP --output json) | jq -r '.properties.outputs.webapiName.value'

az webapp cors add --name $WEB_API_NAME --resource-group $RESOURCE_GROUP --subscription $SUBSCRIPTION --allowed-origins YOUR_FRONTEND_URL