{"id":31146,"date":"2017-04-30T13:49:34","date_gmt":"2017-04-30T21:49:34","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/?p=31146"},"modified":"2019-06-18T07:54:42","modified_gmt":"2019-06-18T15:54:42","slug":"setup-continuous-deployment-to-ms-azure-government-using-visual-studio-team-services","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/setup-continuous-deployment-to-ms-azure-government-using-visual-studio-team-services\/","title":{"rendered":"Setup continuous deployment to Azure Government using Visual Studio Team Services"},"content":{"rendered":"<p style=\"text-align: justify\">\n  <a href=\"https:\/\/azure.microsoft.com\/en-us\/overview\/clouds\/government\/\">Azure Government clouds<\/a> provide private and semi-isolated locations for specific Government or other services, separate from the normal Azure services. Highest levels of privacy have been adopted for these clouds, including restricted data access policies.\n<\/p>\n<p style=\"text-align: justify\">\n  Azure Government\u00a0clouds require\u00a0unique Azure endpoints to manage\u00a0the services offered there. They support authentication using management certificate, user credentials or service principal for requests to the service management APIs.\n<\/p>\n<p style=\"text-align: justify\">\n  Visual Studio Team Services\u00a0enables requests to\u00a0Azure environments with a CD process using <a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/concepts\/library\/service-endpoints\">service endpoints<\/a> (Azure classic service endpoint for requests using management certificate or credentials, Azure resource manager service endpoint for requests using service principal authentication).\n<\/p>\n<p style=\"text-align: justify\">\n  <strong>Visual Studio Team Services is currently not available in Azure Government clouds.<\/strong>\n<\/p>\n<p style=\"text-align: justify\">\n  In this article, we\u2019ll look at how you can configure continuous deployment for an Azure web site in\u00a0Azure Government\u00a0with a\u00a0team services\u00a0account in Azure public. We\u2019ll authenticate using service principal authentication.\n<\/p>\n<p style=\"text-align: justify\">\n  Note that this process would the orchestrating builds &#038; deployments, and storing the build artifacts outside the government cloud. In case you require stricter data restrictions for your application, you can configure a <a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/concepts\/agents\/agents#install\">private agent<\/a> in the isolated environment. Refer to <a href=\"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/2017\/04\/10\/deploying-to-on-premises-environments-with-visual-studio-team-services-or-team-foundation-server\/\">this<\/a> for more details.\n<\/p>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: x-large\">Get set up<\/span><\/span><\/h2>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: large\">Begin with a CI build<\/span><\/span><\/h2>\n<p><span lang=\"EN\" style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Before you begin, you&#8217;ll need a CI build that publishes your Web Deploy package. To set up CI for your specific type of app, see:<\/span><\/p>\n<ul type=\"disc\">\n<li style=\"margin: 0px 0px 10px;color: #333333;line-height: normal;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt;font-style: normal;font-weight: normal\">\n    <span lang=\"EN\" style=\"margin: 0px;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\"><a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/apps\/aspnet\/ci\/build-aspnet-4\"><span style=\"color: #0563c1\">Build your ASP.NET 4 app<\/span><\/a><\/span>\n  <\/li>\n<li style=\"margin: 0px 0px 10px;color: #333333;line-height: normal;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt;font-style: normal;font-weight: normal\">\n    <span lang=\"EN\" style=\"margin: 0px;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\"><a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/apps\/aspnet\/ci\/build-aspnet-core\"><span style=\"color: #0563c1\">Build your ASP.NET Core app<\/span><\/a><\/span>\n  <\/li>\n<li style=\"margin: 0px 0px 10px;color: #333333;line-height: normal;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt;font-style: normal;font-weight: normal\">\n    <span lang=\"EN\" style=\"margin: 0px;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\"><a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/apps\/node\/nodejs-to-azure\"><span style=\"color: #0563c1\">Build your Node app with Gulp<\/span><\/a><\/span>\n  <\/li>\n<\/ul>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: large\">Create the Azure app service<\/span><\/span><\/h2>\n<p><span lang=\"EN\" style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">An <a href=\"https:\/\/azure.microsoft.com\/en-us\/documentation\/articles\/app-service-value-prop-what-is\/\"><span style=\"color: #0563c1\">Azure App Service<\/span><\/a> is where we&#8217;ll deploy the <a href=\"https:\/\/azure.microsoft.com\/en-us\/documentation\/articles\/app-service-web-overview\/\"><span style=\"color: #0563c1\">Web App<\/span><\/a>. Create a new web app in your subscription from the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-government\/documentation-government-get-started-connect-with-portal\">Azure Government portal<\/a>.<\/span><\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/azure-gov-new-webapp.png\"><img decoding=\"async\" width=\"500\" height=\"229\" class=\"alignnone wp-image-31166 size-mediumlarge\" alt=\"azure-gov-new-webapp\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/azure-gov-new-webapp-500x229.png\" \/><\/a><\/p>\n<p><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: large\">Generate a service principal<\/span><\/span><\/p>\n<p><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Download &amp; run <\/span><span><a href=\"https:\/\/github.com\/Microsoft\/vsts-rm-extensions\/blob\/master\/TaskModules\/powershell\/Azure\/SPNCreation.ps1\">this Powershell script<\/a><\/span><span style=\"color: #000000\"> in an Azure Powershell window to generate required data for Service Principal based Azure service connection. Running this script would prompt you for: <\/span><\/span><\/p>\n<ul>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">The name of your Azure Subscription name<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">A password that you would like to set for the Service Principal that is going to be created<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">You should also provide the Azure Government environment name for your subscription in the environmentName parameter.<\/span><\/span><\/li>\n<\/ul>\n<p><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Once successful, the script would output the following details for the Azure Service Endpoint. <\/span><\/span><\/p>\n<ul>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Connection Name<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Subscription Id<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Subscription Name<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Service Principal Client Id<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Service Principal key<\/span><\/span><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Tenant Id<\/span><\/span><\/li>\n<\/ul>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: large\">Configure a service endpoint in <span style=\"color: #2e74b5;font-family: Calibri Light;font-size: large\">Team Services <\/span><\/span><\/span><\/h2>\n<ul>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">From your Team Services Account, navigate to your Team Project and click on gear icon.<\/span><\/span><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/VSTS_Admin.png\"><img decoding=\"async\" width=\"897\" height=\"102\" class=\"alignnone size-full wp-image-31156\" alt=\"vsts_admin\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/VSTS_Admin.png\" \/><\/a><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Click Services tab and click on \u2018New Service Endpoint\u2019 in the left pane.<\/span><\/span><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/VSTS_Endpoints.png\"><img decoding=\"async\" width=\"879\" height=\"209\" class=\"alignnone size-large wp-image-31157\" alt=\"vsts_endpoints\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/VSTS_Endpoints-1024x243.png\" \/><\/a><\/li>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">From the drop-down, select \u2018Azure Resource Manager\u2019 option. <\/span><\/span><\/li>\n<\/ul>\n<p style=\"padding-left: 60px\">\n  <a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/VSTS_NewARM_Endpoint_Auto.png\"><img decoding=\"async\" width=\"585\" height=\"286\" class=\"size-full wp-image-31165 alignnone\" alt=\"vsts_newarm_endpoint_auto\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/VSTS_NewARM_Endpoint_Auto.png\" \/><\/a>\n<\/p>\n<ul>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">In the dialog, click the link at end of the text \u201cIf your subscription is not listed or to specify an existing service principal, click here\u201d, which will switch to manual entry mode.<\/span><\/span><\/li>\n<\/ul>\n<p style=\"padding-left: 60px\">\n  <a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/azure-gov-vsts-arm-endpoint.png\"><img decoding=\"async\" width=\"500\" height=\"501\" class=\"alignnone wp-image-31155\" alt=\"azure-gov-vsts-arm-endpoint\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/azure-gov-vsts-arm-endpoint-349x350.png\" \/><\/a>\n<\/p>\n<ul>\n<li><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><span style=\"color: #000000\">Give the endpoint a friendly name, choose the Azure Government environment\u00a0for your subscription\u00a0and enter the details obtained from execution of the script while creating a service principal. <\/span><\/span><\/li>\n<\/ul>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: x-large\">Setup release<\/span><\/span><\/h2>\n<ol>\n<li><span lang=\"EN\" style=\"margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Open the <b>Releases<\/b> tab of the <b>Build &amp; Release<\/b> hub, open the <b>+<\/b> drop-down in the list of release definitions, and choose <b>Create release definition<\/b> <\/span><\/li>\n<li><span lang=\"EN\" style=\"margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Select the <b>Azure App Service Deployment<\/b> template and choose <b>Next<\/b>.<\/span><\/li>\n<\/ol>\n<p style=\"padding-left: 90px\">\n  <a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/CreateRD.png\"><img decoding=\"async\" width=\"500\" height=\"219\" class=\"alignnone wp-image-29555 size-mediumlarge\" alt=\"createrd\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/CreateRD-500x219.png\" \/><\/a>\n<\/p>\n<ol start=\"3\">\n<li>\n    <span lang=\"EN\" style=\"margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">In Source&#8230; make sure your CI build definition for the Web deploy package is selected as the artifact source.<\/span>\n  <\/li>\n<\/ol>\n<p style=\"padding-left: 90px\">\n  <a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/6\/2019\/05\/CreateRD2.png\"><img decoding=\"async\" width=\"500\" height=\"335\" class=\"alignnone wp-image-29556 size-mediumlarge\" alt=\"createrd2\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2017\/04\/CreateRD2-500x335.png\" \/><\/a>\n<\/p>\n<ol start=\"4\">\n<li>\n    <span lang=\"EN\" style=\"margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Select the <b>Continuous deployment<\/b> check box, and then choose <b>Create<\/b>.<\/span>\n  <\/li>\n<li>\n    <span lang=\"EN\" style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Select the <b>Deploy Azure App Service<\/b> task and configure it as follows:<\/span>\n  <\/li>\n<\/ol>\n<table width=\"1132\">\n<thead>\n<tr>\n<td width=\"300\">\n        <strong>Task step<\/strong>\n      <\/td>\n<td>\n        <strong>Parameters<\/strong>\n      <\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"300\">\n        <a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/steps\/deploy\/azure-app-service-deploy\">Deploy: Azure App Service Deploy<\/a> Deploy the app to Azure App Services\n      <\/td>\n<td>\n        <strong>Azure Subscription:<\/strong> Select the endpoint configured earlier <strong>App Service Name<\/strong>: the name of the web app (the part of the URL <em>without<\/em> <strong>.azurewebsites.net<\/strong>) <strong>Deploy to Slot<\/strong>: make sure this is cleared (the default) <strong>Virtual Application:<\/strong> leave blank <strong>Web Deploy Package:<\/strong> $(System.DefaultWorkingDirectory)***.zip (the default) <strong>Advanced: Take App Offline:<\/strong> If you run into locked .DLL problems when deploying, try selecting this check box.\n      <\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol start=\"6\">\n<li style=\"margin: 0px 0px 10px;color: #333333;line-height: normal;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt;font-style: normal;font-weight: normal\">\n    <span lang=\"EN\" style=\"margin: 0px;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">Edit the name of the release definition, choose <strong><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\">Save<\/span><\/strong>, and choose <strong><span style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\">OK<\/span><\/strong>. Note that the default environment is named Environment1, which you can edit by clicking directly on the name.<\/span>\n  <\/li>\n<\/ol>\n<p><span lang=\"EN\" style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">You&#8217;re now ready to create a release, which means to start the process of running the release definition with the artifacts produced by a specific build.<\/span><\/p>\n<h2><span lang=\"EN\"><span style=\"color: #2e74b5;font-family: Calibri Light;font-size: x-large\">References<\/span><\/span><\/h2>\n<ul>\n<li><span lang=\"EN\" style=\"margin: 0px;font-family: 'Segoe UI',sans-serif\"><a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/concepts\/library\/government-cloud\"><span style=\"color: #0563c1\">Deployments to Azure Government cloud<\/span><\/a><\/span><\/li>\n<li><span lang=\"EN\" style=\"margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif\"><a href=\"https:\/\/www.visualstudio.com\/en-us\/docs\/build\/apps\/cd\/deploy-webdeploy-webapps\"><span style=\"color: #0563c1\">Implement continuous deployment of your app to an Azure web site<\/span><\/a><\/span><\/li>\n<\/ul>\n<p><span lang=\"EN\" style=\"margin: 0px;color: #333333;line-height: 107%;font-family: 'Segoe UI',sans-serif;font-size: 11.5pt\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Azure Government clouds provide private and semi-isolated locations for specific Government or other services, separate from the normal Azure services. Highest levels of privacy have been adopted for these clouds, including restricted data access policies. Azure Government\u00a0clouds require\u00a0unique Azure endpoints to manage\u00a0the services offered there. They support authentication using management certificate, user credentials or service [&hellip;]<\/p>\n","protected":false},"author":200,"featured_media":45953,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[224,226,1],"tags":[],"class_list":["post-31146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","category-ci","category-devops"],"acf":[],"blog_post_summary":"<p>Azure Government clouds provide private and semi-isolated locations for specific Government or other services, separate from the normal Azure services. Highest levels of privacy have been adopted for these clouds, including restricted data access policies. Azure Government\u00a0clouds require\u00a0unique Azure endpoints to manage\u00a0the services offered there. They support authentication using management certificate, user credentials or service [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/31146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/200"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=31146"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/31146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/45953"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=31146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=31146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=31146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}