Add new topic for deploying DDC on Azure (#2796)

_data/toc.yaml

@@ -1486,6 +1486,8 @@ manuals:
     title: Deploy Datacenter on AWS
   - path: /datacenter/install/linux/
     title: Deploy Datacenter on Linux
+  - path: /datacenter/install/azure/
+    title: Deploy Datacenter on Azure
   - sectiontitle: Universal Control Plane
     section:
     - path: /datacenter/ucp/2.1/guides/

datacenter/install/azure.md

@@ -0,0 +1,254 @@
+---
+title: Deploy Docker Enterprise Edition on Azure (Standard/Advanced)
+description: Learn how to deploy Docker EE for Azure (Standard/Advanced) quickly, by using the Azure portal.
+keywords: docker, enterprise edition, azure, docker ee, docker datacenter, install, orchestration, manage, container, deploy, provision, azure resource manager, arm template
+---
+
+Deploy Docker Enterprise Edition for Azure (Standard/Advanced) quickly
+to the Azure cloud by using the [Azure portal](https://portal.azure.com).
+The deployment workflow creates multiple nodes with Docker EE, and it installs
+highly available versions of
+[Universal Control Plane (UCP)](https://docs.docker.com/datacenter/ucp/2.1/guides/)
+and [Docker Trusted Registry (DTR)](https://docs.docker.com/datacenter/dtr/2.2/guides/).
+For more info, see
+[Docker Enterprise Edition](https://www.docker.com/enterprise-edition).
+
+> **Note**: You may see references to the earlier brand name, "Docker Datacenter"
+> and "DDC".These names are equivalent with Docker Enterprise Edition for Azure.
+
+## Prerequisites for deploying Docker EE for Azure
+
+-   A [Docker Enterprise Edition](https://store.docker.com/editions/enterprise/docker-ee-trial?tab=description)
+    license. You can get a 30-day free trial subscription from the
+    [Docker Store](https://store.docker.com/editions/enterprise/docker-ee-trial?plan=free-trial&plan=free-trial&tab=description).
+    For questions on licenses, contact
+    [sales@docker.com](mailto:sales@docker.com).
+-   An Azure account with sufficient privileges for creating resource groups,
+    like the [Visual Studio Ultimate with
+    MSDN](https://msdn.microsoft.com/en-us/subscriptions/aa336858.aspx)
+    subscription.
+-   Service Principal access credentials, which you can generate by following
+    the steps in [Docker for Azure Setup and
+    Prerequisites](https://docs.docker.com/docker-for-azure/#configuration).
+-   An SSH public/private key pair, which you can generate by following the
+    steps in
+    [How to create and use an SSH public and private key pair for Linux VMs in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys)].
+    Save the public and private keys in a convenient location,
+    like in the same directory as the Docker license, and be sure to remember
+    the password for the key pair.
+
+## Provision the Docker EE cluster on Azure
+
+1.  In a web browser, go to the [Azure portal](https://portal.azure.com).
+2.  Click **+New**.
+    The Marketplace blade opens.
+3.  In the search box, type "Docker EE", and press Enter.
+4.  In the search results, click **Docker EE for Azure (Standard/Advanced)**.
+    The product description blade opens.
+5.  At the bottom of the blade, click **Create**. The Create Docker EE for
+    Azure blade opens.
+6.  In the Basics pane, fill in the required fields.
+    - Copy the **Service Principal** values from the shell that you used
+    to run `create-sp-azure`.
+    - Copy the **SSH public key** value from the key file that you saved
+    when you ran `ssh-keygen` or similar tool.
+    - For this example, the **Swarm Name** is "ddcevalswarm" and the
+    **Resource group** name is "ddcevalrg", but you're free to choose
+    your own values.
+
+    When you're done, the form will be similar to this:
+
+    ![The Basic blade of a Docker EE for Azure deployment](../images/ddc-azure-basics-blade.png)
+
+7.  Click **OK**. The Docker EE Settings blade opens.
+
+8.  In the Settings blade, fill in the required fields. When you're done, the
+    form will be similar to this:
+
+    ![The Settings blade of a Docker EE for Azure deployment](../images/ddc-azure-settings-blade.png)
+
+    The **DDC Username** and **DDC Password** fields are for logging in to the
+    UCP and DTR user interfaces. They're not used for SSH access.
+
+    Be sure to select the size of the virtual machines for the manager nodes
+    and worker nodes. For example, click **Worker VM Size** to open the Choose
+    a Size blade, and click **View all** to browse all of the compute offerings.
+    Azure has a wide range of computing power options, and the pricing
+    calculator estimates the monthly cost for each option.
+
+    ![The Choose a VM Size blade of a  Docker EE for Azure deployment](../images/ddc-azure-choose-vm-blade.png)
+
+    > **Note**: It's possible to select more compute than your Azure subscription
+    > permits. If you exceed your limit, the Summary blade in the next step will
+    > notify you, and you can return to the Settings blade to select different VM
+    > sizes, or you can add more capacity to your subscription. For more info, see
+    > [Resource Manager core quota increase requests](https://docs.microsoft.com/en-us/azure/azure-supportability/resource-manager-core-quotas-request).
+
+9.  Click **OK**. The Summary blade opens, and Azure validates the settings
+    that you've entered. If some of your settings don't pass validation, you
+    can go back to earlier steps and fix them.
+
+    > **Tip**: At the bottom of the blade, click **Download template and parameters**
+    > to save the generated Azure Resource Manager (ARM) template to your
+    > local machine. For more info, see
+    > [Create your first Azure Resource Manager template](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-create-first-template).
+
+10. Click **OK**. The Purchase blade opens and displays the terms of use. If
+    you agree, click **Purchase**. The Azure Dashboard opens, and a tile shows
+    **Deploying Docker EE for Azure**. When your resources are deployed, after
+    a few minutes, a blade opens for the deployed resource group.
+
+    ![The resource group blade of a Docker EE for Azure deployment](../images/ddc-azure-resource-group-blade.png)
+
+## What's in the new resource group?
+
+Everything you need to run Docker EE is deployed, and the resource group
+collects it all in one place. The ARM template defines the architecture
+as shown in the following diagram.
+
+![Architecture diagram of a Docker EE for Azure deployment](../images/ddc-azure-architecture.png)
+
+Here are some of the resources that are included in the resource group.
+
+-   **Public IP addresses:** You connect to UCP and DTR by pointing your
+    browser at the corresponding load balancers. Also, you can SSH to
+    manager nodes.
+
+    ![IP addresses of a Docker EE for Azure deployment](../images/ddc-azure-load-balancers-ip-addys.png)
+
+-   **Node scale sets:** Virtual machine scale sets for the manager and worker
+    nodes. For more info, see [What are virtual machine scale sets in Azure?](https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview)
+-   **Virtual network:** Click the virtual network resource, which has a name
+    similar to `ddcevalswarm-vnet`, to examine its architecture. In the left pane,
+    click **Diagram** to see the network diagram.
+-   **Storage:** The Docker EE deployment sets up Azure storage for your images.
+    The storage account has a name similar to `f4ybe46tzepm4dtr`.
+    The DTR user interface enables viewing details, on the Settings > Storage
+    page.
+
+## View the UCP and DTR interfaces
+
+Manage Docker EE by connecting your web browser to the UCP and the DTR
+load balancers.
+
+1.  In the left pane of the resource group blade, click **Deployments**.
+    The Deployments blade opens, showing your Docker EE for Azure deployment.
+    Click the deployment with a name similar to
+    `docker.dockerdatacenterdocker-datacenter-20170413151533`
+    to open the Deployment Details blade.
+
+    ![Output URLs of an Docker EE for Azure deployment](../images/ddc-azure-outputs.png)
+
+2.  In the **Output** section, copy the URL in `UCPLOGINURL` and
+    paste it into a web browser. The UCP login page opens. To login, use the
+    DDC username and password you entered in the Settings blade.
+
+3.  Copy the URL in `DTRLOGINURL` and paste it into a new tab in the
+    web browser. The DTR interface page opens.
+
+## Connect to a manager node with SSH
+
+In addition to managing Docker EE with the user interface, you can
+connect to a manager node by using SSH. You need the private key that
+corresponds with the public key that you provided when you created the Docker EE
+deployment. When you `ssh` to a manager node, login with the username `docker`,
+not the username you entered in the Settings blade, which is for UI.
+
+```bash
+$ ssh docker@ucplb-feykn7mj53x5q.westus.cloudapp.azure.com -p 50000 -i private-key.rsa
+Enter passphrase for key 'private-key.rsa':
+Welcome to Docker!
+swarm-manager000000:~$
+```
+
+> **Note**: In Azure, the first Docker EE manager node maps the default
+> SSH port 22 to port 50000. Subsequent manager nodes map to port 50001, 50002,
+> and so on.
+
+
+In the manager node, you can run `docker` commands, like pulling an image and
+starting a containerized application.
+
+## Set up the DTR certificate authority
+
+To pull and push images to Docker Trusted Registry from a local
+machine, you need to establish trust between the local Docker daemon and DTR on
+Azure. Establish a trust relationship by registering the DTR certificate on
+the local machine. Follow the steps in
+[Configure your Docker Engine](https://docs.docker.com/datacenter/dtr/2.2/guides/user/access-dtr/).
+
+Get the certificate from `https://<dtr-url>/ca`, which is
+available through the URL of the DTR load balancer. The certificate's URL
+looks like `https://dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ca`.
+
+> **Note**: Be sure to restart the Docker daemon on the local machine after
+> you've installed the certificate, or you'll get X.509 errors when you
+> try `docker login`.
+
+## Create an image repository in DTR for Azure
+
+When the certificate authority on your local machine is set up, you can push an
+image into the registry on Azure. Images live in a repository, so you need to
+create a repository in DTR to register images.
+
+1.  In a web browser, navigate to the DTR Repositories page, which has a URL
+    similar to `https://dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/repositories`.
+2.  Click **New repository** and enter a repository name.
+3.  Click **Scan on push** to enable security scanning on pushed images.
+4.  Click **Save** to create the repository.
+
+## Push an image to DTR for Azure
+
+The DTR repository is ready to receive images, and you can push images to it,
+in the same way that you push images to [Docker Store](https://store.docker.com/).
+
+1.  On the local machine, login to the DTR repository by using a
+    `docker login` command similar to this:
+
+    ```bash
+    $ docker login dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com
+    ```
+
+    When you're prompted for the username and password, you can use the values
+    that you entered in the Settings blade, or you can create new users in the
+    DTR user interface, and sign in with those credentials.
+2.  Pull an image, like `golang:1.7`.
+
+    ```bash
+    $ docker pull golang:1.7
+    ```
+
+3.  Tag the image for the remote repository. The command is similar to this:
+
+    ```bash
+    $ docker tag golang:1.7 dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ddcadmin/azuretest:golang1.7
+    ```
+
+4.  Push the tag to the remote repository.
+
+    ```
+    $ docker push dtrlb-feykn7mj53x5q.westus.cloudapp.azure.com/ddcadmin/azuretest:golang1.7
+    ```
+
+5.  In the DTR user interface, navigate to the Repositories page and click on your
+    repository. The Details page opens.
+6.  Click **Images**. Your image appears in the list, and if you selected
+    **Scan on push** when you created the repository, the scan is in progress.
+
+## Docker EE component versions
+
+Docker Enterprise Edition for Azure is based on the following stack:
+
+-   Linux kernel 4.9.11-moby
+-   Docker UCP 2.1.1
+-   Docker Trusted Registry 2.2.3
+-   Docker Engine 17.03.0-ee-1
+
+## Next steps
+
+For more info on deploying Docker Enterprise Edition for Azure, see:
+
+-   [Docker Enterprise Edition Trial at Docker Store](https://store.docker.com/editions/enterprise/docker-ee-trial?tab=description)
+-   [Docker EE for Azure (Standard/Advanced) in Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/docker.dockerdatacenter)
+-   [Deploying Docker EE on Azure and solving common issues](https://blogs.msdn.microsoft.com/azure4fun/2017/04/15/deploying-docker-ee-on-azure-solving-common-issues/)
+-   [Video: Hands-On - Provisioning Docker Enterprise Edition on Azure](https://www.youtube.com/watch?v=e1H0hNe0PnQ)