Final modificatins before starting on the PE deployment for Foundry

Author: nourshaker-msft

labs/ai-foundry-private-mcp/foundry-private-mcp.ipynb

@@ -9,7 +9,7 @@
     "## Microsoft Foundry Private connectivity lab\n",
     "![flow](./architecture.png)\n",
     "\n",
-    "Playground to show how to create a private network for consuming REST API managed as MCPs using `Foundry Agents V1`. This lab demonstrates how to create a private network for consuming MCPs from `Foundry Agents V1` using `Private Link Services`, `Azure API Management (APIM)`, and `Azure Front Door`.\n",
+    "Playground to show how to create a private network for consuming REST API managed as MCPs using `Foundry Agents Classic`. This lab demonstrates how to create a private network for consuming MCPs from `Foundry Agents Classic` using `Private Link Services`, `Azure API Management (APIM)`, and `Azure Front Door`.\n",
     "\n",
     "Notes:\n",
     "- `Foundry Agents` are only accessible through `Private Endpoints`. Public network access is disabled.\n",
@@ -19,6 +19,7 @@
     "- **`Azure Front Door` is the only publicly-accessible service.**\n",
     "\n",
     "### Prerequisites\n",
+    "- **important** Admin access to be able to deploy and configure Enterprise Applications in Entra ID\n",
     "- [Python 3.12 or later version](https://www.python.org/) installed\n",
     "- [Pandas Library](https://pandas.pydata.org/) and matplotlib installed\n",
     "- [VS Code](https://code.visualstudio.com/) installed with the [Jupyter notebook extension](https://marketplace.visualstudio.com/items?itemName=ms-toolsai.jupyter) enabled\n",
@@ -161,7 +162,6 @@
     "    apim_resource_id = utils.get_deployment_output(output, 'apimResourceId', 'apimResourceId')\n",
     "\n",
     "    outputPls = utils.run(f\"az network private-endpoint-connection list --id {apim_resource_id} --query \\\"[?properties.privateLinkServiceConnectionState.status=='Pending'].id\\\" --output tsv\")\n",
-    "    print(outputPls.text)\n",
     "\n",
     "    if outputPls.success:\n",
     "        pls_connection_id = outputPls.text.strip()\n",
@@ -220,7 +220,9 @@
     "    apim_resource_gateway_url = utils.get_deployment_output(output, 'apimResourceGatewayURL', 'APIM API Gateway URL')\n",
     "    apim_subscription_key = utils.get_deployment_output(output, 'apimSubscriptionKey', 'APIM Subscription Key (masked)', True)\n",
     "    ai_foundry_project_endpoint = utils.get_deployment_output(output, 'ai_project_endpoint', 'AI Foundry Project Endpoint')\n",
-    "    ai_deployment_name = utils.get_deployment_output(output, 'ai_model_deployment_name', 'AI Model Deployment Name')"
+    "    ai_deployment_name = utils.get_deployment_output(output, 'ai_model_deployment_name', 'AI Model Deployment Name')\n",
+    "    vm_resource_id = utils.get_deployment_output(output, 'vmResourceId', 'VM Resource ID')\n",
+    "    key_vault_url = utils.get_deployment_output(output, 'keyVaultUrl', 'Key Vault URL')"
    ]
   },
   {
@@ -230,7 +232,9 @@
     "<a id='6'></a>\n",
     "### 6️⃣ 🧪 Test the API using a direct HTTP call through Frontdoor\n",
     "\n",
-    "Requests is an elegant and simple HTTP library for Python that will be used here to make raw API requests and inspect the responses. "
+    "Requests is an elegant and simple HTTP library for Python that will be used here to make raw API requests and inspect the responses.\n",
+    "\n",
+    "**After a successful deployment it may take up to 45 mins for this cell to run correctly**"
    ]
   },
   {
@@ -271,7 +275,7 @@
     "            error_text = response.text\n",
     "        except Exception:\n",
     "            error_text = \"[Unable to read response body]\"\n",
-    "        utils.print_error(f\"Unexpected status code: {response.status_code}. Response text: {error_text}\")\n",
+    "        utils.print_error(f\"Unexpected status code: {response.status_code}.\")\n",
     "\n",
     "call_mcp_api(f\"https://{frontdoor_endpoint}\")"
    ]
@@ -310,14 +314,28 @@
     "\n"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "utils.print_info(f\"\"\"Run the following command to connect to the VM via Bastion: \n",
+    "az network bastion ssh \\\n",
+    "--name bastion-host \\\n",
+    "--resource-group {resource_group_name} \\\n",
+    "--target-resource-id {vm_resource_id} \\\n",
+    "--auth-type password \\\n",
+    "--username azureuser\n",
+    "\"\"\")"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},
    "source": [
     "##### 1. Connect to Jumpbox\n",
-    "Use Azure Bastion to connect to the VM:\n",
-    "\n",
-    "## MISSING NSG & SSH Allow rule\n",
+    "Use Azure Bastion to connect to the VM (full command is the output from previos cell):\n",
     "\n",
     "```bash\n",
     "az network bastion ssh \\\n",
@@ -328,12 +346,9 @@
     "  --username azureuser\n",
     "```\n",
     "\n",
-    "or\n",
-    "\n",
+    "***Password:***\n",
     "```bash\n",
-    "az ssh vm --resource-group lab-ai-foundry-private-mcp \\\n",
-    "--vm-name vm-jumpbox \\\n",
-    "--subscription <subscription-id>\n",
+    "@Aa123456789\n",
     "```\n",
     "\n",
     "Or connect via the Azure Portal: Navigate to the VM → Connect → Bastion\n",
@@ -342,23 +357,14 @@
     "\n",
     "##### 2. Download needed files\n",
     "```bash \n",
-    "wget https://raw.githubusercontent.com/pablocast/AI-Gateway/refs/heads/main/requirements.txt\n",
     "wget https://raw.githubusercontent.com/pablocast/AI-Gateway/refs/heads/main/labs/ai-foundry-private-mcp/agent/load_env_from_kv.py\n",
     "wget https://raw.githubusercontent.com/pablocast/AI-Gateway/refs/heads/main/labs/ai-foundry-private-mcp/agent/sample_agents_mcp.py\n",
     "```\n",
     "\n",
-    "## MISSING REQUIREMENTS.TXT FILE\n",
-    "##### 4. Run the agent\n",
+    "##### 3. Run the agent\n",
     "```bash\n",
-    "python3 -m venv ~/venv\n",
-    "\n",
-    "# Activate virtual environment\n",
-    "source ~/venv/bin/activate\n",
-    "\n",
-    "pip install -r requirements.txt\n",
-    "\n",
     "# Get Key Vault URL from deployment outputs\n",
-    "KEY_VAULT_URL=\"https://kv-xqdtyddlyrpoe.vault.azure.net/\"\n",
+    "KEY_VAULT_URL=\"<KEY-VAULT-URL>\"\n",
     "\n",
     "# Run the MCP agent\n",
     "python3 ~/sample_agents_mcp.py $KEY_VAULT_URL\n",

labs/ai-foundry-private-mcp/main.bicep

@@ -736,15 +736,19 @@ resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2023-09-01' =
         apt-get update
         
         # Install Python and venv
-        apt-get install -y python3 python3-pip python3-venv python3-full
+        apt-get install -y python3 python3-pip python3-venv python3-full vim wget
         
         # Create a virtual environment for the azureuser
         mkdir -p /home/azureuser/scripts
         python3 -m venv /home/azureuser/venv
+
+        wget -O /home/azureuser/requirements.txt https://raw.githubusercontent.com/Azure-Samples/AI-Gateway/refs/heads/main/requirements.txt
         
         # Install packages in the virtual environment
         /home/azureuser/venv/bin/pip install --upgrade pip
-        /home/azureuser/venv/bin/pip install requests azure-identity azure-ai-projects azure-ai-agents==1.2.0b6 requests jsonref python-dotenv azure-keyvault-secrets
+        /home/azureuser/venv/bin/pip install -r /home/azureuser/requirements.txt
+
+        echo "source /home/azureuser/venv/bin/activate" >> /home/azureuser/.bashrc
 
         # Set ownership
         chown -R azureuser:azureuser /home/azureuser/venv
@@ -872,7 +876,7 @@ module keyVaultModule './modules/keyvault.bicep' = {
     privateEndpointSubnetId: subnetPe.id
     virtualNetworkId: virtualNetwork.id
     secrets: {
-      'MCP-SERVER-URL': 'https://${frontDoorEndpoint.properties.hostName}/order-mcp/mcp'
+      'MCP-SERVER-URL': '${frontDoorEndpoint.properties.hostName}/order-mcp/mcp'
       'MCP-SERVER-LABEL': 'order_mcp'
       'AZURE-AI-PROJECT-ENDPOINT': foundryAccountModule.outputs.aiFoundryProjectEndpoint
       'AZURE-AI-MODEL-DEPLOYMENT-NAME': modelsConfig[0].name
@@ -896,3 +900,4 @@ output frontDoorEndpointHostName string = frontDoorEndpoint.properties.hostName
 output ai_project_endpoint string = foundryAccountModule.outputs.aiFoundryProjectEndpoint
 output ai_model_deployment_name string = modelsConfig[0].name
 output keyVaultUrl string = keyVaultModule.outputs.keyVaultUrl
+output vmResourceId string = vm.id