MicrosoftDocs
diff --git a/‎articles/energy-data-services/how-to-deploy-gcz.md
Lines changed: 114 additions & 0 deletions b/‎articles/energy-data-services/how-to-deploy-gcz.md
Lines changed: 114 additions & 0 deletions
diff --git a/‎articles/energy-data-services/includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-cli.md
Lines changed: 64 additions & 0 deletions b/‎articles/energy-data-services/includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-cli.md
Lines changed: 64 additions & 0 deletions
diff --git a/‎articles/energy-data-services/includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-portal.md
Lines changed: 69 additions & 0 deletions b/‎articles/energy-data-services/includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-portal.md
Lines changed: 69 additions & 0 deletions
@@ -0,0 +1,114 @@
+---
+title: Deploy Geospatial Consumption Zone on top of Azure Data Manager for Energy
+description: Learn how to deploy Geospatial Consumption Zone on top of your Azure Data Manager for Energy instance.
+ms.service: energy-data-services
+ms.custom: devx-track-azurecli
+ms.topic: how-to
+ms.author: eihaugho
+author: EirikHaughom
+ms.date: 05/11/2024
+zone_pivot_groups: energy-data-services-gcz-options
+---
+
+# Deploy Geospatial Consumption Zone
+
+This guide shows you how to deploy the Geospatial Consumption Zone (GCZ) service integrated with Azure Data Manager for Energy (ADME).
+
+> [!IMPORTANT]
+> While the Geospatial Consumption Zone (GCZ) service is a graduated service in the OSDU Forum, it has limitations in terms of security and usage. We will deploy some additional services and policies to secure the environment, but encourage you to follow the service's development on the [OSDU Gitlab](https://community.opengroup.org/osdu/platform/consumption/geospatial/-/wikis/home).
+
+## Description
+
+The OSDU Geospatial Consumption Zone (GCZ) is a service that enables enhanced management and utilization of geospatial data. The GCZ streamlines the handling of location-based information. It abstracts away technical complexities, allowing software applications to access geospatial data without needing to deal with intricate details. By providing ready-to-use map services, the GCZ facilitates seamless integration with OSDU-enabled applications.
+
+## Create an App Registration in Microsoft Entra ID
+
+To deploy the GCZ, you need to create an App Registration in Microsoft Entra ID. The App Registration is to authenticate the GCZ APIs with Azure Data Manager for Energy to be able to generate the cache of the geospatial data.
+
+1. See [Create an App Registration in Microsoft Entra ID](/azure/active-directory/develop/quickstart-register-app) for instructions on how to create an App Registration.
+1. Grant the App Registration permission to read the relevant data in Azure Data Manager for Energy. See [How to add members to an OSDU group](./how-to-manage-users.md#add-members-to-an-osdu-group-in-a-data-partition) for further instructions.
+
+## Setup
+
+There are two main deployment options for the GCZ service:
+- **Azure Kubernetes Service (AKS)**: Deploy the GCZ service on an AKS cluster. This deployment option is recommended for production environments. It requires more setup, configuration, and maintenance. It also has some limitations in the provided container images.
+- **Windows**: Deploy the GCZ service on a Windows. This deployment option recommended for development and testing environments, as it's easier to set up and configure, and requires less maintenance.
+
+::: zone pivot="energy-data-services-gcz-aks"
+
+[!INCLUDE [Azure Kubernetes Service (AKS)](includes/how-to/how-to-deploy-gcz/deploy-gcz-on-aks.md)]
+
+::: zone-end
+
+::: zone pivot="energy-data-services-gcz-windows"
+
+[!INCLUDE [Windows](includes/how-to/how-to-deploy-gcz/deploy-gcz-on-windows.md)]
+
+::: zone-end
+
+## Publish GCZ APIs publicly (optional)
+
+If you want to expose the GCZ APIs publicly, you can use Azure API Management (APIM).
+Azure API Management allows us to securely expose the GCZ service to the internet, as the GCZ service doesn't yet have authentication and authorization built in.
+Through APIM we can add policies to secure, monitor, and manage the APIs.
+
+### Prerequisites
+
+- An Azure API Management instance. If you don't have an Azure API Management instance, see [Create an Azure API Management instance](/azure/api-management/get-started-create-service-instance).
+- The GCZ APIs are deployed and running.
+
+> [!IMPORTANT]
+> The Azure API Management instance will need to be injected into a virtual network that is routable to the AKS cluster to be able to communicate with the GCZ API's.
+
+### Add the GCZ APIs to Azure API Management
+
+#### Download the GCZ OpenAPI specifications
+
+1. Download the two OpenAPI specification to your local computer.
+    - [GCZ Provider](https://github.com/microsoft/adme-samples/blob/main/services/gcz/gcz-openapi-provider.yaml)
+    - [GCZ Transformer](https://github.com/microsoft/adme-samples/blob/main/services/gcz/gcz-openapi-transformer.yaml)
+1. Open each OpenAPI specification file in a text editor and replace the `servers` section with the corresponding IPs of the AKS GCZ Services' Load Balancer (External IP).
+
+    ```yaml
+    servers:
+    - url: "http://<GCZ-Service-External-IP>/ignite-provider"
+    ```
+
+::: zone pivot="energy-data-services-gcz-apim-portal"
+
+[!INCLUDE [Azure portal](includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-portal.md)]
+
+::: zone-end
+
+::: zone pivot="energy-data-services-gcz-apim-cli"
+
+[!INCLUDE [Azure CLI](includes/how-to/how-to-deploy-gcz/deploy-gcz-apim-cli.md)]
+
+::: zone-end
+
+## Testing the GCZ service
+
+1. Download the API client collection from the [OSDU GitLab](https://community.opengroup.org/osdu/platform/consumption/geospatial/-/blob/master/docs/test-assets/postman/Geospatial%20Consumption%20Zone%20-%20Provider%20Postman%20Tests.postman_collection.json?ref_type=heads) and import it into your API client of choice (for example, Postman).
+1. Add the following environment variables to your API client:
+    - `PROVIDER_URL` - The URL to the GCZ Provider API.
+    - `AMBASSADOR_URL` - The URL to the GCZ Transformer API.
+    - `access_token` - A valid ADME access token.
+
+1. To verify that the GCZ is working as expected, run the API calls in the collection.
+
+## Next steps
+After you have a successful deployment of GCZ, you can:
+
+- Visualize your GCZ data using the GCZ WebApps from the [OSDU GitLab](https://community.opengroup.org/osdu/platform/consumption/geospatial/-/tree/master/docs/test-assets/webapps?ref_type=heads).
+
+> [!IMPORTANT]
+> The GCZ WebApps are currently in development and does not support authentication. We recommend deploying the WebApps in a private network and exposing them using Azure Application Gateway or Azure Front Door to enable authentication and authorization.
+
+You can also ingest data into your Azure Data Manager for Energy instance:
+
+- [Tutorial on CSV parser ingestion](tutorial-csv-ingestion.md).
+- [Tutorial on manifest ingestion](tutorial-manifest-ingestion.md).
+    
+## References
+
+- For information about Geospatial Consumption Zone, see [OSDU GitLab](https://community.opengroup.org/osdu/platform/consumption/geospatial/).
@@ -0,0 +1,64 @@
+---
+title: Deploy Geospatial Consumption Zone on top of Azure Data Manager for Energy
+description: Learn how to deploy Geospatial Consumption Zone on top of your Azure Data Manager for Energy instance.
+ms.service: energy-data-services
+ms.custom: devx-track-azurecli
+ms.topic: how-to
+ms.reviewer: 
+ms.author: eihaugho
+author: EirikHaughom
+ms.date: 05/11/2024
+---
+
+1. Run the following command to add the `Geospatial Consumption Zone - Provider` API to Azure API Management:
+
+    ```bash
+    az apim api import --resource-group <resource-group-name> --service-name <apim-service-name> --path ignite-provider --specification-format OpenApi --specification-path gcz-openapi-provider.yaml
+    ```
+
+1. Run the following command to add the `Geospatial Consumption Zone - Transformer` API to Azure API Management:
+
+    ```bash
+    az apim api import --resource-group <resource-group-name> --service-name <apim-service-name> --path gcz/transformer/admin --specification-format OpenApi --specification-path gcz-openapi-transformer.yaml
+    ```
+
+1. Create a new file on your local computer named `gcz-provider-policy.xml` and paste the following policy:
+
+    ```xml
+    <policies>
+        <!-- Throttle, authorize, validate, cache, or transform the requests -->
+        <inbound>
+            <base />
+            <validate-azure-ad-token tenant-id="%tenant-id%" failed-validation-httpcode="401">
+            <client-application-ids>
+                <application-id>%client-id%</application-id>
+            </client-application-ids>
+        </inbound>
+        <!-- Control if and how the requests are forwarded to services  -->
+        <backend>
+            <base />
+        </backend>
+        <!-- Customize the responses -->
+        <outbound>
+            <base />
+        </outbound>
+        <!-- Handle exceptions and customize error responses  -->
+        <on-error>
+            <base />
+        </on-error>
+    </policies>
+    ```
+
+1. Replace `%tenant-id%` with your Microsoft Entra ID tenant ID, and `%client-id%` with the Azure Data Manager for Energy client ID and save the file.
+
+1. Run the following command to add the policy to the `Geospatial Consumption Zone - Provider` API:
+
+    ```bash
+    az apim api policy import --resource-group <resource-group-name> --service-name <apim-service-name> --api-id <api-id> --policy-format xml --policy-path gcz-provider-policy.xml
+    ```
+
+1. Run the following command to add the policy to the `Geospatial Consumption Zone - Transformer` API:
+
+    ```bash
+    az apim api policy import --resource-group <resource-group-name> --service-name <apim-service-name> --api-id <api-id> --policy-format xml --policy-path gcz-provider-policy.xml
+    ```
@@ -0,0 +1,69 @@
+---
+title: Deploy Geospatial Consumption Zone on top of Azure Data Manager for Energy
+description: Learn how to deploy Geospatial Consumption Zone on top of your Azure Data Manager for Energy instance.
+ms.service: energy-data-services
+ms.custom: devx-track-azurecli
+ms.topic: how-to
+ms.reviewer: 
+ms.author: eihaugho
+author: EirikHaughom
+ms.date: 05/11/2024
+---
+
+### Add the GCZ APIs to Azure API Management
+
+1. Navigate to your Azure API Management service in the [Azure portal](https://portal.azure.com/).
+1. In the left-hand navigation pane, select **APIs**.
+1. Select **+ Add API**.
+1. Select **OpenAPI**.
+1. Select **Select a file** and upload the `gcz-openapi-provider.yaml` file.
+1. In the **API URL suffix** field, enter `ignite-provider`.
+1. Select **Create**.
+1. Repeat the steps for the `gcz-openapi-transformer.yaml` file, but use `gcz/transformer/admin` as the **API URL suffix**.
+
+    [![Add GCZ API to APIM](../../../media/how-to-deploy-gcz/deploy-gcz-apim.png)](../../../media/how-to-deploy-gcz/deploy-gcz-apim.png)
+
+### Configure policies
+
+Next we need to configure the policies to validate the JSON Web Tokens (JWT).
+
+You need the following information:
+- Your Microsoft Entra ID tenant ID.
+- The Azure Data Manager for Energy client ID (or token-issuing client ID if separate).
+
+> [!NOTE]
+> If you have multiple App Registrations issuing tokens, you can add multiple `<application-id>` elements to the `<client-application-ids>` element.
+
+
+1. In the newly created `Geospatial Consumption Zone - Provider` API, make sure **All operations** is selected.
+1. Under **Inbound processing**, select **...** and then **Code editor**.
+1. Paste the following policy definition in the editor:
+
+    ```xml
+    <policies>
+        <!-- Throttle, authorize, validate, cache, or transform the requests -->
+        <inbound>
+            <base />
+            <validate-azure-ad-token tenant-id="%tenant-id%" failed-validation-httpcode="401">
+            <client-application-ids>
+                <application-id>%client-id%</application-id>
+            </client-application-ids>
+        </inbound>
+        <!-- Control if and how the requests are forwarded to services  -->
+        <backend>
+            <base />
+        </backend>
+        <!-- Customize the responses -->
+        <outbound>
+            <base />
+        </outbound>
+        <!-- Handle exceptions and customize error responses  -->
+        <on-error>
+            <base />
+        </on-error>
+    </policies>
+    ```
+
+1. Replace `%tenant-id%` with your Microsoft Entra ID tenant ID, and `%client-id%` with the Azure Data Manager for Energy client ID.
+1. Select **Save**.
+1. Repeat the steps for the `Geospatial Consumption Zone - Transformer` API.