Deploy Chat Copilot to Azure as a web app service
In this how-to guide we will provide steps to deploy Semantic Kernel to Azure as a web app service. Deploying Semantic Kernel as web service to Azure provides a great pathway for developers to take advantage of Azure compute and other services such as Azure Cognitive Services for responsible AI and vectorized databases.
Prerequisites
Chat Copilot deployments use Azure Active Directory to authenticate users and secure access to the backend web service. These steps will walk you through the configuration needed to ensure smooth access to your deployment.
App registrations (identity)
You will need two Azure Active Directory (AAD) application registrations -- one for the frontend web app and one for the backend API.
NOTE: Other account types can be used to allow multitenant and personal Microsoft accounts to use your application if you desire. Doing so may result in more users and therefore higher costs.
Frontend app registration
- Select
Single-page application (SPA)
as platform type, and set the redirect URI tohttp://localhost:3000
- Select
Accounts in this organizational directory only ({YOUR TENANT} only - Single tenant)
as supported account types. - Make a note of the
Application (client) ID
from the Azure Portal. This is the value forYOUR_FRONTEND_CLIENT_ID
referenced below.
Backend app registration
- Do not set a redirect URI
- Select
Accounts in this organizational directory only ({YOUR TENANT} only - Single tenant)
as supported account types. - Make a note of the
Application (client) ID
from the Azure Portal. This is the value forYOUR_BACKEND_CLIENT_ID
referenced below.
Linking the frontend to the backend
In the backend app registration:
- Expose an API
- Select
Expose an API
from the menu - Add an
Application ID URI
- Select
- Add a scope
- Set
Scope name
toaccess_as_user
- Set
Who can consent
toAdmins and users
- Set
- Add a client application
- For
Client ID
, enter the frontend's application (client) ID - Be sure to check the box under
Authorized scopes
- For
In the frontend app registration:
- Select
API Permissions
from the menu - Add a permission
- Select the tab
APIs my organization uses
- Choose the app registration for the backend
- Select the
access_as_user
permission
- Select the tab
Considerations
You can use one of the deployment options to deploy based on your use case and preference. Below are some considerations to keep in mind when choosing a deployment option.
Azure currently limits the number of Azure OpenAI resources per region per subscription to 3. Azure OpenAI is not available in every region. (Refer to this availability map) Bearing this in mind, you might want to use the same Azure OpenAI instance for multiple deployments of Semantic Kernel to Azure.
F1 and D1 App Service SKU's (the Free and Shared ones) are not supported for this deployment.
Ensure you have sufficient permissions to create resources in the target subscription.
Using web frontends to access your deployment: make sure to include your frontend's URL as an allowed origin in your deployment's CORS settings. Otherwise, web browsers will refuse to let JavaScript make calls to your deployment.
Deployment Options
Script Parameters
Below are examples on how to run the PowerShell and bash scripts. Refer to each of the script files for the complete list of available parameters and usage.
PowerShell
- Creating new Azure OpenAI Resources
./deploy-azure.ps1 -Subscription {YOUR_SUBSCRIPTION_ID} -DeploymentName {YOUR_DEPLOYMENT_NAME} -AIService {AzureOpenAI or OpenAI} -AIApiKey {YOUR_AI_KEY} -AIEndpoint {YOUR_AZURE_OPENAI_ENDPOINT} -BackendClientId {YOUR_BACKEND_APPLICATION_ID} -FrontendClientId {YOUR_FRONTEND_APPLICATION_ID} -TenantId {YOUR_TENANT_ID}
- To use an existing Azure OpenAI resource, set
-AIService
toAzureOpenAI
and include-AIApiKey
and-AIEndpoint
. - To deploy a new Azure OpenAI resource, set
-AIService
toAzureOpenAI
and omit-AIApiKey
and-AIEndpoint
. - To use an an OpenAI account, set
-AIService
toOpenAI
and include-AIApiKey
.
Bash
chmod +x ./deploy-azure.sh
./deploy-azure.sh --subscription {YOUR_SUBSCRIPTION_ID} --deployment-name {YOUR_DEPLOYMENT_NAME} --ai-service {AzureOpenAI or OpenAI} --ai-service-key {YOUR_AI_KEY} --ai-endpoint {YOUR_AZURE_OPENAI_ENDPOINT} --client-id {YOUR_BACKEND_APPLICATION_ID} --frontend-client-id {YOUR_FRONTEND_APPLICATION_ID} --tenant-id {YOUR_TENANT_ID}
- To use an existing Azure OpenAI resource, set
--ai-service
toAzureOpenAI
and include--ai-service-key
and--ai-endpoint
. - To deploy a new Azure OpenAI resource, set
--ai-service
toAzureOpenAI
and omit--ai-service-key
and--ai-endpoint
. - To use an an OpenAI account, set
--ai-service
toOpenAI
and include--ai-service-key
.
Azure Portal Template
If you choose to use Azure Portal as your deployment method, you will need to review and update the template form to create the resources. Below is a list of items you will need to review and update.
- Subscription: decide which Azure subscription you want to use. This will house the resource group for the Semantic Kernel web application.
- Resource Group: the resource group in which your deployment will go. Creating a new resource group helps isolate resources, especially if you are still in active development.
- Region: select the geo-region for deployment. Note: Azure OpenAI is not available in all regions and is currently to three instances per region per subscription.
- Name: used to identify the app.
- App Service SKU: select the pricing tier based on your usage. Click here to learn more about Azure App Service plans.
- Package URI: there is no need to change this unless you want to deploy a customized version of Semantic Kernel. (See this page for more information on publishing your own version of the Semantic Kernel web app service)
- Completion, Embedding and Planner Models: these are by default using the appropriate models based on the current use case - that is Azure OpenAI or OpenAI. You can update these based on your needs.
- Endpoint: this is only applicable if using Azure OpenAI and is the Azure OpenAI endpoint to use.
- API Key: enter the API key for the instance of Azure OpenAI or OpenAI to use.
- Web API Client ID: the application (client) ID associated with your backend app registration.
- Azure AD Tenant ID: The Azure AD tenant against which to authenticate users. For single tenant applications (recommended), this will match the tenant ID of your backend app registration.
- Azure AD Instance: This is the Azure cloud instance to use for authenticating users. The default is https://login.microsoftonline.com/. If you are using a sovereign cloud, you will need to update this value.
- CosmosDB: whether to deploy a CosmosDB resource to store chats. Otherwise, volatile memory will be used.
- Speech Services: whether to deploy an instance of the Azure Speech service to provide speech-to-text for input.
What resources are deployed?
Below is a list of the key resources created within the resource group when you deploy Semantic Kernel to Azure as a web app service.
- Azure web app service: hosts Semantic Kernel
- Application Insights: application logs and debugging
- Azure Cosmos DB: used for chat storage (optional)
- Qdrant vector database (within a container): used for embeddings storage (optional)
- Azure Speech service: used for speech-to-text (optional)
Verifying the deployment
To make sure your web app service is running, go to https://YOUR_INSTANCE_NAME.azurewebsites.net/healthz
To get your instance's URL, go to your deployment's resource group (by clicking on the "Go to resource group" button seen at the conclusion of your deployment if you use the "Deploy to Azure" button). Then click on the resource whose name ends with "-webapi".
This will bring you to the Overview page on your web service. Your instance's URL is the value that appears next to the "Default domain" field.
Changing your configuration and monitoring your deployment
After your deployment is complete, you can change your configuration in the Azure Portal by clicking on the "Configuration" item in the "Settings" section of the left pane found in the Semantic Kernel web app service page.
Scrolling down in that same pane to the "Monitoring" section gives you access to a multitude of ways to monitor your deployment.
In addition to this, the "Diagnose and solve problems" item near the top of the pane can yield crucial insight into some problems your deployment may be experiencing.
How to clean up resources
When you want to clean up the resources from this deployment, use the Azure portal or run the following Azure CLI command:
az group delete --name YOUR_RESOURCE_GROUP
Deploy Chat Copilot to AzureML as an Online Endpoint
Advance your Semantic Kernel app by deploying to an AzureML Online Endpoint which helps to manage your real-time inferencing workload.
Prerequisites
- An Azure Machine Learning Workspace - Create a new one
- Get an OpenAI API Key or create an Azure OpenAI Deployment
Follow the sample notebook
In the azureml-examples github repo, fill in the sample notebook with your AzureML resources. Executing the notebook deploys a sample Semantic Kernel app to an Online Endpoint in your AzureML Workspace. The sample uses a custom container to deploy a Flask web server which exposes the Semantic Kernel app's API endpoints for inferencing.
Take the next step
Learn how to make changes to your Semantic Kernel web app, such as adding new skills.
If you have not already done so, please star the GitHub repo and join the Semantic Kernel community! Star the Semantic Kernel repo