Document Details
Tutorial
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
windows_tools
⚠️
missing_linux_example
Summary:
The documentation generally assumes a Linux/Bash environment for automation and scripting, which is appropriate for SAP automation on Azure. However, there are several instances of Windows bias: (1) File path examples and instructions for saving SSH keys use Windows paths (e.g., C:\Users\<your-username>\.ssh) and Windows-centric editors (Notepad++), (2) Visual Studio Code is recommended as the primary editor, and (3) PuTTY/PuTTYGen are mentioned for SSH key conversion, which are Windows tools, without mentioning Linux-native alternatives. There are no PowerShell or Windows CMD script examples, but the documentation does not provide explicit Linux-native alternatives for file management or SSH key handling, and the order of tool recommendations often puts Windows tools first.
Recommendations:
- When giving file path examples for SSH keys, provide both Windows (C:\Users\<username>\.ssh) and Linux (~/.ssh) examples, or default to Linux paths since the automation is Bash/Ansible-based.
- When recommending editors, mention Linux-native editors (e.g., nano, vim, gedit) alongside Visual Studio Code and Notepad++.
- When discussing SSH key conversion, mention Linux-native tools (e.g., ssh-keygen, OpenSSH utilities) in addition to PuTTY/PuTTYGen.
- If referencing Visual Studio Code, clarify that it is cross-platform and provide instructions for both Windows and Linux users.
- Where possible, avoid assuming the user is on Windows, especially in sections about connecting to VMs, managing files, or editing configuration files.
- Add explicit notes or examples for Linux users where Windows-specific instructions are given.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-09-11 00:00 | #108 | completed | ✅ Clean |
| 2025-08-11 00:00 | #77 | completed | ✅ Clean |
| 2025-08-10 00:00 | #76 | completed | ✅ Clean |
| 2025-08-09 00:00 | #75 | completed | ✅ Clean |
| 2025-08-08 00:00 | #74 | completed | ✅ Clean |
| 2025-08-07 00:00 | #73 | completed | ✅ Clean |
| 2025-08-06 00:00 | #72 | completed | ✅ Clean |
| 2025-08-05 00:00 | #71 | completed | ✅ Clean |
| 2025-08-03 00:00 | #69 | completed | ✅ Clean |
| 2025-08-01 00:00 | #67 | completed | ✅ Clean |
| 2025-07-31 00:00 | #66 | completed | ✅ Clean |
| 2025-07-30 00:00 | #65 | completed | ✅ Clean |
| 2025-07-29 00:01 | #64 | completed | ✅ Clean |
| 2025-07-28 00:00 | #63 | completed | ✅ Clean |
| 2025-07-27 00:00 | #62 | completed | ✅ Clean |
| 2025-07-26 00:01 | #61 | completed | ✅ Clean |
| 2025-07-25 00:00 | #60 | completed | ✅ Clean |
| 2025-07-24 00:00 | #59 | completed | ✅ Clean |
| 2025-07-23 00:00 | #58 | completed | ✅ Clean |
| 2025-07-22 00:01 | #57 | completed | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
Flagged Code Snippets
## Connect to the deployer VM
After the control plane is deployed, the Terraform state is stored by using the remote back-end `azurerm`. All secrets for connecting to the deployer VM are available in a key vault in the deployer's resource group.
To connect to your deployer VM:
1. Sign in to the [Azure portal](https://portal.azure.com).
1. Select or search for **Key vaults**.
1. On the **Key vault** page, find the deployer key vault. The name starts with `LAB[REGION]DEP05user`. Filter by **Resource group** or **Location**, if necessary.
1. On the **Settings** section in the left pane, select **Secrets**.
1. Find and select the secret that contains **sshkey**. It might look like `LAB-[REGION]-DEP05-sshkey`.
1. On the secret's page, select the current version. Then, copy the secret value.
1. Open a plain text editor. Copy in the secret value.
1. Save the file where you keep SSH keys. For example, use `C:\\Users\\<your-username>\\.ssh`.
1. Save the file. If you're prompted to **Save as type**, select **All files** if **SSH** isn't an option. For example, use `deployer.ssh`.
1. Connect to the deployer VM through any SSH client, such as Visual Studio Code. Use the public IP address you noted earlier and the SSH key you downloaded. For instructions on how to connect to the deployer by using Visual Studio Code, see [Connect to the deployer by using Visual Studio Code](tools-configuration.md#configure-visual-studio-code). If you're using PuTTY, convert the SSH key file first by using PuTTYGen.
> [!NOTE]
>The default username is *azureadm*.
>
> Ensure that the file you use to save the SSH key can save the file by using the correct format, that is, without carriage return (CR) characters. Use Visual Studio Code or Notepad++.
After you're connected to the deployer VM, you can download the SAP software by using the Bill of Materials (BOM).
## Connect to the deployer VM when you're not using a public IP
For deployments without public IP connectivity, direct connectivity over the internet isn't allowed. In these cases, you can use an Azure Bastion jump box or you can perform the next step from a computer that has connectivity to the Azure virtual network.
The following example uses Azure Bastion.
To connect to the deployer:
1. Sign in to the [Azure portal](https://portal.azure.com).
1. Go to the resource group that contains the deployer VM.
1. Connect to the VM by using Azure Bastion.
1. The default username is **azureadm**.
1. Select **SSH Private Key from Azure Key Vault**.
1. Select the subscription that contains the control plane.
1. Select the deployer key vault.
1. From the list of secrets, select the secret that ends with **-sshkey**.
1. Connect to the VM.
The rest of the tasks must be executed on the deployer.
## Secure the control plane
The control plane is the most critical part of the SAP automation framework. It's important to secure the control plane. The following steps help you secure the control plane.
You should update the control plane `tfvars` file to enable private endpoints and to block public access to the storage accounts and key vaults.
1. To copy the control plane configuration files to the deployer VM, you can use the `sync_deployer.sh` script. Sign in to the deployer VM and update the following command to use your Terraform state storage account name. Then, run the following script:
>[!NOTE]
>Ensure that you're logged on by using a user account that has the required permissions to create application registrations. For more information about app registrations, see [Create an app registration](/cli/azure/ad/app#az-ad-app-create).
>
Copy down the output details. Make sure to save the values for `App registration ID` and `App registration password`.
The output maps to the following parameters. You use these parameters in later steps, with automation commands.
| Parameter input name | Output name |
| ------------------------- | --------------------------------- |
| `app_registration_app_id` | `App registration ID` |
| `webapp_client_secret` | `App registration password` |
## View configuration files
1. Open Visual Studio Code from Cloud Shell.