The following instructions identify the process for the installation of an appliance in your Azure account. You must have appropriate permissions to be able to deploy a new virtual machine in order to complete the install. Please contact your Azure contact/administrator for assistance with Azure permissions.
Appliance Download
Appliances in Azure are distributed via Virtual Hard Disk (VHD) images. Please contact CloudSphere support for the latest VHD public share from CloudSphere. You will need to copy the VHD to your local storage in order to deploy an instance from it.
- Obtain a URL for the disk image from CloudSphere support;
- In your Azure portal, select Storage Accounts and create a new storage account to where you can copy the disk image.
- In this storage account, go to the "Blobs" section and create a container to hold the VHD image. (Note: On the screenshot below, we the container is called "vhds").
- Leave the public access setting as "Private" (this is the default setting).
- Go to the Settings > Access Keys section and copy the "key1" value (this will be required when copying the VHD to this storage).
Azure offers multiple methods to copy a VHD from the public share provided by CloudSphere support. If you have enough space on your computer, you could download it and manually upload it using the UI. However, this may be a slow process. Using the azcopy command-line tool, you can copy the file directly from the CloudSphere shared URL into your storage account.
- Download the AzCopy executable from Microsoft (on this page: https://azure.microsoft.com/en-us/downloads/ ). Note: The instructions use AzCopy version 8
- Run the following command to copy the VHD:
azcopy /Source:<url1> /Dest:<url2> /DestKey:<key>
where: - <url1> is the URL supplied by CloudSphere support for the appliance-server.vhd
- <url2> is the final file location you want the VHD to have in your storage account, including path and filename
- <key> is the access key for your storage account
Example:
C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy> azcopy
/Source:https://applianceserver.blob.core.windows.net/vhds/appliance-server.vhd
/Dest:https://appliance20220208.blob.core.windows.net/vhds/appliance-server.vhd
/DestKey:vLPfvY722QXt8JC5Dn/Pexzo0Z+HVQ/oogNm/Q2pnPmWrgsKP/JsfSZp0hfuwMgmMCfdaI0bMvS9Tr3KC6NJFw==
Do you want to overwrite the journal to start a new operation?
Choose Yes to overwrite, choose No to cancel current operation. (Yes/No) y
Finished 1 of total 1 file(s).
[2022/02/08 09:27:52] Transfer summary:
-----------------
Total files transferred: 1
Transfer successfully: 1
Transfer skipped: 0
Transfer failed: 0
Elapsed time: 00.00:06:10
- Once the copy has been completed, navigate to the storage account > select the one just copied from CloudSphere support > Go into the containers level > VHDS. The VHD file should be visible.
- Click on the file and copy the URL (you will need this later when creating an appliance from this VHD).
NOTE: You cannot deploy a VM from a third-party BLOB using an Azure free tier account (as the free tier has a maximum of 5 GB available for Blobs); this storage area is too small for the CloudSphere appliance. As a minimum, you will need to be using a pay-as-you-go account.
Appliance Install
- In your Azure portal, select All Services > Images
- Click on Create to begin a new image creation screen.
- Enter a unique name and select the storage blob URL to which you saved the image from CloudSphere.
NOTE: (1) You need to give the image a unique name, and (2) ensure you assign the image to the same resource group as the targets you wish to scan. This image contains the hard drive image for the VM you will spin up that contains your appliance. For the CloudSphere appliance, a standard HDD is sufficient. You do not need an SSD-backed image.
- Once the Image is ready, return to the Image page and go to the newly created image; click on it and then click on "Create VM"
- Specify a virtual machine name, a username and password for SSH access (or use an SSH key) and enable remote SSH access.
- Select VM Size.
NOTE: You need to specify a minimum of 2 cores and 4GB ram for the appliance corresponding to the B2s VM size (at the time of writing).
- Once the appliance has booted for the first time, you can determine the public IP address from Azure. You need this IP address to log in to the server. You also need to give this IP address to CloudSphere support in order to have your appliance whitelisted so that it can communicate with the CAM Portal.
Azure Specific Configuration
When deploying an appliance to your Azure environment, there are a number of configuration steps that are specific to Azure environments.
- Determine the private IP address of the appliance:
ifconfig eth0
- Add the line "GatewayPorts yes" to the end of the file /etc/ssh/sshd_config using your preferred text editor.
- Send a sighup signal to sshd so that the change takes effect:
ps -ef | grep sshd2
kill -HUP <PID of sshd>
NOTE: send to main/parent sshd to re-read config and avoid killing existing sessions if required.
- Next start (or restart) the appliance Web UI by using the command:
sudo /opt/communication/start-websocket-client.sh
At this point, your appliance is running, and you should be able to log in to the web interface on the private IP address as outlined in the Appliance Configuration section. Depending on your azure configuration you should already have a VPN or other method of connecting to this address/port.
You are now ready to configure your Virtual Appliance. Please proceed to Configure the Virtual Appliance