Installation on Azure

Owned by Former user (Deleted)
Last updated: Mar 25, 2020
3 min read

The following installation instructions are for the installation of an appliance in your Azure account. You must have appropriate permissions to be able to deploy a new virtual machine in order to complete the install. Please contact your Azure contact/administrator for assistance with Azure

Appliance Download

Appliances in Azure are distributed via VHD images. Please contact iQuate support for the latest VHD public share from iQuate. You will need to copy the VHD to your local storage in order to deploy an instance from it.

  • Obtain a URL for the disk image from iQuate support.

  • In your azure portal, select Storage Accounts and create a new storage account where you will copy the disk image to.

  • In this storage account, go to the "Blobs" section and create a container to hold the VHD image. On the screenshot below we have called ours "app" (short for appliance).

  • Leave the public access setting as "Private" (this is the default setting).

  • Go to the Settings > Access Keys section and copy the "key1" value (this will be required when copying the VHD to this storage).

Azure offers multiple methods to copy a VHD from the public share provided by iQuate support. If you have enough space on your computer you could download it and manually upload it using the UI. However this is a slow process.
Using the "azcopy" command line tool, you can copy the file directly from the iQuate shared URL into your storage account.

  • Download the AZCopy executable from Microsoft (on this page: https://azure.microsoft.com/en-us/downloads/)

  • Run the following command to copy the VHD
    azcopy /Source:<url1> Dest:<url2> DestKey:<key>
    where
    <url1> is the url supplied by iQuate support for the appliance-server.vhd
    <url2> is the final file location you want the VHD to have in your storage account
    <key> is the access key for your storage account

  • Once the copy has completed, navigate to the storage account > Blobs then into the container level. You should see the VHD file.

  • Click on the file and copy the URL (you will need this later when creating an appliance from this VHD).

Note: You cannot deploy a VM from a third party BLOB using an Azure free tier account. as the free tier has a maximum of 5 GB available for Blobs, which is too small for the iQCloud appliance. As a minimum, you need to be using a pay-as-you-go account.

Appliance Install

  • In your Azure portal, select All Services > Images

  • Click on Add to begin a new image creation screen.

  • Enter a unique name and select the storage blob URL that you saved the image from iquate to.

Note: You need to give the image a unique name, and ensure you assign the image to the same resource group as the targets you wish to scan. This image contains the hard drive image for the VM you will spin up that contains your appliance. For the iQCloud appliance, a standard HDD is sufficient. You do not need an SSD backed image.

  • From your Images page, go to the newly created image and click on "Create VM"

  • Specify a virtual machine name, a username and password for SSH access (or use an SSH key) and enable remote SSH access.

  • Select VM Size.
    Note: You need to specify a minimum of 2 cores and 4GB ram for the appliance corresponding to the B2s vm size at time of writing.

  • Once the appliance has booted for the first time, you can determine the public IP address from Azure. You need this IP address to log in to the server. You also need to give this IP address to iQuate support in order have your appliance whitelisted so that it can communicate to the iQCloud servers.

Azure Specific Configuration

When deploying an appliance to your Azure environment there are a number of configuration steps that are specific to Azure environments.

  • Determine the private IP address of the appliance

ifconfig eth0

  • Add the line "GatewayPorts yes" to the end of the file /etc/ssh/sshd_config using your preferred text editor.

  • Then send a sighup signal to sshd so that the change takes effect

ps -ef | grep sshd
kill -HUP <PID of sshd>

  • Note: send to main/parent sshd to re-read config and avoid killing existing sessions if required.

  • Next start (or restart) the appliance web ui by using the command

sudo /opt/communication/start-websocket-client.sh

At this point your appliance is running, and you should be able to log in to the web interface on the private IP address as outlined in Appliance Configuration section. Depending on your azure configuration you should already have a VPN or other method of connecting to this address/port.

You are now ready to configure your iQCloud Virtual Appliance. Please proceed to Appliance Configuration.