Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Deploy Secure App Connector V2 on Azure for TCP and UDP Applications

This deployment topic provides information on prerequisites, how to deploy Secure App Connector as a virtual machine (VM) in Microsoft Azure, and post-deployment configurations.

Prerequisite

Steps to Deploy

  1. Log in to the Azure portal using any role with credentials to create/edit VMs, create/edit virtual networks, and create/edit network security groups.
  2. Click Virtual machines under Azure services.

Step 1_0 Darker.png

  1. Click Create, and select Azure virtual machine from the menu.

Step 2_0 darker.png

  1. In the Basics panel, enter general information about the VM.
    1. In the Project Details, click Create new to create a new resource group name or use an existing resource group.

      Step 3_0.png
    2. In the Instance Details, enter the desired Virtual machine name in the field.

      Step 4.png
    3. Choose the region.

      image (63).png
    4. Select your Availability options, Availability zone, and Security type with default values.

      step 6.jpg
    5. Click See all images > Community Images on the left panel, search for Skyhigh and select Skyhigh_secure_app_connector image. 

      Step 7_0 darker.png

      Step 8_00 darker.png
       
    6. Select size Standard_B4als_v2 (4CPU, 8GM RAM ) for TCP and Standard_F8s_v2 (8CPU, 16GB RAM ) for UDP as a minimum recommendation.

      Step 9.png

      clipboard_e599859ce12562dfce0af1b7343a62b81.png

NOTE: We recommend using the CLI option to put the Secure App connector VM into Standby mode instead of hibernating or shutting it down.

  1. Select authentication type as SSH public key and enter username as azure.

    Step 10.png

NOTE: Make sure the username is azure; other usernames are not compatible.

  1. Configure Inbound port rules.

    Step 11.png
  2. Select license type as Other.

    Step 12.png

 

  1. In the Disks panel, enable Encryption at host, configure OS disk size as 64Gb for TCP & 128GB (minimum) for UDP. 

Step 13_0 darker.png

NOTE: We recommend selecting/enabling the checkbox for Delete with VM.

  1. In the Networking panel 
    1. Click Create new virtual network or use an existing virtual network.
    2. Select Advanced for the NIC network security group.
    3. For Configure network security group, click Create new or use existing security group.

NOTE: By default, the VM allows inbound SSH connections for port 22.

  1. Select Load balancing as None as other options are not supported.

    Step 16.png

 

  1. Under the Management tab, keep the default values and then click Next: Monitoring.

Step 17_0 darker.png

  1. Under the Monitoring panel, enable Boot diagnostics and click Next: Advanced.

Step 18_0 darker.png

NOTE: Enabling boot diagnostics helps with debugging, in case of installation failures.

  1. In the Advanced panel, enable Enable user data checkbox.
    • Copy & paste the connector configuration content from SSE using the downloaded configuration file. 

      NOTE: Ensure that you do not copy & paste the downloaded configuration file to Custom data.

      Step 19.png
  2. Click Next: Tags.
  3. Under the Tags section, to configure either proxy or dns or udp_socks_proxy or bypass_proxy, add the tag in the below format: 
    • Key - The key must remain fixed and match the one in the screenshot below.  
    • value - The value can be customized as needed.

NOTE

  • <PROXY>: Address of the proxy server (optional)
  • <BYPASS_PROXY>:  List of domains that can be added to bypass the proxy (optional). This parameter can be ignored if you don't have any domains that need to bypass the proxy, even when a proxy is used. 
  • <UDP_SOCKS_PROXY> Used to access the internet via SOCKS proxy for UDP traffic (optional).

NOTE: Set the <PROXY>,<NO_PROXY> and <UDP_SOCKS_PROXY> parameters only when your connector uses a proxy server to reach the internet. 

 image (26).png

  1. In the Review + create tab, review your VM configuration, and then click Create

step 21_0 darker.jpg

  1. Once Azure VM creation is done, click Go to resource.

step 22 darker.jpg
 

  1. In the Virtual machines window, take note of the IP Address for the newly configured VM.

2024-07-01_18-03-54.jpg

  1. Use a standard SSH Client (like Putty) and enter the following command to log in to Azure VM.

ssh -i <Azure Private Key> azure@<App Connector Hostname or IP Address>

  1. Connector deployment will take around 15-20 minutes.
  2. To validate your secure app connector deployment, see Secure App Connector V2 CLI.

NOTE

  • The tags created in step 11, ie: proxy, bypass, udp_socks, can be deleted after a successful installation.
  • In case of any failure, delete the old stack and redeploy the connector. 
  • Was this article helpful?