Deploy Secure App Connector V2 on Azure for TCP and UDP Applications

Prerequisite

• Make sure to allow the following domains and HTTP(S) ports when you are using a firewall. For more details, see  Secure App Connector V2 Prerequisites and Firewall settings For Private Applications.

Steps to Deploy

1. Log in to the Azure portal using any role with credentials to create/edit VMs, create/edit virtual networks, and create/edit network security groups.
2. Click Virtual machines under Azure services.

3. Click Create, and select Azure virtual machine from the menu.

4. In the Basics panel, enter general information about the VM.
   1. In the Project Details, click Create new to create a new resource group name or use an existing resource group.
      
      
   2. In the Instance Details, enter the desired Virtual machine name in the field.
      
      
   3. Choose the region.
      
      
   4. Select your Availability options, Availability zone, and Security type with default values.
      
      
   5. Click See all images > Community Images on the left panel, search for Skyhigh and select Skyhigh_secure_app_connector image. 
      
      
      
      
       
   6. Select size Standard_B4als_v2 (4CPU, 8GM RAM ) for TCP and Standard_F8s_v2 (8CPU, 16GB RAM ) for UDP as a minimum recommendation.
      
      
      
      

7. Select authentication type as SSH public key and enter username as azure.
   
   

8. Configure Inbound port rules.
   
   
9. Select license type as Other.
   
   

 

5. In the Disks panel, enable Encryption at host, configure OS disk size as 64Gb for TCP & 128GB (minimum) for UDP. 

6. In the Networking panel 
   1. Click Create new virtual network or use an existing virtual network.
   2. Select Advanced for the NIC network security group.
   3. For Configure network security group, click Create new or use existing security group.
      • Click Add an outbound rule and create a rule that allows outbound connections on ports 443 and 8080. In case the firewall is configured, refer to the link: Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
         
        
        
        

4. Select Load balancing as None as other options are not supported.
   
   

 

7. Under the Management tab, keep the default values and then click Next: Monitoring.

8. Under the Monitoring panel, enable Boot diagnostics and click Next: Advanced.

9. In the Advanced panel, enable Enable user data checkbox.
   • Copy & paste the connector configuration content from SSE using the downloaded configuration file. 
     
     NOTE: Ensure that you do not copy & paste the downloaded configuration file to Custom data.
     
     
10. Click Next: Tags.
11. Under the Tags section, to configure either proxy or dns or udp_socks_proxy or bypass_proxy, add the tag in the below format: 
    • Key - The key must remain fixed and match the one in the screenshot below.  
    • value - The value can be customized as needed.

• <PROXY>: Address of the proxy server (optional)
• <BYPASS_PROXY>:  List of domains that can be added to bypass the proxy (optional). This parameter can be ignored if you don't have any domains that need to bypass the proxy, even when a proxy is used. 
• <UDP_SOCKS_PROXY> Used to access the internet via SOCKS proxy for UDP traffic (optional).

 

12. In the Review + create tab, review your VM configuration, and then click Create. 

13. Once Azure VM creation is done, click Go to resource.

 

14. In the Virtual machines window, take note of the IP Address for the newly configured VM.

15. Use a standard SSH Client (like Putty) and enter the following command to log in to Azure VM.

ssh -i <Azure Private Key> azure@<App Connector Hostname or IP Address>

16. Connector deployment will take around 15-20 minutes.
17. To validate your secure app connector deployment, see Secure App Connector V2 CLI.