Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Deploy Secure App Connector V2 on Azure for TCP Applications

This deployment topic provides information on prerequisites, how to deploy Secure App Connector as a virtual machine (VM) in Microsoft Azure, and post-deployment configurations.

Note: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall, For more details, see  Secure App Connector V2 Prerequisites and Firewall settings For Private Applications

Prerequisites

  • Skyhigh Security recommends Secure App Connector have at least 4CPU and 8GB RAM

Note: In case of any failure, delete the old stack and redeploy.

Steps to Deploy

  1. Log in to the Azure portal using any role with credentials to create/edit VMs, create/edit virtual networks, and create/edit network security groups.
  2. Click Virtual machines under Azure services.

Step 1_0 Darker.png

  1. Click Create, and select Azure virtual machine from the menu.

Step 2_0 darker.png

  1. In the Basics panel, enter general information about the VM.
    1. In the Project Details, click Create new to create a new resource group name or use an existing resource group.

      Step 3_0.png
    2. In the Instance Details, enter the desired Virtual machine name in the field.

      Step 4.png
    3. Click the Region drop-down menu and choose (US) East US region.

      NOTE: Currently (US) East US is the only region supported. 

      Step 5.png
    4. Select your Availability options, Availability zone, and Security type with default values.

      step 6.jpg
    5. Click See all images > Community Images on the left panel, search for Skyhigh and select Skyhigh_secure_app_connector image. 

      Step 7_0 darker.png

      Step 8_00 darker.png
       
    6. Select size Standard_B4als_v2 (4CPU, 8GM RAM ) as a minimum recommendation. 

      Step 9.png
       

NOTE: We recommend using the CLI option to put the Secure App connector VM into Standby mode instead of hibernating or shutting it down.

  1. Select authentication type as SSH public key and enter username as azure.

    Step 10.png

NOTE: Make sure the username is azure; other usernames are not compatible.

  1. Configure Inbound port rules.

    Step 11.png
  2. Select license type as Other.

    Step 12.png

 

  1. In the Disks panel, enable Encryption at host and configure OS disk size as 64Gb (minimum). 

Step 13_0 darker.png

NOTE: We recommend selecting/enabling the checkbox for Delete with VM.

  1. In the Networking panel 
    1. Click Create new virtual network or use an existing virtual network.
    2. Select Advanced for the NIC network security group.
    3. For Configure network security group, click Create new or use existing security group.

NOTE: By default, the VM allows inbound SSH connections for port 22.

  1. Select Load balancing as None as other options are not supported.

    Step 16.png

 

  1. Under the Management tab, keep the default values and then click Next: Monitoring.

Step 17_0 darker.png

  1. Under the Monitoring panel, enable Boot diagnostics and click Next: Advanced.

Step 18_0 darker.png

NOTE: Enabling boot diagnostics helps with debugging, in case of installation failures.

  1. In the Advanced panel, enable Enable user data checkbox.
    • Copy & paste the connector configuration content from SSE using the downloaded configuration file. 

      NOTE: Ensure that you do not copy & paste the downloaded configuration file to Custom data.

      Step 19.png
  2. Click Next: Tags.
  3. Under the Tags section, to configure either proxy or dns or udp_socks_proxy or bypass_proxy, add the tag in the below format: 
    • Key - The key must remain fixed and match the one in the screenshot below.  
    • value - The value can be customized as needed.

NOTE:

 Step 20.png

  1. In the Review + create tab, review your VM configuration, and then click Create

step 21_0 darker.jpg

  1. Once Azure VM creation is done, click Go to resource.

step 22 darker.jpg
 

  1. In the Virtual machines window, take note of the IP Address for the newly configured VM.

2024-07-01_18-03-54.jpg

  1. Use a standard SSH Client (like Putty) and enter the following command to log in to Azure VM.

ssh -i <Azure Private Key> azure@<App Connector Hostname or IP Address>

  1. Connector deployment will take around 15-20 minutes.
  2. To validate your secure app connector deployment, see Secure App Connector V2 CLI.

NOTE: The tags created in step 11, ie: proxy, bypass, udp_socks, can be deleted after a successful installation.

  • Was this article helpful?