Technology advancements such as high-speed Internet connectivity, ability to create abstract layers in computing environments has allowed us to achieve things that were unthinkable ten years ago. I have personally experience these advancements in my professional life. At one point, I was happy to get my hands on virtualization and ability to run integrated solution from my laptop and an external portable storage device for my work. Now, with the eruption of cloud computing combined with the power of orchestration tools is mind blowing. We have entered into an-era where we are looking to automate everything aka Infrastructure as a Code.
Today, I’m happy to talk about our “Azure quickstart template”, let’s get started and get to the technical details.
What makes this quickstart template?
This integrated stack consists of Trend Micro Deep Security, Splunk Enterprise and Chef automation platform, all running on Azure.
How is this quickstart template created?
This integrated stack is built using a JSON template, the template is based on Microsoft Azure Resource Manager (ARM) templates. With ARM templates, we can deploy topologies quickly, consistently with multiple services along with their dependencies. You do it once and consume it many times. It’s pretty powerful, since we by working with our Azure partner did for you already, you can simply consume.
What’s in it for me?
It saves you a lot of time that you can spend on things that matters to you, I don’t know perhaps watching a hockey game (yes, I’m Canadian and it’s our sport). Seriously, thing about it, if you are familiar with these solutions then you must be aware of it that each element has various components such as web based management application, database etc. and requires specific communication paths, database schema etc. To setup this type of environment where you have a fully functional integrated components would take you at least couple of hours and this estimate is by assuming your three-year-old daughter is not screaming in the background and you have your full attention and focused time to build this up. I don’t know but I love when someone else can do part of my job and make it easy for me.
I’m with you tell me more.
Okay, if you are sill reading then I like to think I have your attention so let’s look at this diagram on what is involved here to give more technical details about this quick start;
To break it up, we have;
- A storage account in the resource group.
- A Virtual Network (vNet) with four subnets
- Virtual Machines to host solution components
- Network security groups to control what communication paths are allowed
- Azure SQL DB to host Deep Security persistent data
- Three test Virtual Machines; 2 VMs (Linux, Windows) with bootstrap scripts to install TrendMicro agents (through Azure VM extensions) and 1 VMs (Linux) with bootstrap scripts to install Chef Agents
There is a lot happening here as you can see and the only thing you need to do as part of consuming this is to provide some values for the template parameters such as;
- Where you want to deploy this stack.
- Web application administrators account and Virtual machine administrator account credentials for the various stack components.
- Communication ports for Deep Security
- Virtual machine size and number of test virtual machines
It takes roughly 30-45 minutes or so to have this environment fully functional. At the end, we will return the URL’s for each solution component (Trend Micro, Splunk and Chef) to you so that you can go ahead and simply login to these applications and do what ever you wanted to do e.g. protecting your Azure based workloads from various vulnerabilities, remember cloud security is a shared responsibility i.e. although cloud providers deliver an extremely secure environment but you need to protect what you put IN the cloud—your workloads.
I’m sold, where can I get this template for quick start?
That was easy! The ARM template is available on the Azure website (here). You can simply click the “Deploy to Azure” button on or select Browse in GitHub repository. You can also use PowerShell, Azure CLI etc. to start the deployment, the GitHub link provides necessary documentation for it.
The Chef recipe for Deep Security Agent is available here.
Questions? Reach out to us by email at firstname.lastname@example.org and we’ll be happy to help!