I’m excited to write about the availability of Deep Security Manager Solution Template in Azure Marketplace. You’re likely asking why we decided to provide our solution in this format versus the other options available through the Azure Marketplace. I can give you technically inclined answer but before I do that, let’s look at a traditional cloud deployment.
In the traditional way of deploying any solution in cloud you build each piece, one by one, and handle their dependencies. For example, to deploy a solution in Azure you will be looking at any number of the following;
- Storage account and blob
- Virtual network
- Network Security Groups
- Inbound and outbound Security rules
- And so on…
This approach can be ideal for complicated deployments which would require some understanding of the deployed solution before you can start using the deployed solution.
Solution template versus traditional deployment
- Time: Some will say this is our most scarce resource. By automating and scripting the deployment of Deep Security in Azure, you can start protecting your Azure based workloads immediately and focus on the tasks that really matters to you.
- Simplicity: Simplify the deployment of all the required resources by removing the complexities. For example, Deep Security Manager, Deep Security Relay, and other supporting infrastructure (such as a virtual network, database server, network security groups and firewall rules etc.). In this deployment option you have a complete control over Deep Security in your own environment (azure Account) and you will have the access to the data.
What solutions are available in Azure Marketplace?
Now you understand why we did it, you may be wondering what this offering is and what type of solution Trend Micro is offering in Azure Marketplace. As you may already know, Azure Marketplace supports multiple types of solutions
- Virtual Machine Image
- Developer Service
- Data Service
- Solution Template
What is a solution template?
Free form vs known configuration solution templates
There are two approaches when it comes to writing solution templates; free-from and known configuration t-shirt size approach. At first, free-form configurations sound appealing but when you dig deeper it is more complex, requires careful planning and you end up having to focus on decisions that can be scripted for you.
We decided to go with the t-shirt size, or Known configuration approach. This approach provides good, known configurations of varying sizes that are preconfigured for you. This enables you to easily select the deployment that fits your environment. Depending on the number of virtual machines you want to protect, you choose a matching Virtual Machine size configured for 25, 50, 100, 150 or 200.
If you’re wondering about protecting more than 200 workloads, we got this covered as well. It’s a matter of adding another Deep Security Virtual Machine (VM) from the Marketplace in your Azure account and picking up a “Use Existing “option for the Azure SQL database during the provisioning wizard. It’s a concept of horizontal scaling; we call such Deep Security deployments “multi-node” deployments. Alternately, you can go with the BYOL solution template and specify certain attributes of the deployment, such as VM type to go beyond the pre-configured standard offering.
Getting started with the Deep Security Solution Template for Azure
Let’s go on the journey to buy Deep Security Virtual Machine (VM) from Azure Marketplace and look at the information you’ll need to get started. Starting in the Azure Marketplace, search for the keyword “Deep Security”, which will return these results;
First you need to select your license model.
- If you’re an existing Deep Security customer, you can leverage your existing (or new) license with Deep Security on Azure marketplace. You can simply click on “Deep Security Manager (BYOL)” option.
- If you’re a new Deep Security customer, select the “Deep Security Manager” option to procure and deploy through the Azure Marketplace.
One you decide on the licensing model, the rest of the steps in this journey are the same. The solution template will guide you through a 7-step wizard that collects various parameter values, such as; user credentials, VM size, virtual network details and database selection.
Once you’re finished the quick 7-step wizard, you’ll have a fully optimized, connected configuration of Deep Security on a predefined network topology, ready to be used and protect your Azure workloads.
Here is what the deployment architecture will look like;