DataSunrise is sponsoring AWS re:Invent 2024 in Las Vegas, please visit us in DataSunrise's booth #2158

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

  • Home
  • Guides
  • How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager

How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager

How to Migrate DataSunrise CloudFormation Template from Launch Configuration (LC) to Launch Template (LT) Resource in Auto Scaling Group How to Send DataSunrise Events to a Microsoft Teams Channel via Incoming Webhook using Subscribers How To Offload The Audit Database Data To AWS S3 And Read It Using AWS Athena Service How to Convert Trial or BYOL Configuration of DataSunrise to Hourly Billing Backend DB: PostgreSQL (RDS) or Aurora PostgreSQL How to Troubleshoot “Connection Was Terminated” or “Connection Terminated Unexpectedly” Errors in Applications Using DataSunrise Proxies Exploring DataSunrise’s Performance Under High Traffic Conditions DataSunrise’s Approach to Configuring Penalties for SQL Injection Detection How to Block Specific Hosts in DataSunrise for Enhanced Database Security Troubleshooting AWS Metering and Hourly Billing Issues in DataSunrise on AWS Marketplace Cloud Formation Modification Dynamic Data Masking with DataSunrise: Masking with Lua scripts How to Choose the Database for Audit Storage: A Performance Analysis How to Run pgbench Through DataSunrise Proxy on PostgreSQL 14 with SCRAM Authentication DataSunrise SSO Authentication Based on SAML (Okta) DataSunrise SSO Authentication Based on OpenID (Okta) How to Search for Sensitive Data in Images Hosted on AWS S3 How to Deploy DataSunrise with Terraform Template on Azure How to Integrate DataSunrise with SQL Server Always On Cluster How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager How to Perform DataSunrise Static Data Masking for MongoDB How to Configure DB Audit Trailing for MS Azure MySQL How to Configure DB Audit Trailing for MS Azure PostgreSQL How to Configure DataSunrise to Mask Data for Amazon Athena How to Upgrade RHEL OS version of existing DataSunrise servers How to Integrate DataSunrise with AWS Database Activity Streams for Getting Auditing Results for AWS Aurora PostgreSQL How to Set Up SSL Certificates for DataSunrise Database Proxy Generating Reports in DataSunrise How to Hide Schemas From Users in Redshift AWS RDS PostgreSQL Audit Logs in DataSunrise How to Audit Administrative Actions in Your Oracle RDS and EC2 How to Check if DataSunrise Receives Traffic How To Remove a Procedure or a Function From a Database
Azure Cloud Computing

Nowadays Cloud Computing technology is the most efficient and convenient way to run the production environment in. Many companies are willing to store their data and deploy applications to the cloud to be able to build, run, and manage their services across multiple clouds using a great variety of tools for the data store, analysis, and management. Microsoft Azure provides users with 4 different forms of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and serverless which are the key solutions to efficient production deployment.

DataSunrise can be deployed in different configurations such as Standalone Instance, Failover configuration, and High Availability configuration. Here we describe a High Availability configuration of DataSunrise.

Manual deployment of a High Availability (HA) configuration requires accurate settings implementation with all the dependencies applied correctly. DataSunrise provides a dedicated script that you can use to deploy DataSunrise in a High Availability configuration automatically within the Microsoft Azure service based on the Azure Resource Manager (ARM) template.

The DataSunrise infrastructure includes:

  • Custom Virtual Network where subnets are stored.
  • DataSunrise autoscaling nodes (instances).
  • Configuration and audit storage based on Azure Databases.
  • Azure’s Load Balancer is used to distribute the traffic between living nodes.
  • ScaleSet includes configuration of the failover cluster.
  • Key Vault is used to store credentials for ARM resources.

All these components are located inside a Custom Virtual Network with the specified subnets.

Preparing for Deployment of an ARM Template

Template source files are located in DataSunrise GitHub repository. Some entities should exist in your Azure environment before you start the deployment process. Here is the list of required items:

  • Azure resource group where all the configured resources will be deployed.
  • Azure resource group where the database that you will protect is located. This resource group should also include virtual network (VNET) and Subnets.
  • Azure virtual network that will be used as the environmental network that will be used by the template resources.
  • Subnets within the VNET that you will designate for your DataSunrise cluster running in the specified VNET.

Subnets to be used should have the following service endpoints attached: Microsoft.Sql server endpoint: required in case MS SQL databases are used.

Important:

Your Azure account subscription must be assigned to the Owner role to be able to use Managed Identity resources to connect to Azure CLI and to deploy necessary Azure resources for the successful DataSunrise implementation. You can check it in
Subscriptions -> <your-subscription> -> Access control -> Role assignments.

To deploy DataSunrise in HA configuration, choose the Template deployment (deploy using custom templates) inside the selected resource group. Or you can use the Search services… functionality. Then load the prepared .json file in the editor and click Save.

As was earlier mentioned, ARM template deployment is performed with minimum user interference. Just follow the steps of the deployment wizard and fill out the required fields (note the prompts and that * is for required information).

Basic Information

Select the available subscription type of your Azure account. The resource group name will be set automatically according to the one that was chosen in the Deploying resource manager template section.

Virtual Machine Configuration

Note: please enter the most convenient Vm Size value depending on your location and availability set.

Subnets Environment

Enter the subnets environment information. Note, that in the Subnet Resource Group Name you need to specify the name of the resource group where the VNET is stored.

DataSunrise Configuration

Note: in this case, Azure PostgreSQL Database is used as the Dictionary and Audit Storage Database.

Target Database Configuration

Finishing the Deployment

After all the parameters are filled in and the Validation is passed, click the Create button.

The deployment process has started. To view the particular deployment of every resource, click the link in the top right corner of the screen. You can also view the Deployment in progress message in the Notification drop-down menu.

Once the deployment is finished successfully, Your deployment is complete message will be displayed. Click Go to resource group to view the created resources.

All the resources are successfully deployed and listed inside the resource group.

Connecting to DataSunrise Web UI

To connect to the DataSunrise’s Web Console, use Load balancer public IP address 11000 port. It will automatically connect to one of the configured nodes. You also need to use an IP address to connect to your protected database through a proxy and to connect to your Virtual Machine using SSH.

The Target Database will be automatically added to the DataSunrise server.

To start using DataSunrise as the firewall, connect to the Load balancer public IP address proxy port (specified as parameter). For example,

psql -h <loadbalancer ip address> -p 5432 -U <your user> -d <your db>

Did this guide help you?

Contact Us