Deploy CT Connectors on Azure

This topic lists the steps to deploy CT Connectors on the Azure cloud.

Prerequisites

  • Azure VMs that meet the following minimum sizing - 2 vCPUs, 8 GB RAM, and 1 Gbps throughput. For example, General purpose Standard_D2_v4 and above.

  • VMs used to deploy CT Connectors must resolve the Fully Qualified Domain Name (FQDN) of the Xshield instance to which the Connectors must be registered. 

  • If you plan to use existing Azure network resources, the details of the Virtual Network and Network Security Group for the CT Connectors. 

Deploy CT Connector

VM images for Azure CT Connectors are available on the Azure cloud. Currently, the latest image available is colortokens-ctconnector-8.0.0.72-69, and this is built on top of Ubuntu 16.04 LTS.

The steps listed here pertain to only deploying the CT Connector on Azure. You must provide additional details such as region, availability options, storage type, tags, and so on that suit your deployment practices.

  1. Log in to the Azure portal.

  2. Click Images > AMI, select the VM image, and click Create VM.

  3. On the Basics page, do the following:

    1. Associate the VM with an existing or new Resource Group.

    2. In the Virtual machine name text box, enter a name for the VM (Connector).

    3. Select a size for the VM.

    4. In the Administrator Account area, enter ctbridge as the username, use an existing key pair, or create a new one.

    5. Click Next: Disks.

  4. On the Disks page, suitable storage (above 50 GB) with the available options, and click Next: Networking

  5. On the Networking page, select a suitable Virtual network, public IP, and Network Security Group for the Connector.

    CT Connectors only need inbound an access rule on port 22 for SSH.

  6. (Optional) Go to the Management, Advanced, and Tags pages for additional settings and details.

  7. On the Review + Create page, click Create.

Copy the vmID of the Connector

  1. Go to Azure Cloud Console and type  az vm show --resource-group <Resource Group of the Connector VM> --name <Virtual machine name>.

  2. Look for vmID and copy it.

Add/register CT Connector to the Xshield instance

Use the vmID of the Connector VM to add/register the Connector with the Xshield instance. CT Connectors obtain the details of the instance for registration after you input the vmID to add the VM to the instance.

If you are registering the first Azure CT Connector for the instance, go to the Xaccess tab on Xshield and initiate Xaccess Onboarding.

  1. Go to Xaccess > Connectors.

  2. Click Add Connector.

  3. In the Instance ID text box, paste the vmID of the VM.

  4. Click Save.

You may need to wait for a few seconds for Xshield to verify the validity of the Connector with the app instance. Upon successful verification, the CT Connector is registered with the instance.

Successfully deployed

CT Connectors are deployed successfully if they are registered successfully with the instance. Connectors deployed successfully are listed on the Connectors page (Status = Online and State = Enabled).

At this stage, the CT Connectors are only added to the instance. To enable the CT Connectors to discover applications and services, you must specify the IP subnets and domains of the applications. 

Deployment failed

Some of the causes of failed deployments are incorrect vmIDs or lack of connectivity to the Virtual Networks. Connectors are not displayed on the Connectors page until they are not registered with the instance.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.