Skip to main content
McAfee MVISION Cloud

Deploy Azure PoP in a New Infrastructure

Before you start the PoP deployment, follow the section ‘Setup the Prerequisites’ and setup the prerequisites to deploy PoP.

You will be able to deploy the PoP following the below instructions

  1. Download the PoP Deployment Package
  2. Deploy the required Infrastructure through the Azure ARM template

After successful PoP deployment, the PoP details and its health status is reported under PoP Management.

 

Step 1 : Download the PoP Deployment Package 

Follow the below steps to download the PoP deployment package.

To download the PoP Deployment Package:

  1. Log in to MVISION Cloud.
  2. Go to Service Management > Microsoft Azure, and choose a registered Azure Account.
  3. In the Overview section, Deploy New PoP.
  4. Click Download Deployment package and download the package.

The downloaded PoP Deployment package contains the installation files to deploy the PoP and the required artifacts for the PoP to communicate with the MVision Cloud. The Package is valid for 7 days after it is downloaded from MVision Cloud .

clipboard_e8cd692d00b561515f2518176ded35213.png

Step 2: Deploy the required Infrastructure through the Azure ARM template

The ‘Infrastructure.tar,’ that is part of the PoP Deployment Package (PopDeployment.tar), contains the ARM template (‘Azure_NewInfra.json’) to create infrastructure in the azure and deploy the PoP.

To deploy the Azure ARM template:

  1. Navigate to the Templates in Azure Console.
  2. Navigate to Templates >  Add >  Provide Name and Description > Copy and paste the Azure_NewInfra.json contents > Add.
  3. Once the template is created choose Deploy.
  4. Provide the required input parameters in the template:

o   Subscription:  Azure Subscription account name

o   Resource Group: Select Resource group name which is created before deployment.

o   Location: Auto-Populated according to resource group.

o   Pop Name: Specify the unique name for the PoP that you need to create in the Pop Name field.

o   Zone: An availability zone is a logical data center in a region available for use by any Azure customer. Select the number of Availability zones that needs to be configured from dropdown.

o   Virtual Machine size: Specify the required virtual machine size. Minimum and recommended size is Standard_D2s_v3.

o   Admin Username: Enter desired username for virtual machine

o   Admin Password Or Key: Navigate to the SSH key created in pre-requisite step, copy the Public key value and provide as input here.

o   Actions: List of roles assigned to PoP Virtual Machines to Allow actions on Azure Resources. Recommended list is

["Microsoft.Authorization/*/Read","Microsoft.Authorization/*/Write","Microsoft.Compute/locations/*","Microsoft.Compute/virtualMachines/*","Microsoft.Compute/virtualMachineScaleSets/*","Microsoft.Compute/disks/*","Microsoft.Insights/alertRules/*","Microsoft.Network/applicationGateways/backendAddressPools/join/action","Microsoft.Network/loadBalancers/*","Microsoft.Network/locations/*","Microsoft.Network/networkInterfaces/*","Microsoft.Network/networkSecurityGroups/*","Microsoft.Network/publicIPAddresses/*","Microsoft.Network/virtualNetworks/*","Microsoft.Network/privateLinkServices/*","Microsoft.Network/privateEndpoints/*","Microsoft.ResourceHealth/availabilityStatuses/read","Microsoft.Resources/deployments/*","Microsoft.Resources/subscriptions/resourceGroups/read","Microsoft.Network/privateDnsZones/*","Microsoft.Network/privateDnsOperationResults/*","Microsoft.Network/privateDnsOperationStatuses/*","Microsoft.Storage/*/read","Microsoft.Storage/storageAccounts/*"]

o   Not actions: List of roles assigned to PoP Virtual Machines to Deny action on Azure Resources. Recommended list is    ["Microsoft.Authorization/*/Delete","Microsoft.Authorization/elevateAccess/Action","Microsoft.Blueprint/blueprintAssignments/write","Microsoft.Blueprint/blueprintAssignments/delete","Microsoft.Compute/galleries/share/action"]

o   Role Name: Provide a unique name for the role definition.

o   Role Description: Provide detailed description of the role definition.

o   Desired Secondary Node Capacity: Enter the desired capacity of nodes I.e., number of secondary machines/Virtual machine scale sets. [Min=1, Max=10]

o   Cwpp Package Url: Provide PoPDeployment.tar URL path stored in Azure Storage as mentioned in pre-requisite step within single quotes like 'https://URL'

o   Cwpp Deployment Script: Provide AzureDeploymentScript.sh URL path stored in Azure Storage as mentioned in pre-requisite step without single quotes like https://URL

clipboard_e0225dec036a5e0d54629b047a7d7f212.png

After launching Cloud Formation, it takes about 20 minutes to deploy the PoP. You can check the deployment status in the cloud formation stack console in AWS. After the PoP Deployment, the PoP deployed in your account will update the status in MVISION Cloud. You can check the PoP details in the PoP Management page. 

clipboard_ec461eff19f5b9487b3a9fa3eaef0ddbb.png

  • Was this article helpful?