You can create an Accurics setup in your own Azure environment. This way you have your own setup of Accurics in your Cloud as opposed to using the public hosted Accurics SaaS platform.
- Prerequisites for deployment
- Installing Accurics on Azure
- Enabling SSL on the Accurics Console URL
- Login to the Accurics console
- Removing Accurics from Azure
Prerequisites for deployment
The Accurics Platform gets deployed on the Azure Cloud and the deployment process is completely automated through the use of terraform. There are certain prerequisites that need to be taken care of before one can begin the deployment.
- Azure credentials to create an instance on your Azure Cloud.
Although it is not mandatory to have an independent account for Accurics, it is recommended to have one to keep the Accurics platform completely isolated.
- Create a new VM in your Azure account. This is preferred to avoid facing environment specific issues. Optionally, you can perform the installation from your Windows / Mac machine.
Minimum configuration for the VM:
- AMI: Ubuntu Server 18.04 LTS – Gen1, SSD Volume Type
- Instance Type: B1s
- Configure Instance: Use your organization approved instance configuration.
- Storage: 30 GB General Purpose SSD (select your organization approved encryption settings)
- Add Tag:
- Purpose = For Accurics On Prem Deployment
- Name = AccuricsOnPremVM
- Security Groups: Use your organization approved security group, but should:
- Egress: to the internet for downloading scripts and dependencies
- Ingress: on SSH.
- The following resources are required in your Azure region to install and run Accurics:
- Azure Resource Group x 1
- Route Table x 2
- Static Public IP x 2
- Azure Application Gateway x 1
- Azure Virtual Network x 1
- VPN Gateway x 2
- Subnet x 3
- Azure Postgresql Database x 2
- Azure Key Vault x 1
- Azure Container Group x 2
- Create a subdomain to be used for accessing the Accurics Console.
For example, accurics.customerdomain.com
You’ll need a certificate to use for the subdomain.
- Deployment Script to install the prerequisite software and install Accurics (get it from Accurics in the deployment zip).
- The ARM Client ID used for deployment should have contributor role for the subscription.
- Optional: GitHub OAuth Consumer “client_id” and “secret_id” for repo integration.
- Optional: Accurics requires read-only privileges to connect and scan your code repository. If the auto-remediation feature is used then write permissions are required to enable Accurics to create a branch and a pull request with the auto-remediated code.
Installing Accurics on Azure
Perform the following steps to install the prerequisites and Accurics with the required configuration.
- Create an Azure Account and set your bash / zsh profile.
- Get the deployment zip from Accurics. Copy the script to the VM from where you are installing Accurics.
- Install “zip” for extracting the zip file.
sudo apt install zip -y
- Extract the zip file.
- Install the prerequisites. The prerequisite script installs JQ, Azure CLI, and Terraform.
- Add the tags in the deployment/ terraform.tfvars.json file in the following format:
Contact Accurics to get the correct tags to be used for deployment.
Change any other parameters, as necessary.
Ensure that the environment name that you specify is not used for an existing Storage Account.
- Install Accurics. Run the following commands in order:
$ az login
Review the terraform backend details, then type yes to continue.
$ terraform apply
The script may take around 10 minutes to run completely.
After successful deployment, you’ll get the number of resources deployed.
- Get the admin credentials.
- Upload the Policy Document.
Enabling SSL on the Accurics Console URL
- Create a new SSL certificate or use an existing one.
- Store the certificate password in the vault and note the secret name.
You may need to add your user account temporarily to access policy in the kv-<envname> vault.
Example Password: abcdef5ZXDCJciBIzbf8P3u6kxNSRUG7AEWdo4LsvMQpYgm123
- Copy the pfx file in the <certificate path>.
- Add the following entries in the terraform.tfvars.json
"certificate_secret_name":"<secrete name from #1>"
- Run the following command to re-deploy:
$ terraform apply
Login to the Accurics console
Open your browser, and go to:
You get this URL and the admin credentials in Step 8 under Installing Accurics on Azure.
Removing Accurics from Azure
You can remove the Accurics self-managed cloud deployment from your Azure account.
To remove Accurics you must delete the resource group.