2.3 Installing the Universal Policy Administrator Cloud Gateway in Microsoft Azure

The Universal Policy Administrator Cloud Gateway is used to bridge non Windows virtual machines (VMs) in the cloud with the Universal Policy Administrator on premises Gateway and push universal policies created on the Cloud Gateway to cloud non Windows VMs.

To set up the Universal Policy Administrator Cloud Gateway:

  1. Create a Resource Group.

    For more information, see Create Resource Groups on Azure.

  2. Create an Azure SQL Database.

    For more information, see Create a SQL Database on Azure.

  3. Prepare the Azure Environment:

    1. Click from the blade to open the Azure Cloud Shell.

    2. Execute the following commands in the Azure Cloud Shell to create a deployment directory in the Azure Shell Cloud Drive with your deployment name:

                      PS /home/your-account-name> cd clouddrive

                PS /home/your-account-name/clouddrive> mkdir your-deployment-name

                PS /home/your-account-name/clouddrive> cd your-deployment-name

                PS /home/your-account-name/clouddrive/ your-deployment-name>

  4. Deploy the Cloud Gateway:

    1. Execute the following command from the directory created in the Azure Cloud Shell, to copy Cloud Gateway into the Azure Cloud Drive:

                      Invoke-WebRequest -Uri https:// Your Registry Name/yaml/gatekeeper.yaml -OutFile gatekeeper.yaml

    2. Edit the gatekeeper.yaml file with the Azure Cloud Shell editor to update the fields listed in the following table:

      Field Name

      Existing Field Name

      Updated Name

      Deployment Name

      mydeployment-gatekeeper

      deployment-name-gatekeeper

      Database Connection String

      'configure-me'

      Azure SQL database connection string and database password

      SSL Certificate Value

      'mydeployment.com'

      Wildcard SSL certificate used in the deployment

      Registry Credentials

      usename: someuser

      password: password

      Registry username and password assigned.

      Deployment DNS Name

      mydeployment-gatekeeper

      deployment-name-gatekeeper

    3. Execute the following command in the Azure Cloud Shell from the same directory.

                      az container create -g myResourceGroup --file gatekeeper.yaml

      Replace myResourceGroup with the name of the resource group in use.

    NOTE:It takes several minutes to create the Cloud Gateway container in the Resource Group and for it to begin to run.

  5. Deploy the Traversal Server:

    1. Execute the following command in the Azure Cloud Shell from the directory created in the previous step, to copy the traversal.yaml file into the Azure Cloud Drive.

                      Invoke-WebRequest -Uri https:// Your Registry Name /yaml/traversal.yaml -OutFile traversal.yaml

    2. Edit the traversal.yaml file with the Azure Cloud Shell editor to update the fields listed in the following table:

      Field Name

      Existing Field Name

      Updated Name

      Deployment Name

      mydeployment-traversal

      deployment-name-traversal

      Database Connection String

      'configure-me'

      Azure SQL database connection string and database password

      Registry Credentials

      usename: someuser

      password: password

      Registry username and password assigned.

      Deployment DNS Name

      mydeployment-traversal

      deployment-name-traversal

    3. Execute the following command in the Azure Cloud Shell from the same directory.

                      az container create -g myResourceGroup --file traversal.yaml

      Replace myResourceGroup with the name of the resource group in use.

    NOTE:It takes several minutes to create the Traversal Server container in the Resource Group and for it to begin to run.

  6. Create a Storage Account and File Share within.

    For more information, see Create a Storage Account in Azure and Create a File Share in Azure.

  7. Deploy the Front-end:

    1. Execute the command shown in the snippet below, in the Azure Cloud Shell from the directory created in the previous steps, to copy the nginx.yaml file into the Azure Cloud Drive.

    2. Edit the nginx.yaml file with the Azure Cloud Shell editor to update the fields indicated below:

      Field Name

      Existing Field Name

      Updated Name

      Deployment Name

      mydeployment-nginx

      deployment-name-nginx

      Traversal URL Value

      ‘https://mydeployment-traversal.eastus.azurecontainer.io’

      Must be the FQDN of the Traversal Server container created in previous steps

      Gatekeeper URL Value

      ‘https://mydeployment-gatekeeperl.eastus.azurecontainer.io’

      Must be the FQDN of the Cloud Gateway Server container created in previous steps

      PFX file Password Value

      ‘somepassword321’

      Must be the password of your certificate.pfx file uploaded to your storage account

      Registry Credentials

      usename: someuser

      password: password

      Registry username and password assigned.

      Deployment DNS Name

      mydeployment-nginx

      -deployment-name-nginx

      Storage Account and File Share information

      myShare

      someuser

      somekey

      Your share name created in previous steps

      Your Storage Account name created in previous steps

      Your Storage Account Access Key created with the Storage Account

    3. Execute the following command in the Azure Cloud Shell from the same directory.

                      az container create -g myResourceGroup --file nginx.yaml

      Replace myResourceGroup with the name of the resource group in use.

    NOTE:It takes several minutes to create the NGINX Server container in the Resource Group and for it to begin to run.