(408) 800-2536 support@dasera.com

Welcome to Dasera's Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Deploying Dasera sidecars via Azure

    Table of Contents

    Overview Architecture Register Sidecar Pool Deploy from Dasera Custom Template Validate Sidecar Connection Next Steps

    Overview

    The Dasera application requires seamless connectivity to scan your data stores. However, as per common security practices, businesses tend to deny proper firewall egress between their internal networks & external applications. Such limitations impact the operational use of Dasera and reduce the full return value of your subscription.

    To overcome this, Dasera provides a flexible collection architecture consisting of one or many sidecars you deploy alongside your data stores. These sidecars collect necessary metadata and transfer it to the Dasera application. Within this central management console, you can take action on insights from across all data stores regardless of where they are hosted.

    Architecture

    Excerpt: Sidecar: Architecture

    Dasera provides a flexible collection architecture, consisting of one or many sidecars you deploy alongside the main application. These sidecars connect to data stores to runs scans, uploading the results to the Dasera application.

    A single sidecar can scan multiple data stores in its installation environment. Typically, you will deploy one sidecar per individual environment (e.g. VNet, VPC, etc.), however you may choose to install multiple sidecars for additional scalability and redundancy. The Dasera application automatically load balances scans across healthy sidecars in each sidecar pool. 

    For more information on Azure Container Instances, please visit the Microsoft Azure knowledge base

    Register Sidecar Pool

    Excerpt: Sidecar: Registration

    Log into the Dasera application. Navigate to the Platform Settings > Sidecar m

    To setup the relationship between your sidecars and Dasera-hosted tenant, you will provide the sidecars with a unique authentication token generated within our Sidecar Administration UI.

    If you already have an existing sidecar pool token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.

    1. Log into the Dasera application.
    2. Navigate to the Platform Settings > Sidecar menu to display the Sidecar Administration screen.
    3. Click the Add Sidecar Pool button.
    4. The Add Sidecar Pool modal is displayed.
    5. On the Details tab, complete the following field:
    Field Value
    Name Any friendly value to describe the sidecar pool.
    1. Click the Generate Credentials button.
    2. The Token tab is displayed in the Add Sidecar Pool modal.
    3. Click the copy icon next to the Sidecar Token field to save the generated token to your clipboard. 

    Excerpt: Callout: Token Copy

    Be sure to copy your new token before you continue, as you will not be able to se

    Be sure to copy your new token before you continue, as you will not be able to see it again.

     
    1. Click the I’VE COPIED IT button to exit the modal.

    Since you haven't yet associated this token with a sidecar, the Version and Status columns will be empty for now.

    The above generated token will be used for each individual sidecar within the sidecar pool.

    Deploy from Dasera Custom Template

    1. Download Dasera's custom sidecar template JSON file to your local device: https://dasera-release.s3.us-west-2.amazonaws.com/DaseraSidecarACI-ARM.json
    2. For the account where you will configure the custom template, log into the Azure console.
    3. Using the search box, navigate to Deploy a Custom Template.
    1. Click on Build your own template in the editor.
    1. Click on the Load file button, then select Dasera's custom sidecar template JSON file:
    1. The template JSON file's content will now be displayed. Click the Save button at the bottom of the page.
    1. Under Project details, enter the following values:
    Field Value
    Subscription Pre-populated
    Resource Group Any value
    1. Under Instance details, enter the following values:
    Field Value
    Region Pre-populated based on Resource Group selected above
    Container Group Name Any unique value. Recommendation is to use “DaseraSidecar”
    Sidecar Pool Token An existing sidecar token, or a new one generated in the Register Sidecar Pool section above.
    Dasera Host Name Your tenant URL minus the protocol.        

    For example, if your tenant is accessed using https://example.dasera.io, your value will be example.dasera.io.
    Vnet Name View your Azure virtual networks within the selected resource group. The Vnet name appears on the left column titled Name, ie. example-virtual-network in the example below. 
    Subnet Name

    Usually default. If there are multiple virtual networks/subnets, make sure you are inputting relevant names.

    Subnet Delegation field must be enabled with a delegation to container groups, as pictured below.
    1. Click the Review + create button.
    2. You'll see a validation screen with the information you just inputted.
    3. Click the Create button.
    4. You'll see your deployment in progress. This may take several minutes to complete.
    5. Once complete, you can expand the Deployment details section, then click the Resource name hyperlink to see details of the sidecar container instances. 
    1. In the left-hand menu, navigate to Settings > Containers to view details about the container group:
      1. One container for the Dasera sidecar
      2. One container for the classification engine
    1. Click the Logs tab to view more detail on how sidecars are authenticating, running, and scanning your data stores:

    Validate Sidecar Connection

    Excerpt: Sidecar: Validate Sidecar Connection

    Once a sidecar instance is running, you can now validate it is properly-com

    When deploying sidecar, you'll need to ensure that the sidecar has the ability to reach two URLs on port 443: 

    https://[tenant-name].dasera.io
     https://[tenant-name]-sidecar.dasera.io

    Your tenant name reflects how you access your Dasera instance. For example, if Dasera is accessed using https://example.dasera.io, your tenant URL will be example.dasera.io.

     

    Take the following steps to verify the connectivity from the sidecar.

    1. SSH to the sidecar
    2. Run the command [curl] to [api/pulse] for both URLs, as shown below
    curl https://[tenant-name].dasera.io/api/pulse
    curl https://[tenant-name]-sidecar.dasera.io/api/pulse
    1. A successful response will resemble the following
    {"version":"6.3.0.311","build_target":"prod","deployment_type":"saas"}%

     

    Once a sidecar is running, you can now validate it is properly communicating with your Dasera application. 

    1. Log into the Dasera application.
    2. Navigate to the Platform Settings > Sidecar screen.
    3. For the sidecar(s) in question, validate that Version column is populated and its matching Status indicator is green. 

    It may take a few minutes for newly-running sidecars to communicate with the Dasera application. If both values have not updated after 20 minutes, double-check that you configured your sidecars correctly and update the pool token, if necessary.

    Next Steps

    Excerpt: Next Steps: Connecting Data Stores

    Connect your discovered Data Stores. For more information, visit our Connecting A

    Connect your discovered Data Stores. For more information, visit our Connecting AWS Data Stores category and select the articles applicable to the Data Store Types you wish to connect.

     

    Was this article helpful?

    Recently Updated

    Still can't find what you are looking for?

    Contact Support