Overview
The Dasera application requires seamless connectivity to scan your data stores. However, as per common security practices, businesses tend to deny proper firewall egress between their internal networks & external applications. Such limitations impact the operational use of Dasera and reduce the full return value of your subscription.
To overcome this, Dasera provides a flexible collection architecture consisting of one or many sidecars you deploy alongside your data stores. These sidecars collect necessary metadata and transfer it to the Dasera application. Within this central management console, you can take action on insights from across all data stores regardless of where they are hosted.
Architecture
Excerpt: Sidecar: Architecture
Dasera provides a flexible collection architecture, consisting of one or many sidecars you deploy alongside the main application. These sidecars connect to data stores to runs scans, uploading the results to the Dasera application.
A single sidecar can scan multiple data stores in its installation environment. Typically, you will deploy one sidecar per individual environment (e.g. VNet, VPC, etc.), however you may choose to install multiple sidecars for additional scalability and redundancy. The Dasera application automatically load balances scans across healthy sidecars in each sidecar pool.
For more information on Azure Container Instances, please visit the Microsoft Azure knowledge base.
Register Sidecar Pool
Excerpt: Sidecar: Registration
Log into the Dasera application. Navigate to the Platform Settings > Sidecar m
To setup the relationship between your sidecars and Dasera-hosted tenant, you will provide the sidecars with a unique authentication token generated within our Sidecar Administration UI.
If you already have an existing sidecar pool token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.
- Log into the Dasera application.
- Navigate to the Platform Settings > Sidecar menu to display the Sidecar Administration screen.
- Click the Add Sidecar Pool button.
- The Add Sidecar Pool modal is displayed.
- On the Details tab, complete the following field:
Field | Value |
---|---|
Name | Any friendly value to describe the sidecar pool. |
- Click the Generate Credentials button.
- The Token tab is displayed in the Add Sidecar Pool modal.
- Click the copy icon next to the Sidecar Token field to save the generated token to your clipboard.
Excerpt: Callout: Token Copy
Be sure to copy your new token before you continue, as you will not be able to se
Be sure to copy your new token before you continue, as you will not be able to see it again.
- Click the I’VE COPIED IT button to exit the modal.
Since you haven't yet associated this token with a sidecar, the Version and Status columns will be empty for now.
The above generated token will be used for each individual sidecar within the sidecar pool.
Deploy from Dasera Custom Template
- Download Dasera's custom sidecar template JSON file to your local device:
https://dasera-release.s3.us-west-2.amazonaws.com/DaseraSidecarACI-ARM.json
- For the account where you will configure the custom template, log into the Azure console.
- Using the search box, navigate to Deploy a Custom Template.
- Click on Build your own template in the editor.
- Click on the Load file button, then select Dasera's custom sidecar template JSON file:
- The template JSON file's content will now be displayed. Click the Save button at the bottom of the page.
- Under Project details, enter the following values:
Field | Value |
---|---|
Subscription | Pre-populated |
Resource Group | Any value |
- Under Instance details, enter the following values:
Field | Value |
---|---|
Region | Pre-populated based on Resource Group selected above |
Container Group Name | Any unique value. Recommendation is to use “DaseraSidecar” |
Sidecar Pool Token | An existing sidecar token, or a new one generated in the Register Sidecar Pool section above. |
Dasera Host Name | Your tenant URL minus the protocol. For example, if your tenant is accessed using https://example.dasera.io, your value will be example.dasera.io . |
Vnet Name | View your Azure virtual networks within the selected resource group. The Vnet name appears on the left column titled Name, ie. example-virtual-network in the example below. |
Subnet Name |
Usually Subnet Delegation field must be enabled with a delegation to container groups, as pictured below. |
- Click the Review + create button.
- You'll see a validation screen with the information you just inputted.
- Click the Create button.
- You'll see your deployment in progress. This may take several minutes to complete.
- Once complete, you can expand the Deployment details section, then click the Resource name hyperlink to see details of the sidecar container instances.
- In the left-hand menu, navigate to Settings > Containers to view details about the container group:
- One container for the Dasera sidecar
- One container for the classification engine
- Click the Logs tab to view more detail on how sidecars are authenticating, running, and scanning your data stores:
Validate Sidecar Connection
Excerpt: Sidecar: Validate Sidecar Connection
Once a sidecar instance is running, you can now validate it is properly-com
When deploying sidecar, you'll need to ensure that the sidecar has the ability to reach two URLs on port 443:
https://[tenant-name].dasera.io
https://[tenant-name]-sidecar.dasera.io
Your tenant name reflects how you access your Dasera instance. For example, if Dasera is accessed using https://example.dasera.io, your tenant URL will be example.dasera.io.
Take the following steps to verify the connectivity from the sidecar.
- SSH to the sidecar
- Run the command [curl] to [api/pulse] for both URLs, as shown below
curl https://[tenant-name].dasera.io/api/pulse
curl https://[tenant-name]-sidecar.dasera.io/api/pulse
- A successful response will resemble the following
{"version":"6.3.0.311","build_target":"prod","deployment_type":"saas"}%
Once a sidecar is running, you can now validate it is properly communicating with your Dasera application.
- Log into the Dasera application.
- Navigate to the Platform Settings > Sidecar screen.
- For the sidecar(s) in question, validate that Version column is populated and its matching Status indicator is green.
It may take a few minutes for newly-running sidecars to communicate with the Dasera application. If both values have not updated after 20 minutes, double-check that you configured your sidecars correctly and update the pool token, if necessary.
Next Steps
Excerpt: Next Steps: Connecting Data Stores
Connect your discovered Data Stores. For more information, visit our Connecting A
Connect your discovered Data Stores. For more information, visit our Connecting AWS Data Stores category and select the articles applicable to the Data Store Types you wish to connect.