Overview
The Dasera application requires seamless connectivity to scan your data stores. However, as per common security practices, businesses tend to deny proper firewall egress between their internal networks and external applications. Such limitations impact the operational use of Dasera and reduce the full return value of your subscription.
To overcome this, Dasera provides a flexible collection architecture consisting of one or many sidecars you can deploy alongside your data stores. These sidecars collect necessary metadata and transfer it to the Dasera application. Within this central management console, you can take action on insights from across all data stores regardless of where they are hosted.
Prerequisites
You will need a Dasera-hosted tenant to receive the sidecar-collected metadata. Ensure you can log in to your tenant before proceeding.
Validate the latest version of the required toolsets by running the following commands at your terminal prompt:
terraform --version (Ver 1.3.2 or higher)
gcloud --version (Ver 435.0.1 or equivalent)
Architecture
Excerpt: Sidecar: Architecture
Dasera provides a flexible collection architecture, consisting of one or many sidecars you deploy alongside the main application. These sidecars connect to data stores to runs scans, uploading the results to the Dasera application.
A single sidecar can scan multiple data stores in its installation environment. Typically, you will deploy one sidecar per individual environment (e.g. VNet, VPC, etc.), however you may choose to install multiple sidecars for additional scalability and redundancy. The Dasera application automatically load balances scans across healthy sidecars in each sidecar pool.
Register Sidecar
To set up the relationship between your sidecars and Dasera-hosted tenant, you will provide the sidecars with unique authentication tokens generated within our Sidecar Administration UI.
If you already have an existing sidecar token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.
Excerpt: Sidecar: Registration
Log into the Dasera application. Navigate to the Platform Settings > Sidecar m
To setup the relationship between your sidecars and Dasera-hosted tenant, you will provide the sidecars with a unique authentication token generated within our Sidecar Administration UI.
If you already have an existing sidecar pool token to use, you can skip this section. Otherwise, follow these instructions to acquire a new token.
- Log into the Dasera application.
- Navigate to the Platform Settings > Sidecar menu to display the Sidecar Administration screen.
- Click the Add Sidecar Pool button.
- The Add Sidecar Pool modal is displayed.
- On the Details tab, complete the following field:
| Field | Value |
|---|---|
| Name | Any friendly value to describe the sidecar pool. |
- Click the Generate Credentials button.
- The Token tab is displayed in the Add Sidecar Pool modal.
- Click the copy icon next to the Sidecar Token field to save the generated token to your clipboard.
Excerpt: Callout: Token Copy
Be sure to copy your new token before you continue, as you will not be able to se
Be sure to copy your new token before you continue, as you will not be able to see it again.
- Click the I’VE COPIED IT button to exit the modal.
Since you haven't yet associated this token with a sidecar, the Version and Status columns will be empty for now.
The above generated token will be used for each individual sidecar within the sidecar pool.
Setting up Google Cloud credentials
This step will allow Terraform to create resources on your behalf in your Google Cloud account with the gcloud CLI.
You can skip to the next section if you're already provisioned Google Cloud credentials for Terraform, for example using a service account.
More information about Terraform authentication is available on the Terraform Registry page for the Google Cloud provider.
At the terminal prompt or command shell type gcloud auth application-default login and complete the authentication from your browser.
You can confirm this step was successful by running the following command:
gcloud auth listYou should see your GCP user account listed in the command's output.
Download the Dasera Terraform package
Copy the following URL in your browser window to download the requisite Terraform scripts
https://dasera-release.s3.us-west-2.amazonaws.com/sidecar-gcp-terraform.zipExtract the Dasera Terraform scripts in your local system folder, which will create a folder named deploy.
Running the Terraform Script
Navigate to the deploy folder created from the extraction above.
From that directory, run the following command to initiate your Terraform environment.
terraform initIf your initialization is successful, you will see a message like “Terraform has been successfully initialized!”
To validate that you have all the pre-requisites configuration details available for the installation, run the following command
terraform planWhen prompted, enter the following variables:
| Variable | Details |
|---|---|
| dasera_host |
Your tenant URL minus the protocol. For example, if your tenant is accessed using https://example.dasera.io, your value will be example.dasera.io. |
| sidecar_pool_token | An existing sidecar pool token, or a new one generated in the Register Sidecar section above. |
| project | The Google Cloud project in which you want to launch the container |
| region | The Google Cloud region in which you want to launch the container (e.g. us-west1) |
If any of these details are not available with you or you receive an error please revisit the Prerequisites section at the start of the document before continuing further.
To initiate the Terraform installation, run the following command from the deploy folder.
terraform applyThe script will begin and perform the following actions:
- Prompt you to input - Provide the same set of 2 configuration details in sequence, as listed in the table above.
- Check for errors - In the event an error occurs, follow the on-screen instructions for correcting & resuming.
- Outputs a resource modification list. To learn more about the resources created by the script, please expand the section below.
- Prompt you to confirm before executing. To confirm, you must type yes.
When the script completes successfully, and the GCP resources are provisioned correctly, the output will be similar to the following example.
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
...Validate Sidecar Connection
Once a sidecar is running, you can now validate it is properly communicating with your Dasera application.
- Log into the Dasera application.
- Navigate to the Platform Settings > Sidecar screen.
- For the sidecar(s) in question, validate that the Version column is populated and its matching Status indicator is green.
It may take a few minutes for newly-running sidecars to communicate with the Dasera application. If both values have not updated after 20 minutes, double-check that you configured your sidecars correctly and update the pool token, if necessary.
Upgrading Sidecars
You may need to occasionally upgrade your sidecars so they remain compatible with your Dasera application.
To upgrade your sidecar deployment, simply destroy the previous instance by running the following command from the deploy folder.
terraform destroyAfter the container is destroyed, repeat the steps in the “Running the Terraform Script” section above.
Next Steps
Excerpt: Next Steps: Connecting Data Stores
Connect your discovered Data Stores. For more information, visit our Connecting A
Connect your discovered Data Stores. For more information, visit our Connecting AWS Data Stores category and select the articles applicable to the Data Store Types you wish to connect.