Deploying on Microsoft Azure

Azure Marketplace provides an deployment-ready Linux image with pre-installed filter node software.

To deploy a filter node on Microsoft Azure cloud, do the following steps:

  1. Create an SSH key pair.
  2. Log in to Microsoft Azure portal.
  3. Create and run a virtual machine with a filter node software.
  4. Connect to the virtual machine via SSH protocol.
  5. Connect the filter node to the Wallarm cloud.
  6. Set up the proxying and filtering rules for the filter node.
  7. Tune the memory allocation policy for the filter node.

1. Create an SSH key pair

During the deployment process you will connect to a virtual machine using the SSH protocol.

The Azure cloud defines two means of getting authenticated while using the SSH protocol: either by login and password or by SSH key pair. Authentication with SSH key pair is considered to be more secure compared to login and password authentication method. Azure uses SSH key pair for authentication by default.

Create an SSH RSA key pair. For example, you could use ssh-keygen or PuTTYgen tools.

SSH keys generating with PuTTYgen

See How to use SSH keys with Windows on Azure for more information.

2. Log in to Microsoft Azure portal

Log in to the Azure portal.

3. Create and run a virtual machine with a filter node software

To create a virtual machine with a filter node software, do the following:

  1. In the upper left corner of the Azure portal homepage select Create a resource.

  2. Search for “wallarm” in the search bar.

    Resource search

  3. Select “Wallarm - Next-Gen Web Application Firewall”.

    The Wallarm product description page will open.

    Wallarm product description

    Alternatively, you could reach the same page using Azure Marketplace. To do that, go to the link and select Get it now.

    Wallarm on Azure Marketplace

  4. Select Create to open a “Create a virtual machine” wizard.

  5. In the “Basics” tab select the correct subscription (from your Azure account), set the name and the size of a virtual machine.

    Virtual machine wizard: basics

  6. Choose an authentication method to be used with the VM.

    If you choose SSH key pair as an authentication method, provide a user name and the public SSH key you have created earlier.

    Virtual machine wizard: authentication

  7. Set up other necessary virtual machine parameters.

  8. Select Review + Create. Make sure everything is set up correctly.

    Virtual machine wizard: review

  9. Select Create to start the virtual machine deployment.

  10. After the completion of deployment, select Go to resource.

    Virtual machine deployment process

See Quickstart: Create a Linux virtual machine in the Azure portal for more information.

4. Connect to the virtual machine via SSH protocol

Select Connect on the virtual machine overview screen to view the IP address and SSH port values. If necessary, change them to appropriate values.

Setting up connection parameters

Connect to the virtual machine via SSH protocol using the private SSH key you have created earlier.

See How to use SSH keys with Windows on Azure for more information.

5. Connect the filter node to the Wallarm cloud

The filter node interacts with the Wallarm cloud. You should connect the node to the cloud by doing the following:

  1. Make sure that your Wallarm account have the Administrator role enabled and two-factor authentication disabled, therefore allowing you to connect a filter node to the cloud.

    You could check the aforementioned parameters by navigating to the user account list in the Wallarm console.

    User list in Wallarm console

  2. On the virtual machine run the addnode script:

EU Cloud
US Cloud
sudo /usr/share/wallarm-common/addnode
sudo /usr/share/wallarm-common/addnode -H us1.api.wallarm.com

  1. Provide your Wallarm account’s login and password when prompted.

API Access

To interact with the Wallarm cloud, the virtual machine with the filter node software should be able to access https://api.wallarm.com:444 for the EU Cloud and https://us1.api.wallarm.com:444 for the US Cloud.

If there are any issues, check your firewall rules.

6. Set up the proxying and filtering rules for the filter node

All the steps should be performed on the virtual machine with the filter node software.

Set up the “monitoring” filtering mode on the filter node by doing the following:

  1. Open the configuration file /etc/nginx-wallarm/conf.d/wallarm.conf:

    $ sudo nano /etc/nginx-wallarm/conf.d/wallarm.conf
    
  2. Add the wallarm_mode monitoring; line to the file.

  3. Make sure that there are no others lines containing the wallarm_mode parameter. The lines could be commented out with # as well.

  4. Save your changes and exit from the editor.

An example of the configuration file with commented lines omitted:

#
# Wallarm module specific parameters
#

wallarm_mode monitoring;

Set up the proxying rules as described here.

7. Tune the memory allocation policy for the filter node

The filter node uses Tarantool to store data in memory. By default the amount of RAM allocated to the Tarantool is set to 75% of the total virtual machine memory.

You could change this value, if needed. To do so, perform the following steps:

  1. Open the configuration file /etc/default/wallarm-tarantool:

    $ sudo nano /etc/default/wallarm-tarantool
    
  2. Set the amount of allocated RAM in GB with SLAB_ALLOC_ARENA parameter.

    For example, if it is necessary to provide 24 GB of memory to the Tarantool, the parameter should be set like:

    SLAB_ALLOC_ARENA=24
    
  3. Save your changes and exit from the editor.

  4. Restart the Tarantool daemon:

    $ sudo systemctl restart wallarm-tarantool
    

The deployment is completed

You have completed the deployment process successfully.

Check if the filter node is operating normally and proxying the traffic through itself.

See Checking the filter node operation for more information.

results matching ""

    No results matching ""