CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide

Similar documents
CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide

CloudLink SecureVM 3.3. Release Notes

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

CloudLink Amazon Web Services Deployment Guide

Data Encryption for VMware vcloud Hybrid Service

CloudLink User Guide. Release 1.7 for CA AppLogic GA. April Version 1.0

HySecure Quick Start Guide. HySecure 5.0

Veeam Cloud Connect. Version 8.0. Administrator Guide

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

ScaleArc Azure Deployment Guide

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Wavecrest Certificate SHA-512

VMware Identity Manager Administration

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

USER GUIDE. CTERA Agent for Windows. June 2016 Version 5.5

Installation on Windows Server 2008

E June Oracle Linux Storage Appliance Deployment and User's Guide

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM. Using VMware vcloud Connector


Best Practices for Configuring the Dell Compellent SMI-S Provider for Microsoft SCVMM 2012

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Ansible Tower Quick Setup Guide

vrealize Production Test Upgrade Assessment Guide


Installation Guide for Pulse on Windows Server 2012

Upgrading an ObserveIT One-Click Installation

XLmanage Version 2.4. Installation Guide. ClearCube Technology, Inc.

Veritas CloudPoint 1.0 Administrator's Guide

Installing and Configuring vcloud Connector

Dell EMC Extensions for VMware vrealize Automation

Best Practices for Migrating Servers to Microsoft Azure with PlateSpin Migrate

SUREedge MIGRATOR INSTALLATION GUIDE FOR VMWARE

Migrating vrealize Automation 6.2 to 7.2

Veritas Desktop and Laptop Option 9.2

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Performing an ObserveIT Upgrade Using the Interactive Installer

KeyNexus Hyper-V Deployment Guide

Installation Guide Worksoft Analyze

TrafficShield Installation and Configuration Manual. version 3.2 MAN

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Avalanche Remote Control User Guide. Version 4.1

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

vcenter CapacityIQ Installation Guide

Parallels Virtuozzo Containers 4.6 for Windows

Symantec Ghost Solution Suite Web Console - Getting Started Guide

Storage Manager 2018 R1. Installation Guide

CA Agile Central Installation Guide On-Premises release

Quest VROOM Quick Setup Guide for Quest Rapid Recovery for Windows and Quest Foglight vapp Installers

Hands-On Lab. Windows Azure Virtual Machine Roles. Lab version: Last updated: 12/14/2010. Page 1

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Centrify Infrastructure Services

Plug-in Guide Advanced Authentication- ADFS Multi- Factor Authentication Plug-in. Version 6.1

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Microsoft Windows Servers 2012 & 2016 Families

Installation Guide. McAfee Web Gateway. for Riverbed Services Platform

vcenter CapacityIQ Installation Guide

CA Agile Central Administrator Guide. CA Agile Central On-Premises

SECURE Gateway with Microsoft Azure Installation Guide. Version Document Revision 1.0

Using the vrealize Orchestrator Chef Plug-In 1.0

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Evaluation Guide Host Access Management and Security Server 12.4

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0


Installing and Configuring vcloud Connector

Infor LN HTML5 Workbench Administration Guide

VMware vfabric AppInsight Installation Guide

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide


INSTALLATION GUIDE Spring 2017

How to Deploy the Barracuda Security Gateway in the New Microsoft Azure Management Portal

Centrify Infrastructure Services

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

Authentication Services ActiveRoles Integration Pack 2.1.x. Administration Guide

Version Installation Guide. 1 Bocada Installation Guide

StarWind Virtual SAN Virtual Tape Library on Amazon Web Services with Microsoft System Center Data Protection Manager 2016

VMware Notification Service v2.0 Installation and Configuration Guide Configure ENS2 for cloud and on-premises deployments

DEPLOYING VMWARE TOOLS USING SCCM USER GUIDE TECHNICAL WHITE PAPER - DECEMBER 2017

Evaluation Quick Start Guide Version 10.0 FR1

SUSE Enterprise Storage Deployment Guide for Veritas NetBackup Using S3

SUREedge MIGRATOR INSTALLATION GUIDE FOR HYPERV


vcloud Director Administrator's Guide

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Azure Marketplace. Getting Started Tutorial. Community Edition

Bomgar Vault Server Installation Guide

SUREedge MIGRATOR INSTALLATION GUIDE FOR NUTANIX ACROPOLIS

Quest VROOM Quick Setup Guide for Quest Rapid Recovery and Foglight Windows Installers

Cloud Link Configuration Guide. March 2014

EDB Postgres Enterprise Manager EDB Ark Management Features Guide

Securing Containers Using a PNSC and a Cisco VSG

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Transcription:

CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide October 2014

THIS DOCUMENT CONTAINS CONFIDENTIAL AND TRADE SECRET INFORMATION OF CLOUDLINK TECHNOLOGIES AND RECEIPT OR POSSESSION DOES NOT CONVEY ANY RIGHTS TO REPRODUCE OR DISCLOSE ITS CONTENTS, OR TO MANUFACTURE, USE, OR SELL ANYTHING THAT IT MAY DESCRIBE, REPRODUCE, DISCLOSURE, OR USE IN WHOLE OR IN PART WITHOUT THE SPECIFIC WRITTEN AUTHORIZATION OF CLOUDLINK IS STRICTLY FORBIDDEN. The information furnished herein is believed to be accurate and reliable to the best of our knowledge. However, CloudLink Technologies assumes no responsibility for its use, or for any infringements of patents or other rights of third parties resulting from its use. CloudLink Technologies reserves the right to, without notice, modify all or part of this document and/or change product features or specifications and shall not be responsible for any loss, cost, or damage, including consequential damage, caused by reliance on these materials. If you are in any doubt as to whether this is the correct version of the manual for a particular release, contact CloudLink Technologies. Trademarks CloudLink is a registered trademark of CloudLink Technologies. All other brands or product names mentioned herein are for identification purposed only and may be trademarks and/or registered trademarks of their respective companies. Copyright 2014 All Rights Reserved. Document version 1.00 CloudLink Technologies 2680 Queensview Drive, Suite 150 Ottawa, Ontario, K2B 8J9, Canada Tel: +1 (613) 224-5995 Fax: +1 (613) 224-5410 Support Inquiries (866) 356-4060 support@cloudlinktech.com General Inquiries info@cloudlinktech.com Sales Inquiries sales@cloudlinktech.com

Contents Chapter 1: Introduction... 5 Audience and Purpose... 6 Document Conventions... 6 Chapter 2: Deployment Considerations... 7 Components of CloudLink SecureVM... 7 Keystore Options... 7 About Volume Encryption Policies... 8 Types of Volume Encryption Policies for Windows VM Instances... 8 Automatic Re-encryption of Previously Encrypted Windows Disks... 8 Deployment Scenario... 9 Deployment Workflow... 9 System Requirements... 10 Platform Support... 10 Prerequisites... 10 TCP Ports... 10 Linux Partitioning... 10 Chapter 3: Deploy and Configure CloudLink Center in the Cloud Service... 11 Deploy CloudLink Center... 11 Access CloudLink Center... 12 Change the secadmin Password... 12 Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances... 14 Deploy SecureVM Agent Using the Standard Installation... 14 Download the SecureVM Agent Installer for Windows... 14 Install SecureVM Agent on a Windows VM Instance... 15 Deploy SecureVM Agent Using the Custom Installation... 16 Verify Successful Deployment on Windows VM Instances... 18 CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 3

Chapter 5: Deploy and Configure CloudLink SecureVM Agent for Linux VM Instances... 19 Deploy SecureVM Agent Using the Standard Installation... 19 Download the SecureVM Agent Installer for Linux... 19 Install SecureVM Agent on a Linux VM Instance... 20 Deploy SecureVM Agent Using a Custom Installation... 20 Downloading the SecureVM Agent Deployment Package... 20 Installing the SecureVM Agent Deployment Package... 21 Verify Successful Deployment on Linux VMs... 21 Chapter 6: Use the CloudLink Center Update Menu... 23 Page 4 Contents

Chapter 1: Introduction Cloud computing offers significant benefits for deployment flexibility, infrastructure scalability, and cost-effective use of IT resources. It makes sense to take advantage of these benefits and deploy enterprise workloads in the cloud. However, cloud computing is based on a shared, multi-tenant compute, network and storage architecture where traditional security controls are not sufficient and data owners are responsible for securing sensitive data residing in the cloud to address privacy, regulatory compliance, and data remanence (data that may remain in the cloud after you re no longer using it) requirements. CloudLink SecureVM secures sensitive information within virtual machines (VMs) across both public and private clouds. This solution provides boot partition (sometimes referred to as the boot volume in Windows environments) and additional disks (Windows) or mount point (Linux) encryption with pre-startup authorization for VM instances hosted in the cloud by using native operating system encryption features: Microsoft BitLocker for Windows and ecryptfs for Linux. BitLocker and ecryptfs are proven and high performance encryption solutions widely implemented for physical machines. However, customers have not been able to use these solutions in the cloud because their native authentication mechanisms are not supported in virtual environments. SecureVM is designed to solve this problem. SecureVM enables BitLocker and ecryptfs to be used in a multi-tenant cloud environment to encrypt the VM instance boot partition and additional disks or mount points, and protect the integrity of the instance itself against unauthorized modifications. SecureVM encrypts the VM instances boot partition, and disks or mount points, with unique keys that are under the control of enterprise security administrator. No cloud administrators or other tenants on the cloud have the capability to access the keys. Securing the instance also lets you define the security policy that must be adhered to in order for passing the pre-startup authentication to start an instance, including verification of the integrity of the instance. This offers protection against malicious tampering. SecureVM ensures that only trusted and verified instances have the ability to run and access sensitive data residing in the cloud. As part of the SecureVM solution, CloudLink Center defines the pre-startup authentication policy, performs pre-startup authentication, and monitors all SecureVM Agents, events and logs. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 5

Audience and Purpose This guide is intended for system administrators managing CloudLink deployments in a Microsoft Azure environment. This guide assumes the administrator is experienced with image deployments in Microsoft Azure and IP networking. If you are new to Microsoft Azure, visit the Azure documentation webpage for useful getting started guides at http://azure.microsoft.com/en-us/documentation/. The purpose of this guide is to walk you through the deployment and configuration of CloudLink Center instances based on CloudLink SecureVM images available from the Microsoft Azure Gallery. For information on how to manage your SecureVM environment after deployment, see the CloudLink Center Administration Guide for CloudLink SecureVM. Document Conventions This guide uses the following typographical conventions. Convention Black bold Used for Literals and user interface elements. For example: The default user name is secadmin. Select the Administration tab. Italics Values. For example: The secadmin user role... Page 6 Chapter 1: Introduction

Chapter 2: Deployment Considerations This chapter describes the information you should be familiar with before deploying CloudLink SecureVM. Components of CloudLink SecureVM CloudLink SecureVM consists of the following main components: CloudLink Center and CloudLink SecureVM Agent running on individual VM instances. CloudLink Center is the management interface for SecureVM. It s a web application used to manage VM instances that belong to the SecureVM environment (those instances on which SecureVM Agent has been installed). CloudLink Center communicates with the instances over SSL. It manages the encryption keys used to secure the boot partition and additional disks or mount points for the instances, configures the security policies, and monitors the security and operation events and collects logs. CloudLink SecureVM is available from the Azure Gallery in a simple to deploy, self-contained image that enables customers to get up and running quickly. You install a CloudLink SecureVM image from the Azure Gallery and Microsoft will simply add the CloudLink SecureVM costs to your Azure bill as a separately identified charge. Search the Azure Gallery for CloudLink SecureVM for the different packages available depending on the number of VMs you need to encrypt. CloudLink SecureVM Agent is deployed on VM instances to communicate with CloudLink Center for prestartup authentication and decryption of BitLocker or ecryptfs encryption keys. Keystore Options CloudLink Center supports the following keystore options: Local The key is stored inside CloudLink Center. This option is recommended only for trials and testing. Microsoft Active Directory Ensure the Active Directory server is properly backed up to ensure the safety of the key. Amazon S3 Ensure that you have an Amazon Web Services (AWS) account. RSA Data Protection Manager (DPM) See the RSA website for more information about RSA DPM. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 7

You are responsible for your encryption keys and for ensuring that the appropriate access control and backup policies and procedures are in place to protect the keys against loss or theft. For example, if your keys become unavailable, you will not be able to access any data that was encrypted using those keys. About Volume Encryption Policies The volume encryption policy type determines whether the boot partition, additional disks, or both the boot partition and additional disks are automatically encrypted during SecureVM Agent deployment to a Windows VM instance. The volume encryption policy type also determines whether disks added after SecureVM Agent deployment are automatically encrypted when detected by SecureVM Agent. For Linux VM instances, only the boot partition is automatically encrypted during SecureVM Agent deployment to the VM. Types of Volume Encryption Policies for Windows VM Instances SecureVM provides three types of volume encryption policies for Windows VM instances: Boot Only encrypts the boot partition during deployment. No additional disks are encrypted during deployment. Any additional disks added to a Windows VM instance at a later time are not automatically encrypted. You can encrypt them from CloudLink Center. For information, see the CloudLink Center Administration Guide for CloudLink SecureVM. Data Only encrypts all additional, non-boot partition disks that are eligible for encryption. Any additional disks added to the instance at a later time are automatically encrypted. All encrypts the boot partition and all additional disks that are eligible for encryption. Any additional disks added to the instance at a later time are automatically encrypted. After deployment, you can encrypt additional disks or individual mount points from CloudLink Center. For information, see the CloudLink Center Administration Guide for CloudLink SecureVM. Automatic Re-encryption of Previously Encrypted Windows Disks You can deploy SecureVM Agent to Windows VM instances that have disks already encrypted by BitLocker. During deployment, these disks are automatically decrypted and then re-encrypted to bring the disks under CloudLink Center management. Page 8 Chapter 2: Deployment Considerations

Deployment Scenario This guide describes the Azure Gallery CloudLink SecureVM image deployment model of CloudLink Center (SecureVM s web-based management console). SecureVM Agent is deployed to individual instances hosted in Azure and VMs in other supported public cloud environments. Deployment Workflow At a high-level, the following workflow is used to deploy CloudLink SecureVM: 1. Deploy and configure CloudLink Center in the cloud service. CloudLink Center is the management console for CloudLink SecureVM deployments. For information, see Chapter 3: Deploy and Configure CloudLink Center in the Cloud Service. 2. Deploy CloudLink SecureVM Agent to VM instances. For Windows, see Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances. For Linux deployments, see Chapter 5: Deploy and Configure CloudLink SecureVM Agent for Linux VM Instances. Encryption begins automatically after installation of SecureVM Agent. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 9

System Requirements Platform Support We are committed to adding support for additional platforms on an ongoing basis. For information about currently supported platforms for CloudLink Center and SecureVM Agent, see the Release Notes. Prerequisites Before launching a CloudLink SecureVM image from the Azure Gallery, ensure that the following requirements are met: You have a Microsoft Azure account. You can use an existing key pair or create a key pair during the deployment process. You have access to the CloudLink documentation, which is available on the CloudLink page in the Azure Gallery: o o CloudLink SecureVM for Microsoft Azure Deployment Guide (this guide) CloudLink Center Administration Guide for CloudLink SecureVM You have a supported web browser, including Microsoft Internet Explorer 10 or higher, Google Chrome 25 or higher, or Mozilla Firefox 20 or higher. TCP Ports CloudLink SecureVM uses the following network ports: TCP: 8443 for incoming access to CloudLink Center TCP: 1194 for communication between CloudLink Center and CloudLink SecureVM Agent TCP: 8080 for wget download operations of the SecureVM Agent for Linux VMs Linux Partitioning If you are deploying SecureVM into an existing Linux environment, you must install a single partition without using the Logical Volume Manager (LVM) feature. You must install wget if it is not provided by default with your distribution. Page 10 Chapter 2: Deployment Considerations

Chapter 3: Deploy and Configure CloudLink Center in the Cloud Service Deploying and configuring CloudLink Center in the cloud service involves the following tasks: deploy CloudLink Center access CloudLink Center change the default password used to access CloudLink Center After completing deployment of CloudLink Center, you deploy SecureVM Agent to Windows VM instances (see Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances) or Linux VM instances (Chapter 5: Deploy and Configure CloudLink SecureVM Agent for Linux VM Instances). Deploy CloudLink Center From the CloudLink SecureVM Azure Gallery listing, select the CloudLink SecureVM packaging option that best meets the number of VM instances that will require encryption. For more information about creating a VM instance, see: http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-create-custom/ To deploy a CloudLink VM instance: 1. Sign in to the Azure Management Portal. 2. On the command bar at the bottom of the window, click New. 3. Under Compute, click Virtual Machine, and then click From Gallery. 4. Select the CloudLink SecureVM image that best meets your needs for your VM, and click Next. 5. Identify the computer name, size, administrative user name, and SSH certificate, and click Next. CloudLink SecureVM requires a size with at least 2 cores and 3.5 GB of memory. 6. Configure resources for networking, storage, and availability, and click Next. The endpoints must contain port 22 for remote access to the console and port 8443 for access to CloudLink Center. 7. Review the confirmation that the VM Agent is already installed, and click Complete. There is no need to install any extensions. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 11

After the VM is created, the Management Portal lists it under Virtual Machines. Access CloudLink Center With CloudLink Center deployed, you can use a web browser to connect to it from the VM instance on which you plan to install the SecureVM Agent, and log in. You log in using a CloudLink Center using the secadmin account. To connect to and log in to CloudLink Center: 1. In the address bar of a web browser, type the URL for CloudLink Center. The format is: https://clc_ip_address:8443 where clc_ip_address represents the CloudLink Center coordinates. For example: https://192.168.145.60:8443 If you don t know these coordinates, you can find them using the Summary option of the Update menu (see Chapter 6: Use the CloudLink Center Update Menu). 2. From the CloudLink Center home page, type the user name (secadmin) and the default password (clsecadmin) to access CloudLink Center. Change the secadmin Password For security, you should change the default secadmin password. To change the default secadmin password: 1. Log in as a secadmin user using the default password clsecadmin. 2. From the Topology Tree, select CloudLink Center. Page 12 Chapter 3: Deploy and Configure CloudLink Center in the Cloud Service

3. Click the Administration tab. 4. From the Options panel, select User Accounts. 5. In the User name list, right-click the secadmin account and click Change password. 6. In the Change password window, enter the new password and confirm the new password. 7. Click OK. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 13

Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances You deploy CloudLink SecureVM Agent using a standard or custom installation. The standard installation uses an executable (.exe) file that includes the server address of CloudLink Center and the initial volume encryption policy. No manual intervention is required during deployment. The custom installation uses a Windows installer package (.msi) file. Installing using the.msi file is useful if you want to prepare a Windows image for encryption without starting the encryption process, allowing instance clones to be deployed with a single restart. You may also want to use the.msi file if you want to deploy SecureVM Agent to instances before deploying CloudLink Center. Deploy SecureVM Agent Using the Standard Installation Deploying CloudLink SecureVM Agent to Windows VM instances using the standard installation involves the following tasks: 1. Downloading the SecureVM Agent installer (see Download the SecureVM Agent Installer for Windows ). If you are not responsible for completing the installation, provide the installer to the appropriate person. 2. Installing SecureVM Agent (see Install SecureVM Agent on a Windows VM Instance ). Download the SecureVM Agent Installer for Windows The SecureVM Agent installer is available for download from CloudLink Center. To download the SecureVM Agent installer: 1. Log in to CloudLink Center. 2. Select the SecureVM tab. 3. From the Options panel, select Setup. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 14

4. From the Downloads panel, right-click the installer you want to use and click Download. 5. In the Setup Download dialog box, choose the volume encryption policy type (Boot Only, Data Only or All) for instances on which this software will be deployed. Click OK. In this example, only the boot partition will be encrypted for instances on which the software in this download is deployed. 6. Choose Save File. The file is downloaded to your Downloads folder. 7. In the Actions panel, verify that the file has downloaded successfully. Install SecureVM Agent on a Windows VM Instance SecureVM Agent is installed from an executable file downloaded from CloudLink Center. During installation, the instance may be automatically restarted several times. One or more restarts are required to configure BitLocker, create a reserved partition for encryption keys, register the instance with CloudLink Center, and enable BitLocker encryption of the instance s boot partition and additional disks. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 15

To install SecureVM Agent: 1. Go to the folder where the SecureVM Agent executable is located. 2. Double-click the installer that you previously downloaded. During encryption of the disk, you can monitor the progress. Click the CloudLink icon in the Windows taskbar to display the percentage of encryption that s complete. You may need to click the Encryption Status tab. You can also view the VM on the SecureVM tab of CloudLink Center and monitor progress of the encryption. For information, see the CloudLink Center Administration Guide for CloudLink SecureVM. Deploy SecureVM Agent Using the Custom Installation You can deploy SecureVM Agent using a Windows installer package (.msi) file. Using the.msi file is useful if you want to prepare a Windows image for encryption without starting the encryption process, allowing instance clones to be deployed with a single restart. You may also want to use the.msi file if you want to deploy SecureVM Agent to instances before deploying CloudLink Center. Like the SecureVM standard installation (see Deploy SecureVM Agent Using the Standard Installation ), the.custom installation configures BitLocker and creates a reserved partition for encryption keys on the instance. Unlike the standard installation, the custom installation does not register the instance with CloudLink Center or start the encryption process. Page 16 Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances

The.msi file is available for download from CloudLink Center (SecureVM tab, Setups). Using the.msi to install SecureVM Agent on instances follows the same process as the standard installation, with two additional configuration changes. These changes are performed after running the.msi for the instance, and after deploying CloudLink Center. You use the Windows Registry Editor to configure the: SecureVM volume encryption policy CloudLink Center server address Use a static IP address that will not change. Alternatively, you can use the CloudLink Center host name (FQDN format) if the DNS already has an entry for CloudLink Center. Encryption begins automatically when the changes to the registry are saved and the instance is restarted. Alternatively, administrators can RDP into the VM instance, select the CloudLink SecureVM icon from the Windows taskbar, select the Configuration option, type the CloudLink Center server address, and specify the volumes to be encrypted. To make changes for SecureVM with the Windows Registry Editor: 1. From a command prompt window, type regedit. 2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\CloudLink Technologies Inc\SecureVM. 3. To configure the SecureVM volume encryption policy, do the following: Add a registry key named ProfileId with the type DWORD. Set the value of the ProfileId registry key as follows: For boot partition encryption only, set the value to 101 For additional disk encryption only, set the value to 102. For both boot partition and additional disk encryption, set the value to 103. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 17

4. To configure the CloudLink Center address: Add a registry key named Server with the type REG_SZ. Set the value of the Server registry key the CloudLink Center server address (for example, 209.87.232.41 or cloudlinkcenter.mycompany.com). 5. Save and close the registry. Here s an example of the ProfileId registry key and value: Verify Successful Deployment on Windows VM Instances You can confirm that SecureVM Agent has successfully installed using the SecureVM Agent Shield icon in the Windows taskbar. The tooltip displays a message indicating that the instance is connected. For information about managing the instance, see the CloudLink Center Administration Guide for CloudLink SecureVM. Page 18 Chapter 4: Deploy and Configure CloudLink SecureVM Agent for Windows VM Instances

Chapter 5: Deploy and Configure CloudLink SecureVM Agent for Linux VM Instances You deploy CloudLink SecureVM Agent using a standard or custom installation. The standard installation uses a script file that connects to CloudLink Center and downloads the appropriate installation package for the operating system. The custom installation uses an operating system specific package file. This type of deployment is useful to deploy SecureVM Agent to many VMs using a non-interactive method (for example, Chef). Deploy SecureVM Agent Using the Standard Installation Deploying SecureVM Agent using the standard installation involves the following tasks: 1. Downloading the SecureVM Agent installer (see Download the SecureVM Agent Installer for Linux ). 2. Installing SecureVM Agent (see Install SecureVM Agent on a Linux VM ). Download the SecureVM Agent Installer for Linux The SecureVM Agent installer is provided as a script file named securevm. You download this installation package from CloudLink Center. To download the securevm installer: From the command line on the client, type the following: wget http://clc_address:8080/cloudlink/securevm where clc_address represents the CloudLink Center server address. A message indicates that the securevm download was saved. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 19

Install SecureVM Agent on a Linux VM Instance SecureVM Agent is installed using the downloaded securevm installer. During installation, the VM is automatically restarted to configure ecryptfs, create a reserved partition for encryption keys, register the VM with CloudLink Center, and enable ecryptfs encryption of the VM s boot partition. Once the VM is registered with CloudLink Center, you can view it on the SecureVM tab of CloudLink Center and monitor progress of the encryption. For information, see the CloudLink Center Administration Guide for CloudLink SecureVM. To install SecureVM Agent: 1. From the command line on the client, type the following: sudo sh securevm 2. For all platforms except SUSE, when prompted to encrypt file names, type y (yes) or n (no). Warning: Encrypt file names only if the files are not required by other programs, including scripts, during reboots. These programs will not be able to find the files once the file names are encrypted. 3. When prompted to restart the system, type y. Deploy SecureVM Agent Using a Custom Installation You can deploy SecureVM Agent using the deployment package for your operating system. A custom installation is useful to deploy SecureVM Agent to many VMs using a non-interactive method (for example, Chef). Deploying SecureVM Agent using the custom installation involves the following tasks: 1. Downloading the SecureVM Agent deployment package (see Downloading the SecureVM Agent Deployment Package ). 2. Installing the SecureVM Agent deployment package (see Installing the SecureVM Agent Deployment Package ). Downloading the SecureVM Agent Deployment Package SecureVM Agent deployment packages are available as deb or rpm files. These files are available for download from CloudLink Center. Page 20 Chapter 5: Deploy and Configure CloudLink SecureVM Agent for Linux VM Instances

Installing the SecureVM Agent Deployment Package After downloading the deployment package for your operating system from CloudLink Center, you install the package using the package manager for your platform. During configuration, the boot partition is encrypted and the VM is registered with CloudLink Center. To install and configure SecureVM Agent: Type the following command: where svm ER [ v ] [-F] <clc_address> -v is verbose -F encrypts filenames <clc_address> represents the CloudLink Center server address Verify Successful Deployment on Linux VMs You can confirm that SecureVM Agent has successfully installed by logging in to CloudLink Center and viewing the VM s status. For information about managing VMs, including viewing their status, see the CloudLink Center Administration Guide for CloudLink SecureVM. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 21

Chapter 6: Use the CloudLink Center Update Menu If problems with your SecureVM deployment are encountered, CloudLink Technical Support may request you to log into the CloudLink Center instance console. SSH to the CloudLink Center VM instance (Linux) to access the Update Menu. The Update menu includes these options: Option Summary Diagnostics Description Displays a summary of CloudLink Center settings. Intended only for use under the direction of CloudLink Support. CloudLink SecureVM 3.1 for Microsoft Azure Deployment Guide Page 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback