Host Guardian in Azure

To host Cloudhouse Guardian (Guardian) using Microsoft Azure, there are a few pre-configuration steps that must be completed. You'll first create a virtual machine (VM) using the Guardian solution available in the Azure Marketplace. Then, you’ll create two Azure blob containers to use for backups of this new VM. Last, you’ll adjust the disk sizes of your VM based on your anticipated needs and grant Cloudhouse networking access to the VM so we can finalize installation.

Note: The following steps involve running scripts using a command-line interface (CLI) client. At times, you will be instructed to replace placeholder texts in these scripts with details regarding your Azure tenant.

Dependencies

To host Guardian in Azure, you must have an existing Azure tenant.

Run the Virtual Machine and Gallery Creation Script

The first step in readying your Azure tenant to host Guardian is to create a new VM based on the Guardian solution available in the Azure Marketplace. To do this, you'll run a command-line script that references the Guardian solution. Within this script, you must specify the following:

The resource group in your Azure instance where you wish to store the new VM.
The name to assign to the new VM.
The location (region) where you are deploying the VM. For example, westus and uksouth.

Alongside creating a VM, this script also creates an image gallery that can be used to store VM snapshots taken prior to performing release package upgrades. This script creates the gallery and also creates a new image definition for your VM.

Note: Regardless of the number of VMs you create, only one gallery is needed. However, you will need to create a new image definition for each unique VM. If you are performing this action for the first time, run the below script in full. If you have already run the script once and are simply creating a new VM within your Azure tenant, remove the section labeled ## new gallery creation.

The VM and gallery creation script is as follows:

Note: Before running the script, insert your own values for the resourcegroup, name, and location attributes. Additionally, specify a gallery image definition name, which should be the same as the name chosen for your VM.

Copy

imageid="cloudhouse1721900171446:guardian:byol-1:2024.08.30"\  
resourcegroup=""  
name=""  
location=""
size="Standard_B8ms" # 8CPU, 32GB mem  
   
az vm image terms accept --offer "guardian" --plan "byol-1" --publisher "cloudhouse1721900171446"  
   
az vm create --resource-group $resourcegroup --name $name --image $imageid --enable-agent false \  
--plan-name "byol-1" --plan-publisher "cloudhouse1721900171446" --plan-product "guardian" \
--location $location --license-type "None" --size $size --encryption-at-host "true" --public-ip-address "" --nsg-rule "NONE" 
 
## new gallery creation 
az sig create --resource-group $resourcegroup --gallery-name guardian_gallery 
 
## new image definition creation 
## image definition needs to be the original name of VM 
az sig image-definition create \ 
   --resource-group $resourcegroup \ 
   --gallery-name guardian_gallery \ 
   --gallery-image-definition $name \ 
   --publisher Cloudhouse \ 
   --offer Guardian \ 
   --sku $name \ 
   --os-type Linux \ 
   --os-state specialized \ 
   --hyper-v-generation V2 \ 
   --plan-name byol-1 \
   --plan-product guardian \
   --plan-publisher cloudhouse1721900171446

Once you have run the above script, the resource group in your Azure tenant now holds a VM created from the Guardian solution in the Azure Marketplace. With this VM, you can make final adjustments to suit your needs in preparation for the installation of Guardian. Use the sections below or consult your Guardian Representative for assistance.

You’ll now also see an image gallery with an image definition for the newly copied VM. This will come in useful when creating VM snapshots in the event of release package upgrades. For more information, see Pre-Package Upgrade Azure VM Snapshot.

Create Azure Blob Containers

Within Azure, you must now create two blob containers that will be used for PostgreSQL backups of your Guardian instance. In your Azure tenant, either use an existing storage account or set up a new storage account to create two blob containers. Ensure one container is named with the keyword “data” and the other is named with the keyword “armada” so they can easily be distinguished. Once you’ve created these blob containers, provide your Guardian Representative with the following details of each:

Azure Account – Storage account name.
Azure Container – Name of blob container.
Azure Endpoint – Default “blob.core.windows.net”.
Azure Key – Access key to storage account.
Azure KeyType – Default “shared”.
AzureURIStyle – Default “host”.

Note: If you don’t provide an Endpoint, KeyType, or URIStyle the defaults will be used.

Once you’ve created these blob containers, you’re ready to configure your VM to meet the specific needs for your Guardian instance.

Configure the VM Image

With the VM created in your resource group, you can now make final adjustments to prepare for the installation of Guardian. These adjustments include setting the appropriate disk size and enabling networking rules to grant the Cloudhouse team access for final installation. 

Recommended Disk Specifications

Your VM has five total pre-defined disks. The size and memory of each disk must be adjusted depending on your needs, so use the following table to make the necessary adjustments:

Nodes	Up to 1,000	1,001 to 5,000	5,001 to 10,000	Over 10,000
CPU	8 CPU Cores	16 CPU Cores	32 CPU Cores	Please contact your Account Manager for disk size recommendations.
RAM	32 GB RAM	64 GB RAM	128 GB RAM
Storage	diskA: default diskB: 150 GB diskC: 100 GB diskD: 100 GB diskE: 100 GB	diskA: default diskB: 500 GB diskC: 500 GB diskD: 100 GB diskE: 100 GB	diskA: default diskB: 1 TB diskC: 1 TB diskD: 100 GB diskE: 100 GB

Nodes

Up to 1,000

1,001 to 5,000

5,001 to 10,000

Over 10,000

CPU

8 CPU Cores

16 CPU Cores

32 CPU Cores

Please contact your Account Manager for disk size recommendations.

RAM

32 GB RAM

64 GB RAM

128 GB RAM

Storage

diskA: default

diskB: 150 GB

diskC: 100 GB

diskD: 100 GB

diskE: 100 GB

diskA: default

diskB: 500 GB

diskC: 500 GB

diskD: 100 GB

diskE: 100 GB

diskA: default

diskB: 1 TB

diskC: 1 TB

diskD: 100 GB

diskE: 100 GB

Enable Networking

For the Guardian team to finalize installation, they will need access to your new VM. To grant them access, please ensure that SSH access is enabled.

Additionally, the Guardian appliance needs to be accessible over port 443 for:

• All Connection Managers. (We recommend one Connection Manager is deployed for every 1,000–1,500 nodes intended for scanning.)

• All users accessing the Guardian Web UI.

With the above completed, you are ready to host your instance of Guardian using Azure, and your Guardian Representative will work with you to complete the configuration. If you have any questions during this process, contact your Guardian Representative.