Azure Deployment Steps

Azure VM Deployment

1.Basics

Subscription: Azure Specific Field. All resources in an Azure subscription are billed together.

Resource group: Azure Specific Field. A resource group is a collection of resources that share the same lifecycle, permissions, and policies. It’s recommended to use a new resource group for ease of management.

Region: Choose the Azure region that’s right for you. Not every resource is available in every region.

SSH username: Specify a user name for accessing the virtual machines that host the Xage Fabric software (e.g. Center Nodes, Edge Nodes, Manager, Broker). For simplicity, the username would be the same across all virtual machines. 

SSH password: Enter the password for the specified user name. For simplicity, the password would be the same across all virtual machines for Xage deployment.

NOTE: SSH Username and SSH Password will be used later on in the deployment, make sure you save it. Also, make sure you are not using a personal password since you might need to share it with Xage for maintenance.

Application Name: Azure specific field. This application name for the resource group associated with the managed app (shows under “deployment” section, in the customer’s account) . 

Managed Resource Group: This is the name of the resource group holding all the resources that will be managed by Xage. This resource group contains the virtual machines, storage accounts, and virtual networks for the application. Changing this field is not recommended.

2. Cluster Settings

For most deployments, default options are recommended. The guideline for the network configuration is simple:

  • Azure hosted Xage Nodes can reach additional Xage Nodes deployed at the sites.
  • Xage Nodes in the IDMZ (cloud or on-prem) can reach the OT assets

If VPN is used between Azure and the industrial edge, a VPN Gateway needs to be placed within the VNET (see  VPN configuration above ).

3. Xage Fabric Configuration

For a typical deployment, the default options are recommended as they provide high availability and enough compute. Each node in this view will spin up a VM in Azure, which will be used to run Xage services

Xage ManagerThe Xage Manager VM will host the Xage Management Interface (Web-based). 
Number of VMs: 1
When and what should be changed? Change is not recommended unless instructed by the Xage CS team.
Xage Center NodesEach Xage Node VM will host 2 Center Fabric Nodes (The Tamperproof datastore is a distributed, secure, and highly available data store to store data such as users, groups, policies, etc… which is needed to enforce access control)
Number of VMs: 2
When and what should be changed? The number of Nodes can increase to improve security and high availability.
Xage BrokerThe Xage Broker VM will host services to import/export data from the Azure cloud into the OT and vice versa. For example, The Broker will pull users and groups from Active Directory and push them into the Fabric and will collect logs from Edge Nodes at the edge.
Number of VMs: 1
When to increase the number of machines? Never
When and what should be changed? Change is not recommended unless instructed by the Xage CS team.
Xage Edge NodeThe Xage Edge Node will host services to authenticate and authorize users via a web interface, enforce policy-based access control together with the Xage Enforcement Point (deployed on-premise), rotate credentials, and more. Xage Edge Nodes are critical to delivering security services to IT, OT, and IoT assets.
Number of VMs: 1
When and what should be changed? A Xage Edge Node needs to be deployed to enable users to login. Therefore, additional nodes might be needed if:
– Autonomous authentication is required in multiple sites when there’s intermittent connectivity. 
– Users have access from different locations (e.g. network segments), and can not access a single Xage Edge Node.
In a typical Azure deployment, with access via cloud-only, a single Xage Edge Node is sufficient.

4. Xage Admin Account Setup

Password for the default ‘admin’ user. This user will be used to access Xage Manager UI when deploying and provisioning the system. The password will be changed in Xage Manager UI after the system is up and running. Once the system is up and running, it is highly recommended to create individual user accounts to manage the Xage Security software.

Note: The password would be used later on in the deployment, make sure you save it.

If all required fields are filled in, you will see this “Validation Passed” message. Before deployment, you need to read the terms and conditions and select the checkbox. Then you can click “create” to start the deployment process.

5. Review + Create

After checking the “I agree” and clicking Create, VM provisioning will begin. During this step, the VMs will be automatically created in Azure. In the next step, we will cover how to deploy the Xage Fabric software into the newly provisioned VMs.

Xage Fabric Software Deployment

Accessing Xage Manager UI upon successful completion of deployment

Once the deployment was completed, through the Azure portal, go to the Deployment Complete notification and navigate to the following screen:

Next, go to the output and parameters view:

This view contains the configuration parameters from the Azure deployments stage and includes the internal IPs for the machines provisioned, which will be needed for the rest of the installation.

The important fields and their descriptions are:

  • “xage manager UI access”: The “output” value of this field is the generated link to give the customer access to the Xage Manager Web UI. 
  • “xage manager UI username”: The “output” value for this field is the temporary super admin/genesis login information that gives temporary access to the Xage Manager Web UI to complete the deployment.
  • “xage broker internal IP”: The “output” value for this field is the private IP address of the Xage Broker. This IP shall be used as the Xage Broker IP in the Xage deployment step.
  • “xage fabric internal IP”: The “output” value for this field is the private IP addresses of the Xage Fabric. These IP addresses will be used for the Xage Center Nodes in the setup of the Xage deployment step (the number of IP addresses depends on how many Xage Fabric VMs were allocated in the previous steps).
  • “xage edge internal IP”: The “output” value for this field is the private IP address of the Xage Edge Node. These IP addresses will be used for the Xage Edge Nodes in the setup of the Xage deployment step (the number of IP addresses depends on how many Xage Fabric VMs were allocated in the previous steps).
  • “ssh user”: The “output” value of this field is the ssh username used to login to all VMs. The ssh username shall be used in the Xage deployment step.

Login to the Xage Manager Web UI (xage manager UI access) to finish the installation.

Use the user/name password configured at the Azure configuration step (xage manager UI username/password) to login and start the Xage deployment.Follow the deployment guide, using the privateIPs and ssh username/password from the the output section for the different Xage components.

Prev: Pre-deployment