Installing CT-VL on Azure Cloud
Note
To obtain the CT-VL image for Azure, go to Azure MarketPlace, and look for "CipherTrust Vaultless Tokenization" v2.6 or higher.
Prerequisites to Install CT-VL on Azure Cloud
A virtual machine and a Subnet.
Minimum recommended settings for a CT-VL VM: 4 CPUs, 16GB memory.
Note
The network security group defines the firewall rules of the CT-VL virtual machine. At a minimum, incoming ports must allow port 22 (SSH) and port 443 (HTTPS).
If your cluster nodes are located in different resource groups, you also need to add port 5432 to the allowed incoming ports. However, if all your cluster nodes are in the same resource group, do not add port 5432, because nodes inside a resource group do not need any firewall permissions to communicate with one another.
Create the Azure VM
Log in to the Azure web portal.
Go to the Marketplace screen and search for CipherTrust Vaultless Tokenization. Select the desired version, and click the Create button.
Supply the following information to create a virtual machine:
VM name: name of the VM you want to use, for example,
my-CT-VL-2.6.0-azure-vm.VM disk type: SSD or HDD.
User name: Not required by CT-VL, but Azure needs this data to create a VM. This user name entry is not retained by CT-VL and is not used as a CT-VL credential.
Authentication type: Also not required by CT-VL, but required for Azure to create a VM. This authentication type entry is not retained by CT-VL and does affect the CT-VL configuration.
Resource group: You may create a new resource group or use an existing one. If you plan to create a cluster of CT-VL machines, it is recommended that all cluster nodes use the same resource group, so that they can communicate with one another without having to use a public static IP address or enable an incoming port in the firewall.
Location: For example, “West-US”.
Subnet and subnet address range:
Static or dynamic public IP address: Use a static IP address if you expect your cluster to span multiple resource groups.
Configuration Notes
To begin configuration, ssh into the instance as the cliadmin user using the public IP address, and follow the steps in Configuring the CT-VL System.
Note that on Azure, you will not configure the CT-VL network settings. Azure automatically configures these parameters for the CT-VL VM:
Internal and subnet IP addresses are provided to the VM through DHCP.
For CT-VL clusters, create an instance for each node in the cluster. Then configure each node separately, and join the nodes in a cluster.
When creating or joining a cluster, if you have all the cluster nodes in the resource group, you must use the same internal or subnet IP address used by the VM.
When adding a node to the cluster, you must always use the internal or subnet IP address of the new CT-VL VM node.
