CSSCurrent en:Cryptshare on Microsoft Azure
This article provides detailed information on how you can install your Cryptshare Server on Microsoft Azure. Aside from the manual installation of a Cryptshare Server in your Azure infrastructure, it is also possible to have the Cryptshare Server installed automatically. For doing so, please use our app in the Azure Marketplace.
1 Manual Installation
Click here to expand...
Please refer to the Quick Start Guide for a general description for the installation of a self-installed system.
2 Automated installation – Azure Marketplace
Click here to expand...
2.1 Prepare what you need
To ensure a smooth commissioning of your Cryptshare Server, please first complete the steps as described in chapter 2 (“Prepare what you need”) of the Quick Start Guide.
In order to use Cryptshare on Microsoft Azure, it is necessary to first create a resource group. Label the resource group and select the region that is closest to the location where you want to use Cryptshare on Microsoft Azure. For the use in Germany, we recommend selecting the region “(Europe) West Europe”.
You can review your data before creating the resource group by clicking the button “Create” via “Review + create”.
Select the “Cryptshare Server” app in the Azure Marketplace, click “Get now”, and confirm by clicking “next”. Subsequently, the Azure Portal will open and you can create the Cryptshare Server via the button “Create”.
Cryptshare on Microsoft Azure currently uses the most recent Ubuntu LTS version as the operating system. For accessing the level of the operating system, please set an administrator/a super user and the method of authentication.
- Password: Select a password the administrator/super user can use to log in, e.g. via SSH.
- Öffentlicher SSH-Schlüssel: Insert SSH key here.
After this step, determine which payment method you want to select for this Azure device. Please note that this method applies exclusively for the infrastructure provided by Microsoft and the operation thereof. Currently, Cryptshare is only offered as a Bring-Your-Own-License-Model and is therefore not billed via Microsoft.
Now, select the previously created resource group and the desired location, and proceed with the "Next: Virtual Machine Settings".
2.4 Virtual Machine Settings
In the section “Virtual machine size”, select the machine that is best suited for your needs. If you are uncertain in the selection of a suitable machine, you are welcome to consult the guidance we provide here .
Select the virtual network your Cryptshare server will be a part of. Providing your name and address range, you can create a new network here or use an existing one. Subsequently, please configure the subnetwork to be used.
Set the “DNS Label Prefix”. This prefix is used for creating the URL that serves for accessing the Cryptshare server.
If, for example, you entered “cryptshare-test” and ran your server in Europe (West), your URL would be “cryptshare-test.westeurope.cloudapp.azure.com”. Please note that URLs must be unique; creating your Cryptshare server can fail if the respective URL is already taken.
Confirm your data with “Next: Hard Disk Configuration”.
2.5 Hard Disk Configuration
With these settings, you can determine the hard disk type (standard (HDD), standard SSD, or Premium (Premium SSD)) for the operating system and the data storage medium on which the encrypted Cryptshare transfers will later be stored. For the appropriate hard disk size you can find the respective recommendations here . Proceed with the "Next: Review + create".
2.6 Review + create
Please review the data and confirm the creation of your virtual Cryptshare Server on Microsoft Azure by clicking “create”.
2.7 Establishing SSH access
For administrative tasks on the operating system level, SSH access is necessary. To establish access, navigate to “Virtual machines” in your Azure Portal and select the machine you just created. Under the menu “Networking” you can now open the incoming port for the respective network interface card/subnet.
For doing so, click on “Add inbound port rule”.
After you arranged your settings according to your company policy, open port 22 (SSH) under "destination port ranges". Subsequently, you can connect to your Cryptshare server on Microsoft Azure via SSH
2.8 Configuring update notifications via Postfix
To ensure that you will receive important system notifications from the Cryptshare server, we recommend you additionally configure a Postfix mail server. To install Postfix, connect via SSH with the Cryptshare server (see 2.7). Then execute the following command:
This command makes the following steps easier and executes all subsequent commands as _root_. Continue with the following command to install and configure _Postfix_:
apt-get install apticron
This command opens a configuration menu. Select “Satellite system”. In the next step, you can adapt the “System mail name” or accept the default value. If you choose to adapt the name, please adhere to the FQDN model when doing so. Then enter the _SMTP relay host._
Subsequently, you can configure the Postfix server. For doing so, please enter the following commands consecutively:
echo <SMTP relay host>:<Port> <user>:<password> > /etc/postfix/relay\_password postmap hash:/etc/postfix/relay\_password
Now, edit the file main.cf in the register etc/postfix/.
Please check the following entries and make adaptions if necessary.
smtpd\_use\_tls=yes smtpd\_relay\_restrictions = permit\_mynetworks permit\_sasl\_authenticated defer\_unauth\_destination myhostname = <hostname> alias\_maps = hash:/etc/aliases alias\_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = <use postfix recommendations> relayhost = <SMTP relay host>:<Port> mynetworks = 127.0.0.0/8 \[::ffff:127.0.0.0\]/104 \[::1\]/128 mailbox\_size\_limit = 0 recipient\_delimiter = + inet\_interfaces = loopback-only inet\_protocols = all
Subsequently, add the following lines:
smtp\_sasl\_password\_maps=hash:/etc/postfix/relay\_password smtp\_sasl\_auth\_enable=yes smtp\_sasl\_security\_options = noanonymous smtp\_tls\_security\_level = encrypt mynetworks\_style = host
These settings enable Postfix and subsequently Cryptshare to use your mail server as a relay for sending emails.
If you wish to use a fixed sender address for your Cryptshare transfers (e.g. []), the following parameter needs to be added as well:
sender\_canonical\_maps = regexp:/etc/postfix/sender\_canonical
If you use the parameter _sender\_canonical\_maps_, create the file “sender\_canonical” with the previously determined sender address in register /etc/postfix/.
echo /.+/ <sender address> > /etc/postfix/sender\_canonical
Subsequently, enter the following command:
To finish the configuration of Postfix, restart Postfix.
To activate notifications in case of updates for the operating system, execute the following command:
Enter your email address and save changes you made. In order to receive a notification if the virtual machine fails, move the Cronjob.
mv /etc/cron.d/apticron /etc/cron.daily/apticron
3 Server configuration
Click here to expand...
Congratulations! Your Cryptshare server has been installed successfully. For more information on the configuration and setup of the Cryptshare server, please read the Quick Start Guide.