Welcome to Cryptshare on Microsoft Azure!

This article provides detailed information on how you can install your Cryptshare Server on Microsoft Azure. Aside from the manual installation of a Cryptshare Server in your Azure infrastructure, it is also possible to have the Cryptshare Server installed automatically. For doing so, please use our app in the Azure Marketplace.

1 Manual Installation

Click here to expand...

Please refer to the Quick Start Guide for a general description for the installation of a self-installed system.

2 Automated installation – Azure Marketplace

Click here to expand...

2.1 Prepare what you need

To ensure a smooth commissioning of your Cryptshare Server, please first complete the steps as described in chapter 2 (“Prepare what you need”) of the Quick Start Guide.

2.2 Commissioning of the Cryptshare Server

In order to use Cryptshare on Microsoft Azure, it is necessary to first create a resource group. Label the resource group and select the region that is closest to the location where you want to use Cryptshare on Microsoft Azure. For the use in Germany, we recommend selecting the region “(Europe) West Europe”.

You can review your data before creating the resource group by clicking the button “Create” via “Review + create”.

Select the “Cryptshare Server” app in the Azure Marketplace, click “Get now”, and confirm by clicking “next”. Subsequently, the Azure Portal will open and you can create the Cryptshare Server via the button “Create”.

2.3 Basics

Cryptshare on Microsoft Azure currently uses the most recent Ubuntu LTS version as the operating system. For accessing the level of the operating system, please set an administrator/a super user and the method of authentication.

• Password: Select a password the administrator/super user can use to log in, e.g. via SSH.
• Öffentlicher SSH-Schlüssel: Insert SSH key here.

After this step, determine which payment method you want to select for this Azure device. Please note that this method applies exclusively for the infrastructure provided by Microsoft and the operation thereof. Currently, Cryptshare is only offered as a Bring-Your-Own-Licence-Model and is therefore not billed via Microsoft.

Now, select the previously created resource group and the desired location, and proceed with the "Next: Virtual Machine Settings".

2.4 Virtual Machine Settings

In the section “Virtual machine size”, select the machine that is best suited for your needs. If you are uncertain in the selection of a suitable machine, you are welcome to consult the guidance we provide here.

Select the virtual network your Cryptshare server will be a part of. Providing your name and address range, you can create a new network here or use an existing one. Subsequently, please configure the subnetwork to be used.

Set the “DNS Label Prefix”. This prefix is used for creating the URL that serves for accessing the Cryptshare server.

If, for example, you entered “cryptshare-test” and ran your server in Europe (West), your URL would be “cryptshare-test.westeurope.cloudapp.azure.com”. Please note that URLs must be unique; creating your Cryptshare server can fail if the respective URL is already taken.

Confirm your data with “Next: Hard Disk Configuration”.

2.5 Hard Disk Configuration

With these settings, you can determine the hard disk type (standard (HDD), standard SSD, or Premium (Premium SSD)) for the operating system and the data storage medium on which the encrypted Cryptshare transfers will later be stored. For the appropriate hard disk size you can find the respective recommendations here . Proceed with the "Next: Review + create".

2.6 Review + create

Please review the data and confirm the creation of your virtual Cryptshare Server on Microsoft Azure by clicking “create”.

2.7 Establishing SSH access 

For administrative tasks on the operating system level, SSH access is necessary. To establish access, navigate to “Virtual machines” in your Azure Portal and select the machine you just created. Under the menu “Networking” you can now open the incoming port for the respective network interface card/subnet.

For doing so, click on “Add inbound port rule”.

After you arranged your settings according to your company policy, open port 22 (SSH) under "destination port ranges". Subsequently, you can connect to your Cryptshare server on Microsoft Azure via SSH

2.8 Configuring update notifications via Postfix

To ensure that you will receive important system notifications from the Cryptshare server, we recommend you additionally configure a Postfix mail server. To install Postfix, connect via SSH with the Cryptshare server (see 2.7). Then execute the following command:

sudo -i

This command makes the following steps easier and executes all subsequent commands as _root_. Continue with the following command to install and configure _Postfix_:

apt-get install apticron

This command opens a configuration menu. Select “Satellite system”. In the next step, you can adapt the “System mail name” or accept the default value. If you choose to adapt the name, please adhere to the FQDN model when doing so. Then enter the _SMTP relay host._

Subsequently, you can configure the Postfix server. For doing so, please enter the following commands consecutively:

echo <SMTP relay host>:<Port> <user>:<password> > /etc/postfix/relay\_password

postmap hash:/etc/postfix/relay\_password

Now, edit the file main.cf in the register etc/postfix/.

vim /etc/postfix/main.cf

Please check the following entries and make adaptions if necessary.

smtpd\_use\_tls=yes

smtpd\_relay\_restrictions = permit\_mynetworks permit\_sasl\_authenticated defer\_unauth\_destination
myhostname = <hostname>
alias\_maps = hash:/etc/aliases
alias\_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = <use postfix recommendations>
relayhost = <SMTP relay host>:<Port>
mynetworks = 127.0.0.0/8 \[::ffff:127.0.0.0\]/104 \[::1\]/128
mailbox\_size\_limit = 0
recipient\_delimiter = +
inet\_interfaces = loopback-only
inet\_protocols = all

Subsequently, add the following lines:

smtp\_sasl\_password\_maps=hash:/etc/postfix/relay\_password
smtp\_sasl\_auth\_enable=yes
smtp\_sasl\_security\_options = noanonymous
smtp\_tls\_security\_level = encrypt
mynetworks\_style = host

These settings enable Postfix and subsequently Cryptshare to use your mail server as a relay for sending emails.

If you wish to use a fixed sender address for your Cryptshare transfers (e.g. [[1]]), the following parameter needs to be added as well:

sender\_canonical\_maps = regexp:/etc/postfix/sender\_canonical

If you use the parameter _sender\_canonical\_maps_, create the file “sender\_canonical” with the previously determined sender address in register /etc/postfix/.

echo /.+/ <sender address> > /etc/postfix/sender\_canonical

Subsequently, enter the following command:

postmap hash:/etc/postfix/sender\_canonical

To finish the configuration of Postfix, restart Postfix.

/etc/init.d/postfix restart

To activate notifications in case of updates for the operating system, execute the following command:

dpkg-reconfigure apticron

Enter your email address and save changes you made. In order to receive a notification if the virtual machine fails, move the Cronjob.

mv  /etc/cron.d/apticron /etc/cron.daily/apticron

3 Server configuration

Click here to expand...

Congratulations! Your Cryptshare server has been installed successfully. For more information on the configuration and setup of the Cryptshare server, please read the Quick Start Guide.