Deploying SafeSquid in Microsoft Azure

Deploying SafeSquid in Microsoft Azure

Deploying SafeSquid in Microsoft Azure


Overview

This document provides a comprehensive, step-by-step guide for installing SafeSquid on a Microsoft Azure server using a cloud-init script. 
This document covers the entire installation process, including initial server setup, partition configuration, dependency verification, and service status checks. Additionally, the document highlights crucial security measures to prevent the creation of an open proxy, ensuring a secure and efficient deployment.

Prerequisites

  1. Microsoft Azure Account: Sign up for an Azure account if you don't already have one.
  2. SafeSquid Hardware Requirements: Refer to SafeSquid’s hardware requirement for provisioning your server.
  3. Cloud-init ScriptSafeSquid’s Cloud-init script to automate the initial setup and configuration of your droplet.
  4. SSH Key: For securely accessing the cloud server.

Creating a SafeSquid Virtual Machine

Access your Microsoft Azure dashboard at https://portal.azure.com/#home
accessing azure portal
clicking on hamburger icon in azure portal
selecting virtual machines option
clicking on create
selecting azure virtual machine

Basic

basics of creating a virtual machine
selecting your resource group
entering a new name for your virtual machine
selecting region which is closet to your location
selecting availability options which meets your requirements
selecting security type
clicking on image and selecting ubuntu 18.04
clicking on configure VM generation, selecting generation, clicking on apply to select and continue
showing VM size
clicking on the down arrow to see all the available CPU and RAM options
selecting the appropriate hardware as per safesquid requirement and clicking on select to continue
Note: Refer to SafeSquid’s minimum requirements document.

entering the username, and selecting SSH public key source
you can also use existing public key for SSH authentication and pasting the public key in the box
showing that you can also use password based authentication to access your VM
clicking on allow selected port and selecting inbound port 22 for SSH

Disks

showing that if you wish you can encryption on your data store on azure's managed disks
minimum size of the disk should be at least 16 GB. selecting the disk size and clicking on OK to continue
A screenshot of a computerDescription automatically generated

Networking

Note: For more details on how to setup virtual network in Microsoft Azure, refer to the official guide of Microsoft Azure using the link given below.

selecting your subnet
Note: For more details on how to setup subnet in Microsoft Azure, refer to the official guide of Microsoft Azure using the link given below.

selecting public IP
if you wish to set NIC network security group select advance. selecting your network security group
Note: For more details on how to setup NIC in Microsoft Azure, refer to the official guide of Microsoft Azure using the link given below.

selecting inbound ports 22 for SSh
selecting the type of load balancer from load balancing options

Management

showing that for demonstration we are keeping management settings to default

Monitoring

showing that you can enable system alerts for your VM. clicking on configure to create custom alerts
setting the conditions for alerts. choosing the method for notifying administrator. clicking on save to set alerts and continue
showing how to enable OS guest diagnostics to get metrics every minute for your virtual machine. you can use them to create alerts and stay informed on your applications
selecting name of your account. selecting the storage kind. selecting replication type. clicking on OK to create storage account and continue

Advanced

Cloud-init Setup Script

We are using a cloud-init script to automate the deployment process. Use the cloud-init script from the link below: SafeSquid Cloud-init Script

Tags

Review+Create

Review and create
clicking on download private key and create resource to download your private key and create resourceswaiting for the deployment process
clicking on serial console
waiting for few moments to complete the safesquid installation process to finishusing the username and password to login
clicking on connect and clicking on SSH
SSH into your VM
showing safesquid CLI

Validation

Ensure that all parts of the installation have been completed successfully:
Verify that all the partitions for SafeSquid have been created.
lsblk
Check the process status of SafeSquid using one of the following commands:
pidof safesquid   
OR         
netstat -tulnp | grep “safesquid”  
validating using check for listening ports . checking for safesquid service status. validating custom partitions

Accessing SafeSquid’s web interface.

To access SafeSquid’s Interface securely over the cloud, we recommend you use a SSH tunnel. 
SSH tunnelling, or SSH port forwarding, is a method of transporting arbitrary data over an encrypted SSH connection.

Secure Access to SafeSquid SWG for your office network and for your end users.

Ensuring secure access to SafeSquid's Secure Web Gateway (SWG) for your office network and end users is critical. 
By utilizing a Virtual Private Network (VPN), you can provide a secure connection that encrypts all data transmitted between your network and the SafeSquid SWG. 
This ensures that both office-based and remote users can access web resources safely, maintaining the integrity and confidentiality of your organization's data. 
Implementing VPN access to SafeSquid SWG not only protects against potential cyber threats but also ensures consistent security policies are enforced across all users, regardless of their location.

Post-Installation Checklist and Recommendations

The SafeSquid instance can now be activated from the product interface. To access the product interfacev, SafeSquid® proxy server must be configured on the web-browser. Post activation, setup SSL Inspection and configure policies as per the enterprise’s requirements.






    • Related Articles

    • Implementing SafeSquid on Cloud

      Background The SafeSquid proxy server is a native x86_64 Linux network service application. The software is distributed as a “tar-ball”package. It can thus be deployed on an appropriate Linux based host platform. Efficient performance installation ...

    • Analyze The SafeSquid Logs

      Overview Logs provide a timeline of events for the Linux operating system, applications and system, and are very useful and valuable troubleshooting tool when you encounter any problem. When any issue/problem occurs then system administrator will ...

    • Install SafeSquid Secure Web Gateway on VMware EXSi server

      Overview vmware ESXi is an enterprise-class, type-1 hypervisor developed by vmware for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system; instead, it includes ...

    • Integrate AD or OpenLDAP with SafeSquid

      Overview Active directory information is used to authorize/authenticate the users and computers which are part of your network. Active directory objects are mainly a set of attributes like domain, Organization Unit (OU), user, group, subnet etc. In ...

    • G-Suite App Sync Setup With SafeSquid

      Problem Statement I am using G Suite Sync App to Configure G Suite Account on Microsoft Outlook. This Application is Available for Windows7, Windows 10 I have Installed SafeSquid (SAB) and Enabled Proxy-Authentication. But I am not able to Sync G ...