Documentation and help portal

Install regigate on MS Azure

Project description and used environment

This document is describing the procedure to prepare and install a regigate software appliance on MS Azure. We documented all needed steps in text and screen-shots. In case you plan to follow, please don’t forget to read the text and pay some special attention to the notes and marked fields in the screen-shots.

The availability of this document does not imply that regify offers official support for operation under MS Azure.

For our setup, we used the following environment and tools:

  • Windows 10 (1803)

  • Hyper-V-Manager 10.0.17134.1

  • MS Azure Storage Explorer 1.7.0 (details and source in-line later)

Installed regigate version:

  • regify-regigate-5.0.6-0325-1226-x86_64 appliance (will work with any previous version 5.x, too).

Creation of the regigate VM for MS Azure

The used Windows was a German system, so screenshots appear in German.

For creation of the regigate template machine, we used Hyper-V. Create a completely new virtual machine using the below configuration.

Namepath
Generation1

We decided for 1GB of Memory, which is absolutely sufficient for regigate:

SpeicherZuweisen

Now, for networking, we connected to the Standard Switch:

Standartswitch

We now created the virtual drive. Due to Microsoft, we should not use the new VHDX format, but Hyper-V does not offer anything else. So we decided to create the drive later:

FestplatteZuordnen

After the machine was created, we started editing some settings. This is what we’ve changed:

We added an IDE drive to IDE-Controller 0 as main drive for this VM.
By this, we can do a VHD:

Hinzufugen
Neu
Please make sure to create a VHD drive, because MS Azure does not support VHDX drives!
FormatWahlen

We also have chosen a fixed size because Azure does not support dynamic drives!

FesteGrosse

We named the drive with a good to find name:

NameDrive

We sized the drive with 8GB. This is the minimum for a regigate installation and enough for generic regigate operation.

We have to upload this later, so please do not use much more space!
NeuePlatte

Finally, the drive becomes created and was automatically assigned to the previous selected controller:

Anwenden

In order to install the regigate appliance, we also assigned the ISO image for booting:

ISOBoot

Save all settings Apply.

Now we went to Checkpoints (German Prüfpunkte) and disabled this feature for the machine (otherwise we will not get one single VHD file):

Checkpoints

Now click Apply and then click OKto close settings.

regigate Installation on the new VM

We connected to the new VM and started. The VM allows to boot from the virtual ISO image. Please do not only hit Enter.

Please type: serial and then confirm with Enter key.

BootSerial

Now, the setup of regigate starts and the system gets prepared for serial console usage. We wait until regigate setup screen appears.

This may take up to 40 minutes or even more! Stay tuned…​
BootConsole

Now we follow the regigate installation by mostly using the defaults:

AgreeLicence

We choose German Keyboard (because we are on a German system).
Use English in case of doubt. Can be changed later.

KeyboardSelection

By default, every MS Azure instance is assigning a private network 10.0.0.0/24. We found Azure DHCP assigning 10.0.0.4 for the first machine by default, so we entered 10.0.0.4 as IP Number using 255.255.255.0 as Netmask and 10.0.0.1 as Gateway. We found some information in the web for the first IP in a subnet to always be the gateway.

IPSettings

We entered testgate.regify.com as Hostname. We will use this later for DNS on the public IP of the VM for testing. You may have to enter your own preferred hostname.

This is used for regigate SMTP communication and may affect SPAM filters and functionality. You can change this later in the appliance menu, too.
Hostname

Enter appropriate passwords for user regify and user root (no screen-shots here).

Enter an email address for reports. Make sure this email address exists:

AdminMail

Set Time Zone. We do not know how MS Azure machines are working, so we do not assume them to have UTC 0 clock:

TimeZone

Finally, the diagnostic will complain, the connectivity is not given with the credentials. The gateway is not pingable. This is planned, because we are not yet in MS Azure. The local host does not support 10.0.0.1 as gateway:

DiagnosticInfo

Now the appliance tells us to log in using SSH and finish configuration there:

Finished

Upon this, the appliance menu appears.

We now Enable SSH Access in order to manage the appliance later in MS Azure. We enter Network Settings  Advanced Settings…  SSH Settings.

Here you can restrict SSH access to specified source IP addresses.

We strongly recommend not to allow root access and also fill in the IP address you plan to use for configuration.

If you do not know the IP, or you will come from non fixed IP addresses, you can leave the field empty. The password is the only security then.

For our tests, we enable access from our office in Germany and we do not allow root login:

SSHSet
Alternatively, you can keep the IP Subnet empty to not restrict SSH access. In this case, you must configure access restrictions in your MS Azure Ingoing rules (Firewall).

Now we leave the appliance menu using Back and Exit and will find us on the machine console:

TestgateLogin

We now login using root and the password we’ve set during setup. In there, we shutdown the regigate using:

shutdown -h now

Testgatedone

The VM now shuts down and halts. We close the console connection.

Copy regigate VM to MS Azure

Prepare MS Azure Storage Explorer

First we locate the regigate VHD disk file on our Windows machine. On our system it was located at
C:\Users\Public\Documents\Hyper-V\Virtual hard disks.

We then installed MS Storage Explorer. From the web it sounds like a good tool for uploading the new VHD of regigate.
We found and downloaded the Windows Version from here: https://azure.microsoft.com/en-us/features/storage-explorer/

After it was launched, we first added our Microsoft account:

AddAccount

We clicked on Add an account… and finally were not sure where our account is located. We have chosen the default:

ConnectAzure

Now we clicked on Log in… on the bottom. We then signed in using our Windows Azure account credentials. Upon this, we were signed in and clicked on Apply.

ApplyAccount

Prepare MS Azure Storage Resource

Our MS Azure Account does not yet have some Storage account. So we went to Azure web portal and entered Home  All resources. In there, we clicked the + Add button. We then have chosen Storage  Storage account.

Make sure to always use the same "Resource Group" in all Azure portal dialogs. Otherwise, if new Resource Groups are created, you may not be able to access the resources assigned there.

We set up the storage account like this:

SetUpAccount

The validation of the storage took a few seconds and then we are able to confirm:

CreateStorage

The provisioning took a few seconds only:

CompleteDeploy

We went back to Windows to our local Azure Storage Explorer and hit Refresh All. We then found our new storage listed behind Storage Accounts:

StorageAccount

We then right clicked Storage Accounts  regigatestorageaccount  Blob Containers and selected Create Blob Container.

CreateBlob

We created some regigate-container like this:

Container
UploadFiles

 
 
 
We then clicked on Upload in order to upload our VM files. For this, we have chosen to upload files (not folders) and selected the VHD file identified before.

Ours is about 8.4 GB in size:

AzureDrive

We started upload then. The upload took a while:

Activities1

After the upload was finished, we went back to the web Azure Portal. There we found the files in Home  All resources  regigatestorageaccount  Blobs  regigate-container:

DriveDone

Create a VM from the uploaded machine

Upon the VHD file is uploaded, we can create a new virtual machine based on this file. The following steps will guide you through this.

Create disk from uploaded image

We entered Home  All resources and decided to + Add and searched for Home  All resources  New  Managed Disks. We found that entry and clicked on Create button.

image

We now had to provide information for the new disk. We named it and selected the following settings:

  • Disk name: regigate_disk

  • Source type: Storage blob

  • Source blob: The chosen one after selection (see below)

  • OS type: Linux

BlobConf

During storage selection, we went down the structure until the files appeared. There, we selected the uploaded VHD file:

image

After successful validation under Review + create, we clicked Create on bottom and the drive was created.

DeployCompl

Create machine with this disk

We use the Azure portal to go to Home  All resources. There, we click on our new regigate_disk.

In the dialog, we can click on + Create VM:

CreateVM

We then simply enter the name of the machine (regigate) and may have to select the Resource group. We also have to select a Size. For our needs, we selected Standard B1s plan.

You also should allow SSH ports for ingoing connections:

SSHSetuup

We do not have to edit something for Disks. The next option is Networking. There we assign our public IP address:

SSHSetup

Please ensure that all settings are exactly like in the example.

For Management  ]  menu:Advanced[ and Tags we have kept the defaults.

After clicking Review and create we were able to create the VM with those settings:

Complete

Clicking Create will start provisioning of the new VM with our uploaded image. It took a few minutes to complete:

DeplCompl

Now we can find our new machine in the Home  Virtual Machines dialog on our Azure Portal:

regigate

This is the list of our resources now:

RessourceNow

At least if you do not have other resources, the list should look very similar to this (numbers may change).

Setup IP interfaces

We clicked regigate-ip  Configuration . There we made the IP Static:

StaticIP

Click Save to save the settings.

In All resources  ]  click on your network interface (replace:[regigate470 in our case) then IP configurations and select the one from the list.

Now, make sure that Private IP address is set to Static and points to 10.0.0.4:

IPCONFG

If it is not 10.0.0.4, you have to adapt it here to exactly match 10.0.0.4, because this is the IP we configured for the virtual machine before.

You may want to copy or note your public IP address here for later use.

Save with the Save function.

Connect to the new regigate machine

Upon the above configuration was successful, you should be able to connect to your machine using SSH (or PuTTY if you are on Windows):

NewMachine

Upon login with user regify, the regigate menu starts immediately.

Please remember that we disallowed root login during appliance configuration.
CheckUpdates

Now you can configure regigate and MS Azure to your needs.

The following settings should get your attention:

  • regigate

    • Limit SSH access to your network only (Network Settings  Advanced Settings  SSH Settings).

    • Create your Routes

If you enter the wrong address, you can no longer log in! Maybe first try to get your current incoming IP by running echo $SSH_CLIENT in the shell on regigate. If this is a fixed one, you can use this for limiting access.
  • MS Azure

    • Set up your networking settings for the VM to allow ingoing and outgoing traffic for your routes (eg SMTP). We suggest to not limit any outgoing access at all.

    • Enable backup for your regigate appliance (we suggest to do daily backups and keep them for at least 3 days).

    • Try using the serial console (Home  Virtual Machines  regigate,Serial console). It may take a few seconds (15 or more) or some retry, but in our environment we were able to log in. It is important that serial console is working. Otherwise you have no way to restore settings or fix issues with root user or if source IP has changed etc.

SerialConsole