Skip to main content

Azure Deployment Guide

This guide provides detailed instructions and reference information for deploying the Cloud Connector with Microsoft Azure. It covers prerequisites, supported Azure resource types, important deployment considerations, and the Azure services leveraged during setup. Use this document as a comprehensive resource to ensure your environment is properly prepared and aligned with best practices for a secure and efficient deployment.

Prerequisites

Before you can use the Cloud Connector with Azure, ensure you have:

  • Active Azure subscription with administrative access
  • Azure Tenant ID for your subscription
  • Azure AD account with Owner role on the subscription you want to onboard - Required for deploying the Cloud Connector permission template
  • Active Xshield account and access to the management portal

Supported Azure Resource Types

The following Azure resource types are currently supported for discovery, monitoring, and policy enforcement:

  • Virtual Machine - Individual Azure VMs
  • Virtual Machine Scale Set - Scalable VM groups
  • Azure Database for MySQL - Managed MySQL database service
  • Azure SQL Managed Instance - Managed SQL Server instance
  • Azure Database for PostgreSQL - Managed PostgreSQL service

Note: Support for additional Azure resource types and other cloud providers will be added in future releases.

Important Considerations

  • Azure Storage Costs: Flow log analysis requires Azure Storage Account access. Additional Azure storage costs may be incurred for cross-region data transfer when the storage account containing your VNet flow logs is located in regions other than East US 2, Central India, Germany West Central, or Australia East where Cloud Connector is deployed
  • NSG Management Scope: Xshield Primarily manages NIC-level NSGs for VMs and manages subnet-level NSGs for Virtual Machine Scale Sets and Azure managed databases
  • Flow Log Dependency: Network traffic visualization requires flow logs to be enabled and accessible via Azure Storage Accounts
  • Limited Resource Types: Currently supports 4 Azure resource types (additional types planned for future releases)

Azure Services Used

The Cloud Connector uses these Azure services:

  • Azure Active Directory: For authentication and authorization
  • Azure Resource Manager: For resource discovery and management
  • Azure Network Security Groups: For policy enforcement
  • Azure Storage Accounts: For flow log access (optional but recommended for traffic analysis)
  • Azure Flow Logs: For network traffic analysis

Getting Started

To begin using the Cloud Connector with your Azure environment: