If your cloud platform supports booting a VM from an ISO image then you can proceed using the standard Private Scan Hub Setup Guide.
However, many cloud platforms do not permit this. AppCheck has solutions for installing private scan hubs in Azure, AWS, GCP, OCI and Xen.
AppCheck provides a dedicated image in Microsoft's Azure Marketplace to enable Scan Hub deployment in Azure. For instructions on setting up a hub in Azure see Deploying an AppCheck Private Scan Hub in Microsoft Azure.
Deploying in other cloud platforms is currently a slightly more complex task due to limitations imposed by those platforms. To deploy a private scan hub in AWS, GCP, OCI or Xen you will need to allow AppCheck inbound SSH so we can perform the installation. This access should be removed once installation is complete (a deployed scan hub will have no SSH daemon running).
The steps to deploy in those platforms are:
- Create a VM in your cloud environment with the Private Scan Hub Requirements.
- Install Ubuntu 22.04 (not later - package updates will be handled by AppCheck once installation is complete, the AppCheck firmware is not tied to Ubuntu versions, this just provides a starting point for the installation).
- Set up an SSH key pair on the VM for a user AppCheck can use. The key should be in PEM format.
- Enable passwordless sudo access for that user.
- Allow inbound SSH access from AppCheck's IP ranges.
- Share the username, the public IP address and the private key with AppCheck.
There may be security systems provided as part of the cloud platform that function like a Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS). You will need to ensure that these services are set to ignore all traffic between the scan hub and AppCheck, and between the scan hub and the scan targets.
Comments
0 comments
Article is closed for comments.