Coda Footprint Internal Scanner is now part of the Azure Marketplace
Azure Marketplace: CODA Footprint Cloud Appliance
Azure Portal - Create Footprint Cloud Appliance VM
Have a running MSP Console instance that is reachable on HTTPS from the Internal Scanner that is to be deployed.
Configure a FQDN for the MSP Console that can be resolved by the Internal Scanner.
Have IP [OSI Layer 3] reachability from the Azure vNET where the scanner is provisioned to the future Scan Target / Destination Subnets.
Allow access from the Scanner to the Console Machine over HTTPS, TCP/15671, TCP/15672, TCP/5671, TCP/5672
Note: Restricting traffic would should inaccurate Scan Results as not all ports would be reachable
Attention: Scanning over VPN or Firewall may produce overhead and performance issues. Make sure to configure scans to run outside business hours.
In order to deploy an Internal Scanner in the Azure Marketplace you would need to follow the below instructions:
Connect to your Azure Subscription and provision the desired Resource Group and Subnet. If using an existing Resource Group , make sure to have an available IP and reachability to the future Scan Targets.
Select “Create a resource”.
In the Search Bar look for “Coda Footprint Cloud Appliance”
You will be directed to the Internal Scanner or Coda Footprint Cloud Appliance page:
Click the “Create” button and follow the Configuration Steps:
Choose your Subscription and Resource group.
Pick a Virtual Machine Name relevant to your environment and naming convention.
Choose Image: Footprint BYOL
Pick a virtual machine Size, for example: Standard_D2s_v3 with 2 vCPU and 8 GB of RAM.
Note: Minimal Recommended Hardware Requirements are 2 vCPU and 8 GB RAM
Attention: The machine will work with 2 vCPU and 4 GB RAM but only for small a Scan Surface. The memory requirements increase if you have a larger Scan Surface configured.
Error: The machine will work with less than 2vCPU and 3.5 GB RAM
You would need to select a user account and Authentication options. Recommended is to use SSH keys but Password authentication is also supported.
You may enable SSH inbound ports but this is not required for functionality. You may need to allow inbound access for port 8080 if you want to use the web based initial setup. Remember to restrict this access once the setup is done. You may skip this option if you are using the Custom Data field in the Advanced configuration tab.
Continue to choose a Disk. The initial Disk included in the image is sufficient for this appliance. You may opt-in for faster storage in case you have a broad Scan Surface.
Assign an IP address in the desired source IP Subnet. Make sure to have IP connectivity to the destination Scan Surface.
Inbound ports are not required but you may add SSH access or HTTP/8080 access for management purposes.
Choose Monitoring options. There is no specific requirement for a Monitoring storage account.
In the Advanced tab make sure to add Custom data according to what was presented in the Scan Surface > Agentless Surface > Setup Scanners. Copy the presented string and paste it in the Custom data field, this would make sure to pass Console URL and Token as a parameter to the provisioned VM. You may skip this step and configure the Appliance from HTTP after you start it up.
Note: If you do not use the Custom data field the scanner would need to be configured from http://<hostip>:8080 with the correct Console FQDN and Token.
Assign any desired tags and proceed with Creation
Check that all the values are properly configured and click Create. You would be billed for VM usage by Microsoft Azure according to the normal rates assigned to your VM sizing.
Remember to create and download the new private key if you picked this authentication option.
Proceed to the MSP Console and verify that the machine is properly connected to the CODA Footprint Console.
Remember to allow access from the Scanner to the Console Machine over HTTPS, TCP/15671, TCP/15672, TCP/5671, TCP/5672 in the corresponding Security Group.
Click Scan Surface > Agentless Surface > Deployed Scanners
Look for the new Internal Scanner by name and check that the State is Active.
Please sign in to leave a comment.