Deploying a Private Scan Hub in Azure

Note: These instructions are intended as a supplement to the main setup guide to help users who wish to deploy their private scan hub in Azure.  Our developers have written these instructions based on their own experiences but we do not maintain an Azure environment or regularly test against one.  As such, though these instructions work at time of writing, changes in Azure may been the process needs to be adjusted.  Please contact Technical Support if you experience such a change, or when a part of the process is unclear.

1. Download the VHD version of the image from https://appcheck-ng.com/get-help/downloads/
2. Upload this image to an Azure storage container as a Page Blob.  Once uploaded it should look something like this:
   
3. Convert the VHD to a managed disk:
   1. Visit https://portal.azure.com/#create/Microsoft.ManagedDisk.
   2. Select the Basics tab if not already on it.
   3. In Project details select the appropriate Subscription and Resource Group.  Contact your Azure administrators if unsure what to use here.
   4. In Disk Details, set Source type to Storage blob:
      
   5. Click Browse, select the uploaded VHD blob, and click Select.
   6. In OS type select Linux:
      
4. Click Review and Create, and complete the process.
5. Deploy a Virtual Machine for this Managed disk by going to the managed disk you created above and clicking “Create VM”:
   
6. Select the Basics tab if not already on it.
7. In Instance Details -> Virtual machine name give the VM an appropriate name.  Note this name is only used within Azure and as the guest's hostname, it does not affect the scan hub's name within AppCheck, which is set by the license key you use later.
8. In Size we recommend “Standard_D4s_v3” with 4vcpus and 16GiB on memory as a starting point (it may be necessary to increase the allocation at a later date, for example if you wish to be able to run more scans concurrently).
9. In Inbound port rules -> Public inbound ports select None.
   
   
10. Select the Networking tab.
11. Your Azure and Network administrators will need to provide the details for the network configuration desired, but ensure:
    1. You have a way to connect to the hub's command line, eg using SSH on port 22.
    2. You have access to the hub on TCP port 8080 so you can access the hub's local web GUI.
    3. The hub has access to any addresses you wish to scan, on any ports you wish to scan (we recommend allowing access on all ports for infrastructure scanning, at a minimum 80 and 443 for web application scanning).
    4. The hub has the outbound internet access outlined in the main Private Scan Hub Setup Guide from the Configure Network Access step.
12. Click Review+Create, and complete the VM creation process.
13. Follow the main Private Scan Hub Setup Guide from the Configure Network Access step, through to the end.  Note that steps involving connecting to the new VM's command line will vary depending on your Azure environment.  Your Azure administrator will need to advise how to do this.