Appendix B: Ivanti Policy Secure Resource Manager Template
Ivanti provides sample Azure template files to deploy the Ivanti Policy Secure Virtual Appliance on Azure. Users can modify this to make it suitable for their need. Visit https://www.ivanti.com and download the pulsesecure-pps-3-nics.zip file, and unzip it to get azuredeploy.json.
This template creates a new , with 3 NICs, Vnet, three subnets, NSG policies attached to Ivanti Policy Secure internal, external and management subnets. All 3 NICs of Ivanti Policy Secure are configured with dynamic IP configuration and enabled IP forwarding. Public IPs are attached to the Ivanti Policy Secure external and management NIC.
The template has following sections:
|
This section defines the parameters used for deploying Ivanti Policy Secure on Azure. It contains parameter name, its default value and the mouse-over help text that is displayed when mouse is placed over the parameter in Azure Web portal. The parameters defined here are displayed in the Custom Deployment page of Azure portal. |
|
|
This section defines variables that will be used in the functions defined in the resources section. |
|
|
This section defines resource types that are deployed or updated in a resource group. |
|
|
This section defines the public IP address and FQDN returned after successful deployment of Ivanti Policy Secure on Azure. |
parameters
PPS Storage Account Name: This is the name of the Ivanti Policy Secure Storage Account where the Ivanti Policy Secure Azure vhd image is stored.
PPS Storage Account Resource Group Name: The is the name of the Ivanti Policy Secure Storage Account Resource Group where the appendix_b_ips_resource_manager_template.htm Azure vhd image is stored.
PPS Image Location URI: The is the URL to the location where Ivanti Policy Secure Azure vhd image is stored.
PPS VM Name: This is the name given to Ivanti Policy Secure Virtual Appliance.
SSH Public Key: This is an RSA public key that is used to access Ivanti Policy Secure via SSH.
PPS Config: This section contains provisioning parameters that are required during the deployment of a Virtual Appliance. An XML-based configuration file can be present in another Virtual Machine in Azure cloud or in the corporate network which is accessible for Ivanti Policy Secure through site-to-site VPN between Azure and the corporate data center.
Ivanti Policy Secure accepts the following parameters as provisioning parameters:
- primary-dns
- secondary-dns
- wins-server
- dns-domain
- username
- ssh-publickey
- cert-common-name
- cert-random-text
- cert-organization
- config-download-url
- config-data
- auth-code-license
- enable-license-server
- accept-license-agreement
- enable-rest
For details about these parameters, see Ivanti Policy Secure Provisioning Parameters.
DNS Label Prefix Mgmt: This is the prefix for Management Interface DNS label.
VNet Address Space: This is a Virtual Network address space.
Internal Subnet: Subnet from which Ivanti Policy Secure Internal Interface needs to lease IP.
External Subnet: Subnet from which Ivanti Policy Secure External Interface needs to lease IP.
Management Subnet: Subnet from which Ivanti Policy Secure Management Interface needs to lease IP.
variables
PPS Virtual Network: This is the variable associated with the Ivanti Policy Secure Virtual Network.
PPS Internal Subnet: This is the variable associated with the Subnet from which Ivanti Policy Secure Internal Interface needs to lease IP.
PPS External Subnet: This is the variable associated with the Subnet from which Ivanti Policy Secure External Interface needs to lease IP
PPS Management Subnet: This is the variable associated with the Subnet from which Ivanti Policy Secure Management Interface needs to lease IP.
CS Internal Private IP: This is the private IP address of the Internal IP.
PPS Internal NIC: This is network interface card of Ivanti Policy Secure Internal network.
PPS External NIC: This is network interface card of Ivanti Policy Secure External network.
PPS Management NIC: This is network interface card of Ivanti Policy Secure Management network.
PPS Management Public IP: This is public IP address assigned to Ivanti Policy Secure Management Subnet.
Public IP Address Type: This variable is defined as static IP.
NSG Internal Subnet: This variable defines Network Security Group’s Internal Subnet policy.
NSG External Subnet: This variable defines Network Security Group’s External Subnet policy.
NSG Management Subnet: This variable defines Network Security Group’s Management Subnet policy.
VM Size: This variable defines Ivanti Policy Secure Virtual Machine size. It is 4 cores, 144MB memory.
Virtual Network ID: This variable defines Ivanti Policy Secure Virtual Network name.
API Version
resources
publicIPAddresses/publicIPAddr1: This block is responsible for creating public IP address which is static in nature. This is used for management interface IP address of Ivanti Policy Secure.
virtualNetworks/ppsvnetname: This block is responsible for creating Ivanti Policy Secure Virtual Network name. The creation of Ivanti Policy Secure Virtual Network name depends on:
- NSG Internal Subnet
- NSG External Subnet
- NSG Management Subnet
virtualNetworks/ppsVnetIntSubnet: This block is responsible for creating subnet. The created subnet is applied to Ivanti Policy Secure Internal interface.
virtualNetworks/ppsVnetExtSubnet: This block is responsible for creating subnet. The created subnet is applied to Ivanti Policy Secure External interface.
virtualNetworks/ppsVnetMgmtSubnet: This block is responsible for creating subnet. The created subnet is applied to Ivanti Policy Secure Management interface.
networkInterfaces/ppsExtNic: This block is responsible for creating network interface. The created network interface is applied to network interface card of Ivanti Policy Secure External interface. The creation of this network interface depends on:
- Ivanti Policy Secure Virtual Network name
- Public IP address of External Subnet
networkInterfaces/ppsMgmtNic: This block is responsible for creating network interface. The created network interface is applied to network interface card of Ivanti Policy Secure Management interface. The creation of this network interface depends on:
- Ivanti Policy Secure Virtual Network name
- Public IP address of Management Subnet
networkInterfaces/ppsIntNic: This block is responsible for creating network interface. The created network interface is applied to network interface card of Ivanti Policy Secure Internal interface. The creation of this network interface depends on:
- Ivanti Policy Secure Virtual Network name
virtualMachines/PPSVmName: This block is responsible for creating Virtual Machine name. The created Virtual machine name is applied to Ivanti Policy Secure Virtual Machine. The creation of Ivanti Policy Secure Virtual Machine name depends on:
- Network Interface Card of Ivanti Policy Secure Internal interface
- Network Interface Card of Ivanti Policy Secure External interface
- Network Interface Card of Ivanti Policy Secure Management interface
networkSecurityGroups/nsgExt: This block is responsible for creating policy. The created policy is applied to Network Security Group’s External interface.
The following security rules can be defined:
- allowHTTPS
- allowHTTP
- allowRADIUSAuth
- allowRADIUSAccounting
- allow RADIUSCoA
- allowSyslogUDP
- allowSyslogTCP
- allowSNMPTrap
- allowSRXConnection
- allowScreenOSConn
- allowDHCP
- allowTACACSPlus
- allowPostgresDataSync
networkSecurityGroups/nsgMgmt: This block is responsible for creating policy. The created policy is applied to Network Security Group’s Management interface.
The following security rules can be defined:
- allowHTTPS
- allowHTTP
- allowCustomSSH
- allowDMI
- denyAll
networkSecurityGroups/nsgInt: This block is responsible for creating policy. The created policy is applied to Network Security Group’s Internal interface.
The following security rules can be defined:
- allowHTTPS
- allowHTTP
- allowRADIUSAuth
- allowRADIUSAccounting
- allowRADIUSCoA
- allowSyslogUDP
- allowSyslogTCP
- allowSNMPTrap
- allowSRXConnection
- allowScreenOSConn
- allowDHCP
- allowTACACSPlus
- allowPostgresDataSync
- allowCustomSSH
outputs
The outputs section defines the public IP address and FQDN that is displayed on successful deployment of Ivanti Policy Secure on Azure.
