Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Mittels Scroll Versions veröffentlicht aus dem Bereich CSMB und Version 4.4.0.

Button to
SpaceCD:Cryptshare Server Manual EN V3.8.2.0
TitleDeutsch


Welcome to Cryptshare on Microsoft Azure!


Info

Please note that Cryptshare Server version 4.3.0 will be installed with the automated installation. For the current version 4.4.0, please perform an update.

This article provides detailed information on how you can install your Cryptshare Server on Microsoft Azure.

Aside from the manual installation of a Cryptshare Server in your Azure infrastructure, it is also possible to have the Cryptshare Server installed automatically. For doing so, please use our app in the Azure Marketplace.

1 Manual Installation

Expand
Please refer to the Quick Start Guide for a general description for the installation of a self-installed system.

2 Automated installation – Azure Marketplace

Expand

2.1 Prepare what you need

To ensure a smooth commissioning of your Cryptshare Server, please first complete the steps as described in chapter 2 (“Prepare what you need”) of the Quick Start Guide.

2.2 Commissioning of the Cryptshare Server

In order to use Cryptshare on Microsoft Azure, it is necessary to first create a resource group. Label the resource group and select the region that is closest to the location where you want to use Cryptshare on Microsoft Azure. For the use in Germany, we recommend selecting the region “(Europe) West Europe”.

You can review your data before creating the resource group by clicking the button “Create” via “Review + create”.

Select the “Cryptshare Server” app in the Azure Marketplace, click “Get now”, and confirm by clicking “next”. Subsequently, the Azure Portal will open and you can create the Cryptshare Server via the button “Create”.

2.3 Basics

Cryptshare on Microsoft Azure currently uses the most recent Ubuntu LTS version as the operating system. For accessing the level of the operating system, please set an administrator/a super user and the method of authentication.

  • Password: Select a password the administrator/super user can use to log in, e.g. via SSH.
  • Öffentlicher SSH-Schlüssel: Insert SSH key here.

After this step, determine which payment method you want to select for this Azure device. Please note that this method applies exclusively for the infrastructure provided by Microsoft and the operation thereof. Currently, Cryptshare is only offered as a Bring-Your-Own-License-Model and is therefore not billed via Microsoft.

Now, select the previously created resource group and the desired location, and proceed with the "Next: Virtual Machine Settings".

2.4 Virtual Machine Settings

In the section “Virtual machine size”, select the machine that is best suited for your needs. If you are uncertain in the selection of a suitable machine, you are welcome to consult the guidance we provide here.

Select the virtual network your Cryptshare server will be a part of. Providing your name and address range, you can create a new network here or use an existing one. Subsequently, please configure the subnetwork to be used.

Set the “DNS Label Prefix”. This prefix is used for creating the URL that serves for accessing the Cryptshare server.

If, for example, you entered “cryptshare-test” and ran your server in Europe (West), your URL would be “cryptshare-test.westeurope.cloudapp.azure.com”. Please note that URLs must be unique; creating your Cryptshare server can fail if the respective URL is already taken.

Confirm your data with “Next: Hard Disk Configuration”.

2.5 Hard Disk Configuration

With these settings, you can determine the hard disk type (standard (HDD), standard SSD, or Premium (Premium SSD)) for the operating system and the data storage medium on which the encrypted Cryptshare transfers will later be stored. For the appropriate hard disk size you can find the respective recommendations here. Proceed with the "Next: Review + create".

2.6 Review + create

Please review the data and confirm the creation of your virtual Cryptshare Server on Microsoft Azure by clicking “create”.

2.7 Establishing SSH access 

For administrative tasks on the operating system level, SSH access is necessary. To establish access, navigate to “Virtual machines” in your Azure Portal and select the machine you just created. Under the menu “Networking” you can now open the incoming port for the respective network interface card/subnet.

For doing so, click on “Add inbound port rule”.

Info

For security reasons, please make sure that this connection can only be made from your location (for instance by only granting selected IPs access to the virtual machine).

After you arranged your settings according to your company policy, open port 22 (SSH) under "destination port ranges". Subsequently, you can connect to your Cryptshare server on Microsoft Azure via SSH

2.8 Configuring update notifications via Postfix

To ensure that you will receive important system notifications from the Cryptshare server, we recommend you additionally configure a Postfix mail server. To install Postfix, connect via SSH with the Cryptshare server (see 2.7). Then execute the following command:

Code Block
sudo -i


This command makes the following steps easier and executes all subsequent commands as root. Continue with the following command to install and configure Postfix:

Code Block
apt-get install apticron

This command opens a configuration menu. Select “Satellite system”. In the next step, you can adapt the “System mail name” or accept the default value. If you choose to adapt the name, please adhere to the FQDN model when doing so. Then enter the SMTP relay host.

Subsequently, you can configure the Postfix server. For doing so, please enter the following commands consecutively:

Code Block
echo <SMTP relay host>:<Port> <user>:<password> > /etc/postfix/relay_password

postmap hash:/etc/postfix/relay_password 

Now, edit the file main.cf in the register etc/postfix/.

Code Block
vim /etc/postfix/main.cf
Info

The following commands are helpful for editing via vim:

iActivate insert or edit

 esc
:wq

Save and close
esc
:q
Save without closing

Please check the following entries and make adaptions if necessary.

Code Block
smtpd_use_tls=yes

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = <hostname>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = <use postfix recommendations>
relayhost = <SMTP relay host>:<Port>
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = loopback-only
inet_protocols = all 


Subsequently, add the following lines:

Code Block
smtp_sasl_password_maps=hash:/etc/postfix/relay_password
smtp_sasl_auth_enable=yes
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt
mynetworks_style = host

These settings enable Postfix and subsequently Cryptshare to use your mail server as a relay for sending emails.

Info
By using Postfix, the Cryptshare Server can send emails via localhost. An adjustment of the mail server in the administration interface does not have to be made.

If you wish to use a fixed sender address for your Cryptshare transfers (e.g. cryptsharetransfers@yourcompany.com), the following parameter needs to be added as well:

Code Block
sender_canonical_maps = regexp:/etc/postfix/sender_canonical

If you use the parameter sender_canonical_maps, create the file “sender_canonical” with the previously determined sender address in register /etc/postfix/.

Code Block
echo /.+/ <sender address> > /etc/postfix/sender_canonical

Subsequently, enter the following command:

Code Block
postmap hash:/etc/postfix/sender_canonical

To finish the configuration of Postfix, restart Postfix.

Code Block
/etc/init.d/postfix restart

To activate notifications in case of updates for the operating system, execute the following command:

Code Block
dpkg-reconfigure apticron 

Enter your email address and save changes you made. In order to receive a notification if the virtual machine fails, move the Cronjob.

Code Block
mv  /etc/cron.d/apticron /etc/cron.daily/apticron

3 Server configuration

Expand

Congratulations! Your Cryptshare server has been installed successfully. For more information on the configuration and setup of the Cryptshare server, please read the Quick Start Guide.

Panel
titleTable of Contents

Table of Contents

Panel
titleRelated Knowledge Base Articles

Content by Label
showLabelsfalse
spacesCKB
showSpacefalse
typepage
cqllabel = "kb-troubleshooting-article" and type = "page" and space = "CKB"
labelskb-troubleshooting-article


Include Page
ATT:Footer
ATT:Footer