Rackspace PDR on Azure
Last updated on: 2018-12-06
Authored by: Nick Shobe
Rackspace Proactive Detection & Response (PDR) on Microsoft® Azure® has two main components that must be implemented in your Azure environment: the Network-based Intrusion Detection (NIDS) appliance infrastructure must be set up, and select vendor agents must be deployed.
Deployment of an NIDS appliance infrastructure
To enable visibility of your Azure network, we deploy NIDS appliances into each distinct network environment.
NIDS appliance platform requirements
At this time, the Rackspace Azure and PDR support teams deploy, manage, and monitor your NIDS appliances. Our current NIDS appliances are provide by the Alert Logic® Threat Manger™ offering. Rackspace PDR has the following platform requirements:
- Be a Rackspace Azure customer.
- Have an NIDS appliance for each routable network segment (appliance needs to be reachable by agents and visa versa).
- Set up egress and ingress firewall rules (NSGs) as defined in Rackspace PDR Threat Manager Network Requirements.
Secure Socket Layer (SSL) appliance end-to-end decryption
Many appliactions terminate SSL and Transport Layer Security (TLS) at the network edge with a load-balancer or web application firewall. If your application uses end-to-end encryption, see the Rackspace PDR SSL Decryption Guide.
Deployment of vendor agents
Individual PDR agents are deployed and maintained by the Rackspace PDR team. However, we do have base requirements that must be met to ensure that our automated deployment system and PDR support team can access your instances to deploy or troublshoot agents and systems.
Ensure that your virtual machine (VM) images have the Azure Virtual Machine Agent (VM Agent). See the following documentation for more information on installing the VM Agent:
Building compatible instances
Due to the various vendors that we have selected to provide the nessessary telemetry to our systems, it is important that you select operating systems and kernel versions that are compatable with the vendor agents. For more information, see the Rackspace PDR system requirements.
Golden or Base images
It is important that images taken from hosts that have Rackspace PDR agents deployed be prepared for deployment before using them as base images. Follow the Rackspace PDR imaging hosts guide to ensure that Golden images are properly prepared.
Instance network requirements
The agents used to provide telementry to our Security Operations Center (SOC) do have specific networking requirements that must be implemented. Use the Rackspace PDR Agent network requirements guide to correctly implement network ACLs and firewall rules for your platform.