This Infrastructure as Code (IaC) will help you deploy Netskope Publisher in your Azure environment and configure the following;
- Create Netskope Publisher virtual machine into an existing virtual network, associate a System Assigned Managed AAD Identity and register the publisher with your netskope tenant.
- Create a storage account for boot diagnostics.
- Creates network security group with required rules and associate with the VM network interface. The network security rule is configure to allow communication to publisher shell access to the supplied trusted IP(s) i.e.,
var.trusted_ip
. - Provides Netskope Publisher IP address as template output value.
-
Ensure the outbound connectivity is allowed. For more information on the connectivity requirements: Requirements
-
The username must be set to "ubuntu". Password authentication is disabled and you must use SSH keys to authenticate.
Full documentation can be found here: Netskope Publisher
This IaC will create the Azure resources as shown below.
Fig 1. Netskope Publisher deployment in Azure
To deploy this template in Azure:
-
Identify the "Base URL" for your Netskope tenant. This is a URL that you use to access your Netskope tenant, for example:
https://example.goskope.com
-
Follow the REST APIv2 Documentaion to create an API token.
- Required "Read+Write" for
/api/v2/infrastructure/publisher
endpoint.
- Required "Read+Write" for
Fig 2. Netskope Publisher Token
-
Clone the GitHub repository for this deployment.
-
Configure provider block or set environment variables (recommended) for
NS_BaseURL
andNS_ApiToken
. For example;- For Provider Block.
provider "netskope" { baseurl = "<tenant-url>" apitoken = "<api-token>" }
- For Environment Variables.
export NS_BaseURL=<tenant-url> export NS_ApiToken=<api-token>
-
Customize variables in the
terraform.tfvars.example
andvariables.tf
file as needed and renameterraform.tfvars.example
toterraform.tfvars
. -
Change to the repository directory and then initialize the providers and modules.
$ cd <Code Directory> $ terraform init
-
Submit the Terraform plan to preview the changes Terraform will make to match your configuration.
$ terraform plan
-
Apply the plan. The apply will make no changes to your resources, you can either respond to the confirmation prompt with a 'Yes' or cancel the apply if changes are needed.
$ terraform apply
-
Output will provide Netskope Publisher ip address to access Netskope's Publisher Shell.
Outputs: private_ip_address = <Publisher Private IP>
-
To destroy this deployment, use the command:
$ terraform destroy
Netskope-provided scripts in this and other GitHub projects do not fall under the regular Netskope technical support scope and are not supported by Netskope support services.