Storage Monitoring is a powerful service that enables automatic sanitization of supported file types at the point of upload. It can continuously monitor a wide range of cloud storage resources and sanitize files in real time.
Follow these steps to enable OVA integration with Storage Monitoring.
Prerequisites
Before you begin, ensure the following requirements are met:
- Domain Name: configure a domain name for the Storage Monitoring service with a public IP address. Decide which domain will be used for the storage monitor.
- Azure Tenant ID: identify the
tenant_idfor the Azure tenant to be used. - Azure CLI: install the Azure CLI and authenticate using:
az login
- App Registration Setup: run the provided shell script to create an App registration and an Enterprise application.
- Note: Keep a record of the output values as theyโll be required in later steps.
bash create-azure-app-registrations-storage-monitor.sh
Accessing Glasswallhub
Authenticate with Glasswall Artifact Registry
Youโll be provided with a Token and Token ID to access Glasswallโs Artifact Registry. This grants permission to pull container images and Helm charts directly from your Kubernetes cluster.
- Run the following commands on the VM created from the OVA/VHD, replacing
${token_ID}and${token}with the values provided to you:
kubectl create secret docker-registry acr-secret -n cdrplatform \
--docker-server="glasswallhub.azurecr.io" --docker-username="${token_ID}" --docker-password="${token}"
kubectl create secret docker-registry acr-secret -n license-management \
--docker-server="glasswallhub.azurecr.io" --docker-username="${token_ID}" --docker-password="${token}"
- Log in to the Helm registry using:
helm registry login "glasswallhub.azurecr.io" -u "${token_ID}" -p "${token}"
Installing Storage Monitor
SSH into the VM and complete the following steps.
1. Create Kubernetes secrets
The storage monitoring service requires the tenant ID, client ID, and client secret for the service principal.
Important:
- Provide values in plain text, the script will automatically handle Base64 encoding.
- Re-running the script with an existing key updates the value stored in the Kubernetes secret.
- Verify the integrity of the
add_secrets.shscript before running it:
sha256 add_secrets.sh
It must return:
055340faccaa8bf4b7905f1f80cb3144d0a0b28a3a8643e4237702fe2c7146db
Download and run the script as follows:
bash add_secrets.sh graphapi-clientid <client-id>
bash add_secrets.sh graphapi-clientsecret <client-secret>
bash add_secrets.sh graphapi-tenantid <tenant-id>
2. Pull the Helm chart
helm pull oci://glasswallhub.azurecr.io/helm/cdrplatform-storage-monitor \
--version 0.0.7 --untar --untardir .
3. Install the Storage Monitor
Set the domain_name and storage_monitor_tenant_name variables, then run:
domain_name="example.com"
storage_monitor_tenant_name="example"
helm upgrade --install cdrplatform-storage-monitor cdrplatform-storage-monitor -n cdrplatform \
--set image.tag="150402" \
--set image.repository="glasswallhub.azurecr.io/cdrplatform-storage-monitor" \
--set image.pullPolicy=IfNotPresent \
--set cloud_provider=local \
--set ingress.tls.enabled=true \
--set ingress.tls.domain=${domain_name} \
--set ingress.tls.secretName=tls-secret \
--set deployment.replicaCount=1 \
--set configuration.DATABASE__Provider="mongo" \
--set configuration.WEBHOOKS__CallbackBaseAddress="https://${domain_name}" \
--set secretsFromRef[0].DATABASE__ConnectionString.secretName="mongodb-cdrplatform-cdrp-user" \
--set secretsFromRef[0].DATABASE__ConnectionString.key="connectionString.standard" \
-f cdrplatform-storage-monitor/values.yaml \
--atomic
4. Post-installation
Once the installation completes successfully, follow the instructions in Storage Monitoring โ Microsoft SharePoint to configure monitors for Microsoft SharePoint.