Enable Storage Monitoring

Prev Next

Storage Monitoring is a powerful service that enables automatic sanitization of supported file types at the point of upload. It can continuously monitor a wide range of cloud storage resources and sanitize files in real time.

Follow these steps to enable OVA integration with Storage Monitoring.

Prerequisites

Before you begin, ensure the following requirements are met:

  • Domain Name: configure a domain name for the Storage Monitoring service with a public IP address. Ensure the SSL certificates are properly configured for the selected domain.
  • Azure Tenant ID: identify the tenant_id for the Azure tenant to be used.
  • Azure CLI: install the Azure CLI and authenticate using:
    az login
  • App Registration Setup: run the provided shell script to create an App registration and an Enterprise application.
    • Note: Keep a record of the output values as theyโ€™ll be required in later steps.
    bash create-azure-app-registrations-storage-monitor.sh

Accessing Glasswallhub

Authenticate with Glasswall Artifact Registry

Youโ€™ll be provided with a Token and Token ID to access Glasswallโ€™s Artifact Registry. This grants permission to pull container images and Helm charts directly from your Kubernetes cluster.

  • Run the following commands on the VM created from the OVA/VHD, replacing ${token_ID} and ${token} with the values provided to you:
kubectl create secret docker-registry acr-secret -n cdrplatform \
  --docker-server="glasswallhub.azurecr.io" --docker-username="${token_ID}" --docker-password="${token}"

kubectl create secret docker-registry acr-secret -n license-management \
  --docker-server="glasswallhub.azurecr.io" --docker-username="${token_ID}" --docker-password="${token}"
  • Log in to the Helm registry using:
helm registry login "glasswallhub.azurecr.io" -u "${token_ID}" -p "${token}"

Installing Storage Monitor

SSH into the VM and complete the following steps.

1. Create Kubernetes secrets

The storage monitoring service requires the tenant ID, client ID, and client secret for the service principal.

Important:

  • Provide values in plain text, the script will automatically handle Base64 encoding.
  • Re-running the script with an existing key updates the value stored in the Kubernetes secret.

Execute the script as follows:

bash add_secrets.sh graphapi-clientid <client-id>
bash add_secrets.sh graphapi-clientsecret <client-secret>
bash add_secrets.sh graphapi-tenantid <tenant-id>

2. Pull Helm chart

helm pull oci://glasswallhub.azurecr.io/helm/cdrplatform-storage-monitor \
  --version 0.1.2 --untar --untardir .

3. Install the Storage Monitor

Set the domain_name and storage_monitor_tenant_name variables, then run:

domain_name="example.com"
storage_monitor_tenant_name="example"

helm upgrade --install cdrplatform-storage-monitor cdrplatform-storage-monitor -n cdrplatform \
    --set image.tag="165098" \
    --set image.registry="glasswallhub.azurecr.io" \
    --set image.pullPolicy=IfNotPresent \
    --set cloud_provider=local \
    --set ingress.tls.enabled=true \
    --set ingress.tls.domain=${domain_name} \
    --set ingress.tls.secretName=tls-secret \
    --set deployment.replicaCount=1 \
    --set configuration.DATABASE__Provider="mongo" \
    --set configuration.GRAPHAPI__TenantName="${storage_monitor_tenant_name}" \
    --set configuration.WEBHOOKS__CallbackBaseAddress="https://${domain_name}" \
    --set secretsFromRef[0].DATABASE__ConnectionString.secretName="mongodb-cdrplatform-cdrp-user" \
    --set secretsFromRef[0].DATABASE__ConnectionString.key="connectionString.standard" \
    -f cdrplatform-storage-monitor/values.yaml \
    --atomic

4. Enable Storage Monitoring in Halo Portal

By default, the SharePointMonitoring and OneDriveMonitoring pages are disabled in the Halo portal.

If SSO authentication has been configured, these pages may have been enabled during SSO setup.

To enable these pages, execute the following commands on the VM:

helm get values cdrplatform-portal > portal_values.json
# Enable SharePointMonitoring page
jq '.configuration.EnabledPages += ",SharePointMonitoring"' portal_values.json > portal_values.json.tmp && mv portal_values.json.tmp portal_values.json
# Enable OneDriveMonitoring page
jq '.configuration.EnabledPages += ",OneDriveMonitoring"' portal_values.json > portal_values.json.tmp && mv portal_values.json.tmp portal_values.json
helm upgrade cdrplatform-portal cdrplatform-portal -f portal_values.json --atomic
rm portal_values.json

5. Post-installation

Once the installation completes successfully, follow the instructions in Storage Monitoring โ€” Microsoft SharePoint to configure monitors for Microsoft SharePoint.