Licensing Automation on Azure

To activate the instances where the MetaDefender products are running, it is needed to activate these products providing the LICENSE_KEY.

There are 2 options to manage the licensing that will automate the activation and deactivation of the products.

Azure Function to handle the VMSS events

Diagram

Licensing Automation

Licensing Automation

Solution recommended for production as the activation and deactivation does not depend if the VM is gracefully terminated or not

Pre-requisites

This sections presumed that a VMSS has been created with the Azure VM image generated based on the database mode desired. If not please go to VM Scale Set

Resources Needed

  • Azure Function App
  • Azure Key Vault
  • Azure Alert Rule
  • Azure Function to run within the Azure Function App

Azure Function Tasks

Check the Deployment Options for Azure Functions

This function has 2 different tasks.

  • Activation: Retrieve the LICENSE_KEY and APIKEY from Azure Secret and activate the VM. Store the deployment ID to Azure Key Vault using VM as key
  • Deactivation: Retrieve Deployment ID from Azure Secret and deactivate the deployment.

Trigger the Azure Function

This Azure Function has to be triggered by an Azure alert rule using the "VmAvailabilityMetric" for the VMSS for MetaDefender Core.

Create Action Group

This is the action that will trigger the Azure function where an Alert is fired

It is needed to indicate the name of the Azure Function (Not the Azure Function App)

Create Alert Rules

There is needed 2 rules. One for when the VM starts and one for when VM stops.

  • Set Up the Scope to be the Azure VMSS of MetaDefender Core.

  • Actions: Select the action group created before

  • Conditions: Use VmAvailabilityMetric (<1 for CoreVMRunning, >= 1 for CoreVMStopped)

    • Split by Dimensions (VMName). Check "Include all future values"

  • Under Details be sure that in the advance options the "Automatically resolve alerts" is checked

Setting Up Environment Variables using user-data (Only POC)

Only works with OPSWAT Marketplace Images that are prepared to handle user-data

This option is the default and recommended mechanism to automate the licensing management when using the Azure Marketplace Image, as this is the easiest way to activate and deactivate the product when running a single VM of MetaDefender Core

When passing as environment variables to the user-data the LICENSE_KEY it will set up the automation that will activate the product when the instance is started and will deactivate the product when the instance is terminated or stopped.

It is also recommended to indicate the APIKEY environment variables as this will set up the APIKEY to the admin user to be able to make requests to the MetaDefender Core API. In vm scale set deployment types it will help to manage all the instances with the same APIKEY when hitting the Load Balancer.

Licensing when running in Kubernetes

The licensing automation options when the MetaDefender products are installed in a Kubernetes cluster, are explained in Licensing in K8S

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Deploy using Azure services
On This Page
Licensing Automation on AzureAzure Function to handle the VMSS eventsDiagramPre-requisitesResources NeededAzure Function TasksTrigger the Azure FunctionCreate Action GroupCreate Alert RulesSetting Up Environment Variables using user-data (Only POC)Licensing when running in Kubernetes