Why should I upgrade to the new Azure Resource Manager connection functionality?
The next time you try to add an Azure cloud account to Deep Security Manager you will be shown a message suggesting that you upgrade to the new Resource Manager connection functionality. Basically, this new functionality allows Deep Security to connect to Azure virtual machines using the Resource Manager interface. As an Azure user, you are probably aware that the new Azure deployment model Resource Manager is now the default deployment model, replacing the classic model. Since new resources are deployed using this model by default, Deep Security is only able to display these VM resources on the Computers page if it is able to communicate with the Resource Manager interface. So, if you allow Deep Security to upgrade to this new functionality then VM resources deployed with either the Resource Manager deployment model or the classic deployment model will be visible on the Computers page.
Three things to note:
- The account must be the owner of the Azure subscription and must have the Global Admin role in your Azure Active Directory. These privileges are required so that Deep Security can automate the provisioning of a Service Principal object in your Azure Active Directory. Deep Security uses that Service Principal object to authenticate itself to your Azure subscription so that it can invoke the necessary Azure APIs to synchronize your Azure VMs in the Deep Security Manager console. For instructions on creating a user with global administrator rights, see Microsoft's Add or delete users using Azure Active Directory.
- You can upgrade to this new functionality in Deep Security 10. It is already available in the new Deep Security Manager VM for Azure Marketplace console and no upgrade is needed.
- Until you perform this upgrade VMs deployed using Resource Manager are still being fully protected by Deep Security but for you to see them on the Computers page they have to be added as a computer object. For more information, see Why can't I view all of the VMs in an Azure subscription in Deep Security?