Azure PCI PaaS Reference Architecture

Last updated: 30/01/2017

If you are an enterprise who builds an application that processes credit card data, you need to conform to PCI DSS (Payment Card Industry Data Security Standard). Adherence to the standard means that you need to meet control objectives for your network, protect cardholder data, implement strong access controls, manage operations and more. In order to help customers to quickly standup infrastructure that conform to PCI DSS, we are releasing an Azure Quickstart sample. The template describes a stack that deploys a multi-tiered azure PaaS web application stack. It makes use of many nested templates, and can be customized as desired.

This Azure Resource Manager (ARM) template was created by a member of the community and not by Microsoft. Each ARM template is licensed to you under a licence agreement by its owner, not Microsoft. Microsoft is not responsible for ARM templates provided and licensed by community members and does not screen for security, compatibility or performance. Community ARM templates are not supported under any Microsoft support programme or service, and are made available AS IS without warranty of any kind.

Parameters

Parameter Name Description
_artifactsLocation Publicly accessible location of all deployment artifacts.
_artifactsLocationSasToken Reserved for deploying using Visual Studio. Please keep it as an empty string
certData Base-64 encoded form of the .pfx file
certPassword Password for .pfx certificate
bastionHostAdministratorPassword The password to use for the bastion host VM administrator.
sqlAdministratorLoginPassword The password to use for the database server administrator.
sqlNotificationEmailAddress Provide Email Address to send Sql Notifications
automationAccountName Provide the name of an existing Automation Account with SPN.
customHostName Provide the Custom Host Name.
azureAdApplicationClientId Provide Azure AD Application Client ID.Get it from Pre Deployment script output
azureAdApplicationClientSecret Provide Azure AD Application Client Secret.Get it from Pre Deployment script output
azureAdApplicationObjectId Provide Azure AD Application Object ID.Get it from Pre Deployment script output
sqlAdAdminUserName The AD User Name to use for the application's connections to the database server.
sqlAdAdminUserPassword The AD User password to use for the application's connections to the database server.

Use the template

PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Installing and configuring Azure PowerShell
Command line
azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Installing and configuring the Azure cross-platform command-line interface