Azure PCI PaaS Reference Architecture

Última actualización: 30/01/2017

If you are an enterprise who builds an application that processes credit card data, you need to conform to PCI DSS (Payment Card Industry Data Security Standard). Adherence to the standard means that you need to meet control objectives for your network, protect cardholder data, implement strong access controls, manage operations and more. In order to help customers to quickly standup infrastructure that conform to PCI DSS, we are releasing an Azure Quickstart sample. The template describes a stack that deploys a multi-tiered azure PaaS web application stack. It makes use of many nested templates, and can be customized as desired.

Esta plantilla de Azure Resource Manager (ARM) la creó un miembro de la comunidad, no Microsoft. Su propietario (no Microsoft) le permite usar las plantillas de ARM con arreglo a un contrato de licencia. Microsoft no se responsabiliza de ninguna plantilla de ARM que le proporcionen los miembros de la comunidad (o cuya licencia le otorguen) en cuanto a su seguridad, compatibilidad ni rendimiento. Las plantillas de ARM de la comunidad no reciben ningún tipo de soporte en ningún servicio ni programa de soporte de Microsoft. Dichas plantillas se proporcionan TAL CUAL, sin garantía de ningún tipo.

Parámetros

Nombre del parámetro Descripción
_artifactsLocation Publicly accessible location of all deployment artifacts.
_artifactsLocationSasToken Reserved for deploying using Visual Studio. Please keep it as an empty string
certData Base-64 encoded form of the .pfx file
certPassword Password for .pfx certificate
bastionHostAdministratorPassword The password to use for the bastion host VM administrator.
sqlAdministratorLoginPassword The password to use for the database server administrator.
sqlNotificationEmailAddress Provide Email Address to send Sql Notifications
automationAccountName Provide the name of an existing Automation Account with SPN.
customHostName Provide the Custom Host Name.
azureAdApplicationClientId Provide Azure AD Application Client ID.Get it from Pre Deployment script output
azureAdApplicationClientSecret Provide Azure AD Application Client Secret.Get it from Pre Deployment script output
azureAdApplicationObjectId Provide Azure AD Application Object ID.Get it from Pre Deployment script output
sqlAdAdminUserName The AD User Name to use for the application's connections to the database server.
sqlAdAdminUserPassword The AD User password to use for the application's connections to the database server.

Uso de la plantilla

PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Instalar y configurar PowerShell de Azure
Línea de comandos
azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Instalación y configuración de la interfaz de línea de comandos multiplataforma de Azure