Azure PCI PaaS Reference Architecture

Sist oppdatert: 30.01.2017

If you are an enterprise who builds an application that processes credit card data, you need to conform to PCI DSS (Payment Card Industry Data Security Standard). Adherence to the standard means that you need to meet control objectives for your network, protect cardholder data, implement strong access controls, manage operations and more. In order to help customers to quickly standup infrastructure that conform to PCI DSS, we are releasing an Azure Quickstart sample. The template describes a stack that deploys a multi-tiered azure PaaS web application stack. It makes use of many nested templates, and can be customized as desired.

Denne Azure Resource Manager (ARM)-malen ble opprettet av et medlem av fellesskapet og ikke av Microsoft. Hver ARM-mal er lisensiert til deg i henhold til en lisensavtale med eieren, ikke med Microsoft. Microsoft er ikke ansvarlig for ARM-maler som leveres og lisensieres av medlemmer og siler dem ikke ut med tanke på sikkerhet, kompatibilitet eller ytelse. Fellesskapets ARM-maler støttes ikke av noe Microsoft-støtteprogram eller -tjeneste, og er gjort tilgjengelig SOM DE ER, uten noen form for garanti.

Parametere

Parameternavn Beskrivelse
_artifactsLocation Publicly accessible location of all deployment artifacts.
_artifactsLocationSasToken Reserved for deploying using Visual Studio. Please keep it as an empty string
certData Base-64 encoded form of the .pfx file
certPassword Password for .pfx certificate
bastionHostAdministratorPassword The password to use for the bastion host VM administrator.
sqlAdministratorLoginPassword The password to use for the database server administrator.
sqlNotificationEmailAddress Provide Email Address to send Sql Notifications
automationAccountName Provide the name of an existing Automation Account with SPN.
customHostName Provide the Custom Host Name.
azureAdApplicationClientId Provide Azure AD Application Client ID.Get it from Pre Deployment script output
azureAdApplicationClientSecret Provide Azure AD Application Client Secret.Get it from Pre Deployment script output
azureAdApplicationObjectId Provide Azure AD Application Object ID.Get it from Pre Deployment script output
sqlAdAdminUserName The AD User Name to use for the application's connections to the database server.
sqlAdAdminUserPassword The AD User password to use for the application's connections to the database server.

Bruke malen

PowerShell
New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Installere og konfigurere Azure PowerShell
Kommandolinje
azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/azuredeploy.json
Installer og konfigurer Azures kommandolinjegrensesnitt for alle plattformer