Prerequisites for Enabling Azure CWPP

This guide outlines the requirements for enabling Azure CWPP. By following these steps, you'll ensure that you have the necessary permissions and resources to successfully activate Azure CWPP.

Permit the Usage of plerion-cwpp-* Pattern in Naming Policy if Configured

If you have set up a Naming Policy, it is essential to authorize the utilization of the plerion-cwpp-* pattern within the policy. This authorization is necessary because Plerion generates resources within customer subscriptions with names that consistently commence with plerion-cwpp-*. Learn more about Naming Overview (opens in a new tab)

Increase Quota for Regional Cores

To facilitate the scan of the CWPP solution, Plerion initiates a group of VMs of the Standard D2s v3 type, which collectively consume a total of 2 vCPUs within the customer's subscription. At any given time, Plerion launches a maximum of 10 VMs within a particular region. To enable seamless VM launches by Plerion, it is important to reserve a minimum of 20 cores within the region for the optimal operation of Plerion appliances. If the reservation of 20 cores within the region has not been undertaken, the deployment of Appliances will fail.

The increase of both the Total Regional vCPUs quota and the Standard DSv3 Family vCPUs is necessary. The subsequent steps can be followed to increase the quota allocation:

  1. Access the Azure portal and opt for Subscriptions from the navigation menu situated on the left-hand side.
  2. Choose the specific subscription for which the quota increase is sought.
  3. Navigate to Usage + quotas from the left-hand navigation menu.
  4. Indicate the desired region where the quota enhancement is required. CLI Output
  5. Find the Total Regional vCPUs category.
  6. Initiate a Request for Quota Increase.
  7. Confirm that the Total Regional Cores allocation is set to a minimum of 20, but recommended to be set to 40 to allow for future growth.
  8. Select Submit and await the approval of the quota extension.
  9. Find the Standard DSv3 Family vCPUs category.
  10. Initiate a Request for Quota Increase.
  11. Confirm that the Standard DSv3 Family vCPUs allocation is set to a minimum of 20, but recommended to be set to 40 to allow for future growth
  12. Select Submit and await the approval of the quota extension.
đź’ˇ

Note: The quota increase is necessary for each region where the CWPP solution is to be deployed.

Increase Quota for Regional Public IP Addresses

Plerion Appliances require outbound connectivity to the internet to facilitate the scan of the CWPP solution. To enable seamless outbound connectivity, Plerion initiates a group of VMs of the Standard D2s v3 type, which collectively consume a total of 2 vCPUs within the customer's subscription. At any given time, Plerion launches a maximum of 10 VMs within a particular region. To enable seamless VM launches by Plerion, it is important to reserve a minimum of 10 public IP addresses within the region for the optimal operation of Plerion appliances. If the reservation of 10 public IP addresses within the region has not been undertaken, the deployment of Appliances will fail.

To increase the quota allocation, the subsequent steps can be followed:

  1. Access the Azure portal and opt for Subscriptions from the navigation menu situated on the left-hand side.
  2. Choose the specific subscription for which the quota increase is sought.
  3. Navigate to Usage + quotas from the left-hand navigation menu.
  4. Indicate the desired region where the quota enhancement is required. CLI Output
  5. Find the Public IP Addresses category.
  6. Initiate a Request for Quota Increase.
  7. Confirm that the Public IP Addresses allocation is set to a minimum of 10 but recommended to be set to 20 to allow for future growth.
  8. Select Submit and await the approval of the quota extension.
Microsoft Azure SubscriptionTroubleshooting CWPP Scan Errors