TAC can be deployed in the Azure environment by obtaining TAC image from Azure Marketplace:
TAC supports single NIC deployment and ensures the Azure Network Security Group (NSG) has proper rules in place to allow HTTP/HTTPS connection and RDP connection to the TAC Gateway.
After powering on the TAC Gateway, do the following:
- Open TAC Management Console, located on the Desktop
- Make sure you have the latest TAC version installed. Read more about how to find your TAC version HERE, and read about latest TAC version HERE. If your TAC version is older, Request for the latest TAC update from PortSys Support at firstname.lastname@example.org. Updating TAC to latest instructions located HERE.
- Configure Network Setup in TAC, In the TAC Configuration Console, click on Configuration and select Network Setup. This will open the Network Setup box.
- Check "Enable DHCP-based address listing." Note - It is important to keep in mind that even though the option is to work with DHCP-based IP configurations, TAC requires a persistent and static IP address assignment in the Azure portal, which will not change dynamically.
- Configure TAC Management IP ranges. It may be important for you to allow your TAC appliance(s) and infrastructure servers to be managed remotely. For this, the TAC console will add exception rules to the local firewall for source IP address or ranges and ports. This will ensure and secure your TAC appliance(s) by blocking at the firewall level, and allow inbound connections only to the configured IP:Port of the published sites and management ports from remote IP ranges you define.
To configure TAC Management IP ranges, follow the steps below:
- Go to TAC configuration console. Click on Configuration and select Network Setup. This will open the Network Setup box..
- Enter Remote (Source) IP ranges that will initiate the connection to the TAC server in "IP Ranges" box. To insert a new entry, hit the Insert key. To remove an entry, hit the Delete key. To modify an entry, Double click on it. To finish the modification(s), hit the Enter key.
- Enter the port numbers separated by a comma in the "Ports" box. The default port 3389 should be used for Azure, if you want to connect directly from Azure Portal
- Click OK.
Note: After configuring the Network Setup, TAC will lock and block all local firewall rules except the TAC Management rule created by network setup, and the inbound connection on only the IP:Port of the sites that you are publishing through TAC.
It is important to configure the network setup and IP:port ranges correctly. Mis-configuration of this may cause blocking of RDP connection.
Make sure Azure Network Security Group belongs to TAC VM has to have proper rules in place to access the VM via RDP
Additionally, you can create manual firewall policies through the Local Firewall console. By default, TAC blocks all public inbound access in the Windows firewall, leaving only the site’s IP:port open for public access. All existing firewall rules with ANY source address scope become the local subnet as the source scope. To add an exception in firewall, you need to create an inbound rule (or rename existing rule) prefixed with “TACGW_Exception_”. Such rules are ignored by TAC.
Next, obtain TAC license to apply to the configuration. Read more about obtaining TAC License HERE.