# Azure VM Nodes ### Overview This guide describes how to create and configure a Microsoft Azure virtual machine (VM) to host a StrongDM node (gateway or relay), as well as how to create and install the node. ### Prerequisites Ensure that you are an account administrator in StrongDM. ### Steps #### Create an Azure VM If you already have an Azure VM up and running, check that its properties match those described in this section and in [Configure Networking settings](#configure-networking-settings). Then proceed to [Add a node in StrongDM](#add-a-node-in-strongdm). 1. In Azure, go to **Home** > **Virtual Machines**, click **Create**, and then click **Virtual Machine**. 2. On the **Virtual Machine** page, underneath **Ubuntu Server**, click **Create**. 3. On the **Create a virtual machine** page that opens, set the following properties on the **Basics** tab: 1. **Subscription:** Select your subscription type. 2. **Resource group:** Select the appropriate resource group for your account. 3. **Virtual machine name:** Give the VM a memorable name (for example, “strongdm-gw01”). 4. **Region:** Select the appropriate region for the VM. 5. **Availability options:** Choose your availability. 6. **Security type:** Set as per your organization standard. 7. **Image:** Make sure the selected image is still Ubuntu and the latest Gen available (for example, “Ubuntu Server 20.04 LTS”). 8. **Azure Spot instance:** Optional 9. **Size:** Choose the appropriate size for your needs. 10. **Authentication type:** 11. If you select **Password**, as we did for this example, also set the **Username** and **Password** for the VM. 12. If you select **SSH public key**, also set the SSH public key source and Key pair name. 13. **Public inbound ports:** Select **Allow selected ports**. 14. **Select inbound ports:** Select **SSH (22)** to allow port 22. 4. Click **Next** to set the remaining properties on the **Disks** tab, **Networking** tab, **Management** tab, **Advanced** tab, and **Tags** tab. You can set all the standard options or whatever works for your organization. 5. On the **Review + create** tab, check that the VM’s properties are correct, take care of business, and click **Create**. #### Configure Networking settings {% hint style="info" %} This step to set inbound port rules is only necessary if your VM is going to host a StrongDM gateway. If you are deploying a relay, please skip ahead to [Connect to the VM](#connect-to-the-vm). {% endhint %} 1. Once your VM is deployed, click into its resource name to view its **Networking** area. 2. Go to **Inbound Port Rules**, click **Add inbound port rule**, and set the following: 1. **Source:** Select **Any**. 2. **Source port ranges:** Set **\***. 3. **Destination:** Set **IP Addresses**. 4. **Destination IP addresses/CIDR ranges:** Enter the public IP of the VM you just deployed with **/32** to specify the specific machine (for example, **10.0.0.021/32**). You can find the public IP address under **Networking**, where it is displayed at the top of the page. 5. **Service:** Set **Custom**. 6. **Destination port ranges:** Set **5000**. 7. **Protocol:** Set **TCP**. 8. **Action:** Set **Allow**. 9. **Priority:** Enter **100** so it has the highest priority. 10. **Name:** Change the name to **StrongDM**. 3. Click **Add** to save your changes. #### Connect to the VM Once your Azure VM is up and running, you should be able to connect to it. 1. Click into the name of your VM to get to its **Overview** blade. 2. Click **Connect** and then select your connection method. In this example, we selected SSH and went through the setup process to **connect via SSH with client**. #### Add a Node in StrongDM The following instructions are for creating a gateway and generating a token in the Admin UI. To do the same via the CLI instead of the Admin UI, see [sdm admin nodes create-gateway](/references/cli/admin/nodes/create-gateway.md). To add a gateway, follow these steps. 1. Log in to the Admin UI at [app.strongdm.com](https://app.strongdm.com). 2. Go to **Networking** > **Gateways**. 3. Click **Add gateway**. 4. For **Name**, enter a memorable name (for example, “azure-vm”). This name will be displayed in the Admin UI. You can edit the name later. 5. For **Advertised Host**, enter the public IP address of your Azure VM (for example, “10.0.0.021”). The gateway will be listening on this address. 6. For **Advertised Port**, set the TCP port for the service to listen on (default: 5000). ![](/files/SMLEq3R0GOPwbm7PdQ44) 7. Click **Create gateway** to generate a token that you'll need later in the installation process. The token is only shown to you one time. Carefully copy the token and save it somewhere safe for later use. ![](/files/hvtlORvFZQaOIVELJKDV) To add a relay, follow these steps. 1. Log in to the Admin UI at [app.strongdm.com](https://app.strongdm.com). 2. Go to **Networking** > **Relays**. 3. Click **Add relay**. 4. For **Name**, enter a name for the relay. 5. Click **Create relay**. 6. Copy the token and keep it in a secure place. ### Node Installation 1. Log in to the Azure VM you created to host your gateway or relay. 2. Download the StrongDM binary: ```bash curl -J -O -L https://app.strongdm.com/releases/cli/linux ``` 3. Unzip it (if this is a new server, you may need to install a package to unzip archives, such as with `sudo apt-get install unzip` on Ubuntu distributions): ```bash unzip sdmcli_VERSION_NUMBER_linux_amd64.zip ``` 4. Install the node: {% tabs %} {% tab title="US" %} ```sh sudo ./sdm install --node ``` {% endtab %} {% tab title="UK" %} *Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.* ```sh sudo ./sdm install --app-domain app.uk.strongdm.com --node ``` {% endtab %} {% tab title="EU" %} *Follow instructions in the tab for the region of your organization's StrongDM control plane, not your own location. The default control plane region is US.* ```sh sudo ./sdm install --app-domain app.eu.strongdm.com --node ``` {% endtab %} {% endtabs %} ``` You will be prompted for the token you generated when creating a gateway or relay; paste it in and hit Enter. Note that the token won't show in the terminal for security purposes, similar to the masking of a password. ``` {% hint style="info" %} The installer must be run by a user who exists in the `/etc/passwd` file. Any users remotely authenticated, such as with LDAP or an SSO service, may fail to complete the installation. {% endhint %} 5. Log in to the StrongDM Admin UI. In **Networking** > **Gateways** or **Networking** > **Relays**, the node you created should appear to be online and have a heartbeat. If it doesn't appear online, perform a hard refresh of your browser. Within a couple of minutes, if it is still not online, verify that the StrongDM daemon is running by running `ps aux|grep sdm` on the server and looking for a line that says `sdm relay`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/networking/gateways-and-relays/azure-vm-nodes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.