The following instructions will help you get started using Baffle Advanced Data Protection on Azure:

  1. Locate Baffle Application Data Protection in Azure Marketplace and select “Create” to create a new virtual machine.
  2. Enter basic settings for the virtual machine. When selecting the “User name”, avoid using “baffle” as the username. “baffle” is a reserved user for Baffle Application Data Protection.
  3. Select the virtual machine size. For most deployments, a DS2_V2 Standard virtual machine should be sufficient.
  4. Configure the network settings as appropriate and launch the virtual machine. Note that Baffle Application Data Protection is currently only available with BYOL meaning that the hourly price should be 0.0000/hr.
  5. Use a SSH client (e.g. Putty) to connect to Baffle Advanced Data Protection instance with the username and credentials you selected in step 2 and use sudo to execute the ./reset-baffle-manager.sh script  in the /opt/baffle/baffle-manager/scripts directory to ensure that everything is ready for initial deployment.
  6. Restart the instance (e.g. via  “sudo shutdown -r now” ) and connect to the the Baffle Application Data Protection instance again via SSH. Switch to root user with “sudo bash” and the network configuration text UI is automatically launched to allow you to validate or reconfigure the network settings. In most cases, the network interface settings are set up correctly automatically, so you can use the arrow keys to select “Quit” and press enter.
  7. In a web browser, connect to the IP address of the Baffle Advanced Data Protection instance via HTTPS. (e.g. https://34.205.2.233). Because the instance is bootstrapped with a self-signed certificate, you will receive an invalid CA warning. Select the browser option to “proceed”. (You will have the opportunity to upload and use your organization’s certificate later in the setup process.)
  8. You will be prompted to enter an initial password in order to gain access to setup the initial administrator account. This password is a randomly generated value and requires that you have access to the host running BaffleManager™. To locate the password, go to the /opt/baffle/baffle-manager directory and view the initpass file. Enter the password in the password field in the browser and click the “Continue” button. (Note: if you reload the page, a different password will be generated)
  9. After entering the correct password, you’ll be prompted to enter the initial system setup information. Here, enter your organizations domain name, and formal name. All users must have this domain name as part of this email going forward. An example is show in the screenshot below:
  10. The next screen requires you to configure email settings. This allows BaffleManager to send email to provide notifications and for password resets. Enter the SMTP server to use as well as the credential to use to authentication to the SMTP server. Once again, an example is show in the screenshot below:
  11. The next screen prompts you to create the initial BaffleManager administrator. This administrator is used to bootstrap BaffleManager and create other administrators. Here, enter the email address of the administrator as the username, and fill out the rest of the information as show in the example below:
  12. The next screen allows you to upload a certificate for your organization signed by a well-known CA. This will eliminate the untrusted CA warning when browsers connect to BaffleManager. You can skip this step if you wish to continue using the self-signed certificate
  13. This should complete the initial setup process and bring you to the logon page. Enter the credentials for the administrator account you created to login and create other users and start enrolling databases and applications.

Granting administrator roles ->