terraform activate trend micro agent when provisioning azure vm

Question

I wanted to create a azure vm (windows/linux) with custom data (when provisioning the vm - need to activate the trend micro agent)

cd “C:\Program Files\Trend Micro\Deep Security Agent\”
$Proxy_Addr_Port="10.0.0.0:8080"
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -r
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -x dsm_proxy://$Proxy_Addr_Port/
& $Env:ProgramFiles"\Trend Micro\Deep Security Agent\dsa_control" -a dsm://tm.ct.tech.com.xx:8080/ "tenantID:<unique key>" "token:<unique token>" "policyid:3" "relaygroupid:1"

I cannot find any refrence on how to do this

Answer 1

There are a few ways you could accomplish your goal of activating Deep Security agents after a resource is spun up with terraform.

The most direct way would be the terraform remote-exec provisioner but Hashicorp advises this be a last resort if other methods would be sufficient.

Alternatively, you can implement an azure extension to run a custom script that performs the agent activation. If you don't want to include the Deep Security agent as part of your OS image, you can use the custom script to download/install the agent as well prior to activation. This also removes the problem of outdated agent versions becoming part of your OS template.

A more useful solution in the long-term would be to leverage your configuration management solution and have that maintain your endpoint protection installations. There are ansible/puppet/chef/salt templates for the DS agent already out there and easily ported to your environment.