Azure Pro/Ent only

The following steps will explain how to import a CipherMail appliance into Azure.


  • CipherMail Professional/Enterprise appliance for Azure

  • Azure account

  • Azure storage account

  • Outbound SMTP connections on port 25 should be allowed


By default, Azure blocks outbound connections on the standard SMTP port 25. To enable outbound port 25, request to have the restriction removed by going to the Cannot send email (SMTP-Port 25) section of the Diagnose and Solve blade for an Azure Virtual Network resource in the Azure portal. For more information see

Download virtual appliance

  1. Download the Azure virtual appliance from

  2. Unzip the downloaded file. The unzipped version should have the .vhd extension.

Upload to Azure storage

The vhd file should be uploaded to a Azure storage container.

  1. Log into the Azure portal

  2. Select a storage account to which the vhd file should be uploaded

  3. On the storage account page, select a container (see screenshot). If there is no container yet, create a new container with the name upload.

  4. Upload the .vhd file

Azure containers

Create image

An Azure image should be created from the uploaded vhd file.

  1. Open the images page (home ‣ images)

    Azure images
  2. Click Create to create a new image

  3. Fill in the required details. Set OS Type to Linux, VM generation to Gen 1 and set Storage blob to the uploaded vhd. Set the other values to match your setup or requirements.

  4. Click Review + create

  5. Review the details and click Create to create a new image.

    Azure create image

Create VM

Create a new VM from the new image.

  1. Open the images page (home ‣ images)

  2. Select the new image and click Create VM

    Azure image details
  3. Fill in the required details for the new virtual machine.

    1. Set virtual machine name

    2. Select the newly create image

    3. Select a VM size

    4. Set username to ciphermail


      You can select any username instead of ciphermail. It’s however advised not to use the username sa because there is already a (locked) user with this name.

    5. Set passwords

    6. Select inbound ports 80, 443 and 22

    7. Set License type to Other

    Azure create VM
  4. Select next pages, change the details if required, and click Create to create the VM.


The azure user is by default is allowed to log into the CipherMail Web GUI (if PAM authentication is enabled).

Resize disk

By default the image uses a 5GB disk. For most setups this is too small. The disk should therefore be resized.


It is only possible to make a disk larger, not smaller.

To resize the disk:

  1. Stop the VM. Before growing the disk, the VM should be stopped. The VM can be stopped by selecting the VM and clicking Stop

  2. Select the disk and select Size + performance

    Azure disk resize
  3. Select the new size and click Resize

  4. Start VM. The disk will expand during the startup phase.

  5. Restart VM. Because the disk was expanded, it should be restarted.

Configure Cockpit

The CipherMail Enterprise Appliance comes with the Cockpit application installed. The Cockpit application is a web-based graphical interface for servers which can be used to manage certain aspects of the server.

Open port 9090

The Cockpit application is accessible on port 9090. Port 9090 should therefore be added to the inbound port rules.

  1. Open the networking settings for the VM.

  2. Click Add inbound port rule

  3. Set Protocol to TCP

  4. Set Destination port ranges to 9090

  5. Set Name to Port_9090

  6. Set other fields if neede

  7. Click Add


It is advised to only allow access to port 9090 from systems under your control. For example set the Source to the IP addresses from which you connect.

Unlock sa user

The CipherMail system user account is sa. For security reasons, the sa user is locked by default. The sa account should be unlocked if you want to use the Virtual Appliance system configuration tool.


With the Virtual Appliance system configuration tool, certain aspects of the system can be managed like for example backup/restore and installing updates (for more information on the Virtual Appliance system configuration tool see Virtual Appliance configuration)

  1. Open the console login page on https://IP:9090 (change IP to match the IP address of the VM)

    Cockpit login page
  2. Login with the azure user which was added when the VM was created (see steps above).

  3. After login, open the Accounts page.

  4. On the accounts page, select the sa user

  5. On the sa user page, click Set password to set the password for the sa user

You can now log into the console with the sa user.


You can login to the console in different ways. For example with SSH or the serial console. RDP is not supported because the Virtual Appliance is not a desktop application.