Link Search Menu Expand Document

Cloud Hubs in Azure

Configuration > Cloud Services > IaaS > Cloud Hubs in Azure

The Cloud Hubs in Azure tab provides the Azure account details and EC-V deployment configuration details for all Azure cloud EC-Vs that have been deployed.

NOTE: Before you can deploy EC-Vs to the Azure cloud, you must perform several tasks on the Azure portal. For more information, see Azure Subscription Configuration.

NOTE: EC-Vs that are deployed manually in Azure will not be displayed in Orchestrator.

Use this tab to:

  • Create and modify Azure subscriptions

  • Deploy EC-Vs in the Azure cloud

  • Remove an Azure cloud deployment

    NOTE: When you remove a deployment, all EC-Vs in the deployment will be deleted.

The following table describes each field on this tab.

Field Description
Name Name given on the deployment configuration page.
Virtual Network CIDR block used for deployment.
Account Name of the Azure account that was used to deploy the EC-Vs.
Instances Number of EC-V instances in the deployment. To add one or more EC-Vs to the deployment, click +Add. In the New Instance on Azure dialog box, select the Availability Zone to use and any optional tags to apply to the new instance.

Max indicates that the maximum number of instances have been created for this deployment.

If the region you selected does not support Availability Zones, the new Instance in Azure dialog box will not display an Availability Zone menu.
Region Region of the EC-V deployment.
Resource Group Name of the Azure Resource Group that was used for the EC-V deployment.
Status Status of the deployment. If more information is available, an information icon is displayed.

NOTE: If the deployment was incomplete, the info dialog contains a link to download the log file and steps to resolve the issue.
Terminate To permanently delete a deployment, click Terminate. This action deletes all resources associated with the EC-Vs, including all Azure resources.

If you created more than one EC-V in the deployment, all EC-Vs will be deleted when you click Terminate. The Resource Group that was used for the deployment will not be deleted.
Deployment Info Click the info icon in this column to view deployment and virtual machine details.
Resources Click the info icon in this column to view details about each Azure resource that Orchestrator created during the deployment.
Comment Comments that were added to the deployment when the EC-V was created. To edit the comment, click the edit icon.

Create or Modify an Azure Subscription

Click Azure Subscriptions to create or modify an Azure subscription to Orchestrator.

Deploy a New EC-V

Click New Deployment to deploy one or more EC-V instances in Azure.

Remove an EC-V

If a deployment does not complete or you no longer want the EC-V in the Azure cloud, you can remove the deployment and all associated artifacts.

To remove a deployment, locate the deployment you want to remove, and then click Terminate in the desired row.

Azure Subscriptions

The Azure Subscriptions dialog box lists all the Azure subscriptions that have been added to Orchestrator.


  • Click New Azure Subscription to add a new Azure subscription.

  • Click the edit icon next an existing subscription to modify it’s details.

    NOTE: You cannot modify subscriptions that have active deployments.

Add New Azure Subscription

To add a new Azure subscription, click New Azure Subscription.

Edit an Existing Azure Subscription

To edit an existing Azure subscription:

  1. Click the edit icon next to an existing subscription to modify that subscription’s details.

    The Azure Subscription Configuration dialog box displays.

    NOTE: You cannot modify subscriptions that have active deployments.

  2. Modify the elements as necessary.

  3. Click Save.

    Orchestrator validates the subscription information.

  4. Click Close.

Azure Subscription Configuration

Before you begin an EC-V deployment from the Orchestrator, you must perform the following tasks on the Azure portal.

  1. Accept Azure Marketplace image terms for EdgeConnect to enable programmatic deployment
  2. Create a New App Registration (also known as a Service Principle)
  3. Create a New Resource Group
  4. Create a Custom Role
  5. Assign the Custom Role to the Resource Group

You will need the following information as noted in the steps below to add the Azure subscription to Orchestrator:

  • Subscription ID
  • Tenant ID
  • Client ID
  • Client Secret

Accept Azure Marketplace Image Terms

Accepting Azure Marketplace image terms for EdgeConnect is required for the Orchestrator to automatically deploy an EdgeConnect image from the Azure Marketplace. You will only need to do this once per Azure subscription.

  1. Log in to the Azure Portal.

  2. Under Azure services, click + Create a resource.

  3. On the Create a resource page, enter edgeconnect and select the Silver Peak Unity EdgeConnect option.


  4. On the Plan drop-down menu, select Silver Peak Unity EdgeConnect, and then click Get started.


  5. On the Configure Programmatic Deployment page, select Enable next to the subscription ID that you want to use to deploy the EdgeConnect VMs.


  6. Click Save.

    A message at the top of the screen notifies you when configuration updates are complete.

Create a New App Registration

To create a new App registration:

  1. Log in to the Azure Portal.

  2. In the main search menu, enter app registrations, and then click App registrations.

  3. Click + New registration.

  4. On the Register an application page, in the Name field, enter a user-facing display name for the application.

  5. Under Supported account types, select Accounts in this organizational directory only (Default Directory only - single tenant).

  6. Optional: Enter a redirect URI.

  7. Click Register.

    NOTE: Note the Application (client) ID and Directory (tenant) ID. You will need these IDs when you add the subscription details on the Orchestrator.

  8. Under Manage, click Certificates & secrets.

  9. Click New client secret.

  10. Enter a Description and Expiration Date.

  11. Click Add.

    A new client secret is created.

  12. Copy the text in the Value column.

    NOTE: This text can only be viewed immediately after creation. Be sure to save the secret before leaving the page.

  13. On the main search menu bar, enter subscription and press Enter.

  14. Copy the subscription ID.

    You have successfully registered your application and gathered the details that are required for adding the Azure subscription details on the Orchestrator. Continue to Create a New Resource Group.

Create a New Resource Group

Creating a new Resource Group on the Azure portal is a best practice. This ensures that the SD-WAN Orchestrator only has access to that Resource Group to deploy EC-Vs. However, it is possible to deploy one or more EC-Vs into an existing Resource Group that contains other Azure resources.

To create a new resource group:

  1. On the main search menu, enter resource group, and then select the Resource groups menu.

  2. Click + Create.

  3. On the Create a resource group page, select the subscription that you want to use to create the resource group.

  4. Enter a name for the resource group, and then select a region.

  5. Click Review + create.

  6. Click Create.

    Continue to Create a Custom Role.

Create a Custom Role

You must have Owner or User Access Administrator permissions to create custom roles. There are multiple ways to create a custom role. The following steps create a custom role from within the Resource Group that you created.

  1. Select the resource group you created in Create a New Resource Group, and then click Access control (IAM).

  2. Click Add, and then click Add custom role.

    The Custom Roles editor opens (the Basic tab is displayed).

  3. In the Custom role name field, enter a name for the custom role. The name must be unique for the Azure AD directory. The name can include letters, numbers, spaces, and special characters.

  4. In the Description field, enter an optional description for the custom role. The description will display in the tool tip for the custom role.

  5. Accept the default value for the Baseline permissions, and then click the JSON tab.

  6. Click Edit.

  7. Go to this web page and click Permissions required to deploy Cloud Hubs in Azure.

  1. Copy the list of Azure permissions, and then paste the list within the square brackets under Actions (line 10), as shown in the following figures.




  2. Click Save.

  3. Click the Assignable scopes tab. Verify that the resource group you created is added as an assignable scope and Type is set to the resource group.

  4. Click the Permissions tab. Verify that the permissions, descriptions, and permission types you added are listed.

  5. Click Review + create.

  6. Click Create. A message displays to confirm that you have successfully created your custom role. Continue to Assign the Custom Role to the Resource Group.

Assign the Custom Role to the Resource Group

  1. Navigate to the Resource Group you created, and then click Access control (IAM).

    TIP: If you just completed the previous task of creating a custom role, the Access control (IAM) page is already open.

  2. Click Add, and then click Add role assignment. The Role assignment page opens.

  3. On the Role tab, enter the name of your custom role.

    TIP: If the role you created is not displayed, refresh the page.

  4. Select the custom role, and then click Next. The Members tab opens.

  5. Ensure that User, group, or service principle is selected, and then click + Select members. The Select members page opens.

  6. Enter the name of your App registration (Service Principle), and then select your app and click Select. Your app is added under Members.

  7. Click Review + assign.

  8. Click Review + assign again.

    You have successfully assigned your custom role to the resource group. Continue to Add the Azure Subscription to Orchestrator.

Add the Azure Subscription to Orchestrator

To add the Azure subscription to Orchestrator:

  1. Log in to Orchestrator.

  2. Click Configuration > IaaS > Cloud Hubs in Azure.

  3. Click Azure Subscriptions.

  4. Click Add Azure Subscriptions.

  5. Enter the Subscription ID, Tenant ID, Client ID, and Client Secret for the Azure subscription.

    NOTE: If you copy and paste the subscription ID, Azure might add a blank space to the beginning of the subscription ID. Be sure to remove all spaces from your subscription ID.

  6. Click Save.

    Orchestrator validates the subscription information.

Deployment Configuration Azure

Use the Deployment Configuration Azure dialog box to create one or more EC-V instances in Azure.

NOTE: If you do not have an Azure subscription configured in Orchestrator, the Azure Deployment Configuration dialog box is blank. Click the Subscriptions link to create an Azure subscription.


Field Description
Name Enter a name for the deployment. This name is used only for identifying the deployment. A deployment consists of one or more EC-Vs that an Orchestrator creates in an Azure Virtual Network. Only alphabetical letters and hyphens are allowed in the deployment name. The maximum allowed length is 20 characters.
Azure Account Select an Azure account to use for deploying the EC-V.
Region Select an Azure region where you want to deploy the EC-V.
Virtual Network CIDR Enter a Virtual Network Classless Inter-Domain Routing (CIDR) block. The smallest supported CIDR block is /24 and the largest supported CIDR block is /16. Orchestrator creates all Azure resources required for the EC-V deployment within this virtual network. For each EC-V you deploy, Orchestrator creates three subnets that are /28 in size. In other words, if you deploy two EC-Vs, Orchestrator creates six subnets in total. This is true even if both EC-Vs are created in a single Availability Set or Availability Zone.
Boost After Boost and an appropriate WAN Bandwidth value are selected, Orchestrator displays the appropriate Azure instance types for the deployment on the Instance Type menu.

NOTE: Selecting Boost does not enable Boost on the EC-V. It only allows Orchestrator to display appropriate Azure instance types that can support Boost for the selected WAN bandwidth. To enable Boost on the EC-V, go to the Deployment page and the Business Intent Overlay (BIO) page after the deployment is complete.
WAN Bandwidth The WAN bandwidth list displays the current EdgeConnect license tiers. After you select a WAN Bandwidth value, Orchestrator displays the appropriate Azure instance types for the deployment in the Instance Type list.
Instance Type Based on your selected Boost and WAN Bandwidth values, Orchestrator displays the appropriate instance types.
Availability Option Select Availability Set or Availability Zone. Some regions only support Availability Set. Aruba recommends selecting Availability Zone, if it is available.
SSH Public Key Generate a public key with an application, such as PuTTYgen, and then input the value here.

IMPORTANT: EdgeConnect only supports single-line SSH public keys. Do not use multi-line SSH public keys.

Use this:


Not this:


NOTE: Save the private key file. If you need to log in via SSH to the appliance after it is deployed, you will need this key.
Azure Tags (Optional) Any comma-separated tags entered here are applied to all Azure resources that Orchestrator creates while deploying the EC-V. If you do not enter any tags, Orchestrator automatically creates a unique tag for each Azure resource that it creates while deploying the EC-V. This Azure tag is created to identify each resource created by Orchestrator. The tag is formatted as follows: sp-automated-deployment name-instance-index-resource name.
Comment (Optional) Enter an optional comment if you want to attach any additional details for the deployment.
Advanced Settings Custom VHD: Leave this field blank unless you have an EdgeConnect VHD that you want to use for the deployment. When this field is blank, the Azure Marketplace image is deployed.
Horizontal Scale You can deploy multiple EC-Vs by clicking + and selecting the Availability Set or Availability Zone for each EC-V. If the selected region supports multiple Availability Zones, each Availability Zone displays on the menu. You can deploy up to 5 EC-Vs with a CIDR block of /24.

If you need to deploy more than five EC-Vs within a single virtual network, select a virtual network CIDR block that is bigger than /24, such as /23 or /22. The maximum number of EC-Vs you can deploy within a single network is 20.
Appliance Tag (Optional) Enter an Appliance Tag. If this field is left blank, Orchestrator automatically assigns an Appliance Tag for its own configuration purposes.
Availability Zone Enter the Azure Availability Zone for the EC-V.

NOTE: This field only displays if the region supports Availability Zones.

When you have completed all the required fields, click Review and Deploy. Review the configuration summary, and then click Deploy to create the EC-V instances.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America