Link Search Menu Expand Document

Cloud Hubs in Azure

Configuration > Cloud Services > IaaS > Cloud Hubs in Azure

The Cloud Hubs in Azure tab provides the Azure account details and EC-V deployment configuration details for all Azure cloud EC-Vs that have been deployed.

NOTE: Before you can deploy EC-Vs to the Azure cloud, you must perform several tasks on the Azure portal. For more information, see Azure Subscription Configuration.

NOTE: EC-Vs that are deployed manually in Azure will not be displayed in Orchestrator.

Use this tab to:

  • Create and modify Azure subscriptions

  • Deploy EC-Vs in the Azure cloud

  • Remove an Azure cloud deployment

    NOTE: When you remove a deployment, all EC-Vs in the deployment will be deleted.

The following table describes each field on this tab.

FieldDescription
NameName given on the deployment configuration page.
Virtual NetworkCIDR block used for deployment.
AccountName of the Azure account that was used to deploy the EC-Vs.
InstancesNumber of EC-V instances in the deployment. To add one or more EC-Vs to the deployment, click +Add. In the New Instance on Azure dialog box, select the Availability Zone to use and any optional tags to apply to the new instance.

Max indicates that the maximum number of instances have been created for this deployment.

If the region you selected does not support Availability Zones, the new Instance in Azure dialog box will not display an Availability Zone menu.
RegionRegion of the EC-V deployment.
Resource GroupName of the Azure Resource Group that was used for the EC-V deployment.
StatusStatus of the deployment. If more information is available, an information icon is displayed.

NOTE: If the deployment was incomplete, the info dialog contains a link to download the log file and steps to resolve the issue.
TerminateTo permanently delete a deployment, click Terminate. This action deletes all resources associated with the EC-Vs, including all Azure resources.

If you created more than one EC-V in the deployment, all EC-Vs will be deleted when you click Terminate. The Resource Group that was used for the deployment will not be deleted.
Deployment InfoClick the info icon in this column to view deployment and virtual machine details.
ResourcesClick the info icon in this column to view details about each Azure resource that Orchestrator created during the deployment.
CommentComments that were added to the deployment when the EC-V was created. To edit the comment, click the edit icon.

Create or Modify an Azure Subscription

Click Azure Subscriptions to create or modify an Azure subscription to Orchestrator.

Deploy a New EC-V

Click New Deployment to deploy one or more EC-V instances in Azure.

Remove an EC-V

If a deployment does not complete or you no longer want the EC-V in the Azure cloud, you can remove the deployment and all associated artifacts.

To remove a deployment, locate the deployment you want to remove, and then click Terminate in the desired row.

Azure Subscriptions

The Azure Subscriptions dialog box lists all the Azure subscriptions that have been added to Orchestrator.

img

  • Click New Azure Subscription to add a new Azure subscription.

  • Click the edit icon next an existing subscription to modify it’s details.

    NOTE: You cannot modify subscriptions that have active deployments.

Add New Azure Subscription

To add a new Azure subscription, click New Azure Subscription.

Edit an Existing Azure Subscription

To edit an existing Azure subscription:

  1. Click the edit icon next to an existing subscription to modify that subscription’s details.

    The Azure Subscription Configuration dialog box displays.

    NOTE: You cannot modify subscriptions that have active deployments.

  2. Modify the elements as necessary.

  3. Click Save.

    Orchestrator validates the subscription information.

  4. Click Close.

Azure Subscription Configuration

Before you begin an EC-V deployment from the Orchestrator, you must perform the following tasks on the Azure portal.

  1. Accept Azure Marketplace image terms for EdgeConnect to enable programmatic deployment
  2. Create a New App Registration (also known as a Service Principle)
  3. Create a New Resource Group
  4. Create a Custom Role
  5. Assign the Custom Role to the Resource Group

You will need the following information as noted in the steps below to add the Azure subscription to Orchestrator:

  • Subscription ID
  • Tenant ID
  • Client ID
  • Client Secret

Accept Azure Marketplace Image Terms

Accepting Azure Marketplace image terms for EdgeConnect is required for the Orchestrator to automatically deploy an EdgeConnect image from the Azure Marketplace. You will only need to do this once per Azure subscription.

  1. Log in to the Azure Portal.

  2. Under Azure services, click + Create a resource.

  3. On the Create a resource page, enter edgeconnect and select the Silver Peak Unity EdgeConnect option.

    img

  4. On the Plan drop-down menu, select Silver Peak Unity EdgeConnect 8.3.0.19, and then click Get started.

    img

  5. On the Configure Programmatic Deployment page, select Enable next to the subscription ID that you want to use to deploy the EdgeConnect VMs.

    img

  6. Click Save.

    A message at the top of the screen notifies you when configuration updates are complete.

Create a New App Registration

To create a new App registration:

  1. Log in to the Azure Portal.

  2. Click the + New registration button.

  3. In the main search menu, enter app registrations and click App registrations.

  4. On the Register an application page, in the Name field, enter a user-facing display name for the application.

  5. Under Supported account types, select Accounts in this organizational directory only (Default Directory only - single tenant).

  6. Optional: Enter a redirect URI.

  7. Click Register.

    NOTE: Note the Application (client) ID and Directory (tenant) ID. You will need these IDs when you add the subscription details on the Orchestrator.

  8. Under Manage, click Certificates & secrets.

  9. Click New client secret.

  10. Enter a Description and Expiration Date.

  11. Click Add.

    A new client secret is created.

  12. Copy the text in the Value column.

    NOTE: This text can only be viewed immediately after creation. Be sure to save the secret before leaving the page.

  13. On the main search menu bar, enter subscription and press Enter.

  14. Copy the subscription ID.

    You have successfully registered your application and gathered the details that are required for adding the Azure subscription details on the Orchestrator. Continue to Create a New Resource Group.

Create a New Resource Group

Creating a new Resource Group on the Azure portal is a best practice. This ensures that the Aruba Orchestrator only has access to that Resource Group to deploy EC-Vs. However, it is possible to deploy one or more EC-Vs into an existing Resource Group that contains other Azure resources.

To create a new resource group:

  1. On the main search menu, enter resource group, and then select the Resource groups menu.

  2. Click + Create.

  3. On the Create a resource group page, select the subscription that you want to use to create the resource group.

  4. Enter a name for the resource group, and then select a region.

  5. Click Review + create.

  6. Click Create.

    Continue to Create a Custom Role.

Create a Custom Role

You must have Owner or User Access Administrator permissions to create custom roles. There are multiple ways to create a custom role. The following steps create a custom role from within the Resource Group that you created.

  1. Select the resource group you created in Create a New Resource Group, and then click Access control (IAM).

  2. Click Add, and then click Add custom role.

    The Custom Roles editor opens (the Basic tab is displayed).

  3. In the Custom role name field, enter a name for the custom role. The name must be unique for the Azure AD directory. The name can include letters, numbers, spaces, and special characters.

  4. In the Description field, enter an optional description for the custom role. The description will display in the tool tip for the custom role.

  5. Accept the default value for the Baseline permissions, and then click the JSON tab.

  6. Click Edit.

  7. Go to this web page, and then click the link for your version of Orchestrator.

  8. Copy the list of Azure permissions, and then paste the list within the square brackets under Actions (line 10), as shown in the following figures.

    img

    img

    img

  9. Click Save.

  10. Click the Assignable scopes tab. Verify that the resource group you created is added as an assignable scope and Type is set to the resource group.

  11. Click the Permissions tab. Verify that the permissions, descriptions, and permission types you added are listed.

  12. Click Review + create.

  13. Click Create. A message displays to confirm that you have successfully created your custom role. Continue to Assign the Custom Role to the Resource Group.

Assign the Custom Role to the Resource Group

  1. Navigate to the Resource Group you created, and then click Access control (IAM).

    TIP: If you just completed the previous task of creating a custom role, the Access control (IAM) page is already open.

  2. Click Add, and then click Add role assignment. The Role assignment page opens.

  3. On the Role tab, enter the name of your custom role.

    TIP: If the role you created is not displayed, refresh the page.

  4. Select the custom role, and then click Next. The Members tab opens.

  5. Ensure that User, group, or service principle is selected, and then click + Select members. The Select members page opens.

  6. Enter the name of your App registration (Service Principle), and then select your app and click Select. Your app is added under Members.

  7. Click Review + assign.

  8. Click Review + assign again.

    You have successfully assigned your custom role to the resource group. Continue to Add the Azure Subscription to Orchestrator.

Add the Azure Subscription to Orchestrator

To add the Azure subscription to Orchestrator:

  1. Log in to Orchestrator.

  2. Click Configuration > IaaS > Cloud Hubs in Azure.

  3. Click Azure Subscriptions.

  4. Click Add Azure Subscriptions.

  5. Enter the Subscription ID, Tenant ID, Client ID, and Client Secret for the Azure subscription.

    NOTE: If you copy and paste the subscription ID, Azure might add a blank space to the beginning of the subscription ID. Be sure to remove all spaces from your subscription ID.

  6. Click Save.

    Orchestrator validates the subscription information.

Deployment Configuration Azure

Use the Deployment Configuration Azure dialog box to create one or more EC-V instances in Azure.

NOTE: If you do not have an Azure subscription configured in Orchestrator, the Azure Deployment Configuration dialog box is blank. Click the Subscriptions link to create an Azure subscription.

img

FieldDescription
NameEnter a name for the deployment. This name is used only for identifying the deployment. A deployment consists of one or more EC-Vs that an Orchestrator creates in an Azure Virtual Network. Only alphabetical letters and hyphens are allowed in the deployment name. The maximum allowed length is 20 characters.
Azure AccountSelect an Azure account to use for deploying the EC-V.
RegionSelect an Azure region where you want to deploy the EC-V.
Virtual Network CIDREnter a Virtual Network Classless Inter-Domain Routing (CIDR) block. The smallest supported CIDR block is /24 and the largest supported CIDR block is /16. Orchestrator creates all Azure resources required for the EC-V deployment within this virtual network. For each EC-V you deploy, Orchestrator creates three subnets that are /28 in size. In other words, if you deploy two EC-Vs, Orchestrator creates six subnets in total. This is true even if both EC-Vs are created in a single Availability Set or Availability Zone.
BoostAfter Boost and an appropriate WAN Bandwidth value are selected, Orchestrator displays the appropriate Azure instance types for the deployment on the Instance Type menu.

NOTE: Selecting Boost does not enable Boost on the EC-V. It only allows Orchestrator to display appropriate Azure instance types that can support Boost for the selected WAN bandwidth. To enable Boost on the EC-V, go to the Deployment page and the Business Intent Overlay (BIO) page after the deployment is complete.
WAN BandwidthThe WAN bandwidth list displays the current EdgeConnect license tiers. After you select a WAN Bandwidth value, Orchestrator displays the appropriate Azure instance types for the deployment in the Instance Type list.
Instance TypeBased on your selected Boost and WAN Bandwidth values, Orchestrator displays the appropriate instance types.
Availability OptionSelect Availability Set or Availability Zone. Some regions only support Availability Set. Aruba recommends selecting Availability Zone, if it is available.
SSH Public KeyGenerate a public key with an application, such as PuTTYgen, and then input the value here.

IMPORTANT: EdgeConnect only supports single-line SSH public keys. Do not use multi-line SSH public keys.

Use this:

img

Not this:

img

NOTE: Save the private key file. If you need to log in via SSH to the appliance after it is deployed, you will need this key.
Azure Tags (Optional)Any comma-separated tags entered here are applied to all Azure resources that Orchestrator creates while deploying the EC-V. If you do not enter any tags, Orchestrator automatically creates a unique tag for each Azure resource that it creates while deploying the EC-V. This Azure tag is created to identify each resource created by Orchestrator. The tag is formatted as follows: sp-automated-deployment name-instance-index-resource name.
Comment (Optional)Enter an optional comment if you want to attach any additional details for the deployment.
Advanced SettingsCustom VHD: Leave this field blank unless you have an EdgeConnect VHD that you want to use for the deployment. When this field is blank, the Azure Marketplace image is deployed.
Horizontal ScaleYou can deploy multiple EC-Vs by clicking + and selecting the Availability Set or Availability Zone for each EC-V. If the selected region supports multiple Availability Zones, each Availability Zone displays on the menu. You can deploy up to 5 EC-Vs with a CIDR block of /24.

If you need to deploy more than five EC-Vs within a single virtual network, select a virtual network CIDR block that is bigger than /24, such as /23 or /22. The maximum number of EC-Vs you can deploy within a single network is 20.
Appliance Tag (Optional)Enter an Appliance Tag. If this field is left blank, Orchestrator automatically assigns an Appliance Tag for its own configuration purposes.
Availability ZoneEnter the Azure Availability Zone for the EC-V.

NOTE: This field only displays if the region supports Availability Zones.

When you have completed all the required fields, click Review and Deploy. Review the configuration summary, and then click Deploy to create the EC-V instances.


Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.