From 281fe6acab1a55d00eda74aaa2d48ed5413a6def Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Thu, 4 Dec 2025 16:11:49 -0700 Subject: [PATCH 1/5] azure byol 4.0 docs --- ...intro_installation_byol_azure_conductor.md | 118 +++++++++++------- docs/intro_installation_byol_azure_mist.md | 108 ++++++++++------ 2 files changed, 143 insertions(+), 83 deletions(-) diff --git a/docs/intro_installation_byol_azure_conductor.md b/docs/intro_installation_byol_azure_conductor.md index 56be4b4961..c8f4e82b5c 100644 --- a/docs/intro_installation_byol_azure_conductor.md +++ b/docs/intro_installation_byol_azure_conductor.md @@ -21,6 +21,16 @@ The **Bring Your Own License (BYOL)** plan allows you to install your own licens Once you have selected the BYOL plan for your deployment, proceed to [Session Smart Conductor Deployment](#session-smart-conductor-deployment) to deploy a Session Smart Conductor, or proceed to the section [Session Smart Conductor-managed Router Deployment](#session-smart-conductor-managed-router-deployment) to deploy a Session Smart Router. +## Selecting the Instance Size + +The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). + +| Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | +| Standard_F8s_v2 | 4 | 8 | 16 GB | +| Standard_F16s_v2 | 4 | 16 | 32 GB | +| Standard_F32s_v2 | 8 | 32 | 64 GB | +| Standard_D8s_v5 | 4 | 8 | 32 GB | + ## Session Smart Conductor Deployment Use the following information to deploy a BYOL Session Smart Conductor in Azure. @@ -32,6 +42,12 @@ The following infrastructure must exist in your Azure subscription: * The existing VNet is segmented with at least one subnet. * The subnet is reachable for SSH and HTTPs access for administration purposes. * The Session Smart Routers managed by this Conductor must be able to reach the IP address of the Conductor in this subnet. +* A Managed Identity with the minimum read permissions. +``` +Microsoft.Compute/virtualMachines/read +Microsoft.Network/virtualNetworks/read +Microsoft.Network/networkInterfaces/read +``` ### Deployment @@ -64,11 +80,11 @@ To deploy the Session Smart Networking software via the Azure Portal: 6. Answer the following questions to launch the deployment of a Conductor. For a description of the parameters of the template, please refer to [Launch the Conductor Template](#launch-the-conductor-template). +- Where do you want to deploy it? + - Provide the location where the VNet exists in the **Location** field (for example: eastus). All available locations [here](https://azure.microsoft.com/en-us/global-infrastructure/locations). Note the name of the Location field is one word and all lowercase like eastus, westus, westeurope, eastasia, etc. - What name do you want to give it? - Provide it in the **Instance Name** field (for example: Conductor). - What version of SSR software do you want to install? -- Where do you want to deploy it? - - Provide the location where the VNet exists in the **Location** field (for example: eastus). All available locations [here](https://azure.microsoft.com/en-us/global-infrastructure/locations). Note the name of the Location field is one word and all lowercase like eastus, westus, westeurope, eastasia, etc. - Provide the name of the VNet in the **Virtual Network Name** field (for example: `128T-VNet`). - Provide the name of the availability set in the **Availability Set Name** field (for example: `128TSet`). - Provide the name of the **Management Subnet** @@ -158,21 +174,21 @@ A description of the parameters of the template are listed in the following tabl | Parameter | Description | | ---| --- | | Subscription | Subscription for the deployment. | -| Resource group | Select an existing resource group or create a new one. | +| Resource Group | Select an existing resource group or create a new one. | | Region | The first instance of the Region field is automatically populated with the region corresponding to the resource group. | | Location | As indicated in the requirements, the Session Smart Conductor is going to be deployed into an existing VNet. The Location field is the name of the location where such VNet exists. Please refer to the following list https://azure.microsoft.com/en-us/global-infrastructure/locations (the name of the Location field is one word and all lowercase; e.g., eastus, westus, westeurope, eastasia). | | Avaiability Set Name | Name of the existing availability set within the same resource group and region as the VNet selected above where the device will be deployed. | -| Instance size | Select the size of the VM in the field Instance Size. | +| Instance Size | Select the size of the VM in the field Instance Size. | | Instance Name | Provide a name to the VM for the Session Smart Conductor. | -| SSR Version | SSR software version installed on the instance. | -| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. | -| Artifactory Token | Token for the artifactory credentials used to install the SSR software. | -| Managed Identity | The Azure Managed identity used to manage permissions for the router instance. | +| SSR Version | SSR software version installed on the instance. | +| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. | +| Artifactory Token | Token for the artifactory credentials used to install the SSR software. | +| Managed Identity | The Azure Managed identity used to manage permissions for the router instance. | | Virtual Network Name | Name of the existing VNet where the Session Smart Router is going to be deployed. | -| Control Subnet Name | The name of the management subnet within the VNet. | -| Control Allowed CIDR | The IP CIDR range of the endpoints allowed to originate traffic to the Conductor's management interface in the management subnet. | +| Control Subnet Name | The name of the management subnet within the VNet. | +| Control Allowed CIDR | The IP CIDR range of the endpoints allowed to originate traffic to the Conductor's management interface in the management subnet. | | Admin Allowed CIDR | Allows for restricting reachability to the management interface of the router to a well known source IP address CIDR range. Default is set to 0.0.0.0/0 allowing every IP address to reach the management interface. Once the deployment completes, it is highly recommended to update the configuration of the network security group to allow only access from the source IP address/es where the Session Smart Router will be administered. | -| Admin Public Key Data | Paste in the field Admin Public Key Data the SSH public key to be used to authenticate with the VM (Linux) instance via SSH. The key needs to be at least 2048-bit and in ssh-rsa format. Please find the following an example of a valid key next (To reduce the length of the key in this example multiple character have been replaced by three dots): ```ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHwB1Qe1KndGqKuT3F...GumfdHfdasy8N0kncMtp2wtkqoLsRWdJ4/WKaZBOrPd4Q== admin@Admin-MacBook-Pro.local```. For more information about creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys). | +| Admin Public Key Data | Paste in the field Admin Public Key Data the SSH public key to be used to authenticate with the VM (Linux) instance via SSH. The key needs to be at least 2048-bit and in ssh-rsa format. Please find the following an example of a valid key next (To reduce the length of the key in this example multiple character have been replaced by three dots): ```ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHwB1Qe1KndGqKuT3F...GumfdHfdasy8N0kncMtp2wtkqoLsRWdJ4/WKaZBOrPd4Q== admin@Admin-MacBook-Pro.local```. For more information about creating ssh keys, see [Create SSH keys on Linux and Mac for Linux VMs in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys). | ### Azure Portal @@ -219,19 +235,19 @@ Paste the following JSON content. Please adjust the values to your specific envi "contentVersion": "1.0.0.0", "parameters": { "location": { - "value": "" + "value": "" }, "availabilitySetName": { - "value": "" + "value": "" }, "instanceSize": { - "value": "Standard_DS3_v2" + "value": "Standard_F8s_v2" }, "instanceName": { - "value": "" + "value": "" }, "SSR Version": { - "value": "" + "value": "" }, "artifactoryUsername": { "value": "The username portion of the artifactory credentials" @@ -240,13 +256,13 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "The password portion of the artifactory credentials" }, "managedIdentity": { - "value": "" + "value": "" }, "virtualNetworkName": { - "value": "" + "value": "" }, "controlSubnetName": { - "value": "" + "value": "" }, "controlAllowedCidr": { "value": "0.0.0.0/0" @@ -255,7 +271,7 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "0.0.0.0/0" }, "adminPublicKeyData": { - "value": "" + "value": "" } } } @@ -308,7 +324,12 @@ The following infrastructure must exist in your Azure subscription: - **[OPTIONAL] Management Subnet**: This subnet is used for conductor-managed deployments, and has the following requirements: * The subnet is reachable for SSH for administration purposes. * The interface of the Conductor that manages this router must be reachable from this subnet. - +* A Managed Identity with the minimum read permissions. +``` +Microsoft.Compute/virtualMachines/read +Microsoft.Network/virtualNetworks/read +Microsoft.Network/networkInterfaces/read +``` ### Deployment A Session Smart Conductor-managed Router can be deployed manually via the [Azure Portal](https://portal.azure.com) or in an automated fashion using Azure CLI or PowerShell commands. This section describes both methods. Choose the method that better suits your needs. @@ -404,16 +425,18 @@ write_files: "ssr-version": "", “mode”: "conductor-managed", “conductor-hosts”: [""], + "artifactory-user": "", + "artifactory-password": "", "cloud-provider": "azure" } ``` | Option | Meaning | | ------ | ------- | -| name | The name of the Router. | -| ssr-version | The SSR software version to be installed on the instance. (BYOL only) | -| artifactory-user | User portion of the artifactory credentials. | +| name | The name of the Router. | +| ssr-version | The SSR software version to be installed on the instance. (BYOL only) | +| artifactory-user | User portion of the artifactory credentials. | | artifactory-password | Password portion of the artifactory credentials. | -| conductor-hosts | The list of Conductor control IPs used to manage the router. | +| conductor-hosts | The list of Conductor control IPs used to manage the router. | ### Manual Onboarding If a user does not supply the onboarding configuration before launching the instance, the onboarding steps can be manually executed. @@ -438,13 +461,13 @@ A description of the parameters of the template are listed in the following tabl | Region | The first instance of the Region field is automatically populated with the region corresponding to the resource group. | | Location | As indicated in the requirements, the Session Smart Router is going to be deployed into an existing VNet. The Location field is the name of the location where such VNet exists. Please refer to the following list https://azure.microsoft.com/en-us/global-infrastructure/locations (the name of the Location field is one word and all lowercase; e.g., eastus, westus, westeurope, eastasia). | | Avaiability Set Name | Name of the existing availability set within the same resource group and region as the VNet selected above. | -| Instance size | Select the size of the VM in the field Instance Size. | +| Instance size | Select the size of the VM in the field Instance Size. | | Instance Name | Provide a name to the VM for the Session Smart Router. | -| SSR Version | SSR software version installed on the instance. | -| Primary Control IP | The primary IP address of the Conductor | -| Secondary Control IP | The secondary IP address of the Conductor | -| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. | -| Artifactory Token | Token for the artifactory credentials used to install the SSR software. | +| SSR Version | SSR software version installed on the instance. | +| Primary Control IP | The primary IP address of the Conductor | +| Secondary Control IP | The secondary IP address of the Conductor | +| Artifactory Username | User portion of the artifactory credentials used to install the SSR software. | +| Artifactory Token | Token for the artifactory credentials used to install the SSR software. | | Virtual Network Name | Name of the existing VNet where the Session Smart Router is going to be deployed. | | Public Subnet Name | The name of the public subnet within the VNet. | | Public Subnet Allowed CIDR | Corresponds to the source IP CIDR range of the SSR/s at the data center/branch (outside the cloud) allowed to originate traffic to the public interface of the router. This field allows for defining a well defined and trusted IP address range. It is common to set this field to 0.0.0.0/0 for now, as the source IP addresses of the routers at the data center or branch (outside the cloud) are not known at this time. However, after the deployment and once these external IP addresses are known it is recommended to provision them in the corresponding security groups to increase the degree of security. | @@ -498,25 +521,25 @@ Paste the following JSON content. Please adjust the values to your specific envi "contentVersion": "1.0.0.0", "parameters": { "location": { - "value": "" + "value": "" }, "availabilitySetName": { - "value": "" + "value": "" }, "instanceSize": { - "value": "Standard_DS3_v2" + "value": "Standard_F8s_v2" }, "instanceName": { - "value": "" + "value": "" }, "SSR Version": { - "value": "" + "value": "" }, "conductorPrimaryControlIP": { - "value" "The primary control IP of the Conductor", + "value" "The Primary Control IP of the Conductor", }, "conductorSecondaryControlIP": { - "value" "The primary control IP of the Conductor", + "value" "The Secondary Control IP of the Conductor", }, "artifactoryUsername": { "value": "The username portion of the artifactory credentials" @@ -528,10 +551,10 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "Name of the user managed identity resource to be assigned to the Router." }, "virtualNetworkName": { - "value": "" + "value": "" }, "publicSubnetName": { - "value": "" + "value": "" }, "publicSubnetAllowedCidr": { "value": "0.0.0.0/0" @@ -540,16 +563,16 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "0.0.0.0/0" }, "privateSubnetName": { - "value": "" + "value": "" }, "privateSubnetAllowedCidr": { "value": "0.0.0.0/0" }, "managementSubnetName": { - "value": "" + "value": "" }, "adminPublicKeyData": { - "value": "" + "value": "" } } } @@ -597,6 +620,15 @@ In addition to using the cloud formation template, the admin can tag the interfa | LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. | | MGMT | Interface is marked as MGMT and is assumed to have SSH connectivity. | +:::note +The following role permissions are required on the resource's managed identity for tagging to be enabled +``` +Microsoft.Compute/virtualMachines/read +Microsoft.Network/virtualNetworks/read +Microsoft.Network/networkInterfaces/read +``` +::: + ## Troubleshooting ### Device Does Not Initalize Properly diff --git a/docs/intro_installation_byol_azure_mist.md b/docs/intro_installation_byol_azure_mist.md index ef483f8852..40ab7c19be 100644 --- a/docs/intro_installation_byol_azure_mist.md +++ b/docs/intro_installation_byol_azure_mist.md @@ -13,10 +13,20 @@ This guide describes the process for deploying a Mist-managed Session Smart Rout **Bring Your Own License (BYOL):** This allows you to install your own licensed copy of the SSR software on an Azure VM. The device registration code is used to authenticate access to the Mist installation repositories. -For the latest information about SSR BYOL offereings, please refer to the [Cloud Images BYOL Release Notes](release_notes_byol.md). +For the latest information about SSR BYOL offerings, please refer to the [Cloud Images BYOL Release Notes](release_notes_byol.md). Once you have selected the plan that best suits the needs of your deployment, proceed to the [Session Smart Router Deployment](#session-smart-router) to deploy a Session Smart Router. +## Selecting the Instance Size + +The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). + +| Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | +| Standard_F8s_v2 | 4 | 8 | 16 GB | +| Standard_F16s_v2 | 4 | 16 | 32 GB | +| Standard_F32s_v2 | 8 | 32 | 64 GB | +| Standard_D8s_v5 | 4 | 8 | 32 GB | + ## Session Smart Router Use the following process to deploy a Mist-managed Session Smart Router in Azure. @@ -26,21 +36,21 @@ Use the following process to deploy a Mist-managed Session Smart Router in Azure The following infrastructure must exist in your Azure subscription: * A VNet where the Session Smart Router (SSR) will be deployed. * An Availability Set where the SSR will be deployed. -* The existing VNet is segmented with the following subnets. The role of each subnet is described below. - -#### Public Subnet -This subnet must provide connectivity to enable communication with external/remote SSR peers as well as access to the Mist cloud infrastructure if no management subnet is provided. - -#### Private Subnet -This subnet must provide connectivity to internal workloads within the cloud. +* The existing VNet is segmented with at least the following three subnets: + - **Public Subnet**: This subnet must provide connectivity to enable communication with external/remote SSR peers as well as access to the Mist cloud infrastructure if no management subnet is provided. + - **Private Subnet**: This subnet must provide connectivity to internal workloads within the cloud. + - **[OPTIONAL] Management Subnet**: This subnet must provide connectivity to the Mist cloud and is rachable for SSH administration purposes. +* A Managed Identity with the minimum read permissions. +``` +Microsoft.Compute/virtualMachines/read +Microsoft.Network/virtualNetworks/read +Microsoft.Network/networkInterfaces/read +``` :::important Please note that deploying Session Smart Routers without a valid token is limited to deployments within the cloud. If your use case also requires the deployment of an on-premises SSR, please contact your Juniper sales representative. ::: -#### [Optional] Management Subnet -This subnet must provide connectivity to the Mist cloud - ## Deployment @@ -73,16 +83,15 @@ To deploy the Session Smart Networking software via the Azure Portal: Answer the following questions to launch the deployment of an SSR. For additional information refer to [Launch the Template](#launch-the-template). -* Where do you want to deploy it? +* Where do you want to deploy the SSR? * Provide the location where the VNet exists in the **Location** field (for example: eastus). All available locations [here](https://azure.microsoft.com/en-us/global-infrastructure/locations). Note the name of the Location field is one word and all lowercase like eastus, westus, westeurope, eastasia, etc. - * Provide the name of the availability set in the **Availability Set Name** field (for example: `128TRouterSet`). - -* What name do you want to give it? + * Provide the name of the availability set in the **Availability Set Name** field +* What name do you want to give the SSR? * What version of SSR software do you want to install? -* Which Mist organization is going to manage it? +* Which Mist organization is going to manage the SSR? Provide the [registration code](wan_onboarding_whitebox.md#manual-adoption) for the Mist organization. * Provide the name of the Managed Identity in the resource group -* Provide the name of the VNet in the **Virtual Network Name** field (for example: `128T-VNet`). +* Provide the name of the VNet in the **Virtual Network Name** field. * Provide the name of the **Public Subnet Name** * Provide the name of the **Private Subnet Name** * [Optional] Provide the name of the **Management Subnet** @@ -98,7 +107,7 @@ Answer the following questions to launch the deployment of an SSR. For additiona Once the deployment completes, information is provided in the Outputs tab on the left hand side. -The non-interactive, Zero Touch Provisioning (ZTP) method is triggered. After the VM is deployed, it will take an additional 2-3 minutes for the ZTP process to complete. When the ZTP process concludes, there will be an asset in the Mist inventory to be associated with the router configuration. It will then take an additional 5-10 minutes for the desired SSR version to be installed. +The non-interactive, Zero Touch Provisioning (ZTP) method is triggered. After the VM is deployed, it will take an additional 2-3 minutes for the ZTP process to complete. When the ZTP process concludes, there will be an asset in the Mist inventory to be associated with the router configuration. It will then take an additional 5-10 minutes for the desired SSR version to be installed. Once complete the `Version` will be populated in the Mist inventory. ### Azure CLI or PowerShell @@ -150,18 +159,27 @@ If a user does not supply the onboarding configuration before launching the inst ### Mist-Managed Setup -Once the instance is launched with the correct registration-code, the device will self-onboard to appropriate Mist organization. The process can take up to 5 minutes. The device is visible as Unassigned in the Mist organization once onboarding is complete. +Once the instance is launched with the correct registration-code, the device will self-onboard to the appropriate Mist organization. The process can take up to 10 minutes. The device is visible as Unassigned in the Mist organization once onboarding is complete. ### Network Interfaces Layout -The _Session Smart Router Template_ deploys a VM for the SSR with two network interfaces and an optional third network interface. The template attaches the network interfaces to the VM in the following order: Public, Private, and Management. The network interfaces to be used in Mist configuration are as follows: +The _Session Smart Router Template_ deploys a VM for the SSR with two network interfaces and an optional third management network interface. The template attaches the network interfaces to the VM in the following order: Management (Optional), Public, Private. + +If a management network interface is provided, the names to be used in the Mist configuration are as follows: +The network interfaces to be used in Mist configuration are as follows: -| Network Interface Name | Subnet | Mist Config Name | -| ---------------------- | ---------------- | ----------------| -| ge-0-0 | Public | ge-0/0/0 | -| ge-0-1 | Private | ge-0/0/1 | -| ge-0-2 | Management | Out Of Band Management | +| Network Interface Name | Subnet | Mist Config Name | +| ---------------------- | ---------------- | ---------------- | +| ge-0-0 | Management | Out Of Band Management | +| ge-0-1 | Public | ge-0/0/1 | +| ge-0-2 | Private | ge-0/0/2 | +If no management network interface is provided, the names to be used in the Mist configuration are as follows: + +| Network Interface Name | Subnet | Mist Config Name | +| ---------------------- | ---------------- | ---------------- | +| ge-0-0 | Public | ge-0/0/0 | +| ge-0-1 | Private | ge-0/0/1 | #### Interface Tagging @@ -171,7 +189,17 @@ In addition to using the cloud formation template, the admin can tag the interfa | --------- | ------- | | WAN | Interface is marked as WAN for onboarding purposes and is assumed to have connectivity to Mist cloud infrastructure. | | LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. | -| MGMT | Interface is marked as MGMT and is assumed to have connectivity to Mist cloud infrastructure. | +| MGMT | Interface is marked as MGMT and is assumed to have connectivity to Mist cloud infrastructure and SSH access prior to to site assignment. | + +:::note +The following role permissions are required on the resource's managed identity for tagging to be enabled +``` +Microsoft.Compute/virtualMachines/read +Microsoft.Network/virtualNetworks/read +Microsoft.Network/networkInterfaces/read +``` +::: + ## Troubleshooting @@ -238,11 +266,11 @@ A description of the parameters of the template are listed in the following tabl | Region | The first instance of the Region field is automatically populated with the region corresponding to the resource group. | | Location | As indicated in the requirements, the Session Smart Router is going to be deployed into an existing VNet. The Location field is the name of the location where such VNet exists. Please refer to the following list https://azure.microsoft.com/en-us/global-infrastructure/locations (the name of the Location field is one word and all lowercase). Example: eastus, westus, westeurope, eastasia... | | Avaiability Set Name | Name of the existing availability set within the same resource group and region as the VNet selected above the Session Smart Router is going to be deployed to. | -| Instance size | Select the size of the VM in the field Instance Size. | +| Instance size | Select the size of the VM in the field Instance Size. | | Instance Name | Provide a name to the VM for the Session Smart Router. | -| SSR Version | SSR software version installed on the instance. | -| Registration Code | The Mist registration used for adoption of the instance to a Mist organization. | -| Managed Identity | The Azure Managed identity used to manage permissions for the router instance. | +| SSR Version | SSR software version installed on the instance. | +| Registration Code | The Mist registration used for adoption of the instance to a Mist organization. | +| Managed Identity | The Azure Managed identity used to manage permissions for the router instance. | | Virtual Network Name | Name of the existing VNet where the Session Smart Router is going to be deployed to. | | Public Subnet Name | The name of the public subnet within the VNet. | | Public Subnet Allowed CIDR | It corresponds to the source IP CIDR range of the SSR/s at the data center/branch (outside the cloud) allowed to originate traffic to the public interface of the router. This field allows for defining a well defined and trusted IP address range. It is common to set this field to 0.0.0.0/0 for now, as the source IP addresses of the routers at the data center or branch (outside the cloud) are not known at this time. However, after the deployment and once these external IP addresses are known it is recommended to provision them in the corresponding security groups to increase the degree of security. | @@ -302,25 +330,25 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "" }, "instanceSize": { - "value": "Standard_DS3_v2" + "value": "Standard_F8s_v2" }, "instanceName": { - "value": "" + "value": "" }, "SSR Version": { - "value": "" + "value": "" }, "registrationCode": { - "value": "The registration code from the Mist UI." + "value": "" }, "managedIdentity": { - "value": "" + "value": "" }, "virtualNetworkName": { - "value": "" + "value": "" }, "publicSubnetName": { - "value": "" + "value": "" }, "publicSubnetAllowedCidr": { "value": "0.0.0.0/0" @@ -329,16 +357,16 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "0.0.0.0/0" }, "privateSubnetName": { - "value": "" + "value": "" }, "privateSubnetAllowedCidr": { "value": "0.0.0.0/0" }, "managementSubnetName": { - "value": "" + "value": "" }, "adminPublicKeyData": { - "value": "" + "value": "" } } } From 2561e8829f0dd27b26f30ad2add4cee660879a4a Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Thu, 4 Dec 2025 16:16:07 -0700 Subject: [PATCH 2/5] table formatting --- docs/intro_installation_byol_azure_conductor.md | 1 + docs/intro_installation_byol_azure_mist.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/intro_installation_byol_azure_conductor.md b/docs/intro_installation_byol_azure_conductor.md index c8f4e82b5c..2013152720 100644 --- a/docs/intro_installation_byol_azure_conductor.md +++ b/docs/intro_installation_byol_azure_conductor.md @@ -26,6 +26,7 @@ Once you have selected the BYOL plan for your deployment, proceed to [Session Sm The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). | Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | +| ---| --- | | Standard_F8s_v2 | 4 | 8 | 16 GB | | Standard_F16s_v2 | 4 | 16 | 32 GB | | Standard_F32s_v2 | 8 | 32 | 64 GB | diff --git a/docs/intro_installation_byol_azure_mist.md b/docs/intro_installation_byol_azure_mist.md index 40ab7c19be..0438b5cfd3 100644 --- a/docs/intro_installation_byol_azure_mist.md +++ b/docs/intro_installation_byol_azure_mist.md @@ -22,6 +22,7 @@ Once you have selected the plan that best suits the needs of your deployment, pr The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). | Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | +| ---| --- | | Standard_F8s_v2 | 4 | 8 | 16 GB | | Standard_F16s_v2 | 4 | 16 | 32 GB | | Standard_F32s_v2 | 8 | 32 | 64 GB | From 68b3f8a74c70fd1c2a8453e2d9cb407b53094647 Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Mon, 8 Dec 2025 15:48:10 -0500 Subject: [PATCH 3/5] address comments --- docs/intro_installation_byol_azure_conductor.md | 2 +- docs/intro_installation_byol_azure_mist.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/intro_installation_byol_azure_conductor.md b/docs/intro_installation_byol_azure_conductor.md index 2013152720..78f4313c44 100644 --- a/docs/intro_installation_byol_azure_conductor.md +++ b/docs/intro_installation_byol_azure_conductor.md @@ -82,7 +82,7 @@ To deploy the Session Smart Networking software via the Azure Portal: 6. Answer the following questions to launch the deployment of a Conductor. For a description of the parameters of the template, please refer to [Launch the Conductor Template](#launch-the-conductor-template). - Where do you want to deploy it? - - Provide the location where the VNet exists in the **Location** field (for example: eastus). All available locations [here](https://azure.microsoft.com/en-us/global-infrastructure/locations). Note the name of the Location field is one word and all lowercase like eastus, westus, westeurope, eastasia, etc. + - Provide the location where the VNet exists in the Location field (for example: eastus). Please refer to the following [list of locations](https://azure.microsoft.com/en-us/global-infrastructure/locations) and note that the name of the Location field is one word and all lowercase; e.g., eastus, westus, westeurope, eastasia. - What name do you want to give it? - Provide it in the **Instance Name** field (for example: Conductor). - What version of SSR software do you want to install? diff --git a/docs/intro_installation_byol_azure_mist.md b/docs/intro_installation_byol_azure_mist.md index 0438b5cfd3..321f52913b 100644 --- a/docs/intro_installation_byol_azure_mist.md +++ b/docs/intro_installation_byol_azure_mist.md @@ -40,7 +40,7 @@ The following infrastructure must exist in your Azure subscription: * The existing VNet is segmented with at least the following three subnets: - **Public Subnet**: This subnet must provide connectivity to enable communication with external/remote SSR peers as well as access to the Mist cloud infrastructure if no management subnet is provided. - **Private Subnet**: This subnet must provide connectivity to internal workloads within the cloud. - - **[OPTIONAL] Management Subnet**: This subnet must provide connectivity to the Mist cloud and is rachable for SSH administration purposes. + - **[OPTIONAL] Management Subnet**: This subnet must provide connectivity to the Mist cloud and is reachable for SSH administration purposes. * A Managed Identity with the minimum read permissions. ``` Microsoft.Compute/virtualMachines/read From bf04480ac8d23848d33bd68c94f9301929ef9000 Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Fri, 19 Dec 2025 09:03:15 -0700 Subject: [PATCH 4/5] add ha tags --- docs/intro_installation_byol_azure_conductor.md | 2 ++ docs/intro_installation_byol_azure_mist.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/intro_installation_byol_azure_conductor.md b/docs/intro_installation_byol_azure_conductor.md index 78f4313c44..c6c45e2858 100644 --- a/docs/intro_installation_byol_azure_conductor.md +++ b/docs/intro_installation_byol_azure_conductor.md @@ -620,6 +620,8 @@ In addition to using the cloud formation template, the admin can tag the interfa | WAN | Interface is marked as WAN for onboarding purposes. | | LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. | | MGMT | Interface is marked as MGMT and is assumed to have SSH connectivity. | +| HAFabric | Interface is marked as HAFabric and is used as the fabric link in an HA deployment. | +| HASync | Interface is marked as HASync and is used as the redundancy link in an HA deployment. | :::note The following role permissions are required on the resource's managed identity for tagging to be enabled diff --git a/docs/intro_installation_byol_azure_mist.md b/docs/intro_installation_byol_azure_mist.md index 321f52913b..186aa2b598 100644 --- a/docs/intro_installation_byol_azure_mist.md +++ b/docs/intro_installation_byol_azure_mist.md @@ -191,6 +191,8 @@ In addition to using the cloud formation template, the admin can tag the interfa | WAN | Interface is marked as WAN for onboarding purposes and is assumed to have connectivity to Mist cloud infrastructure. | | LAN | Interface is marked as LAN and is assumed to be used as a private network for internal workflows. | | MGMT | Interface is marked as MGMT and is assumed to have connectivity to Mist cloud infrastructure and SSH access prior to to site assignment. | +| HAFabric | Interface is marked as HAFabric and is used as the fabric link in an HA deployment. | +| HASync | Interface is marked as HASync and is used as the redundancy link in an HA deployment. | :::note The following role permissions are required on the resource's managed identity for tagging to be enabled From d3d1ed2490fe68f13a9e7252f0ee1e576c90a6e6 Mon Sep 17 00:00:00 2001 From: Sam Haberkorn Date: Fri, 19 Dec 2025 10:32:11 -0700 Subject: [PATCH 5/5] add ha naming conventions --- ...intro_installation_byol_azure_conductor.md | 23 +++++++++++++++++-- docs/intro_installation_byol_azure_mist.md | 14 ++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) diff --git a/docs/intro_installation_byol_azure_conductor.md b/docs/intro_installation_byol_azure_conductor.md index c6c45e2858..e37b36eb1e 100644 --- a/docs/intro_installation_byol_azure_conductor.md +++ b/docs/intro_installation_byol_azure_conductor.md @@ -23,7 +23,7 @@ Once you have selected the BYOL plan for your deployment, proceed to [Session Sm ## Selecting the Instance Size -The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). +The following instance types are supported for virtual SSR in Azure. Choose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). | Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | | ---| --- | @@ -239,7 +239,7 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "" }, "availabilitySetName": { - "value": "" + "value": "" }, "instanceSize": { "value": "Standard_F8s_v2" @@ -611,6 +611,25 @@ When logging to the Linux instance via SSH use the default username of `t128` an 5. Click **Review and Create** 6. If an onboarding configuration was not provided in step 4, follow the steps in the [Manual Onboarding](#manual-onboarding-1) section. +## Network Interface Layout +The _Session Smart Router Template_ deploys an instance for the SSR with two network interfaces and an optional third. The template attaches the network interfaces to the instance in the following order: Management (optional), Public, and Private. + +If a management interface is provided, the interfaces to be used are as follows + +| Network Interface name | Subnet | +| ---------------------- | ---------------- | +| ge-0-0 | Management | +| ge-0-1 | Public | +| ge-0-2 | Private | + +If no management interface is provided, the interfaces to be used are as follows +| Network Interface name | Subnet | +| ----------------------- | --------------- | +| ge-0-0 | Public | +| ge-0-1 | Private | +| ge-0-2 (If Applicable) | HASync | +| ge-0-3 (If Applicable) | HAFabric | + ## Interface Tagging In addition to using the cloud formation template, the admin can tag the interface with the key `SSR-ROLE`. The possible values are as follows: diff --git a/docs/intro_installation_byol_azure_mist.md b/docs/intro_installation_byol_azure_mist.md index 186aa2b598..af8ea28afa 100644 --- a/docs/intro_installation_byol_azure_mist.md +++ b/docs/intro_installation_byol_azure_mist.md @@ -19,7 +19,7 @@ Once you have selected the plan that best suits the needs of your deployment, pr ## Selecting the Instance Size -The following instance types are supported for virtual SSR in Azure. Chose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). +The following instance types are supported for virtual SSR in Azure. Choose the size that best meets your requirements. More information can be found in the [Azure Documentation](https://learn.microsoft.com/en-us/azure/virtual-machines/sizes). | Recommended Azure VM Size | Max vNICs Supported | vCPU Cores | Memory | | ---| --- | @@ -177,10 +177,12 @@ The network interfaces to be used in Mist configuration are as follows: If no management network interface is provided, the names to be used in the Mist configuration are as follows: -| Network Interface Name | Subnet | Mist Config Name | -| ---------------------- | ---------------- | ---------------- | -| ge-0-0 | Public | ge-0/0/0 | -| ge-0-1 | Private | ge-0/0/1 | +| Network Interface Name | Subnet | Mist Config Name | +| ----------------------- | --------------- | ---------------- | +| ge-0-0 | Public | ge-0/0/0 | +| ge-0-1 | Private | ge-0/0/1 | +| ge-0-2 (If Applicable) | HASync | ge-0/0/2 | +| ge-0-3 (If Applicable) | HAFabric | ge-0/0/3 | #### Interface Tagging @@ -330,7 +332,7 @@ Paste the following JSON content. Please adjust the values to your specific envi "value": "" }, "availabilitySetName": { - "value": "" + "value": "" }, "instanceSize": { "value": "Standard_F8s_v2"