Link Search Menu Expand Document

Microsoft Azure Virtual WAN

Configuration > Cloud Services > Microsoft Azure Virtual WAN

Microsoft Azure optimizes routing, automates large scale connectivity from various branches to Azure workloads, and provides unified network and policy management within Orchestrator. Use Azure to deploy to a single WAN circuit or for branch to branch connectivity by configuring virtual WANs to associated hubs.

Before you begin Microsoft Azure Virtual WAN configuration in Orchestrator, you need to use the Azure Virtual WAN portal to authenticate and authorize Orchestrator in Azure. You need to create the service principal, which focuses on single-tenant application to run within only one organization. Clickhereto get started.

Microsoft Azure Prerequisites

  1. Create an application in Azure and note the following Subscription details from the Azure Active Directory:

    • Subscription ID

    • Tenant (Directory) ID

    • Application (Client) ID

    • Client Secret Key

  2. Create a storage account in Azure and get the following:

    • Storage Account Name

    • Storage Access Key

  3. Create a resource group.

  4. Create Azure Virtual WANs with hubs from your resource groups.

Orchestrator Prerequisites

Complete the following tasks in Orchestrator:

  1. Configure a VTI IP Pool.

    • Enter a valid IPv4 Subnet.

      NOTE:This is a unique address across the network. VTI interfaces created for Azure integration will be selected from this pool.

      *INFO*Azure VTI interface zone is set to WAN interface zone. Any change in deployment for the WAN interface zone is applied to Azure VTI as well.

      WARNING:Any change in the VTI pool after it is configured is networking affecting. This operation should be performed during a maintenance window as it can take several hours for some Cloud services to complete.

  2. Configure BGP ASN Global Pool.

    • Enter the start and end ranges for ASNs.

    • Add any reserved ASNs to exclude from being applied to appliances.

      NOTE:If not previously enabled, Orchestrator enables BGP.

Orchestrator Configuration

When are you finished with the Azure and Orchestrator prerequisites, navigate to theMicrosoft Azure Virtual WANtab in Orchestrator. There are five buttons at the top of the table that are used to complete the Azure and Orchestrator integration:Subscription,Interface Labels,Virtual Wan Association,Tunnel Settings, andZone.

To begin, click theSubscriptionicon.

Subscription

  1. Enter the information in the Subscription fields that reflect your Azure portal account.

  2. ClickSaveafter you have finished entering the information in the table below. The Azure field should reflectConnected.

The following table represents the values in theSubscriptionwindow from the Azure portal.

Field Description
Azure Reachability Connection status of your account with Azure.
Subscription ID ID of your subscription.
Tenant ID Name of your Azure AD tenant.
Client ID Client ID of your Azure portal.
Client Secret Key Secret key of your Azure application.
Storage Account Name Name of your storage account.
Storage Account Key Storage account key.
Storage URL Storage account URL.*
Configuration Polling Interval Indicates hows often Orchestrator should check for configuration changes in Azure. The default polling interval is ten minutes.

*Storage URL

The Storage URL is present on theStorage Accountstab in your Azure portal. Complete the following steps to obtain your storage account URL.

  1. After your storage account is created in Azure, create a blob container.

  2. Get the blob container URL.

  3. 后缀的URL削减和添加一个文件的名字theStorage URLfield.

    NOTE:Append the URL with a slash for the file name. Do not end the URL with a slash.

Interface Labels

Select the order in which you want your interface labels to be used.

  1. Click theInterface Labelsbutton. TheBuild Tunnels Using These Interfacesdisplays.

  2. Drag the Interface labels you want to use into thePreferred Interface Label Ordercolumn.

  3. ClickSave.

Virtual WAN Association

Each appliance is associated withonevirtual WAN. Use the Virtual Wan Association button to add or remove specific sites to your virtual WANs.

  1. Click theVirtual Wan Associationbutton.

  2. Select an appliance from the tree in the left menu.

  3. Select the check box toAddorRemovethe appliance to your virtual WAN in Azure.

Tunnel Settings

TheTunnel Settingsbutton opens the Tunnel Setting dialog box, which enables you to define the tunnels associated with Azure and Orchestrator. It is recommended that you use the default tunnel settings for General, IKE, and IPSec; however, you can modify any field. The tunnel settings are set using the default VPN configuration parameters received from virtual WAN APIs located in your Azure portal account.

In your Azure Portal Account, navigate to the Azure Configuration table. This table displays the VPN site created for Orchestrator appliances associated to Azure virtual WANs. Additionally, manually associate sites to your hubs in Azure.

  1. Navigate toAzure Virtual WAN.

  2. SelectAzure VPN site.

  3. SelectNew Hub Association.

Zone

You can apply configured segments to your VTI interfaces associated for Azure. Click theZonebutton and select the zone from the drop-down you want to apply.

Verification

TheTunnelpage displays that Azure and Orchestrator have an established connection with Azure by displaying a tunnel status ofup - active.

For more information about Azure configuration, visit the following link:https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu