riverbed Installing SteelConnect EX on Azure Installation Guide
- June 3, 2024
- riverbed
Table of Contents
riverbed Installing SteelConnect EX on Azure
Installing SteelConnect EX on Azure
For Releases 21.2.1 and later
This article describes how to install, or instantiate, a SteelConnect EX
branch device on Microsoft Azure. To perform the installation, you upload the
product software image to the Azure portal and create an Azure active
directory application for the software. Then, SteelConnect EX Director does
the following:
- Orchestrates the SteelConnect EX OS software deployment.
- Applies and instantiates post staging configuration to the device to set it to be an SD-WAN gateway.
- Instantiates the device to set it to be a vCPE.
A SteelConnect EX vCPE is a standalone Virtual Customer Premises Equipment device that performs Layer 3 through Layer 7 network functions.
Upload SteelConnect EX Image to Azure Portal
To install the SteelConnect EX OS software on a branch device, first upload the SteelConnect EX software image to the Azure portal.
Create an Azure Active Directory Application
To allow the SteelConnect EX OS software to access and modify Azure resources,
you register the SteelConnect EX software as an application in Azure Active
Directory (AD), which is a cloud-based identity and access management service.
In Azure AD, you define who can access the SteelConnect EX software and which
actions users are permitted to perform with the software.
To create an Azure AD application for SteelConnect EX software, first check
that that you and your Azure subscription account have the proper permissions.
Then create the Azure AD application.
Before you create an Azure AD application for the SteelConnect EX software, ensure that you have the following:
- Permissions to register an application with Azure AD tenant
- Permissions to assign a role to an application in Azure subscription
Check Azure AD and Subscription Permissions
To create an Azure AD application, you must have an administrator role in
Azure AD, and your Azure subscription account must have
Microsoft.Authorization/*/Write access so that you can assign an AD
application to a role.
To check your Azure AD and subscription permissions:
- Log in to the Azure portal.
- Select Azure Active Directory.
- In the Azure Active Directory Preview window, select User Settings.
- Check the setting in the App Registrations: Users Can Register Applications field. If the field is set to Yes, any user in the Azure AD tenant can register an application. Continue with Step 11, to check your Azure subscription permissions. If the field is set to No, only administrative users can register an application. Continue with Step 5, to assign permission to other users to register an application.
- In the left navigation bar, click Overview.
- In the Quick Tasks pane, click Find a User.
- In the search box, type the name of the person you want to assign registration permission to, and then click the name.
- In the left navigation bar, select Directory Role to view the Azure AD permissions for the user.
- Review the Azure AD permissions for the user. The user must have either the global administrator or limited administrator role. If they do not, ask your administrator to assign the user to one of the administrator roles or to set the permissions such that the user can register applications.
- In the left navigation bar, select Azure Resources to view the role assigned to the subscription account.
- Review the assigned role for the subscription account. The subscription account must have the role of either Owner or User Access Administrator. These roles grant Microsoft.Authorization/*/Write access, which is required to assign an AD application to a role. If the account does not have the appropriate permission, ask your subscription administrator to add you to the User Access Administrator role. For information about Azure roles, see the ‘Built-in Roles for Azure Resources’ article on the Microsoft Azure website.
Create an Azure AD Application
To create the Azure AD application for the SteelConnect EX OS software:
-
Log in to the Azure portal.
-
Select the Azure Active Directory.
-
In the left navigation bar, select App Registrations.
-
Click New Registration.
-
In the Register an Application pane, enter the following information:
a. In the Name field, enter name of the application.
b. In the Supported account types field, click Accounts in the organizational directory only (Default Directory Only–Single Tenant) option.
c. In the Redirect URI field, select Web from the drop-down list. -
Click Register.
Get the Application ID, Tenant ID, and Client Secret
To sign in to the SteelConnect EX application in the Azure AD, you need an
application ID, a tenant ID, and a client secret. To get these:
- From App Registrations in Azure AD, select your application.
- Copy the application and directory IDs and save them for future use. Note that in SteelConnect EX Director, the application ID is referred to as the client ID and the directory ID is referred to as the tenant ID.
- Select Certificates and Secrets, and then click New Client Secret to generate an authentication key.
- In the Add a Client Secret pane, enter the following information:
a. In the Description field, enter a text description for the key.
b. In the Expires field, select the duration of the key.
c. Click Add to generate the client secret value for the application, which is shown in the Value field.
d. Copy the client secret value and store it in a safe place. You cannot retrieve the key later.
Assign a Role to the Azure AD Subscription
To access the resources in your Azure AD using the application you created, you must assign a role at your Azure subscription level for the application. For information about Azure roles, see the Built-in Roles for Azure Resources article on the Microsoft Azure website.
To assign a role to the Azure AD subscription:
- Log in to Azure portal.
- Select Subscriptions.
- To retrieve the Azure subscription ID, click the subscription name in the Subscriptions pane.
- Select Overview in the left menu bar, and then copy the subscription ID.
- Select Access Control (IAM), and then click the Add icon and select Add Role Assignment.
- In the Add Role Assignment pane, enter the following information:
a. In the Role drop-down, select Contributor.
b. In the Assign access to drop-down, select Azure AD User, Group, or Service Principal.
c. In the Select field, search for the registered application, and select the application.
d. Click Save.
Connect a SteelConnect EX Branch to SteelConnect EX Director
The SteelConnect EX Director orchestrates the installation of the SteelConnect
EX software image on the branch device and the configuration of the branch
device. For this to happen, you must establish a cloud management system (CMS)
connector between SteelConnect EX Director and the branch device in Azure.
Create Organizations
The CMS connector between the SteelConnect EX branch device in Azure and
SteelConnect EX Director is associated with an organization. Ensure that you
have created the necessary organizations.
Add a CMS Connector
- Log in to SteelConnect EX Director.
- Select the Administration tab in the top menu bar.
- Select Connectors > CMS in the left menu bar. The CMS connectors table displays.
- Click the Add icon. In the Add CMS Connector window, enter information for the following fields.
- Click ok
To test that the CMS connector is operating properly:
- Log in to SteelConnect EX Director.
- In the top bar, click the Administration tab.
- In the left navigation bar, select Connectors > CMS.
- In the right pane, select the name of the CMS connector.
- Click the Validate Connector icon.
- For valid credentials, the message “Valid Credentials” displays at the bottom of the pane.
Associate a CMS Connector with an Organization
After you have added a CMS connector, you associate it with an organization that you have already configured on the SteelConnect EX Director. You can do this in one of two ways.
Method 1:
- Log in to SteelConnect EX Director.
- Select the Administration tab in the top menu bar.
- Select Organizations in the left menu bar. The main pane displays the organizations.
- Select the organization you want to associate with the connector. In the Edit Organization window, enter the following information:
a. Select the CMS Connectors tab.
b. In the Available pane, click the Azure connector.
c. Click the > icon to add the connector to the Selected pane.
d. Click OK.
Method 2:
- Log in to SteelConnect EX Director.
- Select the Workflows tab in the top menu bar.
- Select Infrastructure > Organizations in the left menu bar. The Organizations table displays.
- Select the organization you want to associate with the connector. In the Create Organization window, enter the following information:
a. Select the CMS Connectors tab.
b. In the Available pane, click the Azure connector to add it to the Selected pane.
c. Click Redeploy.
Riverbed and any Riverbed product or service name or logos used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein may not be used without the prior written consent of Riverbed Technology or their respective owners.
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>