Installing in Azure

Introduction

This guide describes the process for deploying a 128T Conductor and a 128T Session Smart Router in Azure.

128T Conductor Deployment

Requirements

The following infrastructure must exist in your Azure subscription:

  • A VNet where the 128T Conductor will be deployed.
  • The existing VNet should be segmented with at least one subnet.
    • This subnet should be reachable for SSH and HTTPs access for administration purposes.
    • The 128T Routers managed by this 128T Conductor must be able to reach the IP address of Conductor in this subnet.

Deployment

A 128T Conductor can be deployed manually via the Azure Portal or in an automated fashion using Azure CLI or PowerShell commands. This section describes both methods, please proceed to the method that better suits your needs.

When deploying the 128 Technology Conductor using the templates referenced later in this section, the following infrastructure elements are created automatically on your behalf in order to assist you with the deployment process:

  • Virtual machine using a 128 Technology image available in the marketplace.
  • The Conductor is deployed with one network interface known as the control interface.
  • The network interface has a network security group associated.
  • The control interface has a unique and static public IP address associated.
  • Depending on the template selected the 128T Conductor application or the 128T installer will be installed.

The following image depicts a graphical representation of the infrastructure elements deployed:

Conductor deployment

Azure Portal

Please click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image and click on the tab "Plans" as shown in the following picture:

Plans

Lastly click on the "Launch" link of the template that better suits your needs.

Answer the following 3 questions to launch the deployment of a 128T Conductor (additional information here):

  • What name do you want to give it?
    Provide it in the "Instance Name" field (for example: 128TConductor).
  • Where do you want to deploy it?
    Provide the location where the VNet exists in the "Location" field (for example: eastus. All available locations here), the name of the VNet in the "Virtual Network Name" field (for example: 128T-VNet) and the name of a subnet in the "Control Subnet Name" field (for example: default).
  • Who is going to be the administrator?
    Provide an username (for example: t128) in the "Admin Username" field and the content of your public SSH key in the "Admin Public Key Data" field respectively.

Agree to the terms of use and conditions of the deployment and lastly click on the "Purchase" button to launch the deployment.

Plans

Once the deployment completes, information of the newly 128T Conductor deployment is provided in the Outputs tab placed on the left hand side. Click on the HTTPs URL to login to the 128T Conductor GUI (if the web browser used is Chrome and it does not trust the connection to the 128T Conductor GUI due to its self-signed certificate type: thisisunsafe). The credentials are "admin" for username and the name of the VM for the password. To login to the VM via SSH use the username and the SSH public key provided in the template.

important

Be sure to change the password that conforms to your business' password requirements and criteria.

Azure CLI or PowerShell

Please click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Click on the tab "Plans" as shown in the following picture:

Plans

Lastly copy to the clipboard the URL of the template located in the field "URL" that better suits your needs.

Create the parameters file, accept the terms of use and conditions of the image and lastly launch the deployment with the corresponding Azure CLI or PowerShell commands making use of the URL of the template identified previously. For additional information please click here.

Once the deployment completes, information of the newly 128T Conductor deployment is provided in the Outputs section. Click on the HTTPs URL to login to the 128T Conductor GUI (if the web browser used is Chrome and it does not trust the connection to the 128T Conductor GUI due to its self-signed certificate type: thisisunsafe). The credentials are "admin" for username and the password is the name of the VM. To login to the VM via SSH use the username and the SSH public key provided in the template.

important

Be sure to change the password that conforms to your business' password requirements and criteria.

128T Session Smart Router Deployment

Requirements

The following infrastructure must exist in your Azure subscription:

  • A VNet where the 128T Session Smart Router will be deployed.
  • An Availability Set where the 128T Session Smart Router will be deployed.
  • The existing VNet should be segmented with at least three subnets. The role of each subnet is described below:
    • Public subnet. The expectation is that this subnet provides connectivity to enable communication with external/remote 128T Router peers.
    • Private subnet. The expectation is that this subnet provides connectivity to internal workloads within the cloud.
    • Management subnet. The expectation is that this subnet meets the following capabilities:
      • This subnet should be reachable via SSH for administration purposes.
      • The interface of the 128T Conductor that is going to manage this router must be reachable from this subnet.
important

Please note that deploying 128 Technology Session Smart Routers without a valid certificate will be limited to deployments within the cloud only. If your use case requires the deployment of a 128T Router on your premises as well please contact 128 Technology directly here.

Deployment

A 128T Session Smart Router can be deployed manually via the Azure Portal or in an automated fashion using Azure CLI or PowerShell commands. This section describes both methods, please proceed to the method that better suits your needs.

When deploying a 128T Session Smart Router using either of the templates referenced later in this section, the following infrastructure elements are created automatically on your behalf in order to assist you with the deployment process:

  • Virtual machine using a 128 Technology image available in the marketplace.
  • The router is deployed with three network interfaces: public, private and management interfaces.
  • Each network interface has a network security group associated. The network security groups are configured in accordance with the requirements to deploy a fabric with 128 Technology.
  • The public and management interfaces have a unique and static public IP address associated.
  • Depending on the template selected the 128T Session Smart Router application or the 128T installer will be installed.

The following image depicts a graphical representation of the infrastructure elements deployed:

Router deployment

Azure Portal

Please click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image and click on the tab "Plans" as shown in the following picture:

Plans

Lastly click on the "Launch" link of the template that better suits your needs.

Answer the following 4 questions to launch the deployment of a 128T Session Smart Router (additional information here):

  • What name do you want to give it?
    Provide it in the "Instance Name" field (for example: 128TRouter).
  • Where do you want to deploy it?
    Provide the location where the VNet exists in the "Location" field (for example: eastus. All available locations here), the name of the VNet in the "Virtual Network Name" field (for example: 128T-VNet), the name of the availability set in the "Availability Set Name" field (for example: 128TRouterSet) and the name of the public, private and management subnets in the "Public Subnet Name", "Private Subnet Name" and "Management Subnet Name" fields respectively (for example: wan, lan and default).
  • Which 128T Conductor is going to manage it?
    Provide the IP address of the primary node of Conductor in the "Conductor Primary Control IP" field, and only if the Conductor is highly available then provide the IP address of the secondary node of Conductor in the "Conductor Secondary Control IP" field. Please check the public IP address assigned to the 128 Technology Conductor deployed in the previous section.
  • Who is going to be the administrator?
    Provide an username (for example: t128) and the content of your public SSH key in the "Admin Username" and "Admin Public Key Data" fields respectively.

Agree to the terms of use and conditions of the deployment and lastly click on the "Purchase" button to launch the deployment.

Plans

Once the deployment completes, information of the newly 128T Session Smart Router deployment is provided in the Outputs tab placed on the left hand side. To login to the instance via SSH use the username and the SSH public key provided in the template.

The deployment will be non interactive as the Zero Touch Provisioning (ZTP) method will be triggered. The ZTP process will take 1-2 minutes to initialize. Please login to Conductor via HTTPs to associate the pending asset with the configuration of the router once the ZTP process is ready to start.

Azure CLI or PowerShell

Please click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Click on the tab "Plans" as shown in the following picture:

Plans

Lastly copy to the clipboard the URL of the template located in the field "URL" that better suits your needs.

Create the parameters file, accept the terms of use and conditions of the image and lastly launch the deployment with the corresponding Azure CLI or PowerShell commands making use of the URL of the template identified previously. For additional information please click here.

Once the deployment completes, information of the newly 128T Session Smart Router deployment is provided in the Outputs section. To login to the VM via SSH use the username and the SSH public key provided in the template.

Network interfaces layout

The "Session Smart Router" template deploys a VM for the 128T Session Smart Router with three network interfaces. The template attaches the network interfaces to the VM in the following order: Management, Public and Private, therefore the network interfaces are mapped as follows:

Network interface nameSubnet
eth3Management
eth4Public
eth5Private

In order to configure the 128T Router is required to find the PCI address associated to each network interface, in the table above eth4 and eth5. To do so login via SSH to the VM corresponding to the 128T Session Smart Router as indicated in the Outputs section of the deployed template, and then run the following command:

sudo dpdk-devbind.py --status

The relevant information is the first column and the parameter "if" of the "Network devices using kernel driver section" as shown in the following picture:

DPDK PCI addresses

In the example shown above the output of the command indicates the PCI address mapping corresponding to each network interface as follows:

Network interface nameSubnetPCI address
eth3Managementbe6d:00:02.0
eth4Public8061:00:02.0
eth5Privatea994:00:02.0

Later, when this managed 128T Router is being configured via its corresponding 128 Technology Conductor, please use the PCI addresses obtained to configure its device interfaces accordingly. In this example the PCI address for the "Public" interface (eth4) is "8061:00:02.0" and the PCI address for the "Private" interface (eth5) is "a994:00:02.0".

Annexes

Marketplace images

This section describes in greater detail the different 128T images available in the Marketplace. For a quick and easy deployment of the 128T software for Proof Of Concept purposes, please refer to the hourly images that are linked in the first two sections of this document: 128T Conductor Deployment and 128T Session Smart Router Deployment.

128 Technology Conductor images

The images available to deploy a 128T Conductor are the following:

  • 128 Technology Conductor. No certificate from 128 Technology is required to deploy this image, therefore it is the recommended image to use if a certificate from 128 Technology is not in your possession. The 128T software is billed hourly when running in addition to the cost of running the VM. For additional information about this image please visit the Marketplace here.
  • 128T Networking Platform. A certificate from 128 Technology is required to install the software, therefore it is the recommended image to use if a certificate from 128 Technology is in your possession. There is no cost for running the 128T software, the cost of running the VM is the only cost. For more information about the image please visit the Marketplace here.
  • Private. No certificate from 128 Technology is required to deploy this image. There is no cost for running the 128T software, the cost of running the VM is the only cost. Access to the 128 Technology software should have been provided to your Azure subscription as a result of a partnership agreement.

A section for each of the images available discussed above is shown next. To start with the deployment, please proceed to the section of the image which better suits your requirements.

128 Technology Conductor (Hourly)

To deploy the 128T Conductor using the 128 Technology Conductor (Hourly) image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once in the Marketplace type "128 Technology" in the search bar within the Marketplace and hit the Enter key as depicted in the following screenshot:

Search

Next click on the "128 Technology Conductor" offering:

128 Technology Conductor Hourly
128T Networking Platform (BYOL)

To deploy the 128T Conductor using the 128T Networking Platform (BYOL) image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once in the Marketplace type "128 Technology" in the search bar within the Marketplace and hit the Enter key as depicted in the following screenshot:

Search

Next click on the "128T Networking Platform" offering:

128T Networking Platform
Private

To deploy the 128T Conductor using the private image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once your subscription id has been whitelisted the following banner will be shown in the Marketplace:

Marketplace private offerings

Click on it, and click on the "128 Technology Conductor" offering as shown next:

128 Technology Conductor Private

128T Session Smart Router images

The images available in the Azure Marketplace to deploy a 128T Session Smart Router are the following:

  • 128T Session Smart Router. No certificate from 128 Technology is required to deploy this image, therefore it is the recommended image to use if a 128 Technology certificate is not in your possession. The 128T software is billed hourly when running in addition to the cost of running the VM. For additional information about this image please visit the Marketplace here.
  • 128T Networking Platform. A certificate from 128 Technology is required to install the software, therefore it is the recommended image to use if a 128 Technology certificate is in your possession. There is no cost for running the 128T software, the cost of running the VM is the only cost. For more information about the image please visit the Marketplace here.
  • Private. No certificate from 128 Technology is required to deploy this image. There is no cost for running the 128T software, the cost of running the VM is the only cost. Access to the 128 Technology software should have been provided to your Azure subscription as a result of a partnership agreement.

A section for each of the images available discussed above is shown next. To start with the deployment, please proceed to the section of the image which better suits your requirements.

128T Session Smart Router (Hourly)

To deploy the 128T Session Smart Router using the 128T Session Smart Router (Hourly) image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once in the Marketplace type "128 Technology" in the search bar within the Marketplace and hit the Enter key as depicted in the following screenshot:

Search

Next click on the "128T Session Smart Router" offering:

128 Technology Session Smart Router Hourly
128T Networking Platform (BYOL)

To deploy the 128T Session Smart Router using the 128T Networking Platform (BYOL) image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once in the Marketplace type "128 Technology" in the search bar within the Marketplace and hit the Enter key as depicted in the following screenshot:

Search

Next click on the "128T Networking Platform" offering:

128T Networking Platform
Private

To deploy the 128T Session Smart Router using the private image is to login to the Azure Portal and in the search bar at the top search for "Marketplace" as shown in the following picture:

Marketplace

Once your subscription id has been whitelisted the following banner will be shown in the Marketplace:

Marketplace private offerings

Click on it, and click on the "128T Session Smart Router offering as shown next:

128 Technology Session Smart Router Private

Agree to the terms of use and privacy policy

To agree to the terms of use and privacy policy of the 128T image to be used, click on the "Get it now" button as shown in the following image:

128 Technology Conductor Hourly

Click on the button "Continue" in order to agree to the terms of use and privacy policy.

If you want to deploy the 128T software programmatically it is necessary to enable programmatic deployment and accept its terms of use as well. If programmatic deployment is desirable please click on the "Get started" button located under the "Create" button as shown in the image below:

Plans

Lastly, select the subscription you want to apply the changes to and click the "Save" button.

Alternatively, it is possible to accept the term of use and privacy policy programmatically. The PowerShell commands for each 128 Technology image are shown next, please run the commands corresponding to the image you want to use:

  • 128 Technology Conductor:
Get-AzureRmMarketplaceTerms `
-Publisher "128technology" `
-Product "128technology_conductor_hourly" `
-Name "128 Technology Conductor" `
| Set-AzureRmMarketplaceTerms -Accept
  • 128T Session Smart Router:
Get-AzureRmMarketplaceTerms `
-Publisher "128technology" `
-Product "128technology_router_100_hourly" `
-Name "128T Session Smart Router - 100 Mbps" `
| Set-AzureRmMarketplaceTerms -Accept
  • 128T Networking Platform:
Get-AzureRmMarketplaceTerms `
-Publisher "128technology" `
-Product "128t_networking_platform" `
-Name "128T Networking Platform" `
| Set-AzureRmMarketplaceTerms -Accept

Load the template

Once the term of use and privacy policy have been accepted click on the tab "Plan", the templates available will be listed.

Click on the desired template, a new tab will be opened in the browser which will redirect you to its form.

important

As an additional note and only applicable when the chosen image is the 128T Networking Platform, please be aware of the following conditions before using any of its templates:

  • Applicable when deploying either a 128 Technology Conductor or a 128T Session Smart Router using the 128T Networking Platform image only:
    • The management network must allow outbound access to the Internet so that the 128T installer can download the 128T software from the 128T YUM repositories available on the Internet.
  • Applicable when deploying a 128T Session Smart Router using the 128T Networking Platform image only:
    • If there is an existing 128T Conductor in the network and the intent is to perform a non interactive installation of a 128T Router (for example a ZTP installation) please make sure the certificate provided by 128 Technology has been imported and loaded in 128T Conductor before launching this template.

Launch the template

This section describes how to fill out and launch the template via the portal and programmatically to deploy a 128 Technology Conductor as well as a 128T Session Smart Router.

128 Technology Conductor

This section describes the parameters to fill out the template to deploy a 128 Technology Conductor as well as how to launch it via the portal and programmatically.

A description of the parameters of the template are listed in the following table:

ParameterDescription
SubscriptionSubscription for the deployment.
Resource groupSelect an existing resource group or create a new one.
LocationThe first instance of the Location field will be filled out automatically with the location corresponding to the resource group on your behalf.
Instance NameFill out the Instance Name field to provide a name to the VM for the 128T Conductor.
LocationAs indicated in the requirements, the 128T Conductor is going to be deployed into an existing VNet. The Location field is the name of the location where such VNet exists. Please refer to the following list https://azure.microsoft.com/en-us/global-infrastructure/locations (the name of the Location field is one word and all lowercase). Example: eastus, westus, westeurope, eastasia...
Virtual Network NameName of the existing VNet where the 128T Conductor is going to be deployed to.
Control Subnet NameThe name of the control subnet within the VNet.
Control Allowed CIDRIt is used to define a trusted source IP address range which represents the source IP addresses of the management interface of the 128T Routers to be managed. Connections originated from source IP addresses which are outside the range are not allowed, effectively protecting the Control Subnet. It is common to set this field to 0.0.0.0/0 (accepting traffic from all source IP addresses) for now, as the source IP addresses of the 128T Routers may not be known at this time. However, after the deployment and once these external IP addresses are known, it may be desirable to provision them explicitly in the corresponding security groups to increase the degree of security.
Instance sizeSize of the VM.
Admin UsernameThe desired username to login to the VM (Linux) via SSH.
Admin Public Key DataPaste in this field the SSH public key to be used to authenticate with the VM (Linux) instance via SSH. The key needs to be at least 2048-bit and in ssh-rsa format. Please find the following an example of a valid key next (To reduce the length of the key in this example multiple character have been replaced by three dots): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHwB1Qe1KndGqKuT3F...GumfdHfdasy8N0kncMtp2wtkqoLsRWdJ4/WKaZBOrPd4Q== admin@Admin-MacBook-Pro.local. For more information about creating ssh keys see Create SSH keys on Linux and Mac for Linux VMs in Azure.
Admin Allowed CIDRIt allows for restricting reachability to the control interface of the Conductor to a well known source IP address CIDR range for management purposes. It is common to set this field to 0.0.0.0/0 (accepting traffic from all source IP addresses) for now, as the source IP address/es where the Conductor will be administered from may not be known at this time. However, once the deployment completes, it is highly recommended to update the configuration of the network security group to allow only access from the source IP address/es where the 128T Conductor will be administered.
Certificate SASURLOptional field and only applicable to BYOL images. The field Certificate SAS URL is optional even when deploying a BYOL image. If the field is not set the installation of the 128T software will be interactive and will commence after logging into the instance via SSH. On the other hand, if the field is set to a SAS URL that points to a valid 128 Technology certificate then the deployment will be performed in non interactive mode, in other words, the latest version of the 128T software will be installed as part of the deployment automatically on your behalf. Please note that installing the 128T software requires additional time. While the 128T software installs SSH access to the VM instance will be disabled, and it will be enabled once the 128T software installation completes. For additional information regarding how to obtain a SAS URL for your 128 Technology certificate please refer to Certificate SAS URL.

Accept the terms and conditions of the deployment ticking on the box "I agree to the terms and conditions stated above".

Lastly click on the button Purchase to start the deployment.

Once the deployment of the template completes, information of the newly 128T Conductor deployment is provided in the tab Output placed at the left hand side.

Plans

The information listed in the Outputs tab is the following:

  • Name of the VM instance.
  • Public IP address for administration purposes.
  • HTTPs URL to login to the 128T Conductor GUI. Please continue to the end of this section below for more information regarding the credentials to login.
  • SSH command to login to the Linux VM. Please continue to the end of this section below for more information regarding the credentials to login.
important

When logging to the Linux instance via SSH make use of the username specified in the "Admin Username" field and the corresponding private key specified in the "Admin Public Key Data" field. When logging to the 128T application via CLI or HTTPs the username is "admin" and the password:

  • For Hourly and Private images the password is the name of the VM.
  • For BYOL images the password is the one that was specified during the interactive initialization process.

Alternatively, it is possible to launch the template programmatically. The PowerShell commands for each 128 Technology image are shown next, please run the commands corresponding to the image you want to use:

128 Technology Conductor (Hourly)

Create the parameters file conductor_hourly.parameters.json with the following command:

vi conductor_hourly.parameters.json

and paste the following JSON content, please adjust the values to your specific environment:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"instanceName": {
"value": "<instance name>"
},
"location": {
"value": "<location of the VNet>"
},
"virtualNetworkName": {
"value": "<name of the VNet"
},
"controlSubnetName": {
"value": "<name of the subnet>"
},
"controlAllowedCidr": {
"value": "0.0.0.0/0"
},
"instanceSize": {
"value": "Standard_DS3_v2"
},
"adminUsername": {
"value": "<username>"
},
"adminPublicKeyData": {
"value": "<content of ssh-rsa key>"
},
"adminAllowedCidr": {
"value": "0.0.0.0/0"
}
}
}

Click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Close the "Configure Programmatic Deployment" window, click on the tab "Plans" and lastly copy to the clipboard the URL of the "Standalone Conductor" template located in the field "URL". Lastly launch the template running the following command:

New-AzResourceGroupDeployment -ResourceGroupName <your-resource-group-name> `
-TemplateUri <template-URL> `
-TemplateParameterFile ./conductor_hourly.parameters.json
128T Networking Platform (BYOL)

Create the parameters file conductor_byol.parameters.json with the following command:

vi conductor_byol.parameters.json

and paste the following JSON content, please adjust the values to your specific environment:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"instanceName": {
"value": "<instance name>"
},
"location": {
"value": "<location of the VNet>"
},
"virtualNetworkName": {
"value": "<name of the VNet>"
},
"controlSubnetName": {
"value": "<name of the subnet>"
},
"controlAllowedCidr": {
"value": "0.0.0.0/0"
},
"instanceSize": {
"value": "Standard_DS3_v2"
},
"adminUsername": {
"value": "<username>"
},
"adminPublicKeyData": {
"value": "<content of ssh-rsa key>"
},
"adminAllowedCidr": {
"value": "0.0.0.0/0"
}
}
}

Click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Close the "Configure Programmatic Deployment" window, click on the tab "Plans" and lastly copy to the clipboard the URL of the "Standalone Conductor" template located in the field "URL". Lastly launch the template running the following command:

New-AzResourceGroupDeployment -ResourceGroupName <your-resource-group-name> `
-TemplateUri <template-URL> `
-TemplateParameterFile ./conductor_byol.parameters.json

128T Session Smart Router

This section describes the parameters to fill out the template to deploy a 128T Session Smart Router as well as how to launch it via the portal and programmatically.

A description of the parameters of the template are listed in the following table:

ParameterDescription
SubscriptionSubscription for the deployment.
Resource groupSelect an existing resource group or create a new one.
LocationThe first instance of the Location field will be filled out automatically with the location corresponding to the resource group on your behalf.
Instance NameProvide a name to the VM for the 128T Session Smart Router.
LocationAs indicated in the requirements, the 128T Technology Router is going to be deployed into an existing VNet. The Location field is the name of the location where such VNet exists. Please refer to the following list https://azure.microsoft.com/en-us/global-infrastructure/locations (the name of the Location field is one word and all lowercase). Example: eastus, westus, westeurope, eastasia...
Virtual Network NameName of the existing VNet where the 128T Session Smart Router is going to be deployed to.
Avaiability SetName of the existing availability set within the same resource group and region as the VNet selected above the 128 Technology Router is going to be deployed to.
Public Subnet NameThe name of the public subnet within the VNet.
Public Allowed CIDRIt corresponds to the source IP CIDR range of the 128T Router/s at the data center/branch (outside the cloud) allowed to originate traffic to the public interface of the router. This field allows for defining a well defined and trusted IP address range. It is common to set this field to 0.0.0.0/0 for now, as the source IP addresses of the routers at the data center or branch (outside the cloud) are not known at this time. However, after the deployment and once these external IP addresses are known it is recommended to provision them in the corresponding security groups to increase the degree of security.
Private Subnet NameThe name of the private subnet within the VNet.
Private Allowed CIDRIt corresponds to the source IP CIDR range of the internal workloads/endpoints allowed to originate traffic to the private interface of the router. This field allows for defining a well defined and trusted IP address range. By default is set to 0.0.0.0/0 to allow every workload/endpoint to communicate with the router.
Management Subnet NameThe name of the management subnet within the VNet.
Admin Allowed CIDRIt allows for restricting reachability to the management interface of the router to a well known source IP address CIDR range. By default is set to 0.0.0.0/0 allowing every IP address to reach the management interface. Once the deployment completes, it is highly recommended to update the configuration of the network security group to allow only access from the source IP address/es where the 128T Session Smart Router will be administered.
Conductor Primary Control IPIf a 128 Technology Conductor has already been deployed, fill out the field Conductor Primary Control IP with the IP address of the control interface of the primary node of 128 Technology Conductor. The IP address of the control interface of Conductor should be reachable from the Management subnet selected above. It must be a valid IP address of the form x.x.x.x. If no 128 Technology Conductor has been deployed yet or the intention is simply deploying an unmanaged router please refrain from entering any value in this field.
Conductor Secondary Control IPIf there is an existing 128 Technology Conductor already deployed and the deployment of the Conductor is Highly Available, please enter the IP address of the control interface of the secondary node of 128 Technology Conductor in the field Conductor Secondary Control IP. If the existing deployment of the 128 Technology Conductor is not Highly Available, in other words if the Conductor is standalone, please refrain from entering any value in this field.
Instance sizeSelect the size of the VM in the field Instance Size.
Admin UsernameFill out the field Admin Username with the desired username to login to the VM (Linux) via SSH.
Admin Public Key DataPaste in the field Admin Public Key Data the SSH public key to be used to authenticate with the VM (Linux) instance via SSH. The key needs to be at least 2048-bit and in ssh-rsa format. Please find the following an example of a valid key next (To reduce the length of the key in this example multiple character have been replaced by three dots): ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHwB1Qe1KndGqKuT3F...GumfdHfdasy8N0kncMtp2wtkqoLsRWdJ4/WKaZBOrPd4Q== admin@Admin-MacBook-Pro.local. For more information about creating ssh keys, see Create SSH keys on Linux and Mac for Linux VMs in Azure.

Accept the terms and conditions of the deployment ticking on the box "I agree to the terms and conditions stated above".

Lastly click on the button Purchase to start the deployment.

Once the deployment of the template completes, information of the newly 128T Session Smart Router deployment is provided in the tab Output placed at the left hand side.

Plans

The information listed in the Outputs tab is the following:

  • Name of the VM instance.
  • Public IP address assigned to the management interface of the instance.
  • SSH command to login to the Linux VM via the management interface.

If the IP address/es of a Conductor were provided in the template, the deployment will be non interactive as Zero Touch Provisioning (ZTP) method will be triggered. Once the VM is deployed wait for an additional 2-3 minutes for the ZTP process to initialize. Once the ZTP process is ready to start there will be an asset in Conductor waiting to be associated with the configuration of the router. Please login to Conductor via HTTPs and associate the pending asset to the desired configuration suited for the newly deployed router.

If no IP address/es of a Conductor were provided an unmanaged router will be deployed, initialized, and ready to be configured, in this case proceed to login to the router via SSH.

important

When logging to the Linux instance via SSH make use of the username specified in the "Admin Username" field and the corresponding private key specified in the "Admin Public Key Data" field. When logging to the 128T application via CLI or HTTPs the username is "admin" and the password will be:

  • For Hourly and Private images the password is the name of the VM.
  • For BYOL images the password is the one that was specified during the interactive initialization process.

Alternatively, it is possible to launch the template programmatically. The PowerShell commands for each 128 Technology image are shown next, please run the commands corresponding to the image you want to use:

128T Session Smart Router (Hourly)

Create the parameters file router_hourly.parameters.json with the following command:

vi router_hourly.parameters.json

and paste the following JSON content, please adjust the values to your specific environment:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"instanceName": {
"value": "<instance name>"
},
"location": {
"value": "<location of the VNet>"
},
"virtualNetworkName": {
"value": "<name of the VNet>"
},
"availabilitySetName": {
"value": "<name of the Availability Set>"
},
"publicSubnetName": {
"value": "<name of the public subnet>"
},
"publicSubnetAllowedCidr": {
"value": "0.0.0.0/0"
},
"privateSubnetName": {
"value": "<name of the private subnet>"
},
"privateSubnetAllowedCidr": {
"value": "0.0.0.0/0"
},
"managementSubnetName": {
"value": "<name of the management subnet>"
},
"adminAllowedCidr": {
"value": "0.0.0.0/0"
},
"conductorPrimaryControlIP": {
"value": "<IP address of primary node of Conductor>"
},
"conductorSecondaryControlIP": {
"value": "<IP address of secondary node of Conductor>"
},
"instanceSize": {
"value": "Standard_DS3_v2"
},
"adminUsername": {
"value": "<username>"
},
"adminPublicKeyData": {
"value": "<content of ssh-rsa key>"
}
}
}

Click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Close the "Configure Programmatic Deployment" window, click on the tab "Plans" and lastly copy to the clipboard the URL of the "Session Smart Router" template located in the field "URL". Lastly launch the template running the following command:

New-AzResourceGroupDeployment -ResourceGroupName <your-resource-group-name> `
-TemplateUri <template-URL> `
-TemplateParameterFile ./router_hourly.parameters.json
128T Networking Platform (BYOL)

Create the parameters file conductor_byol.parameters.json with the following command:

vi router_byol.parameters.json

and paste the following JSON content, please adjust the values to your specific environment:

{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"instanceName": {
"value": "<instance name>"
},
"location": {
"value": "<location of the VNet>"
},
"virtualNetworkName": {
"value": "<name of the VNet>"
},
"availabilitySetName": {
"value": "<name of the Availability Set>"
},
"publicSubnetName": {
"value": "<name of the public subnet>"
},
"publicSubnetAllowedCidr": {
"value": "0.0.0.0/0"
},
"privateSubnetName": {
"value": "<name of the private subnet>"
},
"privateSubnetAllowedCidr": {
"value": "0.0.0.0/0"
},
"managementSubnetName": {
"value": "<name of the management subnet>"
},
"adminAllowedCidr": {
"value": "0.0.0.0/0"
},
"conductorPrimaryControlIP": {
"value": "<IP address of primary node of Conductor>"
},
"conductorSecondaryControlIP": {
"value": "<IP address of secondary node of Conductor>"
},
"instanceSize": {
"value": "Standard_DS3_v2"
},
"adminUsername": {
"value": "<username>"
},
"adminPublicKeyData": {
"value": "<content of ssh-rsa key>"
}
}
}

Click here to go to the Marketplace. Click on the "Get it now" button, agree to the terms of use and privacy policy of the image, click on the "Get started" button to enable programmatic deployment for the subscription and click the button "Save" to save the changes.

Plans

Close the "Configure Programmatic Deployment" window, click on the tab "Plans" and lastly copy to the clipboard the URL of the "Session Smart Router template" located in the field "URL". Lastly launch the template running the following command:

New-AzResourceGroupDeployment -ResourceGroupName <your-resource-group-name> `
-TemplateUri <template-URL> `
-TemplateParameterFile ./router_byol.parameters.json

Certificate SAS URL

A SAS URL can be used to perform a deployment of a 128 Technolody Conductor using the 128T Networking Platform image. It allows for a non interactive installation of the 128T Conductor fully automated and on your behalf as part of the deployment process. This section describes how a SAS URL for your 128 Technology certificate is created.

important

This section only applies when deploying a 128 Technology Conductor using the 128T Networking Platform image and the "Standalone Conductor" template.

The first step to create a SAS URL is to login to the Azure Portal and in the search bar at the top search for "Storage accounts" as shown in the following picture:

Storage

Create a storage account. Click on the storage account once created. Click on "Containers" as shown in the following picture:

Storage containers

Create a container with a public access level set to "Private (no anonymous access)". Click on the container once created. Click on the "Upload" button, select your 128 Technology certificate and click the "Upload" button. Once your 128 Technology certificate is uploaded click on it. Click on the "Generate SAS" tab as shown below:

Container overview

Make sure the field "Permissions" is set to "Read", and set a narrow start and expiry date/time in which the installation of the 128T Conductor is going to take place. Next click the button "Generate SAS token and URL". The SAS URL value will appear in the field "Blob SAS URL". Proceed to copy the value of the field "Blob SAS URL" using the copy copy to clipboard function placed at the end of the field as show in the following screenshot:

SAS URL

Now you can proceed to deploy the 128T Conductor in non interactive mode using the template "Standalone Conductor" of the 128T Networking Platform BYOL image. Once the Conductor is operational please remember to delete your 128 Technology certificate from the storage account and container to prevent and avoid any misuse.

Last updated on