This section describes how to deploy a Virtual Edge with an Azure Resource Manager (ARM) template.

Basic Topology

In this example, the Azure Virtual Network (vNET 172.16.0.0/16) is divided into a Public subnet (172.16.0.x/24) and a Private subnet (172.16.1.x/24). The Virtual Edge routes between the two subnets. The Public User-Defined Routes (UDR) will forward all offnet traffic to the Internet Gateway. The UDR in the Private subnet will forward all traffic to the LAN facing interface on the Virtual Edge (type Virtual Appliance). In this example, a default route is used to forward “ALL” traffic from the workloads but is not necessary. RFC1918 summarization or specific branch/hub prefixes can be used to narrow what is sent to the Virtual Edge. For example, if the workloads in the Private Subnet still need to be accessible via SSH from publicly sourced IPs then the UDR could be configured to point the default route (0.0.0.0/0) to Internet Gateway and RFC1918 summarization to the Virtual Edge.

Procedure:

  1. Add the Virtual Edge to the SD-WAN Orchestrator: First step is to add the Virtual Edge to the Enterprise. This requires a login credential for the SD-WAN Orchestrator.
    1. From the SD-WAN Orchestrator, go to Configure > Edges and click the New Edge button, as shown in the image below.

      The Provision New Edge dialog box displays.

    2. In the Provision New Edge dialog:
      1. Enter a name in the Name text box.
      2. In the Model drop-down menu, choose Virtual Edge.
      3. Choose a Profile in the Profile drop-down menu.

        The Edge will be provisioned with an activation key, as show in the image below. Make a note of this activation key.

  2. Add VLAN IP.

    The VLAN configuration must have an IP address assigned to it in order to save the Device Settings, but the IP address will not be used.

    1. For the Virtual Edge that was just created, click the Device tab on the SD-WAN Orchestrator.
    2. Scroll down to the Configure VLAN section, and click the Add VLAN button.

      The VLAN dialog box displays.

    3. In the VLAN dialog, make sure to adhere to the following:
      1. Check the Enable Edge Override checkbox in the top, right corner of the dialog.
      2. For the Edge LAN IP Address, use: 169.254.0.1
      3. For the Cidr Prefix, use: 24
      4. Leave the Advertise checkbox, unchecked.
      5. In the DHCP area, check the Enable Edge Override checkbox
      6. In the DHCP area, click Disabled.

  3. Configure Virtual Edge Interfaces.

    CAUTION: The SD-WAN Orchestrator needs the Device Settings configured first before activation. If this step is missed, the Virtual Edge activates but then goes offline a few minutes later.

    1. Navigate to the Virtual Edge’s Device Settings, as shown in the image below.

    2. Change the interface settings as follows:
      1. Change the GE2 interface capability from “Switched” to “Routed” and enable DHCP addressing and WAN overlay.
      2. In the GE3 interface, disable WAN overlay as this interface will be used for the LAN-side gateway. Also, disable NAT Direct Traffic.

  4. Launch Virtual Edge via ARM Template.
    Note: If this is first deployment of Virtual Edge you may need to “Subscribe” to the Edge version in the Azure Marketplace before deploying from ARM Template.
    1. Navigate to Azure Templates as shown in the image below.

    2. Enter the Name and Description of the Template or Deployment. (See image below).

    3. Cut and paste the template in the ARM Template area.

    4. When ready click Deploy, as shown in the image below.

    5. Complete the template form.

    6. Agree to Terms and click the Purchase button.

      At this point, Azure will begin the deployment which can take a few minutes to complete. To follow the progress, click Deployment in Progress… and refresh.

      Once the Virtual Edge deployment is complete, the Virtual Edge will boot up and reach out to the SD-WAN Orchestrator with its activation key to complete Virtual Edge activation.

  5. Verify that the Virtual Edge is Activated in the SD-WAN Orchestrator.

    Once the instance is running in Azure and all information provided was correct, the Virtual Edge will reach out to the SD-WAN Orchestrator with the activation key, activate and perform software update if needed (and reboot if upgraded). Typical deployment time is between three to four minutes.