Deploying Virtual Edge with ARM Template

This section describes how to deploy a virtual edge with an Azure Resource Manager (ARM) template.

Overview

VMware SD-WAN only supports a 2-NIC ARM deployment (i.e. GE1/WAN & GE2/LAN) when deploying a virtual edge. Of these two templates, one supports regions with Availability Zones (AZs) and the other supports regions without Availability Zones (AZs).

For regions with support/no support, see the following link: https://azure.microsoft.com/en-us/explore/global-infrastructure/geographies/#geographies

Note: Version 4.2.1 has been removed from the Marketplace in favor of supporting the following two base images, virtual edge 4.5.2 and virtual edge 5.0.1. If the version required is different, the VMware Edge Cloud Orchestrator (VECO) will upgrade or downgrade as necessary upon activation, based on the version selected for Enterprise or Edge.

VMAGENT WARNING

The following image could be displayed during deployment. However, VMware does not support Azure Agent on vEdge, and there is no impact on vEdge performance, so this can be safely ignored. .

Basic Topology

In this example, the Azure Virtual Network (vNET 172.16.0.0/16) is divided into a Public subnet (172.16.0.x/24) and a Private subnet (172.16.1.x/24). The virtual edge routes between the two subnets. The Public User-Defined Routes (UDR) will forward all offnet traffic to the Internet Gateway. The UDR in the Private subnet will forward all traffic to the LAN facing interface on the virtual edge (type Virtual Appliance). In this example, a default route is used to forward “ALL” traffic from the workloads but is not necessary. RFC1918 summarization or specific branch/Hub prefixes can be used to narrow what is sent to the virtual edge. For example, if the workloads in the Private Subnet still need to be accessible via SSH from publicly sourced IPs, then the UDR could be configured to point the default route (0.0.0.0/0) to Internet Gateway and RFC1918 summarization to the virtual edge.

Procedure:

Add the virtual edge to the SD-WAN Orchestrator: Add the virtual edge to the Enterprise. This requires a login credential for the SD-WAN Orchestrator.
1. From the SD-WAN Orchestrator, go to Configure > Edges and click the New Edge button, as shown in the image below.
  The Provision New Edge dialog box displays.
2. In the Provision New Edge dialog:
  1. Enter a name in the Name text box.
  2. In the Model drop-down menu, choose Virtual Edge.
  3. Choose a Profile in the Profile drop-down menu.
    The Edge will be provisioned with an activation key, as shown in the image below. Make a note of this activation key.
Configure virtual edge interfaces.
CAUTION: The SD-WAN Orchestrator needs the Device Settings configured first before activation. If this step is missed, the virtual edge activates, but then goes offline a few minutes later.
1. Navigate to the virtual edge’s Device Settings, as shown in the image below.
2. Change the Interface Settings as follows (see image below):
  1. Change the GE1 interface capability from “Switched” to “Routed” (if needed) and activate DHCP addressing and WAN overlay.
  2. In the GE2 interface, deactivate WAN overlay as this interface will be used for the LAN-side Gateway. Also, deactivate Network Address Translation (NAT) Direct Traffic.
Launch the virtual edge via one of the two ARM templates below:
- VMware SDWAN Azure ARM template for AZs 2-NIC:
- VMware SDWAN Azure ARM template without AZs 2-NIC:
Note: If this is the first deployment of the virtual edge, it might be necessary to “Subscribe” to the Edge version in the Azure Marketplace before deploying from ARM Template.
1. Navigate to Azure Templates as shown in the image below.
2. Enter the Name and Description of the Template or Deployment. (See image below).
3. Cut and paste the template in the ARM Template area.
4. When ready, click Deploy, as shown in the image below.
5. Complete the template form.
  
  Note: You can ONLY SSH and login with a private key.
6. Agree to the terms and conditions and click the Purchase button.
  Azure will begin the deployment which can take a few minutes to complete. To follow the progress, click Deployment in Progress… and refresh.
  Once the virtual edge deployment is complete, the virtual edge will boot up and reach out to the SD-WAN Orchestrator with its activation key to complete virtual edge activation.
Verify that the virtual edge is activated in the SD-WAN Orchestrator.
Once the instance is running in Azure and all information provided is correct, the virtual edge will reach out to the SD-WAN Orchestrator with the activation key, activate, and perform software update if needed, and reboot if upgraded. Typical deployment time is between three to four minutes.