Silver Peak VX for Azure

Similar documents
VXOA AMI on Amazon Web Services

VELOCITY. Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

If you re not using VMware vsphere Client 5.1, your screens may vary.

Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

GMS. 1 Create the virtual machine 2 Configure the virtual machine 3 Configure the virtual GMS server. Quick Start Guide. Microsoft Hyper-V Hypervisor

If you re not using Citrix XenCenter 6.0, your screens may vary. Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0

Deploying Silver Peak VXOA Physical And Virtual Appliances with Dell EqualLogic Isolated iscsi SANs including Dell 3-2-1

Required Virtual Interface Maps to... mgmt0. bridge network interface = mgmt0 wan0. bridge network interface = wan0 mgmt1

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

Silver Peak WAN Optimization Appliances. Network Deployment Guide. VXOA 6.2 March 2015 PN Rev L

Using a USB 3.0 Dual Gigabit Ethernet Bypass Adapter with VMware vsphere for VXOA

Title: Setting Up A Site to Site VPN Between Microsoft Azure and the Corporate Network

Virtual Appliance Setup Guide

Web Application Firewall

Talk2M Free+ Remote-Access Connectivity Solution for ewon COSY devices. Getting Started Guide

MultiSite Manager. Setup Guide

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Qvis Security Technical Support Field Manual LX Series

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Installing and Using the vnios Trial

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

F-Secure Messaging Security Gateway. Deployment Guide

M2M Series Routers. Port Forwarding / DMZ Setup

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Savvius Insight Initial Configuration

Optimum Business SIP Trunk Set-up Guide

TechNote. Configuring SonicOS for MS Windows Azure

How To - Deploy Cyberoam in Gateway Mode

MultiSite Manager. Setup Guide

Load Balancing Clearswift Secure Web Gateway

SonicWALL SRA Virtual Appliance Getting Started Guide

ALOHA Load-Balancer. Virtual Appliance quickstart guide. Document version: v1.0. Aloha version concerned: v5.0.x

HREP Series DVR DDNS Configuration Application Note

Deployment Guide: Transparent Mode

Networking Guide Redwood Manager 3.0 August 2013

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

PFSENSE Load Balance with Fail Over From Version Beta3

F-SECURE MESSAGING SECURITY GATEWAY

Using IPsec VPN to provide communication between offices

How to Configure a High Availability Cluster in Azure via Web Portal and ASM

Virtual Appliance Setup Guide

UIP1868P User Interface Guide

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Chapter 10 Troubleshooting

How To Industrial Networking

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Computer Networks I Laboratory Exercise 1

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

MacroLan Azure cloud tutorial.

Product Version 1.0 Document Version 1.0-B

Basics of Port Forwarding on a Router for Security DVR s

Virtual Data Centre. User Guide

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

7 6.2 Windows Vista / Windows IP Address Syntax Mobile Port Windows Vista / Windows Apply Rules To Your Device

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

BASIC ANALYSIS OF TCP/IP NETWORKS

Configuring SonicOS for Microsoft Azure

Installing and Configuring vcloud Connector

Configuring the PIX Firewall with PDM

Security Gateway Virtual Appliance R75.40

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

DSL-G604T Install Guides

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Avaya Video Conferencing Manager Deployment Guide

Chapter 8 Router and Network Management

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Easy Setup Guide for the Sony Network Camera

How To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

KeyControl Installation on Amazon Web Services

Connecting your Virtual Machine to the Internet. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs

How To Configure L2TP VPN Connection for MAC OS X client

How to Configure the Cisco UC500 for use with Integra Telecom SIP Solutions

AppLoader 7.7. Load Testing On Windows Azure

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Remote Desktop How-To. How to log into your computer remotely using Windows XP, etc.

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

VPN PPTP Application. Installation Guide

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Internet Access to a DVR365

Setting up pfsense as a Stateful Bridging Firewall.

Talari Virtual Appliance CT800. Getting Started Guide

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

OpenVPN over SSH tunneling

SSL-VPN 200 Getting Started Guide

NETFORT LANGUARDIAN INSTALLING LANGUARDIAN ON MICROSOFT HYPER V

Deploy the ExtraHop Discover Appliance with Hyper-V

Configuring a FortiGate unit as an L2TP/IPsec server

VPNC Interoperability Profile

Transcription:

QUICK START GUIDE Silver Peak VX for Azure Server Mode (Single-Interface Deployment) 2016 Silver Peak Systems, Inc. A Silver Peak VX virtual appliance can be deployed within a Microsoft Azure cloud environment to accelerate the migration of data to the cloud, and accelerate access to that data from anywhere. Specifically, the Silver Peak VX is available as an image, created and launched from the Azure Marketplace. Server mode uses a single virtual interface on the VX appliance. Prerequisites An Azure account A virtual network (VNet) Network Security Groups (create new or use existing) An SSH client, such as PuTTY, installed on your PC SUMMARY OF TASKS 1 Deploy the VX virtual appliance 2 View the contents of the Resource Group 3 Change the Silver Peak password 4 Configure the VX appliance from the browser wizard 5 Disable the Next-hop unreachable alarm 6 Enable IP forwarding on the VX 7 In a different subnet, deploy a Windows Server 8 Redirect traffic to the Azure-VX for optimization 9 Create tunnels between the local and remote appliances 10 Enable traffic from the Data Center to reach Azure-VX 11 Turn on subnet sharing for Azure-VX 12 Verify that the Windows server can reach the Windows client in the Data Center Silver Peak Systems, Inc. 2860 De La Cruz Blvd. Suite 100. Santa Clara, CA 95050 www.silver-peak.com/support 1.877.210.7325 (toll-free in USA) +1.408.935.1850 PN 201115-001 Rev A» R7.3 1 of 22

VX on Microsoft Azure / Server Mode 1 Deploy the VX virtual appliance a. After signing in to your Azure account, the Dashboard page opens. Click New at the top of the left navigation bar. b. In the Search the Marketplace box, enter Silver Peak VX and select it from the results. The page scrolls right to the Bring Your Own License enabled blade. c. To begin creating your virtual machine, click Create. Step 1, Basics, appears. Complete the following: Name: User name: Authentication type: Password: Subscription: Resource Group: Location: Azure-VX azureuser [Select] Password [Enter a password for creating the VX. This is not the Silver Peak (VX) login, so it is not and cannot be, admin.] [Select] Pay-As-You-Go [Select] Create new Silver_Peak_Engineering [NOTE: You could also use an existing one.] [Select the Azure region where you want to deploy the VX] West US d. Click OK. Step 2, Size, appears. 2 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide e. Select a VM size to match your WAN link. In this example, we ll choose A3 Standard and click Select. f. When Step 3, Settings, appears, complete the following: Storage Disk type: Storage account: Network Virtual network: Subnet: Public IP address: Network security group: Extensions Extensions: Availability Availability set: Standard [See the VX Virtual Appliance Host System Requirements to select an appropriate size.] (new) silverpeakengineerin5601 [We re selecting the new, auto-generated storage, but you can choose an existing storage account.] (new) Silver_Peak_Engineering [Select] default (10.2.0.0/24) [NOTE: You must use a new subnet for the VX appliance. In Azure, you cannot place the VX and the application server(s) in the same subnet. Because Azure user-defined routes are applied at the subnet level, the devices must be in separate subnets.] [Select] (new) Azure-VX [Azure assigns a static or dynamic Public IP address.] [Select] (new) Azure-VX See details below for adding the necessary inbound and outbound rules to this field. during this Step, before clicking OK. [Select] No extensions [Select] None PN 201115-001 Rev A» R7.3 3 of 22

VX on Microsoft Azure / Server Mode For the VX to optimize traffic, you must add rule(s) to the VX s Security Group that: allow application traffic to and from the VX open ports to allow application traffic to and from your AWS application s security group To add the required inbound rules, click Network security group and click Create new. Default rules for SSH, HTTP, and HTTPS already exist in the security group. In the Name field, enter Azure-VX. Click Add an inbound rule. One by one, add the following additional inbound rules: IPSEC-tunnel - IPSEC-tunnel- Name UDP-4500 UDP-500 Priority 1030 1040 Source Any Any Protocol UDP UDP Source port range * * Destination Any Any Destination port range 4500 500 Action Allow Allow Add the following outbound rule: Name Allow-all-outbound Priority 1000 Destination Any Destination port range * Source Any Protocol Any Source port range * Action Allow 4 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide The final list of rules looks like this. Click OK and complete any remaining Settings. g. Click OK. Step 4, Summary, appears. h. Click OK. When Step 5, Buy, appears, review the details and click Purchase. The Dashboard appears as the Silver Peak VX begins to deploy. PN 201115-001 Rev A» R7.3 5 of 22

VX on Microsoft Azure / Server Mode 2 View the contents of the Resource Group To view the progress of the VM deployment, you can monitor the Resource Group you created earlier. a. In the left navigation bar, click Resource groups. b. From the Subscriptions list, select the name of the Resource Group you entered previously. In this example, it was Silver_Peak_Engineering. (Please allow a couple of minutes for the virtual machine to appear.) c. If the VM deployed successfully, the following items display in your Resource Group. virtual machine (VM) NIC Network security group Public IP VNet Storage account 6 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide d. You ll need the VM s Public IP for logging into the appliance from your browser. To discover the address, select the VM and then copy the Public IP address from the display. virtual machine (VM) 3 Change the Silver Peak password The default username and password for logging into the appliance is admin/admin. You can change the default password either by logging into the Command Line Interface (CLI) of the appliance via SSH, or while completing the VX s initial configuration wizard. To change it using the CLI, SSH into the VX appliance using a terminal emulator, such as PuTTY. You must use the Public IP address of the VX appliance to login via SSH. After logging in, type: enable configure terminal username admin password <new password> PN 201115-001 Rev A» R7.3 7 of 22

VX on Microsoft Azure / Server Mode 4 Configure the VX appliance from the browser wizard Make sure to use your username with the new password you created in Task 3. a. In a browser, enter the VX s Public IP address in the browser s address bar. The login page loads. When prompted, enter the username and password. The initial configuration wizard appears. On the Hostname, DHCP, DNS page, enter the appliance host name, and keep the default, DHCP. On the License & Registration page, enter your license key. On the Deployment page, accept the default deployment (Server) and enter a value for Max Bandwidth. On the Tunnels to Peers page, make no changes. On the Date & Time page, select and complete the details for either Manual or NTP Time Synchronization. On the Change Password page... if you didn t change the default password earlier by logging into the CLI of the VX, you must change it now!! On the Finish page, click Done to save the settings and reboot the appliance. You have finished configuring the VX. b. Log in again with your new password. 8 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide 5 Disable the Next-hop unreachable alarm Once every 10 seconds, the VX appliance sends an ICMP packet on each of its interfaces to verify if the next-hop is reachable. Because Azure blocks ICMP traffic to its gateway routers, the following alarm appears on the VX. a. To disable the alarm, enter the appliance s Public IP address in an SSH client such as putty and type the following CLI (Command Line Interface) commands: enable configure terminal system watchdog datapath gateway-connect disable NOTE: In more recent versions of the Silver Peak appliance, this can be done by opening the Configuration > Systems page and deselecting the Enable Health check option under WAN NextHop Health Check. b. Check the banner to verify that the alarm has cleared. PN 201115-001 Rev A» R7.3 9 of 22

VX on Microsoft Azure / Server Mode 6 Enable IP forwarding on the VX By default, virtual machines deployed in Azure don t participate in IP forwarding. This means, if an interface of a particular VM receives a packet that is not destined for that interface, it will discard that packet. However, since VX appliances receive traffic that needs to be forwarded to other destinations, we must enable IP forwarding. To enable IP forwarding on the VX s mgmt0 interface, do the following: a. Scroll back to the Resource Group blade and select the vnic. b. On the Settings blade, select IP Addresses, go to IP forwarding settings and click Enabled, and then click Save. 3 1 2 10 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide 7 In a different subnet, deploy a Windows Server The next task is to deploy a Windows Server in the Resource Group. In Azure, we use the Windows Server as the traffic originator. Although this application Server will be deployed on the same virtual network as the Azure VX appliance, it cannot be deployed on the same subnet as the Azure VX. This is because, currently, Azure cannot control the routing of packets through a virtual appliance using User-Defined Routes (UDR) if the sending and receiving VMs are running on the same subnet. a. To create the application server, go to the Resource Group blade, click Add, and in the same VNet, deploy a Windows Server. In this example, we ve named ours, Windows-Server. In this example, the Azure-VX s subnet is 10.2.0.0/24, and the Windows-Server s subnet is 10.2.1.0/24. b. After deploying Windows-Server in our Resource Group, the Essentials list looks like this. PN 201115-001 Rev A» R7.3 11 of 22

VX on Microsoft Azure / Server Mode 8 Redirect traffic to the Azure-VX for optimization The next task is to create a route table in our Resource Group and associate it with the subnet that contains the Windows Server. A route table is needed to redirect traffic from the Windows Server to the VX appliance. Be aware that the Microsoft Azure environment has some inherent limitations that could affect your deployment choices: No WCCP or policy-based routing (PBR) support by Azure routers No broadcast or multicast support. Therefore, no VRRP support. a. To start creating the route table, click Add on the Silver_Peak_Engineering resource group blade. b. When the Everything page appears, search for Route table and select it from the results. c. Click Create. The Route table blade appears. 12 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide d. Complete the fields and click Create. This route table, LAN_redirect_route_table, is now added to the Resource Group. Now you need to create a specific route to redirect all traffic from Windows-Server to the local Silver Peak appliance, Azure-VX. PN 201115-001 Rev A» R7.3 13 of 22

VX on Microsoft Azure / Server Mode This diagram shows how we ll use LAN_redirect_route_table to redirect the Windows Server s traffic that s destined for West US Data Center (at 172.16.0.0/16) to Azure-VX for optimizing traffic. Windows Server s traffic is routed through the VX appliance to West US Data Center as follows: When Windows-Server in Azure, 10.2.1.4, sends traffic to West US Data Center s VM, 172.16.20.4, its traffic is routed to the Azure-VX appliance, 10.2.0.4. Then, Azure-VX optimizes the traffic before tunnelizing it and sending it to West US Data Center s Silver Peak appliance Subsequently, the West US Data Center s Silver Peak appliance forwards the traffic to the destination server, 172.16.20.4. 14 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide a. With LAN_redirect_route_table selected, click Routes in the Settings blade, and then click Add. 2 1 b. In the Add route blade, complete the fields, and click OK. target address (destination = Windows client s subnet) Azure-VX (VM) Azure-VX Private IP address Already done in Step 6 The entry appears in the route table. Now we need to associate this route table with the subnet that contains the Azure Windows-Server, so that the traffic originating from the Windows VM is redirected to the Azure VX appliance. Only the subnets that contain the user VMs and application servers need to be associated with the route table. The subnet containing the VX appliance does not need to be associated with the route table. PN 201115-001 Rev A» R7.3 15 of 22

VX on Microsoft Azure / Server Mode c. Scroll back to the Resource Group blade, and select the virtual network, Silver_Peak_Engineering. On the Settings blade, select Subnets. On the Subnets blade, select the Windows VM s subnet. On the VM_subnet blade, click Route Table. From Resource, select LAN_redirect_route_table. Click Select. Click Save. 16 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide 9 Create tunnels between the local and remote appliances To verify connectivity and optimize traffic, you must build a tunnel from each Silver Peak to the other one. a. Create a tunnel from the Silver Peak at the Data Center to Azure-VX. In a browser, login to the Silver Peak at the West US Data Center. In this example, the Public IP of the Silver Peak is 104.42.234.208. From the Configuration menu bar, select Tunnels. Ensure that Automatically establish tunnels is deselected. Click Add Tunnel, and complete the following: Name: to-azure-sp-engineering [named here for destination appliance] Remote IP: 13.93.160.210 [Public IP address of Silver Peak in Azure s 10.2.0.0/24 subnet] Accept the other defaults and click Apply. The table displays the new tunnel. Notice that the Local IP displays the Private IP address of the Silver Peak appliance. b. Create a tunnel from Azure-VX to the Silver Peak at the West US Data Center In a browser, login to the Azure-VX, using its Public IP address, 13.93.160.210. From the Configuration menu bar, select Tunnels. Ensure that Automatically establish tunnels is deselected. Click Add Tunnel, and complete the following: Name: to-dc [named here for destination appliance s location] Remote IP: 104.42.234.208 [Public IP address of Silver Peak in West US Data Center] Accept the other defaults and click Apply. The table displays the new tunnel. Notice that the Local IP displays the Private IP address of the Silver Peak VX in Azure. c. Check the Status column for each tunnel to see that they become up-active. PN 201115-001 Rev A» R7.3 17 of 22

VX on Microsoft Azure / Server Mode 10Enable traffic from the Data Center to reach Azure-VX This requires an inbound security rule on Azure-VX. a. To create the inbound rule, do the following: In Azure, select the Silver_Peak_Engineering Resource Group. Select the Azure-VX network security group. Scroll to the Settings blade. Click Add an inbound rule, and complete the following: Name Allow-inbound-from-West-US-DC Priority 1050 Source 172.16.20.0/24 Protocol Any Source port range * Destination Any Destination port range * Action Allow b. Click OK. The new rule appears in the table. 18 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide 11Turn on subnet sharing for Azure-VX We want the VX to be able to add the local subnet(s) on its interfaces to the subnet table. a. In Azure-VX s user interface, select Configuration > Subnets. b. When the Subnets page appears, select Automatically include local subnets. c. Click Add new subnet. d. Enter the Windows Server subnet and mask, 10.2.1.0/24, and click Apply. PN 201115-001 Rev A» R7.3 19 of 22

VX on Microsoft Azure / Server Mode The new line is added. Because Automatically include local subnets is selected, the appliance also adds Azure-VX s own subnet. Azure-VX subnet Windows Server subnet 20 of 22 PN 201115-001 Rev A» R7.3

Quick Start Guide 12Verify that the Windows server can reach the Windows client in the Data Center a. Create a remote desktop connection to the Windows Server in Azure. b. To verify connectivity, open a command shell and ping the Windows client in the Data Center. c. To verify that the packet travels from the Windows server to Azure-VX, to the Windows client, run the command, tracert -d <Windows client IP address>. Notice that while the packet is in a tunnel, it s not visible (line 2). You have now verified that traffic will be appropriately routed. Following is a description of how an Azure virtual appliance differs from a regular virtual appliance. PN 201115-001 Rev A» R7.3 21 of 22

VX on Microsoft Azure / Server Mode How an Azure based virtual appliance differs from a regular virtual appliance, as of August 2016. An Azure based virtual appliance has the following limitations/characteristics: The application server and the Azure VX must be running on two different subnets on the same virtual network. New virtual interfaces cannot be added to the VM after the VM is powered on. To attach multiple vnics, you must use an ARM-based template or Azure PowerShell commands. No WCCP or policy-based routing (PBR) support. No broadcast or multicast support. Therefore, no VRRP support. No VX auto-tunnel or auto-opt support. All traffic to be optimized must be assigned to a Silver Peak tunnel. Only one Public IP address can be assigned per VM. 22 of 22 PN 201115-001 Rev A» R7.3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information