Deploy vIONs with (High Availability) HA in Azure

1. Create a Resource Group in the desired region in Azure.

   Find the Marketplace listing of Prisma SD-WAN vION solution template and select Prisma SD-WAN vION HA Solution Template.

2. Deploy the pair of vIONs by following the steps in the solution template.

   1. Select the correct Subscription, Resource Group, and Region.

   2. Configure the virtual networks required for the HA vIONs.

      The template creates a new Virtual network with six subnets:

      • ION 1 Controller
      • ION 1 Internet/Public
      • ION 1 LAN/Private
      • ION 2 Controller
      • ION 2 Internet/Public
      • ION 2 LAN/Private

      If you choose to use an existing virtual network, ensure that the selected Virtual network consists of six subnets.

   3. Configure the Private IP addresses for the internet or Public of each vION required for the vIONs to reach the controller over the WAN interface.

      • Configure the IP address for the Internet/Public subnet and the Gateway.
      • Take note of the Internet/Public subnet for each ION.
      • For the IP address, assign any address in the subnet other than the first four prefixes in the subnet (Azure uses these and are reserved).
      • For the Gateway address, use the first available IP address in the subnet.
      • For the DNS address, use a well-known public DNS service (For example, 8.8.8.8 or 1.1.1.1).
   4. Configure the Availablity Zones or Sets.

      • When deploying in an Availability Zone, ensure that the Azure region you are deploying supports zones. If the region does not, you can use an Availability Set.
      • Enter a numerical value for the Zone parameter for each ION. This is typically a numeric value and is a number in the range of 1-3. When you use the same zone number for both vIONs, the vIONs are deployed in the same zone, and there will be no use of an Availability Set.
      • Specify None as the zone value, if there is no Zone support in the region you're deploying or you wish to use an availability set. The vIONs thereby will be deployed in an Availability Set (across different fault or update domains) within the same region.
   5. Configure the vION License and Secret Keys obtained from Prisma SD-WAN Controller.

   6. Configure the vION version. It's recommended to use the default configuration.

3. Confirm if all resources are fully deployed and appear in the resource group created.

   If the zones configured are correct and are supported in Azure, the vIONs will be deployed according to the specified availability zones. You can view and access the vIONs in the Prisma SD-WAN portal.

   It can take a while for the resources to be fully deployed and the vIONs to connect to the controller.

   Mark the availability zone as None, to create the following resource within the resource group.

4. If Availability zones are not configured, verify the vIONs deployed across different fault domains by accessing the vION instance overview page in the Azure portal.

   You must deploy both vIONs in the same resource group along with one virtual network containing six subnets; three each for each vION’s controller, internet, and LAN interfaces. You can now claim and configure the IONs in the Prisma SASE portal.