Azure Virtual WAN with vION CloudBlade Integration
Learn about the Prisma SD-WAN and Azure virtual WAN with vION CloudBlade
integration.
Where Can I Use This?
What Do I Need?
Strata Cloud Manager
Prisma SD-WAN license
Azure Virtual WAN with vION CloudBlade
With the growth of Hybrid Cloud deployments, most enterprises have moved
workloads to the cloud and need to enable secured connectivity from branch sites to
these application workloads. In addition, enterprises are moving towards hybrid and
multi-cloud architecture with their on-premise infrastructure. This transition must work
seamlessly while ensuring SLAs (Service Level Agreements) are met for applications
hosted on-IaaS, PaaS, SaaS environments, and on-premise with the right level of
visibility and security controls.
The central entity in Azure that provides the branch integrations through
vION devices is the Virtual WAN (virtual WAN). Azure Virtual WAN is a networking service
with a single operational interface that provides networking, security, and routing
functionalities together. These functionalities include branch connectivity through
SD-WAN devices (vION), intra-cloud connectivity (transitive connectivity for virtual
networks), Azure Firewall, and encryption for private connectivity, amongst others that
may be applicable in a typical hybrid cloud integration environment.
According to Microsoft Azure, the virtual WAN architecture is a hub and
spoke architecture with built-in scale and performance for branches (VPN/SD-WAN
devices), virtual networks, users (Azure VPN/OpenVPN/IKEv2 clients), and ExpressRoute
circuits. In addition, it enables a global transit network architecture, where the
cloud-hosted network hub enables transitive connectivity between endpoints that may be
distributed across different types of spokes.
IMAGE SOURCE: Azure Product Documentation
Prisma SD-WAN and Azure Integration Prerequisites
The following items are required for configuring Prisma SD-WAN and Azure Virtual WAN with vION CloudBlade:
Prisma SD-WAN
An active Prisma SD-WAN subscription with sufficient licenses
to install at least 2 x v7108 IONs per region.
Azure
An Azure account with permissions to create and update Azure Resource Groups,
VNET (Virtual Network), and Virtual Machines.
The Azure vWAN uses the following list of APIs with vION CloudBlade.
As the Azure vWAN with vION CloudBlade automates the deployments of Virtual
Machines through API calls, you must enable the programmatic access
through the Azure portal.
An active Azure marketplace subscription to the Prisma SD-WAN Virtual ION
Appliance.
The Azure vWAN with vION CloudBlade utilizes the ION images for deployments
in the Azure marketplace. To begin using these resources (through the
CloudBlade), you must accept the Azure Marketplace terms and conditions and
follow the guidelines of usage of
the marketplace listings.
The CloudBlade will require Read Access to Virtual Network resources
in Brownfield deployment scenarios to determine the attached Virtual
Networks and their associated address prefixes. You can access the Virtual
Networks via the Virtual Network Connections to the identified Virtual WAN
entity in Brownfield deployment scenarios.
In addition, the CloudBlade will also need read/write access in Brownfield
scenarios to Virtual WAN and Virtual Hub resources to configure BGP peers
necessary for the exchange of routes with the Virtual Hub(s) to remote
Virtual Networks. The read/write access needs to be explicitly provided in
the case where the Virtual Networks or the Virtual WAN/Virtual Hub resources
were created with a different subscription and, therefore, associated
credentials than what is used by the CloudBlade. Refer to Azure resource management and
subscriptions for more information.
A resource group with Azure vWAN
with a single or multiple Virtual Hub, defined for the
regions of deployment (Brownfield Deployments only).
To enable the Azure BGP peering with the Virtual
WAN hub feature in this release, you must contact the Azure team with the
Resource ID of your Virtual WAN resource.
All regions must support the Azure Virtual Machine model Standard D8s v3 (8
vCPUs, 32 GiB).