Cisco
Login
Search
Software Secure Access
Activity Manage

DNS Forwarders Deploy Virtual Appliances Deploy VAs in Microsoft Azure Procedure Step 1 – Prepare the Virtual Appliance Image on Azure

Last updated: Aug 22, 2025

Step 1 – Prepare the Virtual Appliance Image on Azure

This is a one-time task to create an image in Azure that can be used to launch multiple VAs.


 
Generation 2 VMs are not supported for VA deployments.

  1. Navigate to Connectors > DNS Forwarders and click Download Components.

  2. Click Download for VA for Hyper-V.

    Umbrella generates and downloads to your computer a .tar file unique to your deployment.

    This tar file includes:

    • a .zip file containing the virtual hard disks that need to be deployed on Azure

    • a signature file

    • a Cisco public certificate to validate the signature

    • a readme file

  3. Extract the contents of the tar file using the command tar –xvf <tar filename> -C <Destination folder>.

    To verify the integrity of the downloaded file, validate the signature by following the instructions provided in the readme file. On successful signature validation, you should see a message saying “Verified OK."

  4. Extract the downloaded zip file. You'll find two folders—Virtual Hard Disks and Virtual Machines—and a config file.

  5. Open Windows PowerShell as Administrator, navigate to the Virtual Hard Disks folder, and convert the vhd files (forwarder and dynamic) in their respective folders to a fixed type format acceptable by Azure.

    To convert and resize the forwarder file, run the following commands:

    Convert-VHD -Path .\forwarder-va.vhd -DestinationPath forwarder-fixed.vhd -VHDType fixed
Resize-VHD .\forwarder-fixed.vhd  -SizeBytes 8GB

    To convert and resize the dynamic file, run the following commands:

    Convert-VHD -Path .\dynamic.vhd -DestinationPath dynamic-fixed.vhd -VHDType fixed
Resize-VHD .\dynamic-fixed.vhd -SizeBytes 30MB

     
    Conversion free disk space requirements

    Conversion requires at least 9GB of free disk space to create the modified disks. The new forwarder-fixed.vhd will consume approximately 8GB of space. Machines with less than 9GB of space will fail to convert with a red error message.

  6. Upload the forwarder-fixed.vhd and dynamic-fixed.vhd to a blob in your Azure storage account using the Azure portal or the AZ CLI.


     
    This is a one-time upload.

  7. Create an image in Azure from these virtual hard disks using the Azure portal.

    Use the forwarder-fixed.vhd as the OS disk (OS type: Linux) and the dynamic-fixed.vhd as the data disk.


     
    Ensure that Host caching for both the OS disk and data disk is set to Read/write. Since second generation VMs are not supported for VA deployments, ensure that you set VM Generation to Gen 1.

  8. h. Once the VA image is created in Azure, use this image to launch multiple VAs. For more information, see Step 2: Launch the Virtual Appliance on Azure.

Previous topic Procedure Next topic Step 2 – Launch the Virtual Appliance on Azure