Step 2 – Launch the Virtual Appliance on Azure
|
Before performing this task, you must complete the one-time task of preparing the virtual appliance image on Azure. For more information, see Step 1: Prepare the Virtual Appliance Image on Azure.
|
-
Use the Azure portal to launch Secure Access VAs in Azure using the VA image you created in Step 1: Prepare the Virtual Appliance Image on Azure:
- Choose a VM size with at least one VCPU and 1024 MB RAM.
VM sizes above eight VCPUs are not supported. - For the Administrator account, set the Authentication type to Password.
It is a security risk to specify a public IP address for the VA, and is not recommended except in case of SNAT port exhaustion issues. If you need to configure a public IP for the VA on Azure for these issues, ensure that inbound access from the Internet is not permitted. For more information, see Troubleshoot Intermittent DNS Resolution Failures on a VA Deployed in Azure. - Provide the username as vmadmin and enter a password that meets complexity requirements.
The admin-password you create here is not actually set on the VA.
- Choose a VM size with at least one VCPU and 1024 MB RAM.
-
You may also use the Azure Cloud Shell to launch VAs in Azure using the VA images you created in Step 1: Prepare the Virtual Appliance Image on Azure. VM sizes above eight VCPUs are not supported.
You may specify the static IP as part of the command. For example:
az vm create --resource-group MyResourceGroup --size Standard_B2s --name UmbrellaVA --image VAImage --authentication-type password --admin-username vmadmin --admin-password <password> --vnet-name MyVnet --subnet MySubnet --private-ip-address 10.0.0.1 -
In Secure Access, navigate to Connector > DNS Forwarders. Secure Access displays your list of deployed VAs.
-
Use the same image to launch multiple VAs as required. Provide a different name and different static IP for each VA.
If you do not specify the private IP address, the VA will automatically pull a DHCP IP and register to Umbrella with this IP address. This IP address will be listed as the VA name in Secure Access.
|
Diagnostic Settings
It is not recommended to turn on Diagnostic Settings (Guest-level monitoring) or install any extension for a VA on Azure. Enabling diagnostics results in huge log files being generated on the VA, which causes the VA to run out of disk space. If your VA on Azure is reporting disk space issues, navigate to the Settings > Extensions page against your VA on the Azure portal and remove any extensions. Also, navigate to the Monitoring > Diagnostic Settings page against your VA on the Azure portal and verify that Guest-level monitoring is turned off. |