The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Deploy VAs in Microsoft Azure

Two virtual appliances (VAs) are required per Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.

Prerequisites

  • If you are using the VA on Azure as a DNS server for your on-premise endpoints, then DNS traffic from these endpoints should not traverse through a Network Address Translation (NAT) device en route to the VA. The VA should receive DNS packets with the source IP as the internal IP of the endpoints. An ExpressRoute or dedicated MPLS or site-to-site VPN connection from your on-premise environment to Azure will meet this requirement.
  • A system running Windows 10 with the Hyper-V role enabled to convert VHD images to an Azure-acceptable format.
  • Only VAs running version 2.4 or above can be deployed in Microsoft Azure.

Procedural Overview

  1. Prepare the virtual appliance image on Azure. This is a one time task.
  2. Launch the virtual appliance on Azure. Perform this task for each VA after you have performed the one-time task of preparing the VA image.

1. Prepare the Virtual Appliance Image on Azure

This is a one-time task to create an image in Azure that can be used to launch multiple VAs.
Note: Generation 2 VMs are not supported for VA deployments.

Before you begin, perform the following:
a. Add internal.cloudapp.net to their internal domains list for VAs.
b. Unless you are using your own DNS server in Azure, you should configure 168.63.129.16 as the local DNS server in the VA settings. This is the virtual IP used by Azure for recursive and local DNS queries.

  1. Navigate to Deployments > Configuration > Sites and Active Directory and click Download.
  1. Click Download for VA for Hyper-V.

Umbrella generates and downloads to your computer a zip file unique to your deployment.

  1. Extract the downloaded zip file. You'll find two folders—Virtual Hard Disks and Virtual Machines—and a config file.
  1. Open Windows PowerShell as Administrator, navigate to the Virtual Hard Disks folder and convert the vhd files in this folder to a fixed type format acceptable by Azure:
    • Convert-VHD -Path .\forwarder-va.vhd -DestinationPath forwarder-fixed.vhd -VHDType fixed
    • Resize-VHD .\forwarder-fixed.vhd -SizeBytes 8GB
    • Convert-VHD -Path .\dynamic.vhd -DestinationPath dynamic-fixed.vhd -VHDType fixed
    • Resize-VHD .\dynamic-fixed.vhd -SizeBytes 20MB

Conversion free disk space requirements

Conversion requires at least 9GB of free disk space to create the modified disks. The new forwarder-fixed.vhd will consume approximately 8GB of space. Machines with less than 9GB of space will fail to convert with a red error message.

  1. Upload the forwarder-fixed.vhd and dynamic-fixed.vhd to a blob in your Azure storage account using the Azure portal or the AZ CLI.
    Note: This is a one-time upload.
  2. Create an image in Azure from these virtual hard disks using the Azure portal.
    Use the forwarder-fixed.vhd as the OS disk (OS type: Linux) and the dynamic-fixed.vhd as the data disk.
    Note: Ensure that Host caching for both the OS disk and data disk is set to ‘Read/write’.
  1. Once the VA image is created in Azure, use this image to launch multiple VAs. For more information, see Step 2. Launch the Virtual Appliance on Azure.

2. Launch the Virtual Appliance on Azure

Note: Before performing this task, you must complete the one-time task of preparing the VA image on Azure.

  1. Use the Azure portal to launch Umbrella VAs in Azure using the VA image you created in Step 1. Prepare the Virtual Appliance Image on Azure:
    • Choose a VM size with at least one VCPU and 512 MB RAM, but no more than 3.5 GB RAM.
      Note: VM sizes above eight VCPUs are not supported.
    • For the Administrator account, set the Authentication type to Password.
      Note: Specifying a public IP address for the VA is a security risk and is not recommended except in case of SNAT port exhaustion issues. If you need to configure a public IP for the VA on Azure for these issues, ensure that inbound access from the Internet is not permitted. For more information, see Troubleshoot Intermittent DNS Resolution Failures on a VA Deployed in Azure.
    • Provide the username as vmadmin and enter a password that meets complexity requirements.
      Note: The admin-password you create here is required when configuring the VA.
  2. You may also use the Azure Cloud Shell to launch VAs in Azure using the VA images you created in Step 1. Prepare the Virtual Appliance Image on Azure. Note that VM sizes above eight VCPUs are not supported.

You may specify the static IP as part of the command. For example:
az vm create --resource-group MyResourceGroup --size Standard_B2s --name UmbrellaVA --image VAImage --authentication-type password --admin-username vmadmin --admin-password <password> --vnet-name MyVnet --subnet MySubnet --private-ip-address 10.0.0.1
The admin-password you create here is required when configuring the VA.

  1. In Umbrella, navigate to Deployments > Configuration > Sites and Active Directory.
    You should see the VA listed here.
  2. Use the same image to launch multiple VAs as required. Provide a different name and different static IP for each VA.
    Note: If you do not specify the private IP address, the VA will automatically pull a DHCP IP and register to Umbrella with this IP address. This IP address will be listed as the VA name on Umbrella's Sites and Active Directory page.

Deploy VAs in VMware < Deploy VAs in Microsoft Azure > Deploy VAs in Amazon Web Services

Updated 19 days ago


Deploy VAs in Microsoft Azure


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.