-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BYOL for AWS and Azure in Mist #744
Conversation
* Hourly Plan: This provides a free trial period for 30 days and an hourly software cost after the trial expires. This plan is recommended for Proof of Concepts and Trials only. Software upgrades and deployments outside of the cloud, (on premises) require a software access token. Select the Hourly plan of the [Session Smart Networking Platform](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/juniper-networks.session-smart-networking-payg?tab=Overview) offering. | ||
|
||
* Bring Your Own License (BYOL): This allows you to install your own licensed copy of the SSR software on an Azure VM. A token or certificate is required to install the software. If a token or certificate is not in your possession, please contact your Juniper Sales representative. Refer to the [Session Smart Networking Platform (BYOL)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should not be referencing the use of certificates any more for software download.
* Hourly: This provides a free trial period for 30 days and an hourly software cost after the trial expires. This plan is recommended for Proof of Concepts and Trials only. Software upgrades and deployments outside of the cloud, (on premises) require a token or certificate. The software can not be purchased via the marketplace. Refer to the [Session Smart Networking Platform (PAYG)](https://aws.amazon.com/marketplace/pp/prodview-l5kwn7puwvt3g?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) offering. | ||
|
||
Once you have selected the AMI that better suits the needs of your deployment, proceed to the [Session Smart Router Deployment](#session-smart-router-deployment) to deploy a Session Smart Router. | ||
* Bring Your Own License (BYOL): This allows you to install your own licensed copy of the SSR software on an AWS VM. A token or certificate is required to install the software. If a token or certificate is not in your possession, please contact your Juniper Sales representative. Refer to the [Session Smart Networking Platform (BYOL)](https://aws.amazon.com/marketplace/pp/prodview-lz6cjd43qgw3c?sr=0-2&ref_=beagle&applicationId=AWSMPContessa) offering. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No more certificates.
…t' of github.com:128technology/docs into byol-aws-azure-mist
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good start. It might make sense to separate BYOL from the rest of the azure/aws stuff. It is pretty different as far as templates/fields/process goes. Mist managed doesn't use artifactory tokens, but they are required for conductor/conductor-managed
There are also some version restrictions that are at play. i.e. mist > 6.x, conductor > 6.3, etc. And initially only mist-managed is available.
* Hourly Plan: This provides a free trial period for 30 days and an hourly software cost after the trial expires. This plan is recommended for Proof of Concepts and Trials only. Software upgrades and deployments outside of the cloud, (on premises) require a software access token. Select the Hourly plan of the [Session Smart Networking Platform](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/juniper-networks.session-smart-networking-payg?tab=Overview) offering. | ||
|
||
* Bring Your Own License (BYOL): This allows you to install your own licensed copy of the SSR software on an Azure VM. A token or certificate is required to install the software. If a token or certificate is not in your possession, please contact your Juniper Sales representative. Refer to the [Session Smart Networking Platform (BYOL)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A token or certificate is required to install the software
This is only true for conductor/conductor managed onboarding. For mist managed we use the mist proxy repos.
* Provide the name of the VNet in the **Virtual Network Name** field (for example: `128T-VNet`). | ||
* Provide the name of the availability set in the **Availability Set Name** field (for example: `128TRouterSet`). | ||
* Provide the name of the **Public Subnet Name** | ||
* Provide the name of the **Private Subnet Name** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The final template will have 3 subnets. Public
, Private
, Management
|
||
![CloudFormation Template](/img/azure-byol-template.png) | ||
|
||
Answer the following 4 questions to launch the deployment of an SSR. For additional information refer to [Launch the Template](#launch-the-template). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BYOL will have another "question" to answer What SSR version do you want to install?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This goes in the version
field in the templates
@@ -164,11 168,11 @@ write_files: | |||
| Option | Meaning | | |||
| ------ | ------- | | |||
| name | The name of the router to use for Mist onboarding. By default, the instance name will be used. | | |||
| registration-code | The Mist registration used for adoption of the instance to a Mist org. | | |||
| registration-code | The Mist registration used for adoption of the instance to a Mist organization. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Need to add ssr-version
to the onboarding config for BYOL
@@ -265,21 267,21 @@ A description of the parameters of the template are listed in the following tabl | |||
| Private Subnet Allowed CIDR | It corresponds to the source IP CIDR range of the internal workloads/endpoints allowed to originate traffic to the private interface of the router. This field allows for defining a well defined and trusted IP address range. By default is set to 0.0.0.0/0 to allow every workload/endpoint to communicate with the router. | | |||
| Management Subnet Name | The name of the management subnet within the VNet. | | |||
| Admin Allowed CIDR | It allows for restricting reachability to the management interface of the router to a well known source IP address CIDR range. By default is set to 0.0.0.0/0 allowing every IP address to reach the management interface. Once the deployment completes, it is highly recommended to update the configuration of the network security group to allow only access from the source IP address/es where the Session Smart Router will be administered. | | |||
| Registration Code | The Mist registration used for adoption of the instance to a Mist org. | | |||
| Registration Code | The Mist registration used for adoption of the instance to a Mist organization. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The template also has version
which corresponds to ssr-version
@@ -280,10 283,10 @@ aws ec2 create-launch-template \ | |||
:::important | |||
When logging to the Linux instance via SSH use `t128` as the username and the SSH public key of the IAM user provided in the template. | |||
If a template of the Bring Your Own License image was used, SSH to the EC2 instance using `t128` as the username as indicated in the `SSHLogin` field. Launch the software installation process with the command `sudo install-ssr`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this applies anymore
* Provide the name of the **Public Subnet Name** | ||
* Provide the name of the **Private Subnet Name** | ||
* Provide the name of the **Management Subnet** | ||
* Which Mist organization is going to manage it? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@haberkornsam we need to insert a step here to Provide the SSR version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That step is at the top of the list. I assumed it was the first thing on the template. I probably should have looked more closely at the azure template.
|
||
<img src={useBaseUrl('/img/platforms_azure_private_image_version_mismatch.png')} alt="Private Image Version Mismatch" width="75%" height="75%" /> | ||
|
||
### Device Does Not Exist In Mist after ZTP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@haberkornsam we added a new lite TSI for this case, can you please update the section based on those instructions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Additionally, we added a command line tool that a user can run to onboard the router (if they do not use cloud-formation/cloud-init etc). So please make sure we capture that as well.
static/img/azure-byol-template.png
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@haberkornsam we'll need a new screenshot that includes the SSR version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SSR version is included in the screenshot. It's just called version
. Should we update the templates to say SSR Version
?
static/img/aws-byol-template.png
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The graphic is a bit small - but just checking to make sure the SSR version is included here? If not, we need a new screenshot with that - @haberkornsam please help with this
No description provided.