Run Layer7 API Gateway in Microsoft Azure Cloud
This section describes the procedures and the best practices for running the CA API Gateway image in Microsoft Azure Cloud. This article is intended for system administrators or an equivalent technical user.
This section describes the procedures and the best practices for running the
Layer7 API Gatewayimage in Microsoft Azure Cloud. This article is intended for system administrators or an equivalent technical user.
- Ensure that you have access to Azure Portal Account (https://portal.azure.com).
- Ensure that the latest version of Microsoft Azure Power Shell Command Line Interface is installed in your system.
- TheLayer7 API Gatewayrequires a DS2 or better VM. These are targeted for Premium Storage. The disk controller for the VM must support at least 5000 IOPS.
- Download the Gateway image from here:
The following tool is used to deploy Gateway image as Azure:
- Azure PowerShell Command Line Interface
- Install the required add on modules related to Azure Resource Manager in PowerShell.
Deploy Gateway Image in Azure
Layer7 API Gatewayimage in Microsoft Azure Resource Manager, follow these steps:
- Create Resource Group
- Create Premium Storage Account
- Publish Gateway Image to Azure Portal
- Create Network (Subnet, NIC and Virtual Network)
- Create Virtual Machine
- Deploy Gateway Image to Virtual Machine
Note:Execute the commands in PowerShell CLI.
Before you begin, you must login to Azure portal and set the subscription id by using the following commands:
Login-AzureRmAccount;Set-AzureRmContext –SubscriptionId <subscriptionid>;
For example, Set-AzureRmContext –SubscriptionId 03a51c26-273a-4669-97bc 48bc08c047de;
Create Resource Group
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
Use the following command to create a resource group:
$rgName=”Resource_grp_name”;$location=”Location”;New-AzureRmResourceGroup -Name $rgName -Location $location;
Create Premium Storage Account
To start using Premium Storage, you must create a Premium Storage account. You can create a Premium Storage account by specifying the type as “Premium_LRS” , where LRS is the Locally-redundant storage (LRS) replication.
Use the following command to create a premium storage account:
$storageName = "storage_name";$storageType = "Premium_LRS";$storageacc = New-AzureRmStorageAccount -ResourceGroupName $rgName –Name $storageName -Type $storageType -Location $location;
Publish Gateway Image to Azure Portal
To publish the Gateway Image to Azure portal, create a BLOB URL and set the location of Gateway Hyper V Cent-OS Image. Use the following commands:
- Set Location Path:$VHD_SRC_LOC = ”<image location path>”For example, $VHD_SRC_LOC = “C:\Users\Avn01\Desktop\images\ gateway-<version>-hyperv-centos-x86_64.vhd”
- Create BOLB URL:$BLOB_URL = “<storageAccount>/<blobContainer>/<targetVHDName>”;Where,
- storage account:specifies the storage account name that you have created.
- Blobcontainer:specifies the blob container, that is, blob.core.windows.net
- targetVHDName:specifies the location path of the VHD.
- Publish Gateway VDH to Azure portal:Add-AzureRmVhd -ResourceGroupName $rgName -Destination $BLOB_URL -LocalFilePath $VHD_SRC_LOC;
Create Network (Subnet, NIC and Virtual Network)
An Azure virtual network (VNet) is a representation of your own network in the cloud. You can divide VNet into multiple subnets. Subnet is a range of IP address in the VNet. A NIC is used to connect a VM to a subnet, a public IP address, or a load balancer.
To create Subnet, NIC and VNet, use the following commands:
$nicname = "name_nic";$subnetName = "name_subnet";$vnetName = "name_vnet";$vnetAddressPrefix = "<hostipaddress>/16";$vnetSubnetAddressPrefix = "<hostipaddress>/24";
To configure Subnet and Virtual Network, use the following commands:
$pip = New-AzureRmPublicIpAddress -Name $nicname -ResourceGroupName $rgName -Location $location -AllocationMethod Dynamic;$subnetconfig = New-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $vnetSubnetAddressPrefix;$vnet = New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $location -AddressPrefix $vnetAddressPrefix -Subnet $subnetconfig;$nic = New-AzureRmNetworkInterface -Name $nicname -ResourceGroupName $rgName -Location $location -SubnetId $vnet.Subnets.Id -PublicIpAddressId $pip.Id;
Create Azure Virtual Machine
The Azure virtual machine (VM) lets you create and use VM in the cloud. Create VM where you want to place Gateway Blob as OS Disk. Azure provides multiple standard sizes for VM. For more information about multiple standard sizes, see Cloud Service Sizes Specifications.
Note:We recommend using Standard_DS2 as size for the VM.
To create VM, use the following commands:
$vmName = "VMname_vm";$computerName = "computername_img";$vmSize = "Standard_DS2";$osDiskName = $vmName + "osDisk";
Layer7 API GatewayImage to the Virtual Machine
After you have created the VM, deploy Gateway image in the VM. To deploy the Gateway image in the VM, use the following command:
$vm = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize;$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id;$vm = Set-AzureRmVMOSDisk -VM $vm -Name $osDiskName -VhdUri $BLOB_URL -CreateOption attach –Linux;New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vm -Verbose –Debug;
Configure Gateway in Azure Virtual Machine
After you have successfully created the VM, connect the VM using its IP address.
You can use any SSH client for connecting to the Virtual Machine. A popular client is PuTTY for Windows.
There is a known issue where account lockout occurs when you try to connect to the Gateway via SSH. If this happens to you, refer to the article "Account Lock Outs When Running Gateway in Azure Cloud" in Known Issues.
Follow these steps:
- Open SSH client, and provide the VM IP address to connect.
- Enter the following username and password.
- User name:ssgconfig
The Gateway main menu appears.
- For Forgotten Password:If you have forgotten your Azure VM password, then follow the steps mentioned in Azure Utilities for Wa-agent.
- For Password Expired:If your password has expired, reset the password by executing the following command:chage -M 99999 <USER>You can also verify the changes by executingchage-l <USER>command. The root users can only reset the password.
- Select option1(Configure system settings) from the Gateway main.
- To configure the network details, select option1(Configure networking and system time settings).
- To configure the network interface, select option1(ssg_eth0).
- To enable interface on boot, entery.
- To configure IPv4 networking, entery.
- Enter the following networking details:
- DHCP Host-Name:<host name of the DHCP server>
- To configure IPv6 networking, entern.
- To enter any other network interface, entern.
- To change the current default IPv4 gateway and interface, entern.
- Enter fully qualified hostname of the DHCP server.
- To apply the configuration changes, entery.
- Create a database using either of the following methods:
- Create the database using the Gateway.From the Gateway main menu, select option2(DisplayLayer7 API Gatewayconfiguration menu) and then option2(Create a newLayer7 API Gatewaydatabase). For more information, see Gateway Configuration Menu (Appliance).
- Create an instance of MySQL in Azure. If you require assistance, refer to the "Azure Database for MySQL Documentation" from Microsoft.
- Reboot the Gateway using option R (Reboot the SSG appliance) on the Gateway main menu.The Gateway is configured in Azure VM.
Connect Policy Manager to the Azure Gateway
Connect the Policy Manager to Azure Gateway.
Follow these steps:
- Provide the credentials that you have configured in the database Azure VM IP address.
- Connect to Azure Gateway. For more information about connecting the Policy Manager, see Start the Policy Manager.
The Policy Manager is now connected to the Azure Gateway.