Deployment into the Azure Cloud#
VOSS Automate can be deployed into the Azure cloud by means of terraform scripts.
Hardware Requirements#
For details on Standard and Modular Topologies, refer to the VOSS Automate Architecture and Hardware Specification Guide and Platform Guide.
Unified or Database Nodes:
VM Size: E4ds_v4 Standard
CPU: 4
RAM: 32
OS disk: 30GB, Premium_LRS
application disk: 50GB, Standard_LRS
backup disk: 55 GB, Standard_LRS
DB disk: 250 GB, Premium_LRS
Total disk size: 385GB
Application Nodes:
VM Size: E4ds_v4 Standard
CPU: 4
RAM: 32
OS disk: 30GB, Premium_LRS
application disk: 50GB, Standard_LRS
Total disk size: 80GB
Web Proxies:
Web Proxies are replaced by an Azure Load Balancer
Network Communications External to the Cluster#
The following details are all based on the default settings. These can vary depending on the application setup and network design (such as NAT) of the solution, so may need adjustment accordingly. Where a dependent is noted, this is fully dependent on the configuration with no default.
These communications are all related to communications with devices external to the cluster.
Outbound Communications to Devices from the Application/Unified nodes:
Communication
Protocol
Port
Cisco Unified Communications Manager (UCM)
HTTPS
TCP 8443
Cisco Unity Connection (CUXN)
HTTPS
TCP 443
Webex
HTTPS
TCP 443
LDAP directory
LDAP
TCP/UDP 389 and/or 636(TLS/SSL)
Cisco HCM-F
HTTPS
TCP 8443
VOSS Automate Communications
The cluster contains multiple nodes which can be contained in separate secured networks. Network ports need to be opened on firewalls and/or network security groups to allow inter-node communication – these are described in more detail in the Platform Guide.
All communication between nodes are encrypted.
Communication
Protocol
Port
Database access
Database
TCP 27020 and 27030 bi-directional
Cluster Communications
HTTPS
TCP 8443
Remote Administration
SSH
TCP 22
Web Server Communication
HTTP/HTTPS
TCP 80/443
Simple Network Management Protocol
SNMP
UDP 161 and 162
Network Time Protocol
NTP
UDP 123
Domain Name System
DNS
UDP 53
VOSS Automate Azure Deployment Procedure#
The supplied terraform deployment configuration requires the following:
Existing resources
Resource group
Virtual Network
Virtual Network Subnet
Disk Encryption Set
Create an access policy for the “disk encryption set” granting get, wrap and unwrap key permissions on the key vault being used
App Registration with a role assignment of “Contributor” on the Resource Group to allow terraform to deploy
Record “client_id”
Record “client_secret”
Ensure that you run terraform from a VM or device with routing to the virtual network subnet
Install terraform version 1.3.2 or later
Extract the terraform.zip contents
Update values.yaml with appropriate information
Deployment Type
The defaults are configured as follows:
Unified: Availibility Zone 1 1x Unified Node Modular: 2x Application, 3x Database Availibility Zone 1 App Node 1, Database Node 1 Availibility Zone 2 App Node 2, Database Node 2 Availibility Zone 3 Database Node 3
If the requirement is to deploy more than the defaulted Unified or Application(Modular) Nodes, edit the terraform/modules/voss-deployment/main.tf file.
module "voss-unified-node" { count = var.deployment_type == "Unified" ? 1 : 0 } module "voss-app-node" { count = var.deployment_type == "Modular" ? 2 : 0 }
Configure the state backend in main.tf (defaults to a local file)
Run terraform
From the root terraform directory
Run: terraform init
Run: terraform plan (Validate plan)
Default total resources to be created:
Unified (1 Node): Plan: 10 to add, 0 to change, 0 to destroy. Modular (2 App 3 DB): Plan: 39 to add, 0 to change, 0 to destroy.
Run: terraform apply
VOSS Automate Platform Config and Template Install Procedure#
On each of the newly deployed node(s), log in as the platform user, using the password configured in values.yaml (voss_password)
1.1. Run: system reboot. Alternatively you can reset the Virtual Machine from the Azure Portal. This is to ensure all services are running before proceeding with the cluster configuration.
On a unified or application node, log in as the platform user:
2.1. Run: cluster run all prepnode –force
2.2. Obtain the IP address. Run: cluster run all network interfaces
Example output:
$ network interfaces interfaces: eth0: gateway: 10.0.0.1 ip: 10.0.0.4 netmask: 255.255.255.0
2.3. Add the IP addresses obtained in the previous step to the cluster:
cluster add <IP1>, cluster add <IP2>, …
2.4. Add database weights to your database nodes ():
For a single Unified node deployment, this step can be skipped.
For a Modular deployment:
Run: cluster run <Database Node IP> database weight add <IP1> <priority> …
For a Unified deployment:
database weight add <IP1> <priority>, database weight add <IP2> <priority>, …
Weights of 30, 20, 10 are recommended for Modular database nodes Weights of 40, 30 are recommended for two Unified nodes Weights of 40, 30, 20, and 10 are recommended for four Unified nodes Weights of 60, 50, 40, 30, 20, and 10 are recommended for six Unified nodes
The higher the value, the higher priority.
For the remaining installations over ssh, it is recommended to use a screen session.
screen - start a new session screen -ls - show sessions already available screen -r [screen PID] - reconnect to a disconnected session
Determine which node is the primary application node.
Run the following command on an Application/Unified node to determine the PRIMARY NODE:
Command :
cluster run application cluster primary role application
Search for node with
is_primary: true
On the primary application node
4.1. Run cluster provision
4.2. Run voss cleardown
4.3. Install the templates.
app template media/<template file name>.template