Azure Cloud Deployment#
VOSS Automate can be deployed into the Azure cloud by means of terraform scripts.
Hardware Requirements#
For details on Standard and Modular Topologies, refer to the VOSS Automate Architecture and Hardware Specification Guide and Platform Guide.
Unified or Database Nodes:
VM Size: Standard_E4as_v5
CPU: 4
RAM: 32
OS Disk: 30 GB, Premium_LRS
Application Disk: 50 GB, Standard_LRS
Backup Disk: 55 GB, Standard_LRS
DB Disk: 250 GB, Premium_LRS
Insights Disk: 70 GB, Premium_LRS
Total Disk size: 455 GB
Application Nodes:
VM Size: Standard_E4as_v5
CPU: 4
RAM: 32
OS Disk: 30 GB, Premium_LRS
Application Disk: 50 GB, Standard_LRS
Total Disk size: 80 GB
Web Proxies:
Web Proxies are replaced by an Azure Load Balancer or Application Gateway
Network Communications External to the Cluster#
The following details are all based on the default settings. These can vary depending on the application setup and network design (such as NAT) of the solution, so may need adjustment accordingly. Where a dependent is noted, this is fully dependent on the configuration with no default.
These communications are all related to communications with devices external to the cluster.
Outbound Communications to Devices from the Application/Unified nodes:
Communication
Protocol
Port
Cisco Unified Communications Manager (UCM)
HTTPS
TCP 8443
Cisco Unity Connection (CUXN)
HTTPS
TCP 443
Webex
HTTPS
TCP 443
LDAP directory
LDAP
TCP/UDP 389 and/or 636(TLS/SSL)
VOSS Automate Communications
The cluster contains multiple nodes which can be contained in separate secured networks. Network ports need to be opened on firewalls and/or network security groups to allow inter-node communication – these are described in more detail in the Platform Guide.
All communication between nodes are encrypted.
Communication |
Protocol |
Port |
|---|---|---|
Database access |
Database |
TCP 27020 and 27030 bi-directional |
Cluster Communications |
HTTPS |
TCP 8443 |
Remote Administration |
SSH |
TCP 22 |
Web Server Communication |
HTTP/HTTPS |
TCP 80/443 |
Simple Network Management Protocol |
SNMP |
UDP 161 and 162 |
Network Time Protocol |
NTP |
UDP 123 |
Domain Name System |
DNS |
UDP 53 |
VOSS Automate Azure Deployment Procedure#
The supplied terraform deployment configuration requires the following:
Existing resources:
Resource group
Virtual Network
Virtual Network Subnet
Disk Encryption Set (Optional if required to have Customer-Managed Keys)
App Registration with a role assignment of “Contributor” on the Resource Group to allow terraform to deploy
Record “client_id”
Record “client_secret”
Record “tenant_id”
Record “subscription_id”
Bastion Server (Required for the initial deployment and Administration Access)
Deploy the Bastion Server within the same Virtual Network that Automate will be deployed in.
VM Size: 1vCPU, 2GB RAM, 30GB Storage is sufficient
OS Type: Ubuntu or Windows
Install AZ CLI
Install Terraform
Upload the voss-automate-terraform.zip file to the bastion server and extract it.
Update values.yaml with appropriate information
Ensure that the local file sources for each provisioner “file” block are correct in modules/voss-node/provision.tf.
provisioner "file" { # Windows source path example # source = "C:\\path\\to\\your\\platform-install.iso" source = "~/voss-automate-terraform/files/platform-install.iso" destination = "/home/install/platform-install.iso" }Deployment Type
The defaults are configured as follows:
Unified: Availibility Zone 1 1x Unified Node Modular: 2x Application, 3x Database Availibility Zone 1 App Node 1, Database Node 1 Availibility Zone 2 App Node 2, Database Node 2 Availibility Zone 3 Database Node 3If the requirement is to deploy more than the defaulted Unified or Application(Modular) Nodes, edit the voss-automate-terraform/modules/voss-deployment/main.tf file.
module "voss-unified-node" { count = var.deployment_type == "Unified" ? 1 : 0 } module "voss-app-node" { count = var.deployment_type == "Modular" ? 2 : 0 }Configure the state backend in main.tf (defaults to a local file) if required
For the terraform deployment, it is recommended to use a
tmuxsession.tmux - start a new session tmux list-sessions - show sessions already available tmux attach -t [session number] - reconnect to a disconnected session
Run terraform
From the root terraform directory
Run: terraform init
Run: terraform plan (Validate plan)
Default total resources to be created (Example):
Plan: 11 to add, 0 to change, 0 to destroy. Modular (2 App 3 DB): Plan: 43 to add, 0 to change, 0 to destroy.
Run: terraform apply
An install log file will be created to monitor the installation progress.
On each of the newly deployed node(s), log in as the platform user, using the password configured in
values.yaml(automate_cli_password).8.1. Run: log list platform_install.run
8.2. Run: log follow install/platform_install.run-tty-<current_date>.log
Once the installation is complete, the log file will return
Platform installed successfully.
VOSS Automate Platform Config and Template Install Procedure#
You are now ready to configure the platform and install the template.
On each of the newly deployed node(s), log in as the platform user.
username: platform password: automate_cli_password (Specified in the values.yaml file)
Note
For both Azure and AWS, deploy using Automate 25.1 and later, the
security checkandsecurity updatecommands are not available, since security updates are included during the release upgrade process.