ADMINISTRATION PORTAL
Help Center User GuideGetting StartedFAQsRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Contents  

Provisioning a Cloud Spoke Site in AWS VPC

Use the following high-level steps to provision a vSRX cloud spoke site in Amazon Web Services (AWS) virtual private cloud (VPC).

Before You Begin

Before you begin:

To set up and monitor your network:

Add a Cloud Spoke Site

Procedure

To add a cloud spoke site:

  1. Select Resources > Site Management.

    The Sites page appears.

  2. Click Add > Add Cloud Spoke.

    The Add On-Premise Spoke Site for Tenant-Name page appears.

  3. Specify the site information such as, site name, AWS region, VPC ID, management subnet, IP prefix and click Next.
  4. Specify vSRX as SD-WAN spoke in AWS as the device template.

    Note 

    • Only hub-and-spoke topology is supported for AWS cloud spoke site.

    • Only Internet link is supported for WAN underlay connections.

  5. Provide the WAN details and click Next.

    The WAN traffic page appears, displaying a set of values for the WAN link configuration.

  6. Specify additional requirements and click Next.
  7. Specify LAN segment information and click Next.
  8. In the Summary tab, check the configuration and click Edit to modify the settings.
  9. Click OK to save the changes.

    The new cloud spoke site that you created appears in the Sites page.

Download the Cloud Formation Template

Procedure

To download the cloud formation template:

  1. Click Resources > Devices.

    The Devices List page appears.

  2. Select the device and click Cloud Info Template.

    The Cloud Info Template page appears.

  3. Click Download to download the cloud formation template.

    The template is downloaded to your local computer in JSON format.

Provision the Device on AWS Server

CSO creates cloud formation template with stage-1 configuration bundled in JSON format. You must download this template and then upload to AWS to provision the vSRX. The cloud formation template creates the required resources such as subnet, interface, vSRX and so on and applies the stage-1 configuration.

Procedure

To provision the device on AWS server:

  1. Log in to your AWS account.
    • If you have already logged in to your AWS account, the Create Stack page appears.

    • If you are not logged into your AWS account, a new Web page opens in your browser, displaying the AWS login information. Log in to your AWS account.

      Tip If you do not see the Create Stack page when you log in to or access your AWS account, then search for CloudFormation service.

      The Create Stack page appears.

  2. Select CloudFormation > Stacks > Create Stack > Upload a template to Amazon S3.
  3. Click Choose File and select the cloud formation template that you downloaded in JSON format .
  4. Click Next.
  5. Specify the Stack name. For example, Oregonstack.
  6. In the Parameters section, specify the KeyName for your EC2 instance.
  7. Click Next.
  8. Select I acknowledge that AWS CloudFormation might create IAM Resources.
  9. Click Create.

    The Create Stack pages displays a list of existing stacks and indicates that it is creating the stack that you requested. The create stack process takes up to 30 minutes. if the process does not complete in 30 minutes, a timeout occurs and you need to retry the process.

Activate the Device

Procedure

To activate the device:

  1. After the create stack process is complete, return to the Customer Portal and click Next.

    The Activate Device page displays a status indicating that CSO is detecting the provisioning agent. This process takes up to 30 minutes. if the process does not complete in 30 minutes, a timeout occurs and you need to retry the process.

    Note You need not download the cloud formation template again. You can log in to the Customer Portal, access the Activate Device page, enter the activation code and click Next. After the CREATE_COMPLETE message is displayed on the AWS server, click Next on the Activate Device page to proceed with device activation.

    If the spoke on AWS has been spawned successfully on AWS, it will contact CSO through outbound SSH connection. The device is detected and normal ZTP, process is triggered. The rest of the workflow is consistent with the normal on-premise workflow.

    On Device Activation page, the device is activated through the following steps:

    • Detecting the device

    • Applying stage-one configuration to the device

    • Bootstrapping of device

    • Activating the device

    After each successful step, you can see a green check mark. If any of these steps fails, a red exclamation mark appears.

  2. After the activation process is complete, click OK.

    The Sites page appears. To see the device activation status, hover over the device icon on the Sites page.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit