Deploying the vSRX Image from Azure Marketplace

 

Starting in Junos OS Release 15.1X49-D91 for vSRX, you can deploy the vSRX virtual security appliance in your Azure virtual network by selecting the vSRX image from Azure Marketplace and customizing the vSRX VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud.

This deployment approach might be needed if you have a vSRX VM deployment scenario that is outside of the use cases offered in the vSRX VM solution templates available from Juniper Networks.

Note

Be sure you have an account for and a subscription to Microsoft Azure before deploying the vSRX to Azure (see Microsoft Azure).

If you do not have an Azure subscription, then you can create a free account before you begin. See the Microsoft Azure website for more details.

Use the following procedures to deploy and configure a vSRX VM into an Azure virtual network from the Azure portal.

Deploying the vSRX Image

To deploy and configure a vSRX VM into an Azure virtual network using the vSRX image from Azure Marketplace:

  1. Log in to the Microsoft Azure portal using your Microsoft account user name and password. The Dashboard appears in the Azure portal (see Figure 1). You will see a unified dashboard for all your assets in Azure. Verify that the dashboard includes all subscriptions to which you currently have access, and all resource groups and associated resources.



    Figure 1: Microsoft Azure Portal Dashboard

    Microsoft Azure Portal
Dashboard
  2. Click Marketplace from the dashboard to access the Azure Marketplace, and then click Everything (or click New > Everything). Enter vsrx to search for the available Juniper Networks vSRX VM images in the Azure Marketplace (see Figure 2). The vSRX image is available as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service.



    Figure 2: Locating the vSRX VM Image in the Azure Marketplace

    Locating the vSRX
VM Image in the Azure Marketplace
  3. Select the vSRX VM image from the list and then click Create to initiate the vSRX VM deployment process (see Figure 3).



    Figure 3: Initiating vSRX VM Deployment

    Initiating vSRX VM Deployment
  4. From the Create Virtual Machine blade, 1 Basics, configure the following parameters (see Figure 4).



    Figure 4: Create Virtual Machine - Basics

    Create Virtual
Machine - Basics

    Parameter

    Description

    Name

    Specify a name for your vSRX VM. Your vSRX VM name cannot contain non-ASCII or special characters.

    VM Disk Type

    Specify the disk type to use for the vSRX VM: SSD or HDD. The default is SSD.

    User name

    Enter a username to access the vSRX VM. The username cannot contain uppercase characters, special characters, or start with a “$” or “-” character.

    Authentication type

    Select the required method of authentication to access the vSRX VM: Password or SSH public key. Select Password as type of authentication and then enter (and confirm) your password.

    Note: In Junos OS Release 15.1X49-D91 for vSRX, SSH public key is not a supported authentication method. You will need to specify a password to log in to the vSRX VM.

    Starting in Junos OS Release 15.1X49-D110 for vSRX, SSH public key is a supported authentication method.

    Password

    Enter an appropriate root password used to access the vSRX VM.

    Subscription

    Select your Microsoft Azure subscription.

    Resource Group

    Select an existing resource group or create a new one (see Creating a Resource Group).

    Location

    Select the Azure geographic region in which you are deploying the vSRX VM.

    Click OK.

  5. From the Create Virtual Machine blade, 2 Size, select DS3_v2 Standard as the vSRX VM size (see Figure 5). Click Select.

    DS3_v2 Standard is used for a vSRX VM deployment. See Requirements for vSRX on Microsoft Azure for the recommended system requirements for a vSRX instance in Microsoft Azure.

    Figure 5: Create Virtual Machine - Choose a Size

    Create
Virtual Machine - Choose a Size
  6. From the Create Virtual Machine blade, 3 Settings, configure the following parameters to define the storage, networking, and monitoring settings for the vSRX VM (see Figure 6). Click OK when completed.



    Figure 6: Create Virtual Machine - Settings

    Create
Virtual Machine - Settings

    Parameter

    Description

    Storage

    Used Managed Disks

    Specify whether you want Azure to automatically manage the availability of disks to provide data redundancy and fault tolerance without you creating and managing a storage account. Click No.

    Storage Account

    If you need to change the storage account for the vSRX VM, click the right arrow to access the Choose Storage Account blade. Select an existing storage account for the vSRX VM, or click Create new (+) to create a new one. See Creating a Storage Account for details about creating a new storage account.

    Network

    Virtual Network

    If you need to change the virtual network for the vSRX VM, click the right arrow to access the Choose Virtual Network blade. Select an existing virtual network for the vSRX VM, or click Create new (+) to create a new one. See Creating a Virtual Network for details about creating a new virtual network.

    Subnet

    Enter a subnet, which is a range of IP addresses in your virtual network to isolate VMs. Public subnets have access to the Internet gateway, but private subnets do not.

    A vSRX VM requires two public subnets and one or more private subnets for each individual instance group. The public subnets consist of one for the management interface (fxp0) and another for the two revenue (data) interfaces. The private subnets, connected to other vSRX interfaces, ensure that all traffic between applications on the private subnets and the Internet must pass through the vSRX instance.

    To modify the subset for the virtual network, click the right arrow to access the Create Subnet blade.

    Configure the following parameters:

    • Subnet name—A unique name for the subnet in the Azure virtual network.

    • Subnet address range—The subnet’s address range in CIDR notation. It must be contained by the address space of the virtual network. Subnet address ranges cannot overlap one another. By default, the address range is 10.0.0.0/24.

      Note: The address range of a subnet that is already in use cannot be edited.

    Public IP address

    Specify the public IP address that allows communication to the vSRX VM from outside the Azure virtual network. To modify the public IP address for the vSRX VM, click the right arrow to access the Choose Public IP Address blade. Select a public IP address in your Azure subscription and location, or click Create new (+) to create a new one.

    Configure the following parameters:

    • Name—A unique name for the public IP address.

    • Assignment—There are two methods in which an IP address is allocated to a public IP resource: dynamic or static. By default, public IP addresses are dynamic, where an IP address is not allocated at the time of its creation. Instead, the public IP address is allocated when you start (or create) the resource. The IP address associated to them may change when the vSRX VM is deleted.

      To guarantee that the vSRX VM always uses the same public IP address, we recommend you assign a static public IP address.

    Network security group

    Specify a network security group, which is a set of firewall rules that control traffic to and from the vSRX VM. Each network security group can contain multiple inbound and outbound security rules that enable you to filter traffic by source and destination IP address, port, and protocol. You can apply a network security group to each NIC in the VM.

    To modify the network security group for the vSRX VM to filter traffic, click the right arrow to access the Choose Network Security blade. Select a network security group in your Azure subscription and location, or click Create new (+) to create a new one.

    Configure the following parameters:

    • Name—A unique name for the network security group.

    • Inbound rules—You can add one or more inbound security rules to allow or deny traffic to the vSRX VM.

    • Outbound rules—You can add one or more outbound security rules to allow or deny traffic originating from the vSRX VM.

    Extensions

    Extensions

    No extensions are used for the vSRX VM.

    High Availability

    Availability Set

    Confiigure two or more VMs in an availability set to provide redundancy to an application.

    Note: Availability Set should be set to None for the vSRX VM. Availablilty Set is not used for the vSRX VM in Azure because chassis clustering is not supported by the vSRX at this time.

    Monitoring

    Boot Diagnostics

    Enables or disables the capturing of serial console output and screenshots of the VM running on the host to help diagnose start-up issues. The default is Enabled.

    Guest OS Diagnostics

    Enables or disables the ability to obtain metrics every minute for the VM. Choices are: Disabled or Enabled. The default is Disabled.

    Diagnostics Storage Account

    Click the right arrow to view the details of the diagnostics storage account. Automatically fills in with the name of the diagnostics storage account from which you can analyze a set of metrics with your own tools.

  7. From the Create Virtual Machine blade, 4 Summary , review the configuration settings (see Figure 7). If you are satisfied with the configuration settings, click OK.



    Figure 7: Create Virtual Machine - Summary

    Create Virtual
Machine - Summary
  8. From the Create Virtual Machine blade, 5 Buy review the offer details and the terms of use (see Figure 8). If you are satisfied with the offer details and terms of use, click Purchase.



    Figure 8: Create Virtual Machine - Purchase

    Create
Virtual Machine - Purchase

You return to the Azure portal dashboard, and the dashboard displays the deployment status of the vSRX VM.

Verifying Deployment of vSRX to Microsoft Azure

After the vSRX VM is created, the Azure portal dashboard lists the new vSRX VM under Resource Groups. The corresponding cloud service and storage account also are created and listed. Both the vSRX VM and the cloud service are started automatically and their status is listed as Running

To verify the deployment of the vSRX instance to Microsoft Azure:

  1. To view the vSRX resource group and its resources after deployment is completed, from the right-hand menu, click Resource groups to access the Resource Groups page.
  2. To view details of the vSRX VM associated with the resource group, click the name of the vSRX VM. Observe that the status is Running.Note

    You can stop, start, restart, and delete a vSRX VM from the Virtual Machine page in the Microsoft Azure portal.

    Figure 9 shows an example of a Resource groups vSRX VM in the Microsoft Azure portal.

    Figure 9: Microsoft Azure Resource Groups VM Example

    Microsoft
Azure Resource Groups VM Example

Logging In to a vSRX VM

After vSRX deployment is completed, the vSRX VM is automatically powered on and launched. At this point you can use an SSH client to log in to the vSRX VM.

Note

In Microsoft Azure, individuals and enterprises can host servers and services on the cloud as a pay-as-you-go (PAYG) or bring-your-own-license (BYOL) service. For the vSRX on Microsoft Azure deployment, only the BYOL model is supported.

To log in to the vSRX VM:

  1. From the Azure portal, click Resource groups from the menu of services on the dashboard, and then select the vSRX VM. Locate the public IP address of the vSRX VM from the Settings blade.
  2. Use an SSH client to log in to a vSRX VM.
  3. At the prompt, enter the following login credentials:Note

    The vSRX instance is automatically configured for username and password authentication. To log in, use the login credentials that were defined during the vSRX VM configuration (see Deploying the vSRX Image). After initially logging in to the vSRX, you can configure SSH public and private key authentication.

    # ssh <username@vsrx_vm_ipaddress>

  4. Configure the basic settings for the vSRX VM (see Configuring vSRX Using the CLI).
Release History Table
Release
Description
Starting in Junos OS Release 15.1X49-D91 for vSRX, you can deploy the vSRX virtual security appliance in your Azure virtual network by selecting the vSRX image from Azure Marketplace and customizing the vSRX VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud.