1. Features Guide
  2. Release 9.0 Features
  3. Microsoft Azure Virtual WAN

Microsoft Azure Virtual WAN

Microsoft Azure Virtual WAN is a cloud networking service that allows you to create a connection between site networks, internet, and Azure Virtual Networks (VNets). It provides optimized and automated branch connectivity through and to Azure. Azure Virtual WAN gateways are hosted and managed by Azure, and the connections are managed by the user.

Microsoft has created a partner program that allows for Oracle SD-WAN to be integrated. This connection is created using IPSec tunnels.

For more information, see the Azure website.

Prerequisites

In order to integrate Oracle SD-WAN with Microsoft Azure, you must have the following:
  • An Azure account, which includes an associated Subscription ID and Tenant ID, as well as access to the Azure portal.
  • An Oracle SD-WAN Edge system.
  • Direct internet access through the tn-mgt0 interface.

Configuring Azure Virtual WAN

There are two parts to the configuration process:
  1. In the Azure Portal, create a new Virtual WAN, hub, and connect the Virtual Network to the hub. You must also obtain an application ID and a secret key.
  2. In Oracle SD-WAN Edge, use your Azure credentials, application ID, and secret key to create a new Azure service, and connect it back to Azure using IPSec tunnels.

Create a Virtual WAN

Follow these steps to create a new Virtual WAN from the Azure portal.
  1. Navigate to the Azure portal and sign in with your Azure account.
  2. Click on +Create a resource.
  3. Type Virtual WAN into the search box and then click on Enter.
  4. Select Virtual WAN. On the Virtual WAN page, click on Create to bring up the Create WAN page.
  5. Click on the Basics tab and fill in the following fields:
    • Subscription: Select the subscription you want to use.
    • Resource Group: Create a new resource group or choose an existing one.

      Note:

      It is recommended that you create a new resource group.
    • Resource Group Location: Select a resource location of your WAN.
    • Name: The name of your WAN.
    • Type: Choose Basic or Standard. If you create a basic WAN, you can only create a basic hub.
  6. Click on Review +Create.
  7. Once validation passes, click on Create to create your virtual WAN.

Create a Hub

Follow these steps to create a hub in the Azure portal:
  1. On the page for the Virtual WAN you created, click on Hubs in the Connectivity section.
  2. Click on + New Hub.
  3. Enter the following on the Basics tab:
    • Region
    • Name
    • Hub private address space. The minimum address space is /24.
  4. Click on the Next: Site to site button.
  5. On the Site to site tab, fill out the following fields:
    • Creating a Site to Site VPN: Select Yes.
    • Gateway scale units: Select the number of units from the dropdown.
  6. Click on Review + Create.
  7. Once validated, click on Create. It will take 30 minutes to process.

Connect a Virtual Network to the Hub

Follow these steps to create a connection between a Virtual Network and your hub in the Azure portal.
  1. On your Virtual WAN page, click on Virtual Network Connections.
  2. Click on + Add connection.
  3. Fill in the following fields:
    • Connection name: The name of your connection.
    • Hubs: Select the hub to connect to.
    • Subscription: Verify the subscription.
    • Virtual network: Select the virtual network to connect to the hub. This cannot have a pre-existing virtual network gateway.
  4. Click on OK to create.

Create an Application ID and Secret Key

Follow these steps to register your app in the Azure portal and create an application ID and secret key.
  1. Log in to the Azure portal.
  2. Navigate to Azure Active Directory, App registrations, New registration.
  3. Enter a name for the app.
  4. Select the supported account types.
  5. Choose Web as the app type under Redirect URI.
  6. Click on Register.
  7. Make note of the application ID (also referred to as the client ID).
  8. To create a secret key, click on the Certificates & secrets page.
  9. Click on New client secret.
  10. Enter a description and an expiration date.
  11. Click on Add.
  12. Make note of the secret key, as you cannot retrieve it later.

Perform the following steps to assign the appropriate roles for authentication purpose:

  1. In the Azure portal, navigate to the Resource Group where the Virtual WAN was created.
  2. Navigate to Access control (IAM).
  3. Click + Add and select Add role assignment.

    Provide values for the following fields:

    • Role: Select Owner from the drop-down list. This role allows management of everything including access to resources.
    • Assign access to select Azure AD user, group, or service principal.
    • Select Provide the name of the registered application created earlier and select the corresponding entry when it appears.
  4. Click Save.

Create an Azure Configuration

Once you have a subscription ID, tenant ID, application ID, and secret key, you can enter these into the Oracle SD-WAN Edge Configuration Editor to begin the automation process. Follow these steps:
  1. From your Edge system, navigate to Configuration, Configuration Editor.
  2. Click on the Global option.
  3. On the menu on the lefthand side, click on Services.
  4. Click on the arrow next to Microsoft Azure Virtual WAN Services.
  5. Enter your subscription ID, tenant ID, application ID, and secret key.
  6. Click on Sync with Azure to validate these credentials.
  7. Once validated, choose a available WAN hub to connect to from the dropdown.
  8. Click on Save.

Add Service to the Site

Once you've configured the Microsoft Azure service, you can add the service to the site. In order to connect to Azure Virtual WAN, there must be 2 active/active IPsec tunnels.
If you use one WAN link, the local WAN link serves as the end point of both tunnels connected to the branch site.
  1. From your site, navigate to the Services page.
  2. Click on the arrow next to Azure Virtual WAN service.
  3. Click on Add.
  4. Enter 1 WAN link to use.
  5. Enter which hub to use on the list of available hubs.
  6. Save once completed.