Provision Fleet Service Point in Azure - BlueCat DNS Edge

DNS Edge Deployment Guide (Fleet Service Point)

Locale
English (United States)
Product name
BlueCat DNS Edge

This section gives detailed instructions for provisioning the Fleet Service Point in Azure.

Before you begin

If your Fleet Service Point requires static network configuration, you must first create and configure a network interface on Azure before proceeding to provision the Fleet Service Point VM. Once booted, the IP address of the Fleet Service Point currently cannot be changed. The VM must have a correctly configured NIC attached before its first boot. For more information on configuring a network interface, refer to Setting up the network configuration on Azure.

Configuring Fleet Service Point configuration details:

  1. To add a new Fleet Service Point click on the Fleet Service Points page.
  2. Under Setup, enter the following information:
    • Name: enter the name of the new Fleet Service Point.
    • Description: add a description. This is optional.
  3. Under Type, select Azure from the drop-down menu.
  4. Under Network, enter the hostname of the Fleet Service Point.
  5. Under Access, enter the following information:
    Note: The SSH Public Key and VM Console Password are applied to the operations user account.
    Attention: The SSH Public Key and VM Console Password fields are mandatory and must be filled out to provision the Fleet Service Point.
    • SSH Public Key: Enter the SSH public key of the Fleet Service Point. This adds the public key to the .ssh directory of the Fleet Service Point and allows you to SSH into the Fleet Service Point.
    • VM Console Password: Enter the console password for the Fleet Service Point. The password must meet the following requirements:
      • It must contain lowercase characters.
      • It must contain uppercase characters.
      • It must contain numbers.
      • It must contain symbols.
      • It must not contain spaces.
      • It must contain at least 12 characters.
    • Confirm Password: Confirm the console password for the Fleet Service Point entered in the VM Console Password field.
  6. (Optional) Under HTTP Proxy, enter the following information:
    • Enter the hostname of the proxy that the Fleet Service Point will use.
    • (Optional) Add the port number used to connect to the proxy server. By default, the value is 443.
    • (Optional) Enter the username and password that will be used to authenticate against the proxy server.
  7. Click Save and Download.
  8. Click Download Configuration to download the configuration file.
    Attention: The configuration file of the Fleet Service Point can only be downloaded once and cannot be recovered later. The configuration file is a base64 encoded text file and can contain sensitive information such as HTTP proxy credentials.

    BlueCat strongly recommends storing the configuration file in a secure location and only storing the configuration file for as long as required. The configuration file should be securely destroyed when it is no longer in use.

Setting up the network configuration on Azure:
  1. Log in to the Azure portal.
  2. Click Create a resource.
  3. Search for Virtual Network, and select Virtual Network.
  4. Click Create.
  5. In the Basics tab, complete the following required settings:
    • Subscription: Select your subscription.
    • Resource Group: Create a new resource group or select an existing resource group.
    • Virtual machine name: Enter a name for the network.
    • Region: Choose your Azure region. BlueCat recommends that you choose an Azure region where the BlueCat recommended default instance size of Standard_F4s_v2 is available.
  6. In the IP Addresses tab, complete the following required settings:
    • IPv4 address space: Enter an IPv4 address space in CIDR notation.
    • (Optional) IPv6 address space: Enter an IPv6 address space in CIDR notation.
      Note:
    • Add subnet: Enter the name of the subnet and the subnet range for the IPv4 and IPv6 address space created (if applicable).
  7. When you are done, click Review + create to start the validation process. When validation is complete, click Create to create the network.

Make note of the Virtual Network name and Subnet name, as these will be used for provisioning the Fleet Service Point VM.

Provisioning the Fleet Service Point on Azure:
  1. Log in to the Azure portal.
  2. Click Create a resource.
  3. Search for BlueCat, and select BlueCat DNS Edge Fleet Service Point: Advanced Setup. Optionally, you can open the Marketplace blade from your Dashboard to search.
  4. Click Create. The Create a virtual machine page opens with BlueCat DNS Edge Fleet Service Point as the image.
  5. In the Basics tab, complete the following required settings:
    • Subscription: Select your subscription.
    • Resource Group: Create a new resource group or select an existing resource group.
    • Virtual machine name: Enter a name for the VM.
    • Region: Choose your Azure region. BlueCat recommends that you choose an Azure region where the BlueCat recommended default instance size of Standard_F4s_v2 is available.
    • Availability zone: Select the availability zone. For more information, refer to http://go.microsoft.com/fwlink/?LinkId=2189629.
    • Size: Select the size of the VM. BlueCat recommends configuring an instance size of Standard_F4s_v2.
    • Authentication type: Select Password.
      Attention: These fields are required only to bypass the Azure validation process when creating a VM. The SSH public keys will be configured when entering content from the Fleet Service Point configuration file in the User Data field later in the provisioning process.
  6. In the Disks tab, complete the following required settings:
    • OS disk type: Select your preferred disk type. BlueCat recommends configuring Standard SSD.
    • Enable the Delete with VM option to ensure that the resource created is deleted with the VM.
  7. In the Networking tab, complete the following required settings:
    • Select the Virtual Network previously created.
    • Enable the Delete NIC when VM is deleted option.
    Attention: Fleet Service Points do not support changing IP addresses once the VM has been created.
  8. In the Management tab, you can configure optional monitoring and management options for your VM. For most environments, BlueCat recommends that you keep the default system settings values when possible. Only change these settings where your environment requires it.
  9. In the Advanced tab, navigate to the User Data section and complete the following required settings:
    • Enable the Enable user data option.
    • Within the User data field, enter the contents of the decoded base64 file provided by the Edge Cloud when creating the Fleet Service Point.
      Attention: You must decode the contents of the configuration file using any base64 decoding tool before entering the contents in the User Data field.
  10. In the Tags tab, you can configure optional tags to which your VM will be associated.
  11. When you are done, click Review + create to start the validation process.

Opening ports on the Fleet Service Point VM:

Once you have provisioned your Fleet Service Point VM, you must open certain ports to ensure that it can connect to the Edge Cloud and function correctly. The following ports and protocols must be opened on the Fleet Service Point VM in Azure:
  • Port 22 (TCP)—used for SSH connections.
  • Port 53 (TCP and UDF)—used for DNS service.
  • Port 2021 (TCP)—used for DNS resolver service diagnostics.
  • Port 8083 (TCP)—used for Fleet Service Point diagnostics.

For more information on opening ports on VMs in Azure, refer to https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal.

After you have opened the ports on the Fleet Service Point, you can start the Fleet Service Point VM.

Attention: Once you have deployed the Fleet Service Point, use the Fleet Service Point diagnostics API to verify that the Fleet Service Point has successfully registered. The registered field within the Fleet Service Point diagnostics API response returns a value of true when the Fleet Service Point has successfully registered with the DNS Edge Cloud. If the value is not true, this may indicate that there is an issue with the Fleet Service Point provisioning and the service point may not operate as intended.

For more information on the Fleet Service Point diagnostics API, refer to Fleet Service Point diagnostics API.