The Elisity Virtual Edge (VE) can be deployed as a cloud-hosted virtual appliance in Microsoft Azure, providing an alternative to on-prem or hypervisor-based deployments. This deployment model is functionally identical to other Virtual Edge deployments, and enables the VE to onboard and manage enforcement points such as switches, wireless LAN controllers (WLCs), and firewalls running the Elisity Virtual Edge Node (VEN) software.
The only requirement is network connectivity from the VENs to the VE, typically via private IP through VPN, ExpressRoute, vWAN, or direct peering.
Pre-Requisites
Before you begin, ensure the following:
Azure Access
-
Active Azure subscription
-
Permissions to deploy a VM and assign roles within a Resource Group
-
Access to the Elisity Virtual Edge image in the Azure Marketplace (granted via image terms acceptance)
Virtual Machine Specifications
| Resource | Specification |
|---|---|
| VM Size | Standard D4s v3 |
| vCPUs | 4 |
| Memory | 8 GB min |
| OS Disk | Minimum 64 GB |
| OS Image | Provided by Elisity via Azure Marketplace |
- SSH access
- Network Inferface with internet access for routing to Cloud Control Center
- Connectivity to On-Premise Virtual Edge Nodes via IPSEC tunnel, Express Route, vWAN, etc.
Deployment Steps
This guide provides a step-by-step approach to deploying VE in Azure.
Step 1: Create a Resource Group for the Elisity Virtual Edge
Select an existing resource group or create a new one to contain the Virtual Edge VM.
Step 2: Gain Access to the Elisity Virtual Edge Appliance
Request the Virtual Edge Appliance to be shared with your Administrative account. You need to provide the Elisity team with your Azure Subscription ID and Azure Tenant (Directory) ID for Elisity to provide access to the marketplace listing. It takes 2-4 business days for access grants to go through the Microsoft process.
Step 3: Deploy the Virtual Edge VM
Now, create the Virtual Machine running VE.
Note: An internet gateway is required for the appliance to reach out to Cloud Control Center.
Open the shared marketplace listing and click create...
Choose your active azure subscription, Resource Group, and provide instance details. Make any desired configuration changes, as required configurations are immutable - or click Review + Create and make configuration changes post-deployment. It's recommended to configure the Virtual Machine in alignment with security standards practiced by your organization. SSH access to the VM is required for onboarding.
The Virtual Machine settings will be validated by Azure. Review your configurations, then you can proceed with deployment by clicking Create.
Important: The private IP must remain static to ensure stable routing (default).
Step 4: Create the Virtual Edge in Cloud Control Center
First ensure that a Virtual Edge Group exists for Azure VEs. Create a new one if necessary.
Next, add a Virtual Edge to the VE Group by clicking + Add a Virtual Edge.
Select Hypervisor Hosted as the Virtual Edge Type and click Next.
Select your Virtual Edge Group for Azure VEs, give the PRIVATE IP address of the Virtual Machine, assign a HostName, and give a description (optional). Click Next.
Note: Use VE’s private IP for registration instead of its public IP, as the One Time Password (OTP) generated is tied to the private IP of the VE, and the Public IP will not authenticate with the OTP during registration.
Confirm these configurations and click Finish.
Step 5: SSH into VE and Register
After deploying VE, retrieve its public IP from the Azure console or choose another method to access the console.
Using SSH to access VE:
ssh -i yourprivatekey.pem elisity@<public-ip-address>
Once logged in, run the registration command:
register
You’ll be prompted to enter:
Registration URL (the URL of your CCC instance ie. https://yourdomain.elisity.io/
One-Time Password (OTP) copied from Cloud Control Center
Note: Use VE’s private IP for registration instead of its public IP, as the OTP it tied to the private IP of the VE and NAT IPs will not authenticate with the OTP.
Step 6: Verify and Test Connectivity
- Confirm VE appears in Elisity Cloud Control Center (CCC)
- Ensure VE can communicate with proposed Virtual Edge Nodes
- Check routing for private network connectivity
At this point, the Virtual Edge is ready to onboard Virtual Edge Nodes for enforcement.
Network Considerations for Connectivity
For VE to function properly, it must communicate with Virtual Edge Nodes (VENs). There are two common connectivity options:
Option 1: Site-to-Site VPN
For on-prem VENs, set up a VPN Gateway to connect Azure VE to your data center. Routing must allow VEN-to-VE communication over a private network.
Option 2: Direct Peering (VNet-to-VNet)
For Azure-based VENs, ensure routing is configured to allow VE-to-VEN traffic within the same VNet or across peered VNets.
Option 3:
Option 4:
Regardless of the method used, the key rule is:
All VEN-to-VE communication must happen over private IPs.
With this Azure deployment model, you can seamlessly extend Elisity's microsegmentation to the cloud. By following the steps outlined, your Virtual Edge will be fully integrated, enforcing policies across cloud and on-prem environments.