Welcome to this tutorial on deploying Cisco Cloud Network Controller (CNC) into Microsoft Azure! In today’s fast-paced digital world, cloud computing has become increasingly popular and necessary for businesses of all sizes. As a result, more and more organizations are choosing to move their workloads to the cloud to improve scalability, reduce costs, and increase agility. With Cisco CNC, you can simplify your cloud network management and gain greater control and visibility over your Azure infrastructure. In this tutorial, we will guide you step by step through the process of deploying CNC in Azure, so you can take advantage of the powerful features and benefits that it offers. Whether you’re a seasoned IT professional or just starting out in the field, this tutorial will provide you with the knowledge and skills you need to successfully deploy CNC in Microsoft Azure. So, let’s get started!

What You’ll Learn

• An introduction to Cisco CNC and its primary features
• Creating the necessary Azure policies to support CNC deployment
• How to deploy CNC
• Subscribing to the CCR (Cisco Cloud Router/Catalyst 8000V)

What You’ll Need

• Microsoft Azure Account. There will be charges; we are deploying an enterprise-ready OpenShift cluster.
• Laptop with SSH capability and a web browser
• A basic understanding of networking concepts, such as IP addresses, subnets, and routing
• A basic understanding of cloud computing concepts, such as virtual machines, virtual networks, and Azure services

Some Tips to Remember

• Before you begin, make sure you have all the necessary prerequisites in place, including an Azure account, the required software, and the necessary configurations.
• Be sure to make full use of the Azure search bar. It is a powerful search tool that will often take you to the direct location in the portal.
• Follow the step-by-step instructions carefully, paying close attention to details such as virtual machine sizes, network settings, and authentication credentials.
• Take your time and don’t rush through this tutorial. Make sure you understand each step before moving on to the next one.

We will not be connecting to any sites or configuring the CCRs. This tutorial is written to prepare an environment for that activity. In a future tutorial, I will document connecting two different cloud sites running CNC.

1. Log in to the Azure portal and search for Marketplace. Navigate to the Marketplace, and then search for Cisco Catalyst 8000V Edge Software.

2. Click the Cisco Catalyst 8000V Edge Software box. There will be two options, and you do not want the Solution. I selected the latest CCR because I will be deploying the latest CNC. You may need to select a different version for your environment, depending on if you need to connect the CNC to an on-premises APIC or NDFC cluster.

3. Enable programmatic deployment by clicking the Get started link highlighted in the screenshot below. Enable on the subscription, and click Save. You will need to click the X on the top right to exit the screen.

The following information was taken directly from the Azure installation guide. To use Cisco CNC with every subscription, you must register specific resource providers, including microsoft.insights, Microsoft.EventHub, Microsoft.Logic, Microsoft.Web, and Microsoft.ServiceBus. This applies to all existing and future subscriptions associated with the controller.

1. In the Azure search bar, search for Subscriptions and navigate through the console to the subscription you will be using to deploy CNC. Select your subscription as shown in the second screenshot.

2. Once in your desired subscription console, we can navigate to the Resource providers menu and search for five providers that are required to deploy CNC. When looking in the providers menu, these must be listed as Registered.

   • microsoft.insights

   • Microsoft.EventHub

   • Microsoft.Logic

   • Microsoft.ServiceBus

   • Microsoft.Web

3. Search for the five providers and register them to your subscription. This will take a little bit of time; you can see it go through the process in the Azure console window.

4. Rinse and repeat for the four remaining resource providers.

   • Microsoft.EventHub

   • Microsoft.Logic

   • Microsoft.ServiceBus

   • Microsoft.Web

You only need to perform these steps if you are creating a new subscription for the tenant and you are selecting Unmanaged Identity to manage the cloud resources through a specific application.

1. In the Azure search bar, search for Azure Active Directory. In the Azure Active Directory, navigate to App registrations.

This step is necessary only if you wish to use your own SSH keys.

This tutorial was written on a macOS machine. If you need to create a key on Windows, there are many tutorials available on Google.

1. Open a terminal session and navigate to a directory where you wish to store your SSH key. You can create a directory for this deployment if you wish.

aleccham@ALECCHAM-M-6D7G ~ % cd ~/Desktop/CVF
aleccham@ALECCHAM-M-6D7G CVF % ls
Blog			CVF Lab			Lab
CLN			Evaluation Scope	openshift-install-mac
aleccham@ALECCHAM-M-6D7G CVF % mkdir azure
aleccham@ALECCHAM-M-6D7G CVF % cd azure

2. Create a new SSH key in the directory using the following command:

aleccham@ALECCHAM-M-6D7G azure % ssh-keygen -f azure
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in azure
Your public key has been saved in azure.pub
The key fingerprint is:
SHA256:Ya5wfuOMsAxQ1t4Nkrc05JIFRcZOl6BA/b9pDLADPIE aleccham@ALECCHAM-M-6D7G
The key's randomart image is:
+---[RSA 3072]----+
| oo..=B. .       |
|E .o.Oo o        |
| .o.B+*.o        |
| o+..*oB .       |
|.  ooo+.S        |
| .  o+...        |
|  . ..oooo       |
|   o o ==.       |
|    o ..o        |
+----[SHA256]-----+
aleccham@ALECCHAM-M-6D7G azure % ls
azure		azure.pub
aleccham@ALECCHAM-M-6D7G azure %

3. Validate that the keys are created in the directory.

aleccham@ALECCHAM-M-6D7G azure % ls
azure		azure.pub

1. We will need to validate that we have the correct quotas in place to support our deployment of CNC. Navigate to Subscriptions and select your desired subscription.

2. Navigate to Usage + quotas.

3. We will need to make sure that your quotas levels will support the increase on the items outlined in the table below. This table was taken directly from the Cisco installation guide.

4. You can see in the screenshot below that I do not need to increase my quotas. You may need to do so in your environment. Be sure to check both Networking and Compute. The screenshot is only showing checking the networking quotas.

1. Navigate to the Azure Marketplace and seach for Cisco Cloud Network Controller.

2. Select your desired version of CNC. Remember that you may need a different version than the latest because of your on-premises ACI version choice.

3. Now let’s input the setting for our CNC deployment. We can select an existing resource group or create a new group. For this deployment, I will be creating a new resource group. You will also need to select and interact with the following:

   • Region
   • VM name (if you want something other than the default)
   • Password
   • SSH (input the SSH key that we generated)

4. You can gather your public SSH from the previous step by simply navigating to the location where the key is stored and using cat to copy the key to your buffer.

aleccham@ALECCHAM-M-6D7G ~ % cd ~/Desktop/CVF/azure
aleccham@ALECCHAM-M-6D7G azure % ls
azure		azure.pub
aleccham@ALECCHAM-M-6D7G azure % cat azure.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXag8VvJiroc39jfHwSmH2PxNOHCWxLGiIACQaMZGwE2OfCwOygLHgjFvNcgiiy8WbD+jHbwrSV+9fcd6dXPJKh+B3zty5/TAcwD3i+NXos0S4VKPTe8VkvaYgQ8Lt4UBwzQKoatkL4s57J2lWcRbc7HCcvMkI8NIyTFgs/dz0SCvnAm9okCnFLG7+curDdqOmKd0wIQ0Bh9QAeu4u5L/S8oI+e9DfpUbmPuF4FdqDy9qgX3G61GWf/O7k/UvV3J1iKKDJGqcvybW9HMP9auHglnEgXRpIbOWGRdDugURMVWGi5o9XH1nDe6w7KI/wEjKvZWXEMjMU9ForkmRlvvjfufGIkHQGqZbF36iEQJgyeSLucMFf0aCYI0/k+u2oECb1vILkRTBkgy3U9XUQUoSkqXzo1ducEZWLzhRkm+3+2DE3o0QsDFoUDplFreXguafHA7L2jQL59aPxwYAy/DRwMOOuOvKlXBk6LcrEIzznFlfQAaKw8C27tr60TScWmCU= aleccham@ALECCHAM-M-6D7G
aleccham@ALECCHAM-M-6D7G azure %

5. Once you see green checks next to all the input fields, we can proceed to the next wizard setup screen, ACI Settings.

6. On the next screen, we could make changes to these settings, but for my environment, it is not needed because this is a greenfield. If you plan to connect this CNC to an on-premises controller, you would want to ensure that your infra subnet does not overlap with your on-prem infra subnet. Once finished, we can move to the Review + create screen.

Note: Configuring external subnets with 0/0 is a security risk; it is advisable to use specific subnets or IP addresses. You may want to configure a specific subnet here if this is an enterprise deployment.

7. Validate your setting and click Create.

8. You can watch the deployment progress on the Azure console screen that it refreshes to after clicking the Create button.

9. Once the deployment has completed, your screen should look similar to the screenshot below. Navigate to the resource group to see all that was created.

10. Now let’s navigate back to our subscriptions so that we can add a role assignment.

11. Click the Add button and select Add role assignment.

12. In the Role submenu, search for the User Access Administrator role. Proceed by clicking the Next button.

13. In the Members submenu, we need to change what we are assigning access to by selecting Managed Identity. Then, choose Select members. In my environment, it is the only virtual machine running, so it was easy to find. In your environment leverage the ability to search for the VM by name using the wizard.

14. Now we can add the role assignment by selecting Review + assign.

1. Now that the CNC has been deployed successfully, we can access the GUI by navigating to the public IP or the DNS provided by Azure. To get that information, we need to go to the resource group that was created for the CNC deployment.

2. Once in the resource group for your CNC, look for the public IP address that was created and click the object. Once inside the public IP object, you can see both the IP address and the DNS name. You can copy that DNS into your browser and navigate to the CNC GUI. Be sure to prepend https:// to avoid any issues.

3. Log in to your CNC GUI with the username admin and the password you inputted to the CNC wizard earlier.

4. Once you have logged in to CNC, you can begin setting up for connectivity to your on-premises data center fabric or to another cloud site. These activities will come in a later tutorial.

Congratulations, you have completed this tutorial on deploying Cisco CNC into Microsoft Azure! By following the step-by-step instructions, you should now have a good understanding of how to deploy and use CNC in Azure to manage and optimize your cloud network infrastructure.

With CNC, you can simplify your cloud network management and gain greater control and visibility over your Azure infrastructure. You can create and manage virtual networks, monitor network traffic, and troubleshoot network issues, all from a single interface.

Learn More

• Cisco Cloud Network Controller for Azure Installation Guide, Release 25.1(x): https://www.cisco.com/c/en/us/td/docs/dcn/aci/cloud-apic/25x/installation/azure/cisco-cloud-network-controller-for-azure-installation-guide-251x.html
• Cloud ACI 5.2: Azure Brownfield Integration with ACI Fabric: https://unofficialaciguide.com/2021/06/19/cloud-aci-5-2-azure-brownfield-integration-with-aci-fabric/