Deploying ICS on an Existing Virtual Network
This section describes deployment with three NIC cards and two NIC cards.
Deployment on VM with Three NIC Cards
To deploy Ivanti Connect Secure on Azure using the Azure portal, do the following:
1.Select the template file “ics-3-nics-existing-vnet” created in the section ‘Upload Azure Resource Manager Template to Azure account’ and click Deploy.
Before proceeding with deployment, ensure that the attribute “accept-license-agreement” in pulse-config is set to “y”.
2.Fill or modify the following parameters:
•Resource group: Specify the resource group name in which Ivanti Connect Secure needs to be deployed
•Location: Region where resource group needs to be created
•ICS Storage Account Name: Storage account name where the Ivanti Connect Secure Virtual Appliance image is available
•ICS Storage Account Resource Group: Resource group of where the Ivanti Connect Secure Virtual Appliance image is copied
•ICS Image Location URI: URI to Ivanti Connect Secure Virtual Appliance Image
•ICS VM Name: Name of the Ivanti Connect Secure Virtual instance
•ICS Config: Provisioning parameters in XML format. Refer ‘Ivanti Connect Secure Provisioning Parameters’
•SSH Public Key: This key is used to access ICS via SSH. The SSH keys are generated using ssh-keygen on Linux and OS X, or PuTTyGen on Windows. For details about generating the SSH key pairs, refer:
For Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows
For MacOS and Linux: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys
•DNS Label Prefix Ext: Prefix for the external interface DNS label
•DNS Label Prefix Mgmt: Prefix for the management interface DNS label
•Resource Group Name of Existing Virtual Network: Resource Group name of the Virtual network
•Existing Vnet Name: Virtual network name
•Existing Internal Subnet: Subnet from which the Ivanti Connect Secure internal interface needs to lease IP
•Existing External Subnet: Subnet from which the Ivanti Connect Secure external interface needs to lease IP
•Existing Management Subnet: Subnet from which the Ivanti Connect Secure management interface needs to lease IP
•Existing Tunnel Subnet: Subnet which will be configured as the tunnel IP pool in the Ivanti Connect Secure VPN Profile
3.Agree to the Azure licensing terms and click Purchase.
4.Watch for the deployment succeeded message after 3 to 5 minutes.
5.Go to the resource group in which the Ivanti Connect Secure Virtual appliance was deployed to see the resources created.
6.Navigate to the resource group and click ICS Management Public IP. Make a note of the ICS Management Public IP and DNS name (FQDN) to access ICS for admin page.
7.Click ICS External Public IP and note down the ICS External Public IP and DNS name (FQDN) to access ICS for end user page.
Azure allows static as well as dynamic assignment of the IP addresses to the network interfaces. The mode of IP assignment (static/dynamic) can be mentioned in the Azure Resource Manage template file. The current JSON template uses dynamic method of allotting IP addresses to the network interfaces.
Deployment on VM with Two NIC Cards
To deploy Ivanti Connect Secure on Azure using the Azure portal, do the following:
8.Select the template file “ics-2-nics-existing-vnet” created in the section ‘Upload Azure Resource Manager Template to Azure account’ and click Deploy.
Before proceeding with deployment, ensure that the attribute “accept-license-agreement” in pulse-config is set to “y”.
9.Fill or modify the following parameters:
•Resource group: Specify the resource group name in which Ivanti Connect Secure needs to be deployed
•Location: Region where resource group needs to be created
•ICS Storage Account Name: Storage account name where the Ivanti Connect Secure Virtual Appliance image is available
•ICS Storage Account Resource Group: Resource group of where the Ivanti Connect Secure Virtual Appliance image is copied
•ICS Image Location URI: URI to Ivanti Connect Secure Virtual Appliance Image
•ICS VM Name: Name of the Ivanti Connect Secure Virtual instance
•ICS Config: Provisioning parameters in XML format. Refer ‘Ivanti Connect Secure Provisioning Parameters’
•SSH Public Key: This key is used to access ICS via SSH. The SSH keys are generated using ssh-keygen on Linux and OS X, or PuTTyGen on Windows. For details about generating the SSH key pairs, refer:
For Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows
For MacOS and Linux: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys
•DNS Label Prefix Ext: Prefix for the external interface DNS label
•Resource Group Name of Existing Virtual Network: Resource Group name of the Virtual network
•Existing Vnet Name: Virtual network name
•Existing Internal Subnet: Subnet from which the Ivanti Connect Secure internal interface needs to lease IP
•Existing External Subnet: Subnet from which the Ivanti Connect Secure external interface needs to lease IP
•Existing Tunnel Subnet: Subnet which will be configured as the tunnel IP pool in the Ivanti Connect Secure VPN Profile
10.Agree to the Azure licensing terms and click Purchase.
11.Watch for the deployment succeeded message after 3 to 5 minutes.
12.Go to the resource group in which the Ivanti Connect Secure Virtual appliance was deployed to see the resources created.
13.Click ICS External Public IP and note down the ICS External Public IP and DNS name (FQDN) to access ICS for end user page.
Azure allows static as well as dynamic assignment of the IP addresses to the network interfaces. The mode of IP assignment (static/dynamic) can be mentioned in the Azure Resource Manage template file. The current JSON template uses dynamic method of allotting IP addresses to the network interfaces.