Deploying ICS on New Virtual Network
This section describes deployment with three NIC cards and two NIC cards.
Deployment on VM with Three NIC Cards
To deploy ICS on Azure using the Azure portal, do the following:
1.Select the template file created in section ‘Upload Azure Resource Manager Template to Azure account’ and click Deploy.
Before proceeding with deployment, ensure that the attribute “accept-license-agreement” in pulse-config is set to “y”.
2.Fill or modify the following parameters:
•Resource group: Specify the resource group name in which Ivanti Connect Secure needs to be deployed
•Location: Region where resource group needs to be created
•ICS Storage Account Name: Storage account name where the Ivanti Connect Secure Virtual Appliance image is available
•ICS Storage Account Resource Group: Resource group of where the Ivanti Connect Secure Virtual Appliance image is copied
•ICS Image Location URI: URI to Ivanti Connect Secure Virtual Appliance Image
•ICSVM Name: Name of the Ivanti Connect Secure Virtual instance
•ICS Config: Provisioning parameters in an XML format. Refer the section ‘Ivanti Connect Secure Provisioning Parameters’
•SSH Public Key: This key is used to access ICS via SSH. The SSH keys are generated using ssh-keygen on Linux and OS X, or PuTTyGen on Windows. For details about generating the SSH key pairs, refer:
For Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows
For MacOS and Linux: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys
•DNS Label Prefix Ext: Prefix for the external interface DNS label
•DNS Label Prefix Mgmt: Prefix for the management interface DNS label
•Vnet Address Space: Virtual network address space
•Internal Subnet: Subnet from which Ivanti Connect Secure internal interface needs to lease IP
•External Subnet: Subnet from which Ivanti Connect Secure external interface needs to lease IP
•Management Subnet: Subnet from which Ivanti Connect Secure management interface needs to lease IP
•Tunnel Subnet: Subnet which will be configured as tunnel IP pool in the Ivanti Connect Secure VPN Profile
3.Agree to the Azure licensing terms and click Purchase.
4.Watch for the deployment succeeded message after 3 to 5 minutes.
5.Go to the resource group in which the Ivanti Connect Secure Virtual Appliance was deployed to see the resources created.
6.Navigate to the resource group and click ICS Management Public IP. Make a note of the ICS Management Public IP and DNS name (FQDN) to access ICS for admin page.
7.Click ICS External Public IP and note down the ICS External Public IP and DNS name (FQDN) to access ICS for end user page.
Azure allows static as well as dynamic assignment of IP addresses to the network interfaces. The mode of IP assignment (static/dynamic) can be mentioned in the Azure Resource Manage template file. The current JSON template uses the dynamic method of allotting IP addresses to the network interfaces.
Deployment on VM with Two NIC Cards
To deploy Ivanti Connect Secure on Azure using the Azure portal, do the following:
1.Select the template file created in section ‘Upload Azure Resource Manager Template to Azure account’ and click Deploy.
Before proceeding with deployment, ensure that the attribute “accept-license-agreement” in pulse-config is set to “y”.
2.Fill or modify the following parameters:
•Resource group: Specify the resource group name in which Ivanti Connect Secure needs to be deployed
•Location: Region where resource group needs to be created
•ICS Storage Account Name: Storage account name where the Ivanti Connect Secure Virtual Appliance image is available
•ICS Storage Account Resource Group: Resource group of where the Ivanti Connect Secure Virtual Appliance image is copied
•ICS Image Location URI: URI to Ivanti Connect Secure Virtual Appliance Image
•ICSVM Name: Name of the Ivanti Connect Secure Virtual instance
•ICS Config: Provisioning parameters in an XML format. Refer the section ‘Ivanti Connect Secure Provisioning Parameters’
•SSH Public Key: This key is used to access ICS via SSH. The SSH keys are generated using ssh-keygen on Linux and OS X, or PuTTyGen on Windows. For details about generating the SSH key pairs, refer:
For Windows: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows
For MacOS and Linux: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys
•DNS Label Prefix Ext: Prefix for the external interface DNS label
•Vnet Address Space: Virtual network address space
•Internal Subnet: Subnet from which Ivanti Connect Secure internal interface needs to lease IP
•External Subnet: Subnet from which Ivanti Connect Secure external interface needs to lease IP
•Tunnel Subnet: Subnet which will be configured as tunnel IP pool in the Ivanti Connect Secure VPN Profile
3.Agree to the Azure licensing terms and click Purchase.
4.Watch for the deployment succeeded message after 3 to 5 minutes.
5.Go to the resource group in which the Ivanti Connect Secure Virtual Appliance was deployed to see the resources created.
6.Click ICS External Public IP and note down the ICS External Public IP and DNS name (FQDN) to access ICS for end user page.
Azure allows static as well as dynamic assignment of IP addresses to the network interfaces. The mode of IP assignment (static/dynamic) can be mentioned in the Azure Resource Manage template file. The current JSON template uses the dynamic method of allotting IP addresses to the network interfaces.
For Custom Deployment, the Default storage account is unmanaged storage account. The Azure Admin has to change the storage account to managed storage account.