Managing Cloud Access
Cloud access is the starting point for redirecting traffic to a Cloud Gateway.
When you own an account or subscription on a IAAS platform where some virtual networks, virtual machines, applications or other resources are hosted, the ExtremeCloud SD-WAN Orchestrator helps you connect your branches to these Cloud resources if it can access the Cloud account or subscription.
| 1 | From the SD-WAN Orchestrator main menu, select the Administration -> Cloud Access function to display the Cloud Access Definition window. |
This window shows the number of cloud access objects that have been defined. They may be filtered by Type (AWS, Azure, etc.).
The Search field also enables you to find any Cloud Access object through its other data (Account ID, User or Subscription Name). Click the 
button to delete the Search filters.
When the window contains a significant number of objects, the navigation functions at the bottom of the window enable you to navigate through the list.
| • | By default, one page includes 50 rows. 20 and 100 are the other options. |
| • | The total number of pages is specified. This number changes if you select a different number of rows per page. |
| • | You can display a particular page by directly selecting it from the stack or by clicking the  and  buttons to move from one page forward and backward. |
| • | Click  to view the first page and  to view the last page of the list. |
| 2 | Click the Add Cloud Access button to create a new object and define the following parameters: |
AWS
Azure
| • | Name: enter the cloud access name. This name identifies the Cloud account in the ExtremeCloud SD-WAN Orchestrator. |
| • | Cloud Provider: select the Cloud Provider (AWS, Azure, GCP, etc.). |
Note: Only AWS and Azure are supported in the current version.
Warning: Refer to AWS Prerequisites and Azure Prerequisites.
AWS
If the selected Cloud Provider is AWS, specify the AWS Account following information:
Access Key ID: enter the Access Key ID provided by AWS when the IAM (Identify and Access Management) user with programmatic access is created. This key includes 20 characters in [A-Z2-7]{20} format.
Secret Access Key: enter the Secret Access Key provided by AWS when the IAM (Identify and Access Management) user with programmatic access is created. This key includes 40 characters in [A-Za-z0-9+/]{40} format.
Azure
If the selected Cloud Provider is Azure, specify the Azure Account following information:
Subscription ID: enter the Subscription ID provided by Azure Subscription service. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
Directory ID: enter the Directory ID provided by Azure Active Directory service. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
Client ID: enter the Application (Client) ID provided by Azure Active Directory service after the application has been created. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
Client Secret: enter the secret key provided by Azure. This key includes 40 alphanumeric characters.
Azure Storage Account- the following information is necessary for Virtual Hub VPN gateways:
Storage Account Name: enter the name of the storage account that will be used by the SD-WAN Orchestrator to generate VPN configuration information. This name is between 3 and 24 characters and contains numbers and lowercase letters.
Storage Account Access Key: this access key is a 512-bit string of 88 characters in length.
| 3 | Click Create in the top right corner of the window. |
The new cloud access object appears in the Cloud Access Definition window:
Note: You can edit or delete a Cloud access object at any time.
| 4 | Then, configure Cloud Access. |
| 5 | Finally, connect a Branch Office to a Cloud Gateway and configure cloud connection parameters. |
| • | AWS |
| • | Azure |