Cloud Access Accounts
Cloud access is the starting point for connecting your branches to your virtual private Cloud resources.
When you own an account or subscription on a IAAS platform where some virtual networks, virtual machines, applications or other resources are hosted, the ExtremeCloud SD-WAN application helps you connect your branches to these Cloud resources if it can access the Cloud account or subscription.
| 1 | From the main menu, select Settings -> Cloud Access Accounts. |
The displayed window shows the number of cloud access objects that have been defined. They may be filtered by Type (AWS, Azure, etc.), Status (Active, Inactive). Without defining filters, you can group objects by Cloud Provider or Status.
| • | The Search field enables you to find any Cloud Access object through its other data (Account ID, User or Subscription Name). |
| • | Use the  button to filter data display. Select the appropriate elements and click Apply Filters to validate. You can clear the defined filters at any time. |
| • | When the window contains a significant number of objects, the page navigation functions at the bottom of the window enable you to navigate through the list. |
| • | Use  to refresh data display. |
| 2 | Click the Add Cloud Access button to create a new object and define the following parameters: |
Cloud Access Details
Warning: Refer to AWS Prerequisites and Azure Prerequisites.
| • | Name: enter the cloud access name. This name identifies the Cloud account in the ExtremeCloud SD-WAN application. |
| • | Cloud Provider: select the Cloud Provider (AWS, Azure, GCP, etc.). |
Note: Only AWS and Azure are supported in the current version.
AWS
If the selected Cloud Provider is AWS, specify the AWS Account following information:
- Access Key ID: enter the Access Key ID provided by AWS when the IAM (Identify and Access Management) user with programmatic access is created. This key includes 20 characters in [A-Z2-7]{20} format.
- Secret Access Key: enter the Secret Access Key provided by AWS when the IAM (Identify and Access Management) user with programmatic access is created. This key includes 40 characters in [A-Za-z0-9+/]{40} format.
Azure
If the selected Cloud Provider is Azure, specify the Azure Account following information:
- Subscription ID: enter the Subscription ID provided by Azure Subscription service. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
- Directory (tenant) ID: enter the Directory (tenant) ID provided by Azure Active Directory service. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
- Application (client) ID: enter the Application (client) ID provided by Azure Active Directory service after the AD application has been created. This key includes 32 hexadecimal characters grouped as 8-4-4-4-12.
- Client Secret: enter the secret key provided by Azure. This key includes 40 alphanumeric characters.
Azure Storage Account- the following information is necessary for Virtual Hub VPN gateways:
- Storage Account Name: enter the name of the storage account that will be used by the SD-WAN Orchestrator to generate VPN configuration information. This name is between 3 and 24 characters and contains numbers and lowercase letters.
- Storage Account Access Key: this access key is a 512-bit string of 88 characters in length.
| 3 | Click Validate Account. |
| 4 | Click Next to configure Cloud Access. |
The selected gateways will be available as overlays when you configure an appliance WAN interface or define templates. Use the Cloud Gateway List to select related Regions and define tunnel parameters.
In the Cloud Gateways selection pane, the discovered gateways are grouped by region and are identified by their name and number of connections.
| • | Name: Cloud Gateway name. This name identifies the Cloud account in the ExtremeCloud SD-WAN application. |
| • | # of connections: number of Cloud Connections linked to the Cloud Gateway. A Cloud connection is counted as soon as it is configured (manually on the appliance WAN interface or automatically via a template), even if the configuration is not deployed. |
By default, all the regions enabled on the AWS or Azure account are selected. Also, relevant Cloud Gateways are automatically selected whereas irrelevant gateways are greyed out (a message gives you further information).
| 5 | Expand Regions and deselect any Region(s) if the default list does not suit you. |
The number associated with each region specifies the number of relevant Cloud Gateways under it.
| 6 | In the VPN Tunnel Configuration pane, click Customize Configuration if you want to modify the default configuration of any Cloud Access object. Refer to "Configuring Overlays". |
| 7 | Click Next. |
A configuration summary is displayed.
| 8 | Click Add Account. The new object appears in the Cloud Access Accounts window. |
Note: You can edit or delete a Cloud access object at any time.
| 9 | Finally, connect a Branch Office to a Cloud Gateway and configure cloud connection parameters. |
| • | AWS |
| • | Azure |