In the previous post in this series, we created Resource Groups and Networks and Subnets. In this post we continue to create what we need in the Azure environment for our Zerto Cloud Appliance installation.
Network Security Groups
Using similar steps as the creation of Resource Group and Networks, from the main menu, go to Network Security Groups (NSGs) so we can create the Network Security Groups for the subnets. Click +Add and give the Network Security Group a name. I used ms-ignite-demo-subnet-nsg and use the ms-ignite-rg Resource Group.
Once it’s created, open the Network Security Group so you can add some firewall rules. I’m going to show you how to create the rules using RDP and these rules could actually be assigned at different levels like individual NICs, but for the purpose of showing how to put inbound and outbound firewall rules, we’ll apply them to the subnets. For more on the design and usage of NSGs, read this post.
Additionally, since you most likely have a commercial firewall on-premises, there are commercial offerings in the Azure marketplace that allows your network and security teams to use the platform that they are accustomed to using. For example, if you use Cisco ASA, there is an Azure marketplace appliance available to use.
In the Resource Group, go down to Inbound Rules.
We want to use the drop-down selector for the Service. Choose RDP to allow Remote Desktop connections.
Once you click OK, it shows the firewall rules in the main table.
In this menu, select Subnets to associate the firewall rules to the subnets. Click the +Associate and select the virtual network you created and associate the subnets.
Once you have associated all the subnets you need, then you can close the blade.
Navigate over to the Resource Group you created. You will see the network and subnets in the Resource Group.
At this point, you actually have what you need to install Zerto Virtual Replication. During the Zerto Cloud Appliance installation, it will create a storage account. However, in version 5.5U1 Zerto added the ability to use an existing storage account. In the next post, we’ll create a storage account.