Technical Application Note - Oracle

2y ago
2.85 MB
27 Pages
Last View : 27d ago
Last Download : 1y ago
Upload by : Pierre Damon

Deploying Oracle SBC in Microsoft AzurePublic CloudTechnical Application Note

DisclaimerThe following is intended to outline our general product direction. It is intended for information purposes only, and may not beincorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be reliedupon in making purchasing decisions. The development, release, and timing of any features or functionality described forOracle’s products remains at the sole discretion of Oracle.2

Table of ContentsINTENDED AUDIENCE.4DOCUMENT OVERVIEW .4RELATED DOCUMENTATION .4ORACLE SBC . 4MICROSOFT AZURE . 4REQUIREMENTS .4CREATE AND DEPLOY ON AZURE .5PREREQUISITES TO DEPLOYING AN AZURE INSTANCE . 5RESOURCE GROUP . 5Creating a Resource Group . 5NETWORK SECURITY GROUPS . 7Creating Network Security Groups:. 7Management Security Rules . 7Media Security Rules . 9VIRTUAL NETWORKS. 10Creating a Virtual Network . 10Creating Additional Subnets . 11DEPLOYING THE OCSBC VHD FILE . 13Create a Storage Account . 13Creating A Blob Container: . 14CREATING AN IMAGE . 15CREATE A VIRTUAL MACHINE . 16Basics. 17Disks . 18Networking . 18Management. 19Advanced . 20Tags . 20Review and Create . 21CREATE NETWORKING FOR MEDIA INTERFACES . 22Create Network Interfaces . 23INITIAL ACCESS TO SBC . 24SET USER AND ADMIN PASSWORDS. 25INTERFACE MAPPING . 253 Page

Intended AudienceThis document is intended for use by Oracle Systems Engineers, third party Systems Integrators, and end users ofthe Oracle Enterprise Session Border Controller (E-SBC). It assumes that the reader is familiar with basicoperations of the Oracle Communications Enterprise Session Border Controller and Azure Cloud DeploymentsDocument OverviewYou can deploy the Oracle Communications Session Border Controller (OCSBC) on Azure public clouds. Azureprovides multiple ways of managing your environment(s), including via its web portal, using its powershell andits CLI interfaces. This document focuses on the portal. The portal provides navigation via a web-page panewith links to specified functions on the left side of portal pages. These procedure also assume you havereviewed Azure documentation, and can access portal pages and navigationRelated DocumentationOracle SBC Oracle Communications Session Border Controller Platform Preparation and Installation GuideOracle Enterprise Session Border Controller Web GUI User GuideOracle Enterprise Session Border Controller ACLI Configuration GuideOracle Enterprise Session Border Controller Release NotesMicrosoft Azure Introduction to AzureGet started with AzureAzure security best practices and patternsRequirements1) A subscription for Azure portal2) Access to Oracle Enterprise SBC VHD.i)The VHD file can be downloaded through the My Oracle Support portal, under the Patches andUpgrades tab, or can be obtained by reaching out to your Oracle Account representatives.Tip: You can utilize the search bar at the top of the Azure portal to quickly locate any element, resource ordocument during configuration and deployment of the Oracle SBC in Azure Public Cloud.4 Page

Create and Deploy on AzurePrerequisites to Deploying an Azure InstanceYou can create some of the objects required during the SBC deployment procedure prior to or during thedeployment. When created prior to SBC deployment, these objects become selectable, typically from dropdown lists in the appropriate deployment dialogs. You may use these objects for a single deployment or formultiple deployments.These Objects are as follows:1) Resource Groupi) Subscriptionii) Region2) Networkingi) Virtual Networksii) Subnetsiii) Network Security GroupsResource GroupResource group is a container that holds related resources like storage accounts, virtual networks, and VMs foran Azure solution. In Azure, you logically group related resources to deploy, manage, and maintain them as asingle entity.Creating a Resource GroupFrom the Azure Portal Home Page, on the left side, select “Resource Group”, then click “Add” Choose the correct Subscription from the drop down,Give the resource group a nameSelect the region that is right for you and your customers.At the bottom, click “Next:Tags” Enter a unique identifier under name Click Next: Review Create5 Page

Review the information and click Create6 Page

Network Security GroupsNetwork Security Groups are used to provide traffic control at the packet level.You can filter network traffic to and from Azure resources in an Azure virtual network with a network securitygroup. A network security group contains security rules that allow or deny inbound network traffic to, oroutbound traffic from, several types of Azure resources.For more detailed information, please see:Enable Network Security Groups in Azure Security CenterCreating Network Security Groups:For Oracle SBC deployment in Azure, each Security Group specifies the type of traffic allowed on a particulartype of subnet. There are three types of traffic on the possible 7 subnets (1 management, 2 HA and 4 mediainterfaces) that can be configured and assigned to the Oracle SBC in Azure.While it is certainly possible to create a different Network Security Group for each subnet, in most deployments,there is likely only need for two. Three if there are specific rules that must be applied only to the HA subnetsthat do not apply to a management subnet.For the purposes of this example guide, we’ll be creating two:One for the management interface (wancom0), and the other to be assigned to each of the media interfaces(S0P0 and S1P0).From Azure's navigation list on the left side of the portal, click Create a resource, Networking, Network SecurityGroup.Management Security RulesConfigure the following For Management Interface Network Security Group: Name Resource Group Location Click CreateOnce the security group is created, you should see it under Home/Recent Resources. Open it.Under Settings, click on “inbound security rules”, then “add”The following TCP/UDP protocols and/or ports should be opened for the Management Interface NSG.7 Page

Please note, the port matrix below is an example only. The ports opened during installation should depend on the environment needs anduser preferences. eter22161/162181212344380493868XXXUDPXXXXXXXClick “Add” at the bottomNext, follow the same procedure as above to create a second inbound security rule for ICMP traffic, using thefollowing parameters: Source: AnySource Port Ranges: *Destination: AnyDestination Port Ranges: *Priority: 130Name: MGMT ICMP8 Page

Media Security RulesFollowing the same procedure above under Creating Network Security Groups, configure the following for theMedia Interface Network Security Group: NameResource GroupLocationClick CreateThe following TCP/UDP protocols and/or ports should be opened for the Media Interface NSG. This is not acomplete list, but should work for most applications.Please note, the port matrix below is an example only. The ports opened during installation should depend on the environment needs anduser 500506050611719172010000-65535XXXXXUDPXXXX9 Page

Click “Add”Virtual NetworksAzure Virtual Network enables many types of Azure resources, such as Azure Virtual Machines (VM), tosecurely communicate with each other, the internet, and on-premises networks. A virtual network is scoped to asingle region; however, multiple virtual networks from different regions can be connected together using VirtualNetwork Peering.To deploy the SBC in a particular Resource Group, at least one virtual network (VN) must be created.Creating a Virtual NetworkFrom the Azure portal Home Screen, Select “Virtual networks” from the left side menu, then click “Add”:Provide the following information in the designated fields: Virtual Network NameAddress Space: (below example is Azure provided)SubscriptionResource Group (created above)Location (same as Resource Group location)We’ll also be creating the first subnet which will be used for the management interface (wancom0) of the SBCinstance Subnet NameSubnet Address Range: (Ex. Create10 P a g e

Once the Virtual network is successfully created, open it by clicking on the virtual network name, From herewe will create the additional subnets needed for deployment.Creating Additional SubnetsThe Oracle SBC has 3 types of vNICs management (wancom0) HA (wancom1/wancom2) Media (s0p0, s1p0 etc).To maintain traffic separation, each of the vNICs should be connected to a separate subnet. For the purposesof this app note, we will be creating two additional subnets for Media interfaces, as deploying a HighAvailability SBC pair is outside of the scope of this document. Once you are in the Virtual Networks Dialog, click Subnets (in the settings section)11 P a g e

At the top, click “ Subnet”Name (S0P0)Address Range (CIDR block) ( Security Group: (ESBC SN Media)Click “OK”Repeat these steps to create additional subnets for your deployment needs. For the purposes of thisexample, we’ll create one additional subnet with name of S1P0, and Address range of to beused for a second media interface.12 P a g e

Deploying the OCSBC VHD FileAs mentioned previously in this document, you acquire the OCSBC VHD file via your Oracle Support account,or via your Oracle account representative.Create a Storage AccountFrom Azure's navigation list, on the left side of the portal, click on: “Storage accounts”.At the top, click “Add”Enter the following Fields: SubscriptionResource GroupStorage Account Name (must be all lower case)LocationAccount kindReplication Access tier Click “Next: Advanced”Under advanced, no changes are required, click “next: Tags” at the bottom.13 P a g e

From the drop down list, under name, choose the correct tag Click on “Review Create” Click “Create”Once the deployment is complete, go to the resource.Creating A Blob Container: Click on “Blobs”, and at the top, click “ Container”Set name, and public access Level,click OK:14 P a g e

Select the container under blob services and click upload buttonChoose the VHD file you want to upload by using the folder icon under FilesEnsure that the Blob type is set to Page Blob. This parameter is found under “Advanced” Click “Upload”This process might take a long time depending on your network connection and the location of your Azurestorage account.Creating an ImageAfter uploading the file, you create an bootable image from the Create image dialogYou will need to specify: An Image Name.An OS disk: Set the OS disk type to Linux. Paste or select your VHD file URI as the Storage blob. Set the Account Type to Standard HDD. Set Host caching to Read/write15 P a g e

At the very Top of Azure Portal, in the search bar, type “Images”, then click on the Images option when itappears. Click “ Add” Click “Create”This process typically takes minutes to complete.When the process has completed, return to the Images panel, and verify the new image was created.This image can now be used to deploy new Security Access Manager virtual machines in Azure.Create a Virtual MachineThis is the main instance configuration procedure. It includes a multi-dialog wizard that presents configurationoptions in the preferred sequence. The result of this wizard is an installed, operational OCSBC. You add mediainterfaces after deployment. From the Images Panel, at the top, click “Create VM”Alternatively, you can deploy from Azure's navigation list, on the left side of the portal, by clicking on:“Virtual machines”, then, at the top, hit “Add”The instance deployment wizard sequence includes:1. Basics2. Disks3. Networking4. Managment5. Advanced6. Tags7. Review and CreateYour Azure workspace may present dialogs and fields that differ from this procedure. For full information ondeploying Azure instances, see the Azure documentation.16 P a g e

BasicsYou will need to provide: Virtual machine Name Specify the Image to deploy (created in a previous step in this document) Size: You must research size types and select the type you prefer prior to deployment, as it cannot bechanged after deployment. For a list of Azure instances you can use for OCSBC, please see thePlatform and Preparation Guide. Administrator Account (The OCSBC does not use this account, so create a null user with anypassword) Inbound Port Rules (Check off all available in the drop down menu under this field) Click Next:Disks17 P a g e

Disks Disk configuration includes setting the OS disk type to Standard HDD Click Next: NetworkingNetworkingConfiguration Fields: Virtual NetworkSubnet (Select OracleSBC MGMT from drop down)Public IP (give it a name or use default name provided)Network Security Group (move radio button to advanced, and select the MGMT NSG configuredpreviously in this document)Leave Accelerated Networking to “off”Load Balancing set to “No”18 P a g e

Click Next:ManagementManagementManagement Configuration Includes: Boot Diagnostics: ONOS Diagnostics: ONDiagnostics Storage Account: set to your accountLeave all other fields set to OFF19 P a g e

Click Next: AdvancedAdvanced No Changes Necessary in the Advanced configuration Page Click Next: TagsTags Define the Tag we have been using throughout this guide.Select it from the drop down menu, Under Name Click “Next: Review Create”20 P a g e

Review and Create Review the information for accuracy for your deployment Verify Validation Passed is displayed at the top of the screen Click Create, and you should see: “Your Deployment is Underway” progress page21 P a g e

Create Networking for Media InterfacesCreation of the SBC virtual machine includes establishing networking to the primary management interface,wancom0. Now we need to create networking for all other interfaces. Azure requires that we stop the SBCinstance before we can create or attach additional networking interfaces for Media.From Azure's navigation list, on the left side of the portal, Select “Virtual machines”Select the instance we’ve just created. Once you select it, you will see displayed an instance-specificnavigation pane on the left side of the dialog At the top, click on “Stop”Once the VM is stopped and deallocated, click on Networking under Settings in the instance specificnavigation menu.Next, “Attach Network Interface” then ”Create network Interface”22 P a g e

Create Network InterfacesConfigure the applicable Create Network interface fields, including: Name: S0P0Subnet: From the drop down, select the subnet created for S0P0 interfacePrivate IP: Set to staticPrivate IP Address: Set to an address within the subnet, in this case, we’re using Security Group: Select the group configured for SBC media Interfaces At the bottom, Click “Create”Once the New Network Interface is created, it will bring you back to the main networking dialog. Click “Attach network interface” select S0P0 from the drop down menu Then, “OK”Follow this same procedure to create a second network interface with the following configuration:23 P a g e

Name: S1P0Subnet: From the drop down, select the subnet created for S1P0 interfacePrivate IP: Set to staticPrivate IP address: Set to an address within the subnet, in this case, we’re using Security Group: Select the group configured for SBC media interfacesStart your instance after creating and attaching all interfaces. Use the instance's Serial Console to connect tothe virtual COM1 serial port. After boot-up, proceed with setting your OCSBC passwords from the OCSBCcommand line interface.Initial access to SBCThe procedure now turns to accessing the OCSBC, and steps required for initial setupAt this point, you can access the SBC in two ways:1. SSH to the public IP address (or option DNS label name if configured), assigned to the managementinterface which can be easily located under the VME’s “Overview” page2. Access the SBC via the serial console in the Azure Portal.For the purposes of this example, we will be utilizing the serial console for the initial access and setupprocedure. To access the SBC serial console, click on serial console, under “Support troubleshooting”24 P a g e

Set User and Admin PasswordsYou will need to set both the user and admin passwords when logging in for the first time At the password prompt, enter “acme” (if accessing the SBC via SSH, username:”user”, password:“acme”)When prompted, enter the new SBC user password twice, paying close attention to the rules displayedin the outputAt the prompt, type “enable”Password: “packet”Enter the new admin password twice, paying close attention to the password rules displayedInterface MappingThe final step in deploying the Oracle SBC in Azure Public cloud is to verify the network interfaces have MACaddresses assigned to them. Access the serial console through the azure portal under support troubleshooting Log into enable mode Run the command show interface mapping25 P a g e

Interface Mapping IF MAC-AddrLabelwancom0 00:0D:3A:10:5D:FB#genericwancom1 00:0D:3A:17:F0:38#generics0p0 00:0D:3A:17:FB:EF#genericwancom2 FF:FF:FF:FF:FF:FF#dummyspare FF:FF:FF:FF:FF:FF#dummys1p0 FF:FF:FF:FF:FF:FF#dummys0p1 FF:FF:FF:FF:FF:FF#dummys1p1 FF:FF:FF:FF:FF:FF#dummys0p2 FF:FF:FF:FF:FF:FF#dummys1p2 FF:FF:FF:FF:FF:FF#dummys0p3 FF:FF:FF:FF:FF:FF#dummys1p3 FF:FF:FF:FF:FF:FF#dummy As you can see above, since we have not configured all eight network interfaces possible on the SBC,we’ll need to correct the interface to MAC address mappings. The interface mapping branch on the SBC includes a swap command, which allows us to make thoseadjustments. A reboot is required for the changes to take effect. While in enable mode in the SBC CLI, type: # interface-mapping (enter) (interface-mapping)# swap wancom1 s1p0Interface Mapping Info after Eth-IF MAC-AddrLabelwancom0 00:0D:3A:10:5D:FB#genericwancom1 FF:FF:FF:FF:FF:FF#dummys0p0 00:0D:3A:17:FB:EF#genericwancom2 FF:FF:FF:FF:FF:FF#dummyspare FF:FF:FF:FF:FF:FF#dummys1p0 00:0D:3A:17:F0:38#generics0p1 FF:FF:FF:FF:FF:FF#dummys1p1 FF:FF:FF:FF:FF:FF#dummys0p2 FF:FF:FF:FF:FF:FF#dummys1p2 FF:FF:FF:FF:FF:FF#dummys0p3 FF:FF:FF:FF:FF:FF#dummys1p3 FF:FF:FF:FF:FF:FF#dummyChanges could affect service, and Requires Reboot to become effective.Continue [y/n]?: y (enter)When the SBC comes back up from reboot, it is now ready for full configuration.Refer to the Oracle Communications Session Border Controller Configuration Guide after you have completedthis deployment for administrative and service configuration, including product setup, entitlement setup and HAconfiguration26 P a g e

Oracle Corporation, World HeadquartersWorldwide Inquiries500 Oracle ParkwayPhone: 1.650.506.7000Redwood Shores, CA 94065, USAFax: 1.650.506.7200CONNECT W ITH 2019, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof aresubject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orallyor implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability withrespect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks orregistered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks ofAdvanced Micro Devices. UNIX is a registered trademark of The Open Group. 061527 P a g e

Network Security Groups Network Security Groups are used to provide traffic control at the packet level. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allo

Related Documents:

Oracle e-Commerce Gateway, Oracle Business Intelligence System, Oracle Financial Analyzer, Oracle Reports, Oracle Strategic Enterprise Management, Oracle Financials, Oracle Internet Procurement, Oracle Supply Chain, Oracle Call Center, Oracle e-Commerce, Oracle Integration Products & Technologies, Oracle Marketing, Oracle Service,

Oracle is a registered trademark and Designer/2000, Developer/2000, Oracle7, Oracle8, Oracle Application Object Library, Oracle Applications, Oracle Alert, Oracle Financials, Oracle Workflow, SQL*Forms, SQL*Plus, SQL*Report, Oracle Data Browser, Oracle Forms, Oracle General Ledger, Oracle Human Resources, Oracle Manufacturing, Oracle Reports,

7 Messaging Server Oracle Oracle Communications suite Oracle 8 Mail Server Oracle Oracle Communications suite Oracle 9 IDAM Oracle Oracle Access Management Suite Plus / Oracle Identity Manager Connectors Pack / Oracle Identity Governance Suite Oracle 10 Business Intelligence

Advanced Replication Option, Database Server, Enabling the Information Age, Oracle Call Interface, Oracle EDI Gateway, Oracle Enterprise Manager, Oracle Expert, Oracle Expert Option, Oracle Forms, Oracle Parallel Server [or, Oracle7 Parallel Server], Oracle Procedural Gateway, Oracle Replication Services, Oracle Reports, Oracle

Oracle Database using Oracle Real Application Clusters (Oracle RAC) and Oracle Resource Management provided the first consolidation platform optimized for Oracle Database and is the MAA best practice for Oracle Database 11g. Oracle RAC enables multiple Oracle databases to be easily consolidated onto a single Oracle RAC cluster.

PeopleSoft Oracle JD Edwards Oracle Siebel Oracle Xtra Large Model Payroll E-Business Suite Oracle Middleware Performance Oracle Database JDE Enterprise One 9.1 Oracle VM 2.2 2,000 Users TPC-C Oracle 11g C240 M3 TPC-C Oracle DB 11g & OEL 1,244,550 OPTS/Sec C250 M2 Oracle E-Business Suite M

viii Related Documentation The platform-specific documentation for Oracle Database 10g products includes the following manuals: Oracle Database - Oracle Database Release Notes for Linux Itanium - Oracle Database Installation Guide for Linux Itanium - Oracle Database Quick Installation Guide for Linux Itanium - Oracle Database Oracle Clusterware and Oracle Real Application Clusters

Oracle Compute hosting Oracle Data Integrator, the Oracle BI Applications Configuration Manager and Oracle Database Cloud Service. See detailed deployment documentation published on Oracle Support. (Figure 2) Hybrid solutions deploy the BI semantic model, analyses and dashboards on Oracle Analytics Cloud with Oracle Data Integrator and Oracle .