Arctera Application Mobility Service Help

Last Published:
Product(s): InfoScale & Storage Foundation (8.0.2, 7.4.2, 7.4.1, 1.0)
Platform: Linux

Configuring the gateway node for Azure on a virtual machine

You can configure the gateway node for Azure virtual network by using a virtual machine. To configure the gateway node for Azure on a virtual machine, complete the following steps:

  1. Assign the necessary permissions to gateway virtual network as explained below:

    • Create two custom roles:.

      Follow the steps outlined in Microsoft Azure documentation to create two custom roles - one at the subscription level and the other at the Resource Group level. Define the necessary permissions based on your specific requirements.

      • Sample Role at Subscription level:

        {
  "id": "/subscriptions/XXXX/providers/Microsoft.Authorization/
  roleDefinitions/XXXX",
  "properties": {
    "roleName": "ISAM-CUSTOM-RG-NEW-SUBS-LEVEL",
    "description": "Role at SUBSCRIPTION LEVEL",
    "assignableScopes": [
      "/subscriptions/XXXX"
    ],
    "permissions": [
      {
         "actions": [
           "Microsoft.MarketplaceOrdering/agreements/read",
           "Microsoft.MarketplaceOrdering/agreements/offers/
           plans/read",
           "Microsoft.MarketplaceOrdering/agreements/offers/
           plans/sign/action",
           "Microsoft.MarketplaceOrdering/agreements/offers/
           plans/cancel/action",
           "Microsoft.MarketplaceOrdering/offertypes/
           publishers/offers/plans/agreements/read",
           "Microsoft.MarketplaceOrdering/offertypes/
           publishers/offers/plans/agreements/write",
           "Microsoft.MarketplaceOrdering/operations/read"
         ],
         "notActions": [],
         "dataActions": [],
         "notDataActions": [],
      }
    ]
  }
}

      • Sample Role at Resource Group level:

        {
  "id": "/subscriptions/XXXX/providers/Microsoft.Authorization/
  roleDefinitions/XXXX",
  "properties": {
    "roleName": "ISAM-CUSTOM-RG-AMS_ADMIN-WESTUS3",
    "description": "Role at RESOURCE GROUP LEVEL",
    "assignableScopes": [
      "/subscriptions/XXXX/AMS_ADMIN-WESTUS3"
    ],
    "permissions": [
      {
         "actions": [
           "Microsoft.Authorization/*/read",
           "Microsoft.Compute/locations/*",
           "Microsoft.Compute/virtualMachines/*",
           "Microsoft.Compute/disks/write",
           "Microsoft.Compute/disks/read",
           "Microsoft.Compute/disks/delete",
           "Microsoft.ResourceHealth/availabilityStatuses/read",
           "Microsoft.Resources/deployments/*",
           "Microsoft.SerialConsole/serialPorts/connect/action",
           "Microsoft.Storage/storageAccounts/listKeys/action",
           "Microsoft.Storage/storageAccounts/read",
           "Microsoft.Support/*",
           "Microsoft.Network/*",
           "Microsoft.Resources/subscriptions/resourceGroups/read",
           "Microsoft.Compute/images/read"
         ],
         "notActions": [],
         "dataActions": [],
         "notDataActions": [],
      }
    ]
  }
}

    • Add Roles to Managed Identity:

      • Once the roles are created, navigate to the Azure portal and locate the Managed Identity you want to enhance with these roles. You can find the Managed Identity in the Azure Active Directory section or within the Identity section of the corresponding Azure resource (e.g., Virtual Machine).

      • Add the custom roles created above to the Managed Identity. This ensures that the identity inherits the specified permissions.

    • Assign Managed Identity to Gateway VM:

      • Access the Azure portal and navigate to the Virtual Machine (VM) that serves as the gateway. Go to the VM's settings, specifically the "Identity" section.

      • Under "User assigned managed identities," add the Managed Identity configured above. This associates the identity with the VM, allowing it to inherit the roles and permissions assigned to the identity.

  2. Download the latest gateway node installer or RPM from the 'download' icon located at the upper right corner of the Application Mobility portal.
  3. Log on to the gateway node and copy the downloaded VRTSgateway RPM to the gateway node.
  4. Run the following command from the directory where you copied the .rpm file to install the YAML for setting up the gateway node.

    yum localinstall <VRTSgateway rpm file>

    Note:

    To update an existing gateway after downloading the new version, use the command yum upgrade <package name>.

  5. Ensure that you enable outbound network traffic for port numbers 443 and 80 of all hosts.
  6. To update the list of hosts,

    • Do a DNS lookup for the FQDN api-prod.isp.netinsights.veritas.com.

    • Use any one of the IP addresses, and update the /etc/hosts file as follows:

      <IP addr> api-prod.isp.netinsights.veritas.com

  7. Run the following commands as a root user or a sudo user to register the node with the Application Mobility portal.

    • /opt/VRTSgateway/bin/gateway -register

      Enter the Arctera Application Mobility credentials and name of the datacenter when prompted. You can choose the default value of the datacenter.

    • systemctl start gatewayd: To start the gateway node.

    • systemctl enable gatewayd: To ensure that the service starts in case of a gateway node reboot.