Azure

Begin by starting two EJBCA Enterprise Cloud instances. In this example we will have the following nodes:

  • Node 1 using IP 10.4.0.4 – East US – 10.4.0.0/16 address space
  • Node 2 using IP 10.4.0.5 – East US – 10.4.0.0/16 address space
  • Node 3 using IP 10.2.0.4 – West US – 10.2.0.0/16 address space

Two of these nodes are in East US and the third is in West US.  For the purposes of this guide we are going to be using the instance ID from Node 1 as the password. You can obtain this from loading Azure Explorer or run the following command on the instance itself:

  # curl -sH Metadata:true "http://169.254.169.254/metadata/instance/network/interface/0/macAddress?api-version=2017-08-01&format=text"
CODE

vNet Configuration

To get the nodes to communicate, it is assumed a vNet-to-vNet VPN configuration is setup and in place. For assistance with configuring a vNet-to-vNet VPN Connection, refer to Microsofts vNet-to-vNet Configuration Guide.

For EJBCA Enterprise Cloud vNet-to-vNet specific configuration, please refer to the RA Configuration and Administration Guide.

Optionally, for testing purposes, all nodes can be setup within the same vNet. This is not ideal and does not provide any availability guarantees if one of the Azure sites has an outage.