Adding Value with Cisco CSR1000v on Azure Government
Microsoft Azure Government Cloud is an isolated and dedicated cloud platform, which enables government agencies and government approved contractors to host sensitive data. Connectivity from on-premises locations to Azure Government Cloud must be secure, scalable and dynamic.
With Cisco CSR1000v now available on Azure Government Cloud, Government Cloud customers can enjoy the same advanced routing and security benefits delivered on Azure public cloud. Cisco CSR1000v provides best in class routing capabilities that support full path encryption with the strongest cipher suites available in the market, L4-L7 firewall capabilities and L7 visibility and control. Using Cisco CSR1000v in concert with the Azure Government Cloud delivers on the value proposition of ensuring Government data receives the protection of Cisco’s security capabilities in the Azure cloud environment they trust.
Because Cisco CSR1000V runs full featured Cisco IOS-XE, management of CSR1000V simply becomes another location inside an already deployed Cisco based network and plugs in easily to existing management tools and operations. See below for some FAQs.
Launching the CSR 1000V on Azure with Solution Templates
To launch the CSR 1000V on Azure Government Cloud there is a pre-built solution available to you. The solution is based on templates we created to ease the deployment of the CSR 1000V on Azure. The templates allow the solution to deploy different resources at the same time to fully support a CSR 1000V deployment. The solution details are as follows:
- 2 or 4 Network-Interface-Cards (NICs).
- VNet configured with two or four subnets, one private or three private and one public
- Routing tables on each subnet, with user-defined routes, the private subnet will use private-facing interface as the gateway so the VMs behind the router will not have direct access to the internet
- Enables IP forwarding for each interface
- Adds UDP port 500 (ISKAMP) and 4500 (NAT-T) in the security group on the public subnet for VPN connections
- Azure D2 or D3 instance type compute
How to Deploy Cisco CSR in Azure Government
- Go to the solution templates for 2-NIC and 4-NIC Cisco CSR1000v in Azure QuickStart Repo on Github, found at the links below. They can be found by searching for Cisco CSR1000v, or clicking below. They can be found by searching for Cisco CSR1000v, or clicking below. For step by step deployment instructions for solution templates from Github in to Azure Government Cloud, see our technical documentation.
NOTE: you will need an Azure Government Account valid in order to continue. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.
What is the Performance of the CSR 1000V on Azure?
When deploying the CSR 1000V solution on Azure D2 compute specifications are 2 vCPU and 7GB of RAM. With these specifications the CSR 1000V can achieve a CEF throughput of 500Mbps and an IPSec throughput (AES 256) of 150 Mbps.
When deploying the CSR 1000V solution on Azure D3 compute specifications are 4 vCPU and 14GB of RAM. With these specifications the CSR 1000V can achieve a CEF throughput of 500Mbps and an IPSec throughput (AES 256) of 500 Mbps.
Both offers support up to 1,000 VPN tunnels.
How Does Licensing the CSR 1000V Work on Azure Government Cloud?
If you want to connect your enterprise network to Azure the CSR 1000V supports Bring Your Own License (BYOL). This means you buy a license from Cisco or a partner and install that license to the CSR 1000V running on Azure Government Cloud.
Find your local Cisco partner here: https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do
To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.
If you want to give the CSR 1000V a try on Azure, Cisco offers 60-day demo licenses to all CCO account holders. If you don’t have an account, you go to this link, and create a guest account. Once you have a guest account, follow the instructions here for temporarily licensing you CSR 1000V on Azure.
You can access this whitepaper to learn more about the integration of Cisco CSR 1000V with Microsoft Azure.
To launch the CSR 1000V for Microsoft Azure, please visit the Azure Government Marketplace and search for Cisco CSR 1000V.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.