Are there any plans to allow the VMX to be used within Azure CSP Subscriptions? Or is this a Microsoft limitation?
Thanks in advance.
I highly doubt there would be. CSP licensing is a license model created by Microsoft for Cloud MSPS. What's the use case for CSP licensing for VMx anyway? Surely you could achieve the same thing via the normal licensing route just adjusting your T&C's of sale to your customers to fit this model?
Meraki already offers a Licensing model to easily set up yourself as an MSP - https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Licensing_for_Ma...
We can license it via the pay as you go model however the customer in question have several VMs in Azure under a CSP subscription. As far as I can make out you cannot share resources across subscriptions within Azure, this would mean the vMX would have to be deployed in a new virtual network which will have no route to the network the VMs are in without creating a virtual network to virtual network VPN?
We could migrate all the other resources for that customer to a pay as you go subscription but there is a cost in doing this as the CSP pricing is cheaper.
Hey @MerakiMoll, I'd recommend reaching out to your Microsoft sales rep who will be able to advise you on the best architecture steps to overcome this. IMO worst comes to worst, you could just have these in different accounts with a VPN peering between the two VNETS/Accounts.
This is actually a big concern for us as well. We are a Microsoft Tier 1 Reseller - Under the CSP Program. If we cannot sell Meraki on the CSP Program, then we won't be successful selling it. Here is the reason: The customer would get two bills. One Direct from Microsoft for the vMX, one from us for all other. Plus it would be a different azure subscription thus causing more cost to create a VPN link between them.
We are a large Meraki reseller, I hope this gets fixed.
We have also been tracking the availability of this since this fall. We are patiently waiting to deploy this for our various MSP clients, and really are looking to engage this as we have an immediate need.
Early December for about two weeks you were partially able to deploy this in the CSP portal, but the setup did not proceed properly as per the provided instructions. If the problem is related to billing, which is holding this up from deployment, I don't see that as a huge problem. A CSP could purchase the product outright and pay for the underlying VM via the CSP monthly invoicing. I don't believe having the Meraki product packaged in a month to month, pay as you go model provides that much value, the products functionality is the value add.
Someone at Meraki please deploy this appliance via the CSP portal!
As of today 4/25/2017, the answer from Meraki is still:
At the current moment Meraki Azure deployment is not supported for CSP's. Our product team is working with Microsoft and is investigating a solution for CSP deployments. No committed timeline however has yet been provided.
Has anyone tried creating it in a Pay-As-You-Go and exporting it, and importing it into the CSP subscription?
I am curious to know what all is created when you create the virtual appliance and where the "authentication token" gets stored, e.g. azure key vault or within the vm?
I don't want to hack this thing and get no support, or not getting it working but not be able to ask for a refund because it was used.
I work for a pretty large Microsoft Cloud Solution Provider, and this is a big problem.
The way that Microsoft does Azure pricing (or really any of their pricing) always has some odd caveat that makes you take a minute and think about it.
We ran into similar issues having a variety of subscriptions and needing a vMX100 at Azure. I ended up configuring the firewall more than 1 time but it did work in the pay as you go and I believe we are now under a CSP, or have a CSP, and still use the vMX100. It did not work initially. One of the two methods did not work and I had to contact and Microsoft for them to do something on the back end. After that it was smooth. The other times it went down were because of a mistake (one time) and the reliability of Azure.
You also have to pay attention to the area you are doing stuff in (for example: East != East2). One of the times our VM went down was, I assume, a configuration change. It was not by me but maybe someone on our Apps team or MS and it rendered the VM useless. Not really sure what happened. If I had to guess - storage disconnect via a network disconnect. Can't run without legs. A rebuild sync'd everything rather fast though. Rebuild is faster than restore.
The last time I went down was updates. I've noticed a lot of my issues were fixed when I ran beta on all other Meraki gear. I was not aware that the vMX100 doesn't like updates and Azure. I would imagine AWS is just fine. Therefore, another tip for you is do not update the VM as even though updates are pending they are not supported past 12.26 currently. This is, of course, just for Azure. This will eventually change I'm sure but as far as I know 12.26 is the max version you should use and be running on for the smoothest ride.
Thinking about our configuration I also wanted to mention that you can't really set the WAN IP on it and it is whatever Azure gives you. I think it changes so if you add the site as a hub to your mesh Client VPN from another site or use the Dynamic DNS or something. However, I haven't tried that as our VPN runs from another branch.
I also used 1 /24 for private networks but all of the networking I can do from Azure I do from Azure and use minimal settings on the vMX100. Its nothing against Meraki - its really Azure.
I hope something helps you here. This can be done but no matter what man, it will feel a little hackish as Azure in general feels hackish (IMO). The vMX100 is solid - Azure is not.
Also, make sure you are following this:
Do the Azure part first. It should be a template. Note my tips from above. The subnet should be the one you want from Azure and it should also go under the Firewall part once the VM is up. Try one subnet and defaults before you go crazy. You also have to Mesh for the full effects.
The token is created in your Meraki Dashboard allowing the Azure Hypervisor to createa VM that shows a Virtual Appliance in Azure on your Meraki Dashboard. When you make certain changes you need API access from Azure to the Dashboard and that key is a secure way to do just that.
Just want to say on this that we are an MSP and have gotten massively behind Meraki. We are also Microsoft Partners, and CSP is the life blood of the SME Managed Service Provider.
What boggles my mind is how is it a case that it is not available in CSP? Why would Meraki not just make it available? What work is required to make it available? And that is a genuine question, what is it Cisco have to provide in order for the CSP VMX appliance to be available
I will give you a very simple use case
Business with an MX100 and two Gigabit WAN Connections
CSP Tenancy in Azure in order to host an offsite DC and transition their LOB Application to servers in Azure
Site to Site VPN currently provided by Standard SKU Azure VPN.
The problem is that the Site to Site VPN is not Highly Available, you have to manually change the endpoint (you didnt have to on pre ARM azure, but that discussion is not for here). There are BGP Options which the MX100 doesn't easily implement. So the solution is a VMX. We dont even have to consider BGP Routing, just straight, simple, Meraki VPN between the sites.
There is a workaroud for CSP's now. The documentation will turned public at the link below within a week or so: https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure
In the mean time please call our support to gain the step by step on getting this working. There is a file that needs to be uploaded that support will provide.
@DCooper I just reviewed the documentation link you posted and did not see any mention of Azure CSP subscription support. Do you happen to know if the documentation has been updated yet to reflect the change in support for CSP?
It hasn't been published yet. If you know your Meraki Systems Engineer reach out to them and they can provide the workaround. Support may also be able to provide the workaround using the ARM template.
We have this solution live and in place for the client mentioned. We can confirm that we are receiving Automatic Failover on the WAN connections and are getting 4MS ping rates to Azure.
Thank you for this!
This thread is a year old but we are running into the same issue (not able to deploy the Meraki vMX100 to a CSP subscription) even when using the documented workaround with a template deployment. Is that all you had to do to get the vMX100 deployed into Azure or were there additional steps that Meraki/Microsoft had to do first in order to be able to deploy the vMX100 to a CSP subscription? Thanks!
No, we had to do very very little at this point to be honest. Even to the point where we are not backing up the VMx appliance as it is quicker to redeploy it than to restore from a backup!
What errors are you receiving from the Azure Deployment?