vMX100 Azure Cloud

bholmes12
Getting noticed

vMX100 Azure Cloud

Is there a time frame on getting vMX100 available in the Azure cloud? 

136 REPLIES 136
BHC_RESORTS
A model citizen


@bholmes12 wrote:

Is there a time frame on getting vMX100 available in the Azure cloud? 


Sooner than you'd think....

BHC Resorts IT Department

I got word it was released... but i can't find it in the marketplace....where can i find this unicorn?


@Brandon_Fox_CSG wrote:

I got word it was released... but i can't find it in the marketplace....where can i find this unicorn?


It hasn't been released yet. Soon.

BHC Resorts IT Department

Oh... my rep told me it was... ah well.

- Expanding Meraki vMX100: now available for Microsoft Azure, extending Meraki Auto-VPN and SD-WAN functionality to the public cloud

 

This was in an email for a webinar  I got today.

Do I assume this is released now or next week along with the webinar announcements?

Will it be available to test in MSDN subscriptions?

MRCUR
Kind of a big deal

Official launch is coming in October: https://meraki.cisco.com/products/appliances/vmx100

MRCUR | CMNO #12

I like how the they changed the wording to include Azure but the link still takes you to AWS... sneaky...

KarbonX1
Here to help

It's in beta now. I'm running it, but the S2S functionality isn't fully working yet so I can't truly test it until the MX team gets the fix done in Azure. They are a managed appliance, so you can't do anything to them except deploy as is.

Well, hopefully they fix the S2S because that's the whole reason I need this. 

Yeah, I'm working with the engineering team to get the IP forwarding issue worked out.

As an update for anyone wondering, we got the IP forwarding issue figured out and I am using the vMX successfully for the last few weeks now. Works just as expected.

May I ask what size VM that you are running it on? I haven't been able to get an answer when I've asked Meraki reps.

Standard D2 v2 (2 vcpus, 7 GB memory)

 

Its a managed virtual appliance, so there is no control over the sizing or any config at all. So there is some planning that has to go into deployment such as:

- You cannot change DNS settings on NIC config, so has to use whatever vnet is set to.

- Cannot shutdown from within azure

- Can only delete entire resource group if you have to redelploy

I am sure there was more, but those are what I can remember at the moment.

HaloTech
Here to help

Waiting for this as well!

Shanec
Here to help

Still no sign on the azure marketplace. or has a more solid date than october.

The official line is "mid to late October"

Meraki are good at not giving firm dates!
AnythingHosted
Building a reputation

It's getting fairly close to the end of October and still no sign on Azure Marketplace Smiley Sad

I got tired of not seeing this in the Marketplace, so, just for the heck of it, I pulled up powershell and started looking for it.  Using EastUS as the location, I see the offer and VMimage are there, but the versioning makes me think what's there are the beta ones (0.0.1 and 0.0.2)

 

Get-AzureRmVMImage -Location $loc -PublisherName "cisco" -Offer "cisco-meraki-vmx100" -Skus "vmx100"

Hi there,

 

Was anyone able to deploy this in the EastUS Region successfully? We're having issues trying to deploy it, it continues to fail. Within new vnet, or existing, within new resource group, or existing, etc... We were able to search and see the VMX in the marketplace. It shows up as Cisco Meraki vMX100 (Staged)

 

Would deploying via PowerShell make a difference? Thanks in advance

 

Error:

 

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details.

 

Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"BadRequest","message":"{\r\n  \"error\": {\r\n    \"code\": \"InvalidResourceReference\",\r\n    \"message\": \"Resource /subscriptions/d364e0bc-1d6a-4e8d-87fc-de2382680e4b/resourceGroups/lohvmxldfp6wjz6ubkg/providers/Microsoft.Network/virtualNetworks/LXX_Main/subnets/LXX_Production referenced by resource /subscriptions/d364e0bc-1d6a-4e8d-87fc-de2382680e4b/resourceGroups/lohvmxldfp6wjz6ubkg/providers/Microsoft.Network/networkInterfaces/lxxvmxNic was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.\",\r\n    \"details\": []\r\n  }\r\n}"}]}

MRCUR
Kind of a big deal

@BklynITGuy I don't actually see it listed. I'd suggest trying it again next week though, perhaps sometime after Tuesday. 

MRCUR | CMNO #12

Thanks @MRCUR. We apparently are still using a beta, initially it was only available in the West Central region. We got an email from a Meraki Rep that it was available world wide on the 24th, with instructions on how to deploy it.

 

Just confusion I guess, the hope was once we got that email, we'd be able to move forward. Below is the email we got on Tuesday:

 

As you already know, we started the vMX beta program in West Central US only. I am happy to announce that vMX is now available worldwide.

Please follow the steps in the setup guide to deploy vMX and let me know if you have any questions.

Thank you for all your help during the beta program!

 

MRCUR
Kind of a big deal

@BklynITGuy That's not a public setup guide... 

MRCUR | CMNO #12

It's not public in that you can't search for it yet on their site, but they definitely sent to those who participated in the beta. So the guide itself will probably be public Monday or whenever. It just seemed odd that I'd get that email and still encounter issues that we're having.

Following link name on draft for the official and where AWS guide is published... denied!

https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure

Late October is turning into November
MRCUR
Kind of a big deal


@techmoc wrote:
Late October is turning into November

Tuesday is still October... 

MRCUR | CMNO #12
Reinout
Conversationalist

That is true, however I meaned that I hoped the pricing would be comparable with the vgateway in azure. Meraki sales rep told the price would be the same as on aws. Maybe the price of the vmx is comparable with the ms vgateway (vpngw1) but now we also need to pay the extra vm in azure, so pricing is higher. Maybe my ignorance but I expected the appliance came including a vm os. The vmx probably has more options, but we only use it to configure multiple s2s and a bounce of p2s VPN, like we could do in the VPN sku vpngw1 of Ms.
MRCUR
Kind of a big deal

@Reinout I'm a bit confused by your post. The vMX license is one price - it doesn't matter if you run it on AWS or Azure. But the costs to running on AWS or Azure are of course different as they aren't set by Meraki. Meraki is just setting the type of VM hardware you need to supply for the vMX as it's a managed appliance on each service. 

MRCUR | CMNO #12

FWIW, I just checked the Azure marketplace for the vMX100 and it's still not available. It's officially not late for it's October release but it's really cutting it close...

 

-Mike

I just tried today October 31, 2017 and still not available on Azure Marketplace.  This to me sounds like end of October is out and no word on a push into November 2017 timeframe.  This sounds like something is missing or wrong with the beta program to have delayed a release as advertised in multiple announcements to include Cisco and Microsoft announcements.  Maybe there's not enough feedback or active participation within the beta user community or maybe Cisco Meraki could use more Azure user community to have a more complete QA process before launch.  Count me in here as I am not trolling just to ask if/when is the vMX100 ready but I am ready to help with validation on my Azure subscriptions and Meraki Networks.

Just checked and Official Setup Guide is Live https://documentation.meraki.com/MX-Z/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure

 

Also checked Azure Marketplace and image is available, although the link on the guide still points incorrectly to the preview image

Wow, literally within in seconds of my posting and it's now available on the Azure Marketplace.  Thanks, this is confirmation of +1 for it's AVAILABLE!!!

MRCUR
Kind of a big deal

Man you guys must be really excited for this launch. I was going to say it's only early afternoon at Meraki's HQ. They must've finished up lunch and clicked the right buttons to make it live. 

MRCUR | CMNO #12

Where is everyone getting their authorization keys from?

 

All i see is: There are no Meraki devices in this network. If you add one we can help you configure it.
Alternatively, if you would like to add a vMX to your network, please add a vMX license to your org and visit this page again.

I can't seem to add to an existing resource group. 

 

I was hoping to add to an existing subnet where I have existing virtual machines. 

 

Does it need to be added to new RG?

Needs a new resource group or one without any resources in it. Also, needs to be deployed in a subnet that is different than the VMs due to the way IP forwarding works so that all data passes through a layer 3 boundary and can be routed properly using the route table.

Brandon_Fox, you need the license to add the vMX. Then you can get the Auth keys.

@Brandon_Fox_CSG you need to claim an order for a vMX license/trial on the Org first. After you can add the new device to the new networks and generate the auth token for Azure/AWS.

I am testing with a 14 day trial at the moment

 

I got it up an running on the following:

- MPN IUR Azure Sub (setup guide says it cant be deployed on trial or Azure CSP sub yet)

- D2v3 VM on USWest2

- S2S Spoke to one of my existing MX hubs

- Status and routes updated correctly on MX and vMX

- Ping running and responding each way

 

I am currently adding VM to do additional tests and also will test adding routes to created route table to existing subnets in Azure

**FYI to everyone**

 

Do not upgrade the vMX to any 12.x or 13.x firmware. Apparently it is actually running a 14.x firmware, and so the upgrade will kill it. I had to redeploy mine to resolve.

Thanks for the info! I have the vMX running on 12.26 after deployment. Only have the option to upgrade to 13.xx and higher if I enable the Beta Firmware option on the network.

Doesn't appear to be in Europe/UK, yet.
Probably best to leave it until the new year to settle down before doing any production trialling.
Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MRCUR
Kind of a big deal

@KarbonX1 Definitely submit a case about that. It shouldn't actually try to run the lower firmware than is required, even if you configure it on the network. It should just say it's up to date on the version you configure but continue running its minimum version silently. 

MRCUR | CMNO #12


@techmoc wrote:

@Brandon_Fox_CSG you need to claim an order for a vMX license/trial on the Org first. After you can add the new device to the new networks and generate the auth token for Azure/AWS.

I am testing with a 14 day trial at the moment

 

I got it up an running on the following:

- MPN IUR Azure Sub (setup guide says it cant be deployed on trial or Azure CSP sub yet)

- D2v3 VM on USWest2

- S2S Spoke to one of my existing MX hubs

- Status and routes updated correctly on MX and vMX

- Ping running and responding each way

 

I am currently adding VM to do additional tests and also will test adding routes to created route table to existing subnets in Azure


Update:

- added new resource group/vnet/subnet

- added new Win VM to run on new subnet

- added route to route table for vnet

- added subnet to S2S config on vMX

- added peerings and corresponding features to both vnets 

- RDP/ping running correctly to/from a VM behind a local MX Spoke to a VM running on new vnet/subnet thru MX-vMX tunnel

 

Looks good 

I am facing the same problem.... i was too late to participate in the beta but since yesterday the xMX100 is visible in the Azure Marketplace. I could claim my license in the meraki dashboard but wasnt able to deploy the vMX100 in Azure. It tells that my subscription is not able to deploy it, on the other side it tells me that it is not available for my region. 😞 no glue what the real issue is. I created a ticket in Azure... i need this vMX in WestEU and Asia East and cant deploy it at this locations, it does not make any sense to deploy it in West. Hope i get a solution from MS today!

For the error "subscription not able to depoy"

There is a note at the bottom of the guide stating that we cannot use trial or CSP accounts to deploy. I assume you have one of these?

I don't get that error and am deploying using PAYG.

I planned on using CSP.

We have an EA agreement, no CSP, no trial.... still waiting for an reply from MS....

That would suggest that it doesn't work with trial, CSP or EA?

ultimately we are hoping to use EA.

Would be really interested to hear back from you on this if that's ok...

@Granville: We are on it right now with the MS Azure Support Team, i ll keep you informed if we found a solution today... maybe Monday...

I really hope it starts working with CSP because we're setting up all new customers and migrating existing PAYG customers to CSP to simplify billing.

 

Thanks to everyone who's sharing their experiences.

4zap
Here to help

It seems it is related that Meraki rolled out this vMX not in WestEurope. Thats where i need to place the vMX. I created a support ticket in the dashboard and hope that we get it solved.

Since I was able to use one of our IUR subscriptions (an older Action Pack IUR offer for Microsoft Partners), I tested deployment on West Europe and it was successful.

I think it definitely has to do with the comment on the setup guide regarding the subscription type.

 

We are also moving our subs to CSP... so will eventually need this issue solved.

 

Screen Shot 2017-11-03 at 9.23.20 AM.png

Oh Wow, thanks for letting us know. I'm sitting here assuming its not my subscription type. Ill check West Europe just in case..., but otherwise it might be my PAYG sub type. I'm not sure there is another type immediately available for me.

@Granville just rechecked the guide for any updates... it only states at the end to not choose a Trial or CSP subscription type and a couple of lines below to not use specific characters on the template

"The following characters are not being used in the template: ' ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \\\\ | ; : ' \\\" , < > / ?.\" '."

I just tried west Europe and I get the same error "The publisher does not offer this product in the billing region....". So if you are able to deploy there Techmoc it must be something to do with my account setup rather the a VMX100 being limited to my area?

As a double check... Public IP is from region name "europewest" according to most recent Azure IP list XML

 

 

Screen Shot 2017-11-03 at 10.33.03 AM.png

I can't deploy it anywhere, on any subscription even pay as you go.

 

Anyone had any luck?

 

Seems like I'm going to be asking for my money back since this is needless if I can't deploy it.

Hey Techmoc, Which billing region is your Azure tenant? will that be GB?

 

anyone managed to get past this issue yet?

@Granville I dont get a notification that the issue is fixed but this morning i was able to deploy a vMX100 in Azure WestEU with my EA subscription! I am connected with my meraki network now.... i need to configure the subnets today and then i will see if it is working as expected. But for the first approach it looks good!

Hi 4zap, We tried around an hour ago and it deployed ok. I also just has a message from Meraki to say engineering made an update last night.

So we are up and running...

Nice, it seems they made some improvements last night. I have hustle to assign subnets... we are working with some classic networks... the ressource group that is created while installing the vMX VM in Azure is write protected and i cant remove the lock to make any changes in the subnet assignment. I tried to peer both (classic and ressource based networks) but i always get the error that the vMX RG is locked..... 😞

@4zapsince it is deployed as a managed application, the deployment generated resource group is basically locked by design. I did test creating subnets in another RG and added them using vnet peering option. I only tested ARM vnet and was able to get it working as needed. I'll see if I can incorporate a classic vnet and let you know

We will have these challenges to start testing very soon. Thanks for your feedback. Have clicked the Kudos button hope you win some socks...

Thanks @Granville, I did a simple test regarding integration of a classic vnet to the VPN community.

 

Peering between vnet and classsic vnet works and I am able to ping devices on classic vnet from the vMX ping tool, the difference is on the ip route since resource doesnt support classic vnet. As mentioned on the VNET peering docs, peering between vnets with different deployment types and even subs is supported and works but to route traffic you need to add azure gateway resources between the vnets to be able to route traffic to/from the vnet/subnet where the vMX is deployed and the classic vnet/subnet. Check Create a virtual network peering - different deployment models, same subscription

 

During my tests I can see the most important thing is to have the resource groups and vnets/subnets created before and make sure only vMX resources are deployed on the vMX and Managed App resource groups to avoid getting other resources locked that you may need to modify later.

 

Cuauhtemoc

It appears that there are capacity issues with Azure's UK West and UK South regions.

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

@Granville my Azure AD tenant is in US

Does the license you buy from Meraki include the VM or is the VM an additional cost. From what I can tell the VM is about $85/month. Any clarification would be helpful. THanks!

MRCUR
Kind of a big deal

@IngramLeedy Azure or AWS charges are not included in the vMX license. There is no hardware cost to the vMX from Meraki since you need to pay Microsoft or Amazon to run the appliance. You're just paying Meraki for the software license. 

MRCUR | CMNO #12

I can confirm from the Azure side, you will have to pay for the compute power, in this case, the Virtual Machine on which you deploy the Meraki image. The overall cost per month depends on the Tier of the Azure VM, Disk Size, number of cores,  Disk Type (Managed or Unmanaged) and if you would like Azure support services for any issues with the VM instance itself. 

Please use the following link to calculate the costs for your virtual machine - https://azure.microsoft.com/en-us/pricing/calculator/#virtual-machines1

 

- Opting for the Azure Support plan, Azure teams will assist you with any issues with the NIC, underlying network infrastructure, migration to a different network for example. 

- Please note that the Meraki documentation recommends an Azure VM of minimum size Standard D2_V2, you can also find the detailed documentation of Azure VM sizes and types at https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes

- Detailed documentation on the managed disk feature for Azure IaaS VMs can be found at https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq-for-disks

 

No luck in West-europe...

 

Oops!

Could not create the marketplace item

This marketplace item is not available.

 

... And all we wanted is to build a route based (dynamic) VPN with the MX84... Since this could be done (Meraki does not support that), we waiting for the vMX100 to bypass the limitations of a policy based (static) VPN in azure... a bit disappointed  Smiley Sad

BklynITGuy, I have been working extensively with this particular issue with a client and have formulated two possible paths for them to try. The first is to use the AzureRM PowerShell commands to review VMImage repository for their EastUS region for the availability for their subscription ID access and what they can see publicly. I tried the same AzureRM PowerShell commands with my subscription and although I can see 2 templates they fail to deploy because my Azure subscription hasn't been authorized for the beta program that can only be authorized by a Cisco Meraki representative. The other option I have formulated for the client was to use a Template that I have written and imported on my Azure subscription but again...it fails because I am not authorized to participate in the beta program as per Cisco Meraki.

The sad thing is after developing these two possible avenues for this client I am not longer able to get a hold of them to try either of these two approaches. We have tried just about everything for this client to even procure a few MX64 appliances and ask for a trial vMX100 to simulate this clients environment. We went as far as even trying to work different channels to see if we could be late participants to the beta for Cisco Meraki and Azure and they said unfortunately it was closed due to the release date being so close. Anyway, I think your best bet being you do have access to the beta program from Cisco Meraki is to try the AzureRM PowerShell method if you haven't already resolved the issue by other means.

I am having exactly the same issue. i have re-deployed this multiple times and i cannot associate the subnet to the vmx100, called support and azure and both are finger-pointing each other.

 

 

Curious how long the appliances has taken some of you guys to deploy successfully? I have a deployment running now and it's at about 33 minutes... I don't see any errors on the Azure side, it just seems to be taking long.