Virtual Service Router (vSR) deployment on AWS

# Nodegrid vSR on Amazon Web Services AWS

This documentation details creating a Virtual Service Router VM instance on Amazon Web Services AWS. The objective is to create a Nodegrid vSR instance that acts as a concentrator/hub to interconnect with other Nodegrids (e.g., Hive SR, Bold SR, or Mini SR) and deploy SD-WAN on them.

The following diagram, Diagram-1, shows the expected result:

This is the process:

1. Licensing and Instance requirements
2. AWS Credentials
3. Nodegrid vSR AMI image
4. Create a Nodegrid vSR instance
5. Web Access to the Nodegrid vSR

1. Licensing

The Nodegrid vSR product has five hardware license tiers. vSR VM can run for 30 days with no restraints, but after 30 days without a license, the software restrict vSR use.

2. AWS Credentials

The following is assumed:

• AWS user with privileges to create EC2 and VPC resources
• AWS Region and Zone selected to deploy the instance

3. Nodegrid vSR AMI image

To verify the AMI availability:

1. Access https://console.aws.amazon.com/ and select Region and Zone
2. Select Images > AMI Catalog > My AMIs
3. Verify the image, e.g., Nodegrid_Platform_v5.8.3_20230221.iso
   

4. Create a Nodegrid vSR instance

This is the simplified procedure to deploy an EC2 instance in AWS (some resources shown in the Diagram-1 are automatically created with pre-defined AWS default configurations.

1. Access https://console.aws.amazon.com/ and select the preferred Region and Zone
2. Select Images > AMI Catalog > My AMIs
3. Select the Nodegrid vSR image, e.g., Nodegrid_Platform_v5.8.3_20230221.iso
4. Select Launch Instance with AMI
5. Enter Instance Name, e.g., vsrAWS-1
6. Select Instance type, e.g., t3.medium
7. Create or select a Key pair
8. On Network settings

• Select Create security group
• Select Allow SSH traffic from Anywhere (adapt this rule as needed)
• Select Allow HTTPS traffic from the internet
• Select Allow HTTP traffic from the internet

9. Go to Network settings > Edit

• Create a new default VPC, then refresh the drop-down list and select it
• On Auto-assign public IP, select Enable
• On Create security group: enter Name and Description, e.g., zpe-vsr and Security Group for Nodegrid vSR
  

10. Configure storage

• Define disk size, e.g., 64 GiB, and select gp2

11. Select Launch Instance
    

12. Launch an instance Success
    

13. Click View all instances: on the list, select the created instance and look for the assigned public IP

5. Web Access to the Nodegrid vSR

1. In a browser, open https://Public-AWS-IP
2. Log in to the Nodegrid vSR WebUI. Default credentials are:

• user: admin
• password: admin

3. Follow the steps to change the password
4. Congratulations! You have successfully deployed a Nodegrid vSR instance.

6. Enroll vSR to ZPE Cloud

A Nodegrid vSR is managed on ZPE Cloud. The new deployed unit must be enrolled to the customer's ZPE Cloud instance.

1. Login to your ZPE Cloud account Global , EU or onPrem
2. Go to SETTINGS :: ENROLLMENT :: CLOUD
3. Copy the Customer Code and Enrollment Key (required to claim the vSR).
   
4. In a browser, login to vSR with https://Public-AWS-IP.
5. Go to Security :: Services and enable ZPE Cloud service
   
6. Go to System :: Toolkit :: Cloud Enrollment
   
7. Enter the following information
   1. URL: URL of the zpecloud instance, default https://zpecloud.com
   2. Customer Code: Use the copied Customer Code from the Cloud Instance
   3. Enrollment Key: Use the copied Enrollment Key
      
8. Click ENROLL
   
9. The unit is enrolled on ZPE Cloud and become available in ZPE Cloud under DEVICES :: AVAILABLE.
   
10. To start managment of the vSR, select and click on ENROLL.
11. When enrolled, the vSR is managed on ZPE Cloud like any other Nodegrid device.

7. VSR Firmware Update

The created VSR instance can be updated using all offically supported methodes, simialr to all other appliancex, including ZPECloud and firmware updated via the WebUI or CLI.
The AMI image is required only for the inital deployment.