Getting started with NetFoundry Zero Trust Networking - Azure Example

 

Getting Started is Easy

We'll walk you through the simple steps below to spin up your first network on Azure.

 

1. PREREQUISITES

Sign up for an Azure account, then access the NetFoundry platform in the Azure Marketplace. If you don't have a NetFoundry account yet, sign up for one. These are all free.

mceclip8.png

Sign up for an Azure Account

Click Here

Launch in Azure Marketplace

Click Here

Sign up for NetFoundry

Click Here

2. CREATING A NETWORK

  • Log in to your NetFoundry Console at https://nfconsole.io/.
  • Once logged in, you will be prompted to create your network.
  • Give your network a name.
  • Hit Create My Network to commence the provisioning of your network.
  • It will take approximately 5-10 minutes for the network provisioning to complete. Once your network is ready, you will see the spinning globe icon turning green.

mceclip9.png

3. CREATING EDGE ROUTERs

A. Adding a NetFoundry-hosted Edge Router - aka Fabric Router

NetFoundry-hosted edge routers create the fabric for your network. These are public routers that the endpoints shall dial to reach the destination service via the fabric. One or more hosted edge routers group to form the fabric.

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers tab, click on the + sign at the upper right to add an edge router.
  • Give your edge router a name.
  • Give your edge router a router attribute (optional). Router attributes are tags applied to a router. Apply the same tag to other routers to form a group of routers. For this demo, we will use #demopublic.
  • Select NetFoundry Hosted as your hosting type, and choose the Data Center region that is close to where your endpoints are located.
  • Hit Create to commence the provisioning of your edge router.
  • Once your edge router is registered, it will start accepting outbound fabric connections from a private-launched edge router, as well as from clients accessing the fabric.

mceclip10.png

mceclip1.png

 

Note: NetFoundry hosted edge routers are available only in Oracle Cloud Platform for Teams / Growth plans

B. Adding a Customer-hosted Edge Router

Customer-hosted edge routers with link listeners turned off are private routers. 

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers tab, click on the + sign at the upper-right to add an edge router.
  • Give your edge router a name.
  • Give your edge router a router attribute (optional). Router attributes are tags applied to a router. Apply the same tag to other routers to form a group of routers. For this demo, we will use #demopublic.
  • Select Customer Hosted as your hosting type.
  • Hit Create to complete the process.
  • Copy your edge router registration key. You may also opt to save it as a JWT or a config file.
  • Download your VM here: https://netfoundry.io/resources/support/downloads/networkversion7/#zitirouters
mceclip3.png
mceclip13.png
mceclip14.png

C. Launching your Edge Router in Azure Marketplace

  • Login to Azure console and Search for "NetFoundry Edge Router" in Azure Marketplace
  • Click on "Create" and Select the Subscription.
  • If a Resource group is not created, create one, e.g: "HelloworldDemo"
  • Enter the Virtual machine name
  • Please select the Size as "Standard_F2s_v2 - 2 vcpus, 4 GiB memory"
  • Fill in the username for authentication
  • Fill in the SSH Public key, if you don't have an existing Azure key, you can generate a new key pair
  • Premium SSD is selected by default and the default disk size is 30 GB.
  • On the "Advanced" tab in the field "Custom Data" enter this script, substituting the registration key from your clipboard
    #!/bin/bash
    /opt/netfoundry/router-registration {key}
  • Click on Review+Create.
  • In the NetFoundry console, confirm the Edge Router is REGISTERED within ten minutes.

mceclip6.png

4. CREATING AN ENDPOINT

  • From your Network Dashboard page, navigate to Endpoints.
  • Under the Manage Endpoints tab, click on the + sign at the upper right to add an endpoint.
  • Give your endpoint a name.
  • Give your edge router an endpoint attribute. Endpoint attributes are tags applied to an endpoint. Apply the same tag to other services to form a group of endpoints. For this demo, we will add #demouser.
  • Hit Create to complete the process.
  • You may download your registration key in .jwt file format or scan the client registration key QR code.
  • Download an installer for your operating system here: https://netfoundry.io/resources/support/downloads/networkversion7/#zititunnelers

mceclip0.png

 

5. CREATING AN EDGE ROUTER POLICY

An edge router policy is needed for endpoints to dial to the fabric.

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers Policies tab, click on the + sign at the upper right to add a policy. An Edge Router Policy allows a specific endpoint or group of endpoints to have access to a specific edge router or group of edge routers.
  • Give your edge router policy a name.
  • In the Edge Router Attributes field, specify the edge routers to be associated with this policy. For this demo, we will add the #demopublic router attribute to select all edge routers having that router attribute.
  • In the Endpoint Attributes field, specify the endpoints to be associated with this policy. For this demo, we will add the #demouser endpoint attribute to select all endpoints having that endpoint attribute.
  • Hit Create to complete the process.

mceclip2.png

6. CREATING A SERVICE

  • From your Network Dashboard page, navigate to Services.
  • Under the Manage Services tab, click on the + sign at the upper right to add a service.
  • Choose the type of your service. Clicking on Advanced Services allows you to create services with IP/Port ranges. For this demo, we will use Simple Service as the service type.
  • Give your service a service attribute (optional). Service Attributes are tags applied to a service. Apply the tag to other services to form a group of services. For this demo, we will add #demoservice.
  • In the Edge Router Attributes field, specify the edge routers participating in this service. If all edge routers, then leave this field blank. 
  • In the Client Configuration box, type in mydemoapp.ziti for the Intercept Host Name/IP field and 80 for the Port field.
  • Toggle the Native Application SDK Based to No.
  • In the Host Configuration box, select Endpoint Hosted as your service host.
  • Select the associated endpoints capable of accepting connections from clients.
  • Select TCP for the Protocol Type.
  • In the Host Name/IP field, enter the IP address for the demo server. This is the internal IP address of the Web server hosted in the Azure.
  • Use 80 for the Port field.
  • Hit Create to complete the process.

mceclip4.png

 

7. CREATING AN AppWAN

  • From your Network Dashboard page, navigate to Services.
  • Under the Manage AppWANs tab, click on the + sign at the upper right to add an AppWAN.
  • Give your AppWAN a name.
  • In the Service Attributes field, specify the services or service groups to be associated with this AppWAN. For this demo, we will add the #demoservice service attribute to select all services having that service attribute.
  • In the Edge Router Attributes field, specify the edge routers to be associated with this policy. For this demo, we will add the #demopublic router attribute to select all edge routers having that router attribute.
  • In the Endpoint Attributes field, specify the endpoints to be associated with this policy. For this demo, we will add the #demouser endpoint attribute to select all endpoints having that endpoint attribute.
  • Hit Create to complete the process.

mceclip5.png

 

8. INSTALLING A ZITI EDGE CLIENT

Note: You must have an endpoint already created for you via the NetFoundry console. If not, follow all the instructions laid out in CREATING AN ENDPOINT section above before proceeding in this section.

  • Download an installer for your operating system here: https://netfoundry.io/resources/support/downloads/networkversion7/#zititunnelers
  • Run the .exe file and complete the installation process.
  • Confirm that your Ziti Desktop Edge Client is in Start mode before adding your JWT (registration key). In case you deleted or failed to download your JWT, you may download one by going back to Manage Endpoints > click on your endpoint > hit Download Key.
  • Click on Add Identity and select your recently downloaded JWT (registration key). Please know that registration keys are for one-time use only. Once registered, it cannot be reused.
  • After a few seconds, your Ziti Edge Client should now be enabled and running.

9. TEST CONNECTION WITH THE HELLO WORLD WEBPAGE

  • Open your web browser and go to http://mydemoapp.ziti.
  • The Hello World webpage should come up for the webserver which concludes this demo.
  • Congratulations! You have successfully accessed a private service via the NetFoundry network.

10. REMOVAL OF AZURE RESOURCES

Once the demo is complete, you may now remove your Azure resources. From the Azure console, select the Virtual machines from the appropriate 'Resources Group' and then choose Delete to complete the process.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.