Prisma SD-WAN and Azure Integration Prerequisites

• An active Prisma SD-WAN subscription with sufficient licenses to install at least 2 x v7108 IONs per region.

• An Azure account with permissions to create and update Azure Resource Groups, VNET (Virtual Network), and Virtual Machines.
  The Azure vWAN uses the following list of APIs with vION CloudBlade.
  • subscriptions.get()
  • subscriptions.list_locations()
  • resource_groups.create_or_update()
  • resource_groups.check_existence()
  • resource_groups.get()
  • resource_groups.begin_delete()
  • resources.list_by_resource_group()
  • resources.get()
  • resources.get_by_id()
  • resources.begin_delete_by_id()
  • deployments.get()
  • deployments.begin_validate()
  • deployments.begin_create_or_update()
  • deployments.list_by_resource_group()
  • deployments.delete()
  • subnets.begin_create_or_update()
  • network_interfaces.begin_create_or_update()
  • security_rules.begin_create_or_update()
  • virtual_hub_bgp_connection.begin_create_or_update()
  • virtual_hub_bgp_connections.list()
  • virtual_hub_bgp_connection.begin_delete()
  • hub_virtual_network_connections.get()
  • hub_virtual_network_connections.list()
  • hub_virtual_network_connections.begin_delete()
  • virtual_wans.get()
  • virtual_hubs.begin_delete()
  • network_security_groups.get()
  • resources()
  • AuthenticationContext()
  • acquire_token_with_client_credentials()

• As the Azure vWAN with vION CloudBlade automates the deployments of Virtual Machines through API calls, you must enable the programmatic access through the Azure portal.

• An active Azure marketplace subscription to the Prisma SD-WAN Virtual ION Appliance.

• The Azure vWAN with vION CloudBlade utilizes the ION images for deployments in the Azure marketplace. To begin using these resources (through the CloudBlade), you must accept the Azure Marketplace terms and conditions and follow the guidelines of usage of the marketplace listings.
• The CloudBlade will require Read Access to Virtual Network resources in Brownfield deployment scenarios to determine the attached Virtual Networks and their associated address prefixes. You can access the Virtual Networks via the Virtual Network Connections to the identified Virtual WAN entity in Brownfield deployment scenarios.
  In addition, the CloudBlade will also need read/write access in Brownfield scenarios to Virtual WAN and Virtual Hub resources to configure BGP peers necessary for the exchange of routes with the Virtual Hub(s) to remote Virtual Networks. The read/write access needs to be explicitly provided in the case where the Virtual Networks or the Virtual WAN/Virtual Hub resources were created with a different subscription and, therefore, associated credentials than what is used by the CloudBlade. Refer to Azure resource management and subscriptions for more information.

• A resource group with Azure vWAN with a single or multiple Virtual Hub, defined for the regions of deployment (Brownfield Deployments only).

• To enable the Azure BGP peering with the Virtual WAN hub feature in this release, you must contact the Azure team with the Resource ID of your Virtual WAN resource.

• All regions must support the Azure Virtual Machine model Standard D8s v3 (8 vCPUs, 32 GiB).