Azure vNet Peering
Since security is vital in Hazelcast Cloud Enterprise, your clusters are installed within a private "Virtual Network" and can not be accessed unless you choose "Public Access" on cluster creation. So to connect private Azure Hazelcast Clusters, you need to establish a vNet peering connection between your network and Hazelcast Cluster network.
Create Peering
1) Prerequisites
-
Hazelcast Cloud CLI
Hazelcast Cloud CLI should be installed on your workstation. TIP: You can download Hazelcast Cloud CLI from Hazelcast Cloud CLI Github.
-
Azure CLI
Azure CLI should be installed on your workstation and it should be logged in via the
az logincommand. Also, the account you logged in to via Azure CLI should have the following permissions: -
Create a Service Principal
-
Assign Role
-
Create, Read, Update on the Virtual Networks that you will create peering.
-
Peer Action on the Virtual Networks that you will create peering.
You can check further details about Azure CLI and download it from Azure Command-Line Interface (CLI) Documentation.
2) Create Peering
After you successfully complete prerequisites, you can easily create Azure vNet Peering using Hazelcast Cloud CLI by running the following command.
hzcloud azure-peering create \
--cluster-id={YOUR_CLUSTER_ID} \
--tenant-id={YOUR_TENANT_ID} \
--subscription-id={YOUR_SUBSCRIPTION_ID} \
--resource-group={YOUR_RESOURCE_GROUP} \
--vnet={YOUR_VNET_NAME}Make sure to replace the following placeholders:
-
YOUR_CLUSTER_IDwith the ID of your cluster, -
YOUR_TENANT_IDwith the ID of your tenant which contains your subscription, -
YOUR_SUBSCRIPTION_IDwith the ID of your subscription which contains your resource group, -
YOUR_RESOURCE_GROUPwith the Name of your resource group which contains your vNet, -
YOUR_VNET_NAMEwith the name of your Virtual Network that you will make vNet peering.
This command will create a service principal on your account and assign the Network Contributor role to it. Then, it will create peering for both sides (Hazelcast’s, Your’s). This command may take up to 5 minutes to finish.
You can see an example as shown below after peering finishes:
|
Cheatsheet for Collecting Variables
|
| The CIDR of your Hazelcast Cloud Enterprise Cluster and the CIDR of your VPC should not be overlapped otherwise, it will fail. |
3) Validate Peering
After you see the Peering successfully established. message, you can check active peerings from the Peerings tab after you select your Virtual Network on Azure for your side of peering. You can filter by its peer, which will be cl-<CLUSTER_ID>. On the example below, it is cl53949 because the cluster ID was 53949
List Peerings
You can list Azure vNet peerings on your Enterprise Hazelcast Cluster on Azure from Console by going Cluster Details → Settings → vNet Peering one by one as shown below. You can check where the connection established by checking the name of the vNet with it’s CIDR from this list.
Also, you can easily use Hazelcast Cloud SDK, Hazelcast Cloud CLI for listing vNet peerings as shown below.
hzcloud azure-peering list --cluster-id={YOUR_CLUSTER_ID}client, _, _ := hazelcastcloud.New()
peerings, _, _ := client.AzurePeering.List(context.Background(), &models.ListAzurePeeringsInput{
ClusterId: "YOUR_CLUSTER_ID",
},
)
for _,peer := range *peerings {
fmt.Println(peer.Id)
fmt.Println(peer.VpcId)
fmt.Println(peer.VpcCidr)
}