Initially Provisioning an Anapaya Appliance¶
This guide provides information on how to provision an Anapaya appliance for the first time. This guide is targeted at the operators of the appliances. For further information on common EDGE deployment setups and sample configurations, please refer to Deployment Examples.
EDGE Initial Provisioning¶
In the following process, the assumption is that the Sales team from the customer or partner signs the appropriate order forms with Anapaya and returns them to Anapaya’s sales team.
Configuration preparation¶
Define the WAN configuration details. Usually, the WAN details are defined by the ISP providing the SCION access.
Collect the LAN configuration details. The party which uses the Anapaya EDGE is free to choose the LAN parameters.
EDGE Installation on Customer Site¶
Install the EDGE at the customer location and power on the device.
Depending on the internal processes of the organization, the operator might also need to whitelist some SSH keys to get SSH access later.
Confirm that the host is accessible through SSH from the operator’s network.
Note
In case the EDGE is part of a managed service by the ISP and should be remotely configured, the field technician installing the EDGE might need to manually configure the WAN IP and a static route toward the ISP’s network equipment. For more information, please refer to Connecting to the Appliance.
Initial Network Configuration¶
Create the initial appliance configuration for the EDGE including the Network Interfaces, System, Management sections.
Push the initial appliance configuration to the host following Applying a new Configuration.
Confirm that there is still SSH access to the host.
Upgrade the EDGE to the latest software version following Appliance Update Guide.
Full SCION Configuration¶
Prepare the appliance configuration for the EDGE including the SCION section.
Deploy the configuration updates to the EDGE following Applying a new Configuration.
Check if the SCION interface is up following Testing a SCION Link.
Note
For the SCION interface to be up, both the EDGE and the ISP’s CORE appliances need to be configured. If the SCION interface is not coming up, check the EDGE configuration for potential errors. If the issue persists, contact the connecting ISP and verify that the CORE side has also been configured correctly.
Once the configuration details for IP-in-SCION tunneling are clarified, prepare the full appliance configuration with the IP-in-SCION Tunneling section.
Deploy the configuration updates to the EDGE following Applying a new Configuration.
Note
Depending on how fast all the necessary configuration parameters are clarified, this and the previous section can be combined and a full appliance configuration can be pushed to the EDGE appliance from the beginning.
Acquiring an AS Certificate¶
At this point, the customer needs to acquire an AS certificate for the new EDGE.
Create the Certificate Signing Request (CSR) following Create Certificate Signing Request.
Send the CSR to the organization running the Certificate Authority for the ISD. For more information on the governing entities of the ISDs, please refer to Isolation Domains and Joining a SCION Network.
Note
For certain ISDs, such as SSFN, the CSR needs to be sent by the party which is legally part of the network (i.e. the end customer). In other cases, such as the public Swiss ISD, the CSR can be sent by either the owner of the EDGE or a managed service operator.
Once the AS certificate is issued, push it to the host following Install the AS Certificate.