About VCE in Azure – the background
To deploy a virtual Velocloud Edge (VCE) at Azure, typically, you will use the “Template specs” in Azure, which you upload a JSON file as template (There is one of the template by Velocloud: https://community.broadcom.com/communities/community-home/librarydocuments/viewdocument?DocumentKey=04598214-527e-46b1-9fa9-4e30bdba4da0). In the backend, the template will utilize the VCE image in the Azure Marketplace. However, in China, the Azure is operated by 21Vianet which the marketplace is “isolated”. Thus, there is no Velocloud image in Azure China marketplace and hence the template does not work. In this scenario, a manual deployment of VCE is required. It is also possible someone want to learn exactly how things work so they do not want to use the template.
2-ARM or 3-ARM?
When use the “Template specs”, the VCE comes with two NICs, that is a 2-ARM deployment. However, when manually deploy the VCE, you might heard the VM must be 3-ARM which the first NIC is a management interface. Let’s clear this confusion here. The virtual VCE image, when it first booted and detected it is in a public cloud environment (at least this is true for Azure), it will automatically change the first interface as management interface, which does not participate in the data plane. Then, the question is, how can the template let the virtual VCE only use two interfaces? The answer is during the cloud-init stage, it is possible to disable this management interface, the template’s cloud-init included this. In this article, I will show the cloud-init setting which can disable the management interface.
Serial console on Azure Virtual Machine
As of today (May-2025), Azure provide serial console to virtual machine in most regions, the details can be found here: https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/serial-console-overview
It is convenient and helpful for troubleshooting in the console of the virtual VCE is usable. However, in order to use the console, a password must be set, which means the authentication cannot be key-based only. In this article, a password is set to demonstrate the possibility of using the console port. If your security requirement does not allow a static password, you need to adjust the configuration accordingly.