How To Deploy the Cohesity Azure Cloud Edition • Chris Colotti's Blog

How To Deploy the Cohesity Azure Cloud Edition

Not only am I still new to Cohesity, but I’ve honestly never even touched Microsoft Azure until this week.  As Jon Hildebrand and I have been preparing a live demo environment for Microsoft Ignite, we decided we needed to build a Cohesity Azure Cloud Edition.  What I wanted to do was put into some simple terms the steps needed to perform, and some of the things to keep an eye out for that took me some time and multiple tries to realize.  Some of it was human error, others were aspects of Azure itself.  The other cool thing now is with Helios you don’t technically need a VPN to manage the Cloud Edition Cluster and I will get into that in a bit.  I will make a point to say I did this with a single node but production use requires a minimum of THREE nodes.  I will point out where I made that change.  You will need access to the Cohesity support portal for download links and a valid license key.

First Check Your Azure Quotas

I ran into this later on, but it is one of the first things you want to check.  Many new Azure accounts only have 10 cores available.  If you deploy the Cohesity Cloud Edition for Azure it will need 16 cores per Virtual Machine.  In a production environment I am sure people have high enough quotas to support the three node minimum, but you want to make sure this is set in the regions you are working with.

Create an Azure Service Principal

You are going to use this for multiple things at some point not just to deploy the appliance.  If you want to connect that appliance to your Azure environment to do native backups you will need it as well.  This process is pretty well documented and is easy enough to set up you just need to make sure you have it done and record the keys you create.  The key is to also make sure you assign your app as OWNER to the subscriptions you are going to use it with.

Create A Virtual Network For Cohesity Using The Same Subscription

This is something that will vary by user, but what I found was to create a new Virtual Network that the Deployment Machine and the Cohesity node will both live on.  I also found that the two machines must be contained in the same subscription.  At one point I had the deployment server in a trial, but still using the same virtual network, and things failed.  Instead of going to deep into it I just made sure to put everything on the same virtual network.  Below you can see both the adapters for the two machines in the same virtual network.  Also, a VPN network is NOT needed at this point.  You can do all the setup with public IP addresses, SSH and HTTPS.  Once you connect to Helios you can actually disable all the individual rules if you wanted to later.

Deploy The Cohesity Setup Machine

This machine is already in the Azure catalog.  It is NOT an actual Cohesity node, to the name is a little odd.  When you deploy it be sure to make the user “cohesity” as it will make life easier based on the scripts that you will use.  Simply search for “Cohesity” and you will see it to deploy.

NOTE:  Use whatever settings you want but be sure to attached to the network you created above and set the user to “cohesity”.  If you use a different user you may have to do some extra steps outlined below.

Set up a public IP as well and SSH so you can access the box without any VPN.  You can also use that SSH connection if needed to access SSH on the Cohesity node once it’s deployed and only open HTTPS to that for setup and management.  When you deploy the easiest thing to do is to deploy using the login user of “cohesity” per the deployment guide.  If not you will have to make some other adjustments.

Download The Cohesity VHD and Deployment Tools

This setup you will need access to the Cohesity Downloads page to access.  The links you want are highlighted below.  Be sure to grab the latest ones which currently as of writing this is 6.0a

Pretty simply, connect to the deployment machine and execute the following commands

wget http://<LINK TO VHD DOWNLOAD>
tar -xzvf installer-cohesity_azure_setup-<TOOLS VERSION DOWNLOADED>.tar.gz
sudo ./
mv ./cohesity-<releaseNum>_release-<build>.vhd /home/cohesity/software
cd /home/cohesity/software

####If you did not deploy with cohesity user change password and SU to cohesity

passwd cohesity
su cohesity

#Add $PATH and load profile

echo 'export PATH=$PATH:$HOME/software' >> $HOME/.bash_profile
source .bash_profile
cd /home/cohesity/software

At this point you are ready to start the deployment of Cohesity nodes as the cohesity user.

Setup and Execute Deployment

The first thing you will need to do is edit the params.json file with your settings.  It should look like something below.  I have made a few notes on some of the areas to save you some time.  I will note you cannot use any existing Resource Groups, this will always create a new group.

  "azure_tenant_id" : "YOUR TENNANT / DOMAIN ID",
  "azure_subscription_id" : "YOUR SUBSCRIPTION ID",
  "cohesity_azure_cluster_resource_group_name" : "cohesityce",
  "cohesity_azure_vpn_resource_group_name" : "cohesity",
  "cohesity_azure_vpn_virtual_network_name" : "cohesity-vnet",
  "cohesity_azure_vpn_subnet_name" : "default",
  "cohesity_azure_cluster_location": "centralus",
  "cohesity_azure_domain_name": "FQDN OF THE CLUSTER",
  "cohesity_azure_ntp_servers": "",
  "cohesity_azure_dns_server": "",
  "cohesity_setup_tool_dir_full_path": "/home/cohesity/software",
  "cohesity_setup_templates_dir_full_path": "/home/cohesity/software/conf",
  "cohesity_azure_vhd_file_path": "/home/cohesity/software/cohesity-<releaseNum>_release-<build>.vhd",
  "cohesity_azure_num_vms": 1,
  "cohesity_azure_vm_ip_addresses": "",
  "cohesity_azure_vm_type": "Standard_DS5_v2",
  "cohesity_azure_num_vms_per_storage_account": 8,
  "cohesity_azure_num_vms_per_resource_group": 64
  • cohesity_azure_cluster_resource_group_name:  MUST BE lower case and less than 1o characters
  • cohesity_azure_cluster_location:  Should match the location of the deployment machine
  • cohesity_azure_num_vms:  3 minimum for production deployments
  • although network says “VPN” it can be a regular virtual network

One you have set this up you can test the settings.

sudo ./cohesity_azure_setup validate -cohesity_azure_setup_params_file=/home/cohesity/software/params.json

If the test passes you can try to execute it.

NOTE:  If you are using the 6.0a tools you will need to add a $PATH first or the next step will most likely fail at the final cluster creation step.  This is being resolved in the 6.1 tools.  You can add the path temporarily with the command shown below.

sudo ./cohesity_azure_setup create_cluster -cohesity_azure_setup_params_file=/home/cohesity/software/params.json

This process will take about 15 minutes or so and you can watch the progress in your SSH session.  What it is completed you will end up with a Cohesity node, or three.

At this point you can set up an external IP and Network Security Group for HTTPS to map to the node so you can finish the setup as normal without any VPN.  Once you have set up the node you can administer it via HTTPS, or better yet connect it to Helios and remove the External IP and security group as it will no longer be needed!  You can now add backup jobs for your Azure machines using this cloud based cluster, you can use it as a target for Cohesity replication, that would require a VPN, and use it inside Azure to present Scale Out NFS services for SMB shares to your Azure machines.  You could even stand up nodes in different regions and replicate between them.  The flexibility of the Cohesity platform is truly endless and there are so many use cases people can think of I am sure for.


One thing to point out is you can use Cohesity Cloud Editions even if you don’t have on premises clusters.  If you are a truly cloud first shop and even using multiple clouds there are Cohesity Cloud Editions for AWS and GCP as well.  Now you can work on natively backing up your cloud instances and taking advantage of all that the Cohesity Data Platform can do.

Come see us at Microsoft Ignite and we will be showing a lot of this live in the booth, or drop me a line I’d be happy to show people more!

About Chris Colotti

Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.

Leave a Reply

Your email address will not be published. Required fields are marked *