Deploying Pexip Infinity in Azure with PowerShell


Last Updated on December 11, 2018 by GrahamWalsh

So if you wanted to spin up Pexip in Azure but were not sure where to start, there are some great guides on the Pexip site.  The main documentation site is here and there is also a step by step guide here on their support site and also my blog here too.

However, as life is much simplier with some variables and a script, I decided to put it all together into a few steps with PowerShell.

Step One – Copy Code to PowerShell ISE

# Name of your Azure subscription
$subscriptionName = "Azure Px SE Demo EA"
# Name of the container within the storage account where the Management Node will be placed
$mgrcontainerName = "gwpexipmgr"
# Name of the container within the storage account where the Conference Node will be placed
$conf1containerName = "pexipconf1"
# IP Address Range
$addressPrefix = ""
# Name of your Subnet
$subnetName = "default"
# Sunet IP Address Range
$subnetRange = ""
# Name of your Azure Network
$networkName = "gw-pexip-network"
# Network Security Group Name
$networkSecurity = "gw-pexip-nsg"
# Name of the resource group to use
$resourceGroupName = "gw-pexip-rg"
# Name of the SSD storage account. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
$storageAccountName = "gwpexip"
# Location of your Azure Resource Group
$locationName = "UK South"
# Name of the container within the storage account to copy the disk images into
$containerName = "vm-images"
# Name of the Resource Group for the Management Node
$mgrResourceName = "pexippexmgr"
# Name of the Resource Group for the Conference Node
$conf1ResourceName = "pexipconf1"
# Version of Pexip Infinity to copy
$version = "20-0-0-45400-0-0"
# Connect to Azure
Install-Module AzureRM
# Add your Azure account to the PowerShell environment
# Set the current subscription
Get-AzureRmSubscription -SubscriptionName $subscriptionName | Select-AzureRmSubscription
# Creating a Resource Group
New-AzureRmResourceGroup -Name $resourceGroupName -Location $locationName
# Register Namesapce for new subscriptions
Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.Network”
Register-AzureRmResourceProvider -ProviderNamespace “Microsoft.Storage”
# Creating an Azure Network Security Group, Network and Subnet
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name allow_http -Description "Permit access to HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 105 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name allow_https -Description "Permit access to HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name allow_h323cs -Description "Permit access to H.323 CS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 115 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 1720
$rule4 = New-AzureRmNetworkSecurityRuleConfig -Name allow_sip_tcp -Description "Permit access to SIP/TCP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 5060
$rule5 = New-AzureRmNetworkSecurityRuleConfig -Name allow_sip_tls -Description "Permit access to SIP/TLS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 125 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 5061
$rule6 = New-AzureRmNetworkSecurityRuleConfig -Name allow_signalling_tcp -Description "Permit access to ephemeral TCP call signalling ports" -Access Allow -Protocol Tcp -Direction Inbound -Priority 130 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 33000-39999
$rule7 = New-AzureRmNetworkSecurityRuleConfig -Name allow_media_tcp -Description "Permit access to ephemeral TCP media ports" -Access Allow -Protocol Tcp -Direction Inbound -Priority 135 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 40000-49999
$rule8 = New-AzureRmNetworkSecurityRuleConfig -Name allow_h323ls -Description "Permit access to H.323 LS"   -Access Allow -Protocol Udp -Direction Inbound -Priority 140 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 1719
$rule9 = New-AzureRmNetworkSecurityRuleConfig -Name allow_signalling_udp -Description "Permit access to ephemeral UDP call signalling ports"  -Access Allow -Protocol Udp -Direction Inbound -Priority 150 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 33000-39999
$rule10 = New-AzureRmNetworkSecurityRuleConfig -Name allow_media_udp -Description "Permit access to ephemeral UDP media ports" -Access Allow -Protocol Udp -Direction Inbound -Priority 155 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 40000-49999
$rule11 = New-AzureRmNetworkSecurityRuleConfig -Name allow_management_traffic -Description "Permit access from the management network" -Access Allow -Protocol * -Direction Inbound -Priority 160 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange *
$rule12 = New-AzureRmNetworkSecurityRuleConfig -Name allow_config -Description "Permit access to upload config" -Access Allow -Protocol Tcp -Direction Inbound -Priority 170 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 8443
$rule13 = New-AzureRmNetworkSecurityRuleConfig -Name allow_rdp -Description "Allow RDP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 180 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix $subnetRange
$virtualNetwork = New-AzureRmVirtualNetwork -Name $networkName -ResourceGroupName $resourceGroupName -Location $locationName -AddressPrefix $addressPrefix -Subnet $frontendSubnet
$networkSecurityGroup = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroupName  -Location $locationName -Name $networkSecurity -SecurityRules $rule1,$rule2,$rule3,$rule4,$rule5,$rule6,$rule7,$rule8,$rule9,$rule10,$rule11,$rule12,$rule13
Set-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $virtualNetwork -AddressPrefix $subnetRange -NetworkSecurityGroup $networkSecurityGroup
$virtualNetwork | Set-AzureRmVirtualNetwork
# Creating a Storage Account for Pexip - Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only.
New-AzureRmStorageAccount -ResourceGroupName $resourceGroupName -Name "$storageAccountName" -Location $locationName -SkuName Standard_LRS -Kind Storage
# Preparing disk images for Azure deployments
# Obtain the access key for the storage account
$storageAccountKey = Get-AzureRmStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
If($storageAccountKey.GetType().Name -eq "StorageAccountKeys") {
    # AzureRM.Storage < 1.1.0
    $storageAccountKey = $storageAccountKey.Key1
} Else {
    # AzureRm.Storage 1.1.0
    $storageAccountKey = $storageAccountKey[0].Value
# Create the storage access context
$ctx = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
# Ensure that the container exists
New-AzureStorageContainer -Name $containerName -Context $ctx
# Start copying the Management Node image
$mgmt = Start-AzureStorageBlobCopy -AbsoluteUri "$version/management-node.vhd" -DestContainer $containerName -DestBlob "pexip-infinity-$version-management-node.vhd" -DestContext $ctx
# Start copying the Conferencing Node image
$cnfc = Start-AzureStorageBlobCopy -AbsoluteUri "$version/conferencing-node.vhd" -DestContainer $containerName -DestBlob "pexip-infinity-$version-conferencing-node.vhd" -DestContext $ctx
# Wait for the Management Node image to finish copying
$status = Get-AzureStorageBlobCopyState -Blob $mgmt.Name -Container $containerName -Context $ctx
While($status.Status -eq "Pending") {
    $status = Get-AzureStorageBlobCopyState -Blob $mgmt.Name -Container $containerName -Context $ctx
    Start-Sleep 10
# Wait for the Conferencing Node image to finish copying
$status = Get-AzureStorageBlobCopyState -Blob $cnfc.Name -Container $containerName -Context $ctx
While($status.Status -eq "Pending") {
    $status = Get-AzureStorageBlobCopyState -Blob $cnfc.Name -Container $containerName -Context $ctx
    Start-Sleep 10
# Print out the prepared disk image URLs for later use
"Prepared Management Node disk image:   " + $mgmt.ICloudBlob.Uri.AbsoluteUri
"Prepared Conferencing Node disk image: " + $cnfc.ICloudBlob.Uri.AbsoluteUri
# Create the storage container for the Management Node
Set-AzureRMCurrentStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
New-AzureRMStorageContainer -Name $mgrcontainerName -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -PublicAccess Blob
# Create the storage container for the Confernece Node
Set-AzureRMCurrentStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName
New-AzureRMStorageContainer -Name $conf1containerName -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName -PublicAccess Blob
# Get Azure Compute Available
# Get-AzureRmComputeResourceSku | where {$_.Locations -icontains "uksouth"}

Now you will need to edit some of the variables depending on your Azure subscription.  These are within the top section, so you will need to enter your Azure Subscription name, the name you want to call the storage accounts, your IP address range, your network name, security group name and the location where you are deploying Pexip.  In my example above, I have used my initialsCompanynameFunction, so gwpexipmgr for the Pexip managemenet node.  This is so I do not conflict with colleagues also using this subscription.

So you can run this script and you will be prompted to log into Azure, so use your credentials to do so.  The script will then create the Network Security Groups, firewall rules, storage containers and then copy over the Pexip images to your storage account.  Once it has completed, you will see the two URLS of your Pexip image files printed out.  The last line of the script is optional, this will detail out what compute is available in your region.

Step Two – Deploy the Management Node

Next, we need to run the depeloyment script to build the VM image into an actual virtual machine.  To do this, there are few options of the script.  Details here on the Pexip site.  In my example, I am using a VM with a dynamic public IP, so this template script.

In the image below, I have mapped my 10 variables in the PowerShell to the areas in the deployment template.  Just note that the first 3 IP addresses are reserved, but I’ve chosen to start at .11. Once populated, you can then just click on agree to the terms and click Purchase.  You are not actually buying anything, just deploying a VM with these variables.

Azure PowerShell Script and Pexip Deployment Template

Step Three – Deploy a Conference Node

Now you can run the template again to do the same, but changing the variables in the template to the confernece node, in my case conf1.

Step Four – Configure the Management Node

Since the Serial console in Azure is now available, there is no need to SSH into the management node to configure it.  You can simply navigate to the Virtual Machine, scroll down the list to Serial Console and simply login with the password used in step two. 

Opening Azure Serial Console

Once logged in, enter the IP address, subnet mask, hostname, domain name etc.  Where there is a value on the left side, you can just press enter to accept the defaults.

Pexip Install Wizard via Serial Console

The server will reboot and you will be able to log in with either the public IP from Azure or the DNS name if you have populated your DNS.

Azure IP Address or DNS Name

Step Five – Configure the Conference Node

Once logged into the web interface of Pexip, navigate to Platform >  Conference Nodes

Platform > Conference Nodes

Now click on Add Conference Node and select Generic (configuration only) and then Next.  You can then enter the details required, for the IP address I am using the next one up from the Management Node.  When you get to System Location, click on the green + to add a new location.  See the 2nd image for the requirements here.  Don’t forget to add the static NAT (public IP address of the conference node VM) here as that will allow media to flow.  If you forget you can add it afterward.  When you enter the SSH password, make sure your type it correctly as there is no going back.  Then click Finish.

Adding a new Conference Node
Adding a new location

You will then have the option to Download the configuration file for this Conference Node. An xml file will be downloaded.

Download Configuration

Now browse to the DNS/IP address of the conference node, so using port 8443.  You will then be presented with a super simple page asking for the XML file and click Upload.

Conference Node – Upload XML config

The conference node will now take this configuration and apply it and reboot.  Time to grab a coffee.

Step Six – Testing the Platform

Once the conference node has rebooted, you should see the home screen Live View like below, showing the number of HD calls available (depending on the VM selected in the template earlier).

Pexip Live View

Now let’s configure the Test Call Service

Test Call Service
Adding a new Alias to the Test Call Service

Enter a full URL here so that it can be called from any SIP or Skype for Business platform and click Save.  Wait one minute and now navigate to the Conference Node IP or DNS name.  If this is the first time, you will be be asked to allow access to your camera and microphone.  You will also be asked to enter your name.  Just click on Video

Now enter the Alias you created click the green video icon on the right to place the call.  You will then hear some audio prompts so you can test your audio and video.  If you have not applied your license key, you will get a splash screen with an error plus audio.  That way you still know that you have the firewall ports open to/from Azure.

That’s it, you have a working platform in Azure now.  Other steps you can do could be to create a SSL certificate for testing purposes for free using this guide.

Also published on Medium.

All search results