Edit terraform.tfvars and change the my-pub-ip to your external ip. NSG rules are in place for ssh/https/cpmi of the cpmgmt it will not allow you to connect when the mgmt is up.
A Pay As You Go (PAYG) subscription of Azure has a max vCPU quota per region of 10 vCPU so we needed to fit everything.
You will need a service principal for the provision of the gateways
I have left as an exersice how you will chain the serviceA/serviceB to the Azure GW Load Balancer in order to explain the process
MGMT with 2 vCPUs will take 15-18 minutes till you are able to login from SmartConsole (have that in mind).
serviceA VM: 10.0.1.4 Standard_DS1_v2 1 vCPU
serviceB VM: 10.0.2.4 Standard_DS1_v2 1 vCPU
cpmgmt VM: 172.16.1.4 Standard_D2_v2 2 vCPU
jumpbox VM: 172.18.0.4 Standard_DS1_v2 1 vCPU
cpvmss1 VM: 192.168.0.5 Standard_DS1_v2 1 vCPU
cpvmss2 VM: 192.168.0.6 Standard_DS1_v2 1 vCPU
from/to jumpbox serviceA
from/to jumpbox serviceB
from/to jumpbox cpmgmt
from/to cpmgmt to vmms scaleset
In case you forget the IP
terraform output public_ip_address-jumpbox
ssh -i azureuser.pem azureuser@jumpboxpublicip
From jumpbox you can ping serviceA/serviceB/cpmgmt
ssh to mgmt at 172.16.1.4 to have ssh access to the vmss gateway (ping will not work due to InitialPolicy)
On your management server:
If you are running a Standard D2 v2 (2 vcpus, 7 GiB memory) =<8GB of RAM you need to enable the api manually on cpmgmt: api start with bigger sizes it enables it automatically
Install a license for 172.16.1.4
Update the CME script, the defaults works in any case
autoprov_cfg -f init Azure \
-mn cpmgmt -tn az-cpgwlbvmss -otp 123456789012 \
-ver R81.10 -po Standard -cn Azure \
-sb SUBSCRIPTION \
-at SERVICE_PRINCIPAL_CREDENTIALS_TENANT \
-aci SERVICE_PRINCIPAL_CREDENTIALS_CLIENT ID \
-acs SERVICE_PRINCIPAL_CREDENTIALS_CLIENT_SECRET
Switch template to use also IPS
autoprov_cfg -f set template -tn az-ckpgwlbvmss -ips