In this article we'll be delving into how Provider Connectivity Assurance (formerly Skylight) is integrated in Microsoft Azure.
The Cloud Challenges
More Complexity. More Users. Less visibility.
No access to the network layer
There is no network layer access! How can I capture the network traffic?
Azure Basic Concepts to Know
Provider Connectivity Assurance in the cloud: general principles and architectures
Cloud visibility using Azure partner TAPs
Azure does not yet support packet mirroring (vTAP) natively on their platform, but relies on 3rd party software partners to perform traffic mirroring and forwarding to probes and analyzers. See Azure virtual network TAP partners page for Azure recommended solutions to mirror traffic.
Assurance Sensor Capture deployed in Azure
- Receives monitored network traffic
- Computes Per Packet Intel
- Sends Per Packet Intel to Provider Connectivity Assurance (formerly Skylight analytics) through HTTPS (TCP port 443)
Technical Requirements
Assurance Sensor Capture
- Version 21.02.10-r1 release and above
Network Flows Requirements
| Ingress traffic | Egress traffic | |
|---|---|---|
| Assurance Sensor Capture | TCP port 443 to Provider Connectivity Assurance and TCP port 443 to NATS on same Provider Connectivity Assurance |
Main Deployment Steps
-
Deploy Assurance Sensor Capture(s)
-
Link deployed Assurance Sensor Capture(s) to your Provider Connectivity Assurance tenant
How to deploy an Assurance Sensor Capture in Azure
| Sizing | Small | Medium | Large |
|---|---|---|---|
| Flow analysis per min Max average recommended |
100 K | 1M | 1,6M |
| CPU | 2,4 GHz 2 Core / 4 Threads |
2,4 GHz 6 Core / 12 Threads |
2,4 GHz 8 Core / 16 Threads |
| RAM | 6 GB | 16 GB | 24 GB |
| Data Disks (Read performances) | 50 MB/s | 80 MB/s | 100 MB/s |
| Input / Output per second | 500 IOPS | 1000 IOPS | 1000 IOPS |
How to link an Assurance Sensor Capture to a Provider Connectivity Assurance tenant
- Select deployment model
Type deploy show to check the actual deployment model
Type deploy disable PVX to disable the PVX deployment model
Type deploy enable Analytics to activate the appropriate deployment model
- Link the Sensor to your Provider Connectivity Assurance own tenant
- Type **register skylight** to initiate the process
- When being prompted, provide the following information:
- Tenant Host: URL of your Provider Connectivity Assurance tenant
- Username: your admin username
- Password: password linked to your username
- You can check the presence of your sensor under Data Connections menu in Provider Connectivity Assurance.
© 2025 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks