Provision new SIMs for Azure Private 5G Core - Azure portal

SIM resources represent physical SIMs or eSIMs used by user equipment (UEs) served by the private mobile network. In this how-to guide, we'll provision new SIMs for an existing private mobile network.

Prerequisites

  • Ensure you can sign in to the Azure portal using an account with access to the active subscription you identified in Complete the prerequisite tasks for deploying a private mobile network. This account must have the built-in Contributor role at the subscription scope.

  • Identify the name of the Mobile Network resource corresponding to your private mobile network.

  • Decide on the method you'll use to provision SIMs. You can choose from the following:

    • Manually entering each provisioning value into fields in the Azure portal. This option is best if you're provisioning a few SIMs.

    • Importing one or more JSON files containing values for up to 10,000 SIM resources each. This option is best if you're provisioning a large number of SIMs. You'll need a good JSON editor if you want to use this option.

    • Importing an encrypted JSON file containing values for one or more SIM resources provided by select partner vendors. This option is required for any vendor-provided SIMs. You'll need a good JSON editor if you want to edit any fields within the encrypted JSON file when using this option.

  • Decide on the SIM group to which you want to add your SIMs. You can create a new SIM group when provisioning your SIMs, or you can choose an existing SIM group. See Manage SIM groups - Azure portal for information on viewing your existing SIM groups.

    • If you're manually entering provisioning values, you'll add each SIM to a SIM group individually.

    • If you're using one or more JSON or encrypted JSON files, all SIMs in the same JSON file will be added to the same SIM group.

  • For each SIM you want to provision, decide whether you want to assign a SIM policy to it. If you do, you must have already created the relevant SIM policies using the instructions in Configure a SIM policy - Azure portal. SIMs can't access your private mobile network unless they have an assigned SIM policy.

    • If you're manually entering provisioning values, you'll need the name of the SIM policy.

    • If you're using one or more JSON or encrypted JSON files, you'll need the full resource ID of the SIM policy. You can collect this by navigating to the SIM Policy resource, selecting JSON View and copying the contents of the Resource ID field.

Collect the required information for your SIMs

To begin, collect the values in the following table for each SIM you want to provision.

Value Field name in Azure portal JSON parameter name
SIM name. The SIM name must only contain alphanumeric characters, dashes, and underscores. SIM name simName
The Integrated Circuit Card Identification Number (ICCID). The ICCID identifies a specific physical SIM or eSIM, and includes information on the SIM's country/region and issuer. The ICCID is a unique numerical value between 19 and 20 digits in length, beginning with 89. ICCID integratedCircuitCardIdentifier
The international mobile subscriber identity (IMSI). The IMSI is a unique number (usually 15 digits) identifying a device or user in a mobile network. IMSI internationalMobileSubscriberIdentity
The Authentication Key (Ki). The Ki is a unique 128-bit value assigned to the SIM by an operator, and is used with the derived operator code (OPc) to authenticate a user. It must be a 32-character string, containing hexadecimal characters only. Ki authenticationKey
The derived operator code (OPc). The OPc is taken from the SIM's Ki and the network's operator code (OP). The packet core instance uses it to authenticate a user using a standards-based algorithm. The OPc must be a 32-character string, containing hexadecimal characters only. Opc operatorKeyCode
The type of device using this SIM. This value is an optional free-form string. You can use it as required to easily identify device types using the enterprise's private mobile network. Device type deviceType
The SIM policy to assign to the SIM. This is optional, but your SIMs won't be able to use the private mobile network without an assigned SIM policy. SIM policy simPolicyId

Collect the required information for assigning static IP addresses

You only need to complete this step if all of the following apply:

  • You're using one or more JSON files to provision your SIMs.
  • You've configured static IP address allocation for your packet core instance(s).
  • You want to assign static IP addresses to the SIMs during SIM provisioning.

Collect the values in the following table for each SIM you want to provision. If your private mobile network has multiple data networks and you want to assign a different static IP address for each data network to this SIM, collect the values for each IP address.

Each IP address must come from the pool you assigned for static IP address allocation when creating the relevant data network, as described in Collect data network values. For more information, see Allocate User Equipment (UE) IP address pools.

Value Field name in Azure portal JSON file parameter name
The data network that the SIM will use. Not applicable. staticIpConfiguration.attachedDataNetworkId
The network slice that the SIM will use. Not applicable. staticIpConfiguration.sliceId
The static IP address to assign to the SIM. Not applicable. staticIpConfiguration.staticIpAddress

Create or edit JSON files

Only carry out this step if you decided in Prerequisites to use JSON files or an encrypted JSON file provided by a SIM vendor to provision your SIMs. Otherwise, you can skip to Begin provisioning the SIMs in the Azure portal.

Prepare the files using the information you collected for your SIMs in Collect the required information for your SIMs. The examples below show the required format.

Note

Bulk SIM provisioning is limited to 10,000 SIMs per file.

Plaintext SIMs

If you are creating plaintext SIMs, use the following example. It contains the parameters required to provision two unencrypted SIMs (SIM1 and SIM2). If you don't want to assign a SIM policy or static IP address now, you can delete the simPolicyId and/or staticIpConfiguration parameters.

[
  {
    "simName": "SIM1",
    "integratedCircuitCardIdentifier": "8912345678901234566",
    "internationalMobileSubscriberIdentity": "001019990010001",
    "authenticationKey": "00112233445566778899AABBCCDDEEFF",
    "operatorKeyCode": "63bfa50ee6523365ff14c1f45f88737d",
    "deviceType": "Cellphone",
    "simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/ mobileNetworks/contoso-network/simPolicies/SimPolicy1",
    "staticIpConfiguration": [
      {
        "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/TestPacketCoreCP/packetCoreDataPlanes/TestPacketCoreDP/attachedDataNetworks/TestAttachedDataNetwork",
        "sliceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/slices/testSlice",
        "staticIpAddress": "10.4.0.1"
      }
    ]
  },
  {
    "simName": "SIM2",
    "integratedCircuitCardIdentifier": "8922345678901234567",
    "internationalMobileSubscriberIdentity": "001019990010002",
    "authenticationKey": "11112233445566778899AABBCCDDEEFF",
    "operatorKeyCode": "63bfa50ee6523365ff14c1f45f88738d",
    "deviceType": "Sensor",
    "simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/simPolicies/SimPolicy2",
    "staticIpConfiguration": [
      {
        "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/TestPacketCoreCP/packetCoreDataPlanes/TestPacketCoreDP/attachedDataNetworks/TestAttachedDataNetwork",
        "sliceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/slices/testSlice",
        "staticIpAddress": "10.4.0.2"
      }
    ]
  }
]

Encrypted SIMs

If you are editing an encrypted JSON file provided by a partner SIM vendor, use the following example. It contains the parameters required to provision two encrypted SIMs (SIM1 and SIM2). If you don't want to assign a SIM policy or static IP address now, you can delete the simPolicy and/or staticIpConfiguration parameters.

{
  "version": 1,
  "azureKeyIdentifier": 1,
  "vendorKeyFingerprint": "A5719BCEFD6A2021A11D7649942ECC14",
  "encryptedTransportKey": "0EBAE5E2D31A1BE48495F6DCA65983EEAE6BA6B75A92040562EAD84079BF701CBD3BB1602DB74E85921184820B78A02EC709951195DC87E44481FDB6B826DF775E29B7073644EA66649A14B6CA6B0EE75DE8B4A8D0D5186319E37FBF165A691E607CFF8B65F3E5E9D448049704DE4EA047101ADA4554A543F405B447B8DB687C0B7624E62515445F3E887B3328AA555540D9959752C985490586EF06681501A89594E28F98BF66F179FE3F1D2EE13C69BC42C30A8D3DC6898B8160FC66CDDEE164760F27B68A07BA4C4AE5AFFEA45EE8342E1CA8470150ED6AF4215CEF173418E60E2B1DF4A8C2AE6F0C9A291F5D185ECAD0D94D48EFD06570A0C1AE27D5EC20",
  "signedTransportKey": "83515CC47C8890F62D4A0D16DE58C2F2DCFD827C317047693A46B9CA1F9EBC33CCDB8CABE04A275D65E180813CCFF43FC2DA95E19E2B9FF2588AE0914418DC9CB5506EB7AEADB272F5DAB9F0B1CCFAD62B95C91D4F4680A350F56D2A7F8EC863F4D61E1D7A38746AEE6C6391D619CCFCFA2B6D554671D91A26484CD6E120D84917FBF69D3B56B2AA8F2B36AF88492F1A7E267594B6C1596B81A81079540EC3F31869294BFEB225DFB171DE557B8C05D7C963E047E3AF36D1387FEDA28E55E411E5FB6AED178FB9C92D674D71AF8FEB6462F509E6423D4EBE0EC84E4135AA6C7A36F849A14A6A70E7188E08278D515BD95A549645E9D595D1DEC13E1A68B9CB67",
  "sims": [
    {
      "name": "SIM 1",
      "properties": {
        "deviceType": "Sensor",
        "integratedCircuitCardIdentifier": "8922345678901234567",
        "internationalMobileSubscriberIdentity": "001019990010002",
        "encryptedCredentials": "3ED205BE2DD7F0E467283EC55F9E8F3588B68DC98811BE671070C65EFDE0CCCAD18C8B663231C80FB478F753A6B09142D06982421261679B7BB112D36473EA7EF973DCF7F634124B58DD945FE61D4B16978438CB33E64D3AA58B5C38A0D97030B5F95B16E308D919EB932ACCD36CB8C2838C497B3B38A60E3DD385",
        "simPolicy": {
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/simPolicies/MySimPolicy"
        },
        "staticIpConfiguration": [
          {
            "attachedDataNetwork": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/TestPacketCoreCP/packetCoreDataPlanes/TestPacketCoreDP/attachedDataNetworks/TestAttachedDataNetwork"
            },
            "slice": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/slices/testSlice"
            },
            "staticIp": {
              "ipv4Address": "10.4.0.1"
            }
          }
        ]
      }
    },
    {
      "name": "SIM 2",
      "properties": {
        "deviceType": "Cellphone",
        "integratedCircuitCardIdentifier": "1234545678907456123",
        "internationalMobileSubscriberIdentity": "001019990010003",
        "encryptedCredentials": "3ED205BE2DD7F0E467283EC55F9E8F3588B68DC98811BE671070C65EFDE0CCCAD18C8B663231C80FB478F753A6B09142D06982421261679B7BB112D36473EA7EF973DCF7F634124B58DD945FE61D4B16978438CB33E64D3AA58B5C38A0D97030B5F95B16E308D919EB932ACCD36CB8C2838C497B3B38A60E3DD385",
        "simPolicy": {
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/simPolicies/MySimPolicy"
        },
        "staticIpConfiguration": [
          {
            "attachedDataNetwork": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/TestPacketCoreCP/packetCoreDataPlanes/TestPacketCoreDP/attachedDataNetworks/TestAttachedDataNetwork"
            },
            "slice": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.MobileNetwork/mobileNetworks/testMobileNetwork/slices/testSlice"
            },
            "staticIp": {
              "ipv4Address": "10.4.0.2"
            }
          }
        ]
      }
    }
  ]
}

Begin provisioning the SIMs in the Azure portal

You'll now begin the SIM provisioning process through the Azure portal.

  1. Sign in to the Azure portal.

  2. Search for and select the Mobile Network resource representing the private mobile network for which you want to provision SIMs.

    Screenshot of the Azure portal. It shows the results of a search for a Mobile Network resource.

  3. Select Manage SIMs.

    Screenshot of the Azure portal showing the View SIMs button on a Mobile Network resource.

  4. Select Create and then select your chosen provisioning method from the options that appear.

    Screenshot of the Azure portal showing the Create button and its options - Upload J S O N from file and Add manually.

Manually provision a SIM

Complete this step if you want to enter provisioning values for your SIMs directly into the Azure portal. Otherwise, skip to Provision SIMs using a JSON file.

  1. In Add SIMs on the right, use the information you collected in Collect the required information for your SIMs to fill out the fields for one of the SIMs you want to provision. You can set SIM policy to None if you don't want to assign a SIM policy to the SIM at this point.

  2. Set the SIM group field to an existing SIM group, or select Create new to create a new one.

  3. Select Add.

  4. The Azure portal will now begin deploying the SIM. When the deployment is complete, select Go to resource.

    Screenshot of the Azure portal showing a completed deployment of a SIM resource and the Go to resource button.

  5. You'll now see details of your new SIM resource.

    Screenshot of the Azure portal showing the configuration a new SIM resource.

  6. Repeat this entire step for any other SIMs that you want to provision.

Provision SIMs using a JSON file

Complete this step if you want to enter provisioning values for your SIMs using a JSON file.

  1. In Add SIMs on the right, select Browse and then select one of the JSON files you created or edited in Create or edit JSON files.
    Screenshot of the Add SIMs view. It shows Encrypted has been selected as the file type, a JSON file has been uploaded and SIMGroup1 has been selected as the SIM group name.

  2. Set the SIM group field to an existing SIM group, or select Create new to create a new one.

  3. Select Add. If the Add button is greyed out, check your JSON file to confirm that it's correctly formatted.

  4. The Azure portal will now begin deploying the SIMs. When the deployment is complete, select Go to resource group.

    Screenshot of the Azure portal. It shows a completed deployment of SIM resources through a J S O N file and the Go to resource group button.

  5. Select the SIM Group resource to which you added your SIMs.

  6. Check the list of SIMs to ensure your new SIMs are present and provisioned correctly.

    Screenshot of the Azure portal. It shows a list of currently provisioned SIMs for a private mobile network.

  7. If you are provisioning more than 10,000 SIMs, repeat this process for each JSON file.

Next steps

  • If you've configured static IP address allocation for your packet core instance(s) and you haven't already assigned static IP addresses to the SIMs you've provisioned, you can do so by following the steps in Assign static IP addresses.
  • Enable SUPI concealment if required.