Provision new SIMs for Azure Private 5G Core - ARM template
SIM resources represent physical SIMs or eSIMs used by user equipment (UEs) served by the private mobile network. In this how-to guide, you'll learn how to provision new SIMs for an existing private mobile network using an Azure Resource Manager template (ARM template).
A resource manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. In declarative syntax, you describe your intended deployment without writing the sequence of programming commands to create the deployment.
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.
Prerequisites
- Ensure you can sign in to the Azure portal using an account with access to the active subscription you identified in Complete the prerequisite tasks for deploying a private mobile network. This account must have the built-in Contributor role at the subscription scope.
- Identify the name of the Mobile Network resource corresponding to your private mobile network and the resource group containing it.
- Identify the Azure region in which you deployed your private mobile network.
- Choose a name for the new SIM group to which your SIMs will be added.
- Identify the SIM policy you want to assign to the SIMs you're provisioning. You must have already created this SIM policy using the instructions in Configure a SIM policy - Azure portal.
Collect the required information for your SIMs
To begin, collect the values in the following table for each SIM you want to provision.
| Value | Parameter name |
|---|---|
| SIM name. The SIM name must only contain alphanumeric characters, dashes, and underscores. | simName |
| The Integrated Circuit Card Identification Number (ICCID). The ICCID identifies a specific physical SIM or eSIM, and includes information on the SIM's country/region and issuer. The ICCID is optional and is a unique numerical value between 19 and 20 digits in length, beginning with 89. | integratedCircuitCardIdentifier |
| The international mobile subscriber identity (IMSI). The IMSI is a unique number (usually 15 digits) identifying a device or user in a mobile network. | internationalMobileSubscriberIdentity |
| The Authentication Key (Ki). The Ki is a unique 128-bit value assigned to the SIM by an operator, and is used with the derived operator code (OPc) to authenticate a user. It must be a 32-character string, containing hexadecimal characters only. | authenticationKey |
| The derived operator code (OPc). The OPc is taken from the SIM's Ki and the network's operator code (OP). The packet core instance uses it to authenticate a user using a standards-based algorithm. The OPc must be a 32-character string, containing hexadecimal characters only. | operatorKeyCode |
| The type of device using this SIM. This value is an optional free-form string. You can use it as required to easily identify device types using the enterprise's private mobile network. | deviceType |
| The SIM policy to assign to the SIM. This is optional, but your SIMs won't be able to use the private mobile network without an assigned SIM policy. | simPolicyId |
Prepare one or more arrays for your SIMs
Use the information you collected in Collect the required information for your SIMs to create one or more JSON arrays containing properties for up to 500 of the SIMs you want to provision. The following is an example of an array containing properties for two SIMs (SIM1 and SIM2).
Important
Bulk SIM provisioning is limited to 500 SIMs. If you want to provision more that 500 SIMs, you must create multiple SIM arrays with no more than 500 SIMs in any one array and repeat the provisioning process for each SIM array.
Delete the staticIpConfiguration parameter for that SIM.
[
{
"simName": "SIM1",
"integratedCircuitCardIdentifier": "8912345678901234566",
"internationalMobileSubscriberIdentity": "001019990010001",
"authenticationKey": "00112233445566778899AABBCCDDEEFF",
"operatorKeyCode": "63bfa50ee6523365ff14c1f45f88737d",
"deviceType": "Cellphone",
"simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/simPolicies/SimPolicy1",
"staticIpConfiguration" :[
{
"attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn1",
"sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
"staticIpAddress": "10.132.124.54"
},
{
"attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn2",
"sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
"staticIpAddress": "10.132.124.55"
}
]
},
{
"simName": "SIM2",
"integratedCircuitCardIdentifier": "8922345678901234567",
"internationalMobileSubscriberIdentity": "001019990010002",
"authenticationKey": "11112233445566778899AABBCCDDEEFF",
"operatorKeyCode": "63bfa50ee6523365ff14c1f45f88738d",
"deviceType": "Sensor",
"simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/simPolicies/SimPolicy2",
"staticIpConfiguration" :[
{
"attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn1",
"sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
"staticIpAddress": "10.132.124.54"
},
{
"attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn2",
"sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
"staticIpAddress": "10.132.124.55"
}
]
}
]
Review the template
The template used in this quickstart is from Azure Quickstart Templates.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.19.5.34762",
"templateHash": "9849936408650350256"
}
},
"parameters": {
"location": {
"type": "string",
"metadata": {
"description": "Region where the SIM group will be deployed (must match the resource group region)."
}
},
"existingMobileNetworkName": {
"type": "string",
"metadata": {
"description": "The name of the mobile network to which you are adding the SIM group."
}
},
"existingSimPolicyName": {
"type": "string",
"metadata": {
"description": "The name of the SIM policy to be assigned to the SIM(s)."
}
},
"simGroupName": {
"type": "string",
"metadata": {
"description": "The name for the SIM group."
}
},
"existingEncryptionKeyUrl": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "A unversioned key vault key to encrypt the SIM data that belongs to this SIM group. For example: https://contosovault.vault.azure.net/keys/azureKey."
}
},
"existingUserAssignedIdentityResourceId": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "User-assigned identity is an identity in Azure Active Directory that can be used to give access to other Azure resource such as Azure Key Vault. This identity should have Get, Wrap key, and Unwrap key permissions on the key vault."
}
},
"simResources": {
"type": "array",
"metadata": {
"description": "An array containing properties of the SIM(s) you wish to create. See [Provision proxy SIM(s)](https://docs.microsoft.com/en-gb/azure/private-5g-core/provision-sims-azure-portal) for a full description of the required properties and their format."
}
}
},
"resources": [
{
"copy": {
"name": "exampleSimResources",
"count": "[length(parameters('simResources'))]"
},
"type": "Microsoft.MobileNetwork/simGroups/sims",
"apiVersion": "2023-06-01",
"name": "[format('{0}/{1}', parameters('simGroupName'), parameters('simResources')[copyIndex()].simName)]",
"properties": {
"integratedCircuitCardIdentifier": "[parameters('simResources')[copyIndex()].integratedCircuitCardIdentifier]",
"internationalMobileSubscriberIdentity": "[parameters('simResources')[copyIndex()].internationalMobileSubscriberIdentity]",
"authenticationKey": "[parameters('simResources')[copyIndex()].authenticationKey]",
"operatorKeyCode": "[parameters('simResources')[copyIndex()].operatorKeyCode]",
"deviceType": "[parameters('simResources')[copyIndex()].deviceType]",
"simPolicy": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/simPolicies', parameters('existingMobileNetworkName'), parameters('existingSimPolicyName'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.MobileNetwork/simGroups', parameters('simGroupName'))]"
]
},
{
"type": "Microsoft.MobileNetwork/simGroups",
"apiVersion": "2023-06-01",
"name": "[parameters('simGroupName')]",
"location": "[parameters('location')]",
"properties": {
"mobileNetwork": {
"id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks', parameters('existingMobileNetworkName'))]"
},
"encryptionKey": {
"keyUrl": "[parameters('existingEncryptionKeyUrl')]"
}
},
"identity": "[if(not(empty(parameters('existingUserAssignedIdentityResourceId'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', parameters('existingUserAssignedIdentityResourceId')), createObject())), createObject('type', 'None'))]"
}
]
}
The following Azure resources are defined in the template.
- Microsoft.MobileNetwork/simGroups: a resource representing a SIM group.
- Microsoft.MobileNetwork/simGroups/sims: a resource representing a physical SIM or eSIM.
Deploy the template
Select the following link to sign in to Azure and open a template.
Select or enter the following values, using the information you retrieved in Prerequisites.
- Subscription: select the Azure subscription you used to create your private mobile network.
- Resource group: select the resource group containing the Mobile Network resource representing your private mobile network.
- Region: select the region in which you deployed the private mobile network.
- Location: enter the code name of the region in which you deployed the private mobile network.
- Existing Mobile Network Name: enter the name of the Mobile Network resource representing your private mobile network.
- Existing Sim Policy Name: enter the name of the SIM policy you want to assign to the SIMs.
- Sim Group Name: enter the name for the new SIM group.
- Sim Resources: paste in one of the JSON arrays you prepared in Prepare one or more arrays for your SIMs.
Select Review + create.
Azure will now validate the configuration values you've entered. You should see a message indicating that your values have passed validation.
If the validation fails, you'll see an error message and the Configuration tab(s) containing the invalid configuration will be flagged. Select the flagged tab(s) and use the error messages to correct invalid configuration before returning to the Review + create tab.
Once your configuration has been validated, you can select Create to provision your SIMs. The Azure portal will display a confirmation screen when the SIMs have been provisioned.
If you are provisioning more than 500 SIMs, repeat this process for each of your JSON arrays.
Review deployed resources
Select Go to resource group.
Confirm that the SIM Group resource has been created in the resource group.
Select the SIM Group resource and confirm that all of your SIMs have been provisioned correctly.
Next steps
You can Manage these SIMs using the Azure portal.
Feedback
Submit and view feedback for