Provision new SIMs for Azure Private 5G Core - ARM template

SIM resources represent physical SIMs or eSIMs used by user equipment (UEs) served by the private mobile network. In this how-to guide, you'll learn how to provision new SIMs for an existing private mobile network using an Azure Resource Manager template (ARM template).

A resource manager template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. In declarative syntax, you describe your intended deployment without writing the sequence of programming commands to create the deployment.

If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.

Deploy to Azure.

Prerequisites

  • Ensure you can sign in to the Azure portal using an account with access to the active subscription you identified in Complete the prerequisite tasks for deploying a private mobile network. This account must have the built-in Contributor role at the subscription scope.
  • Identify the name of the Mobile Network resource corresponding to your private mobile network and the resource group containing it.
  • Identify the Azure region in which you deployed your private mobile network.
  • Choose a name for the new SIM group to which your SIMs will be added.
  • Identify the SIM policy you want to assign to the SIMs you're provisioning. You must have already created this SIM policy using the instructions in Configure a SIM policy - Azure portal.

Collect the required information for your SIMs

To begin, collect the values in the following table for each SIM you want to provision.

Value Parameter name
SIM name. The SIM name must only contain alphanumeric characters, dashes, and underscores. simName
The Integrated Circuit Card Identification Number (ICCID). The ICCID identifies a specific physical SIM or eSIM, and includes information on the SIM's country/region and issuer. The ICCID is optional and is a unique numerical value between 19 and 20 digits in length, beginning with 89. integratedCircuitCardIdentifier
The international mobile subscriber identity (IMSI). The IMSI is a unique number (usually 15 digits) identifying a device or user in a mobile network. internationalMobileSubscriberIdentity
The Authentication Key (Ki). The Ki is a unique 128-bit value assigned to the SIM by an operator, and is used with the derived operator code (OPc) to authenticate a user. It must be a 32-character string, containing hexadecimal characters only. authenticationKey
The derived operator code (OPc). The OPc is taken from the SIM's Ki and the network's operator code (OP). The packet core instance uses it to authenticate a user using a standards-based algorithm. The OPc must be a 32-character string, containing hexadecimal characters only. operatorKeyCode
The type of device using this SIM. This value is an optional free-form string. You can use it as required to easily identify device types using the enterprise's private mobile network. deviceType
The SIM policy to assign to the SIM. This is optional, but your SIMs won't be able to use the private mobile network without an assigned SIM policy. You'll need to assign a SIM policy if you want to set static IP addresses to the SIM during provisioning. simPolicyId

Collect the required information for assigning static IP addresses

You only need to complete this step if you've configured static IP address allocation for your packet core instance(s) and you want to assign static IP addresses to the SIMs during SIM provisioning.

Collect the values in the following table for each SIM you want to provision. If your private mobile network has multiple data networks and you want to assign a different static IP address for each data network to this SIM, collect the values for each IP address.

Each IP address must come from the pool you assigned for static IP address allocation when creating the relevant data network, as described in Collect data network values. For more information, see Allocate User Equipment (UE) IP address pools.

Value Parameter name
The data network that the SIM will use. staticIpConfiguration.attachedDataNetworkId
The network slice that the SIM will use. staticIpConfiguration.sliceId
The static IP address to assign to the SIM. staticIpConfiguration.staticIpAddress

Prepare an array for your SIMs

Use the information you collected in Collect the required information for your SIMs to create a JSON array containing properties for each of the SIMs you want to provision. The following is an example of an array containing properties for two SIMs (SIM1 and SIM2).

If you don't want to configure static IP addresses for a SIM, delete the staticIpConfiguration parameter for that SIM. If your private mobile network has multiple data networks and you want to assign a different static IP address for each data network to the same SIM, you can include additional attachedDataNetworkId, sliceId and staticIpAddress parameters for each IP address under staticIpConfiguration.

[
 {
  "simName": "SIM1",
  "integratedCircuitCardIdentifier": "8912345678901234566",
  "internationalMobileSubscriberIdentity": "001019990010001",
  "authenticationKey": "00112233445566778899AABBCCDDEEFF",
  "operatorKeyCode": "63bfa50ee6523365ff14c1f45f88737d",
  "deviceType": "Cellphone",
  "simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/simPolicies/SimPolicy1",
  "staticIpConfiguration" :[
	{
	  "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn1",
	  "sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
	  "staticIpAddress": "10.132.124.54"
	},
    {
	  "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn2",
	  "sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
	  "staticIpAddress": "10.132.124.55"
	}
   ]
 },
 {
  "simName": "SIM2",
  "integratedCircuitCardIdentifier": "8922345678901234567",
  "internationalMobileSubscriberIdentity": "001019990010002",
  "authenticationKey": "11112233445566778899AABBCCDDEEFF",
  "operatorKeyCode": "63bfa50ee6523365ff14c1f45f88738d",
  "deviceType": "Sensor",
  "simPolicyId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/simPolicies/SimPolicy2",
  "staticIpConfiguration" :[
	{
	  "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn1",
	  "sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
	  "staticIpAddress": "10.132.124.54"
	},
	{
	  "attachedDataNetworkId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/packetCoreControlPlanes/site-1/packetCoreDataPlanes/site-1/attachedDataNetworks/adn2",
	  "sliceId": "/subscriptions/subid/resourceGroups/contoso-rg/providers/Microsoft.MobileNetwork/mobileNetworks/contoso-network/slices/slice-1",
	  "staticIpAddress": "10.132.124.55"
	}
   ]
 }
]

Review the template

The template used in this quickstart is from Azure Quickstart Templates.

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.13.1.58284",
      "templateHash": "1244615228636812130"
    }
  },
  "parameters": {
    "location": {
      "type": "string",
      "metadata": {
        "description": "Region where the SIM group will be deployed (must match the resource group region)."
      }
    },
    "existingMobileNetworkName": {
      "type": "string",
      "metadata": {
        "description": "The name of the mobile network to which you are adding the SIM group."
      }
    },
    "existingSimPolicyName": {
      "type": "string",
      "metadata": {
        "description": "The name of the SIM policy to be assigned to the SIM(s)."
      }
    },
    "simGroupName": {
      "type": "string",
      "metadata": {
        "description": "The name for the SIM group."
      }
    },
    "existingEncryptionKeyUrl": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "A unversioned key vault key to encrypt the SIM data that belongs to this SIM group. For example: https://contosovault.vault.azure.net/keys/azureKey."
      }
    },
    "existingUserAssignedIdentityResourceId": {
      "type": "string",
      "defaultValue": "",
      "metadata": {
        "description": "User-assigned identity is an identity in Azure Active Directory that can be used to give access to other Azure resource such as Azure Key Vault. This identity should have Get, Wrap key, and Unwrap key permissions on the key vault."
      }
    },
    "simResources": {
      "type": "array",
      "metadata": {
        "description": "An array containing properties of the SIM(s) you wish to create. See [Provision proxy SIM(s)](https://docs.microsoft.com/en-gb/azure/private-5g-core/provision-sims-azure-portal) for a full description of the required properties and their format."
      }
    }
  },
  "resources": [
    {
      "copy": {
        "name": "exampleSimResources",
        "count": "[length(parameters('simResources'))]"
      },
      "type": "Microsoft.MobileNetwork/simGroups/sims",
      "apiVersion": "2022-11-01",
      "name": "[format('{0}/{1}', parameters('simGroupName'), parameters('simResources')[copyIndex()].simName)]",
      "properties": {
        "integratedCircuitCardIdentifier": "[parameters('simResources')[copyIndex()].integratedCircuitCardIdentifier]",
        "internationalMobileSubscriberIdentity": "[parameters('simResources')[copyIndex()].internationalMobileSubscriberIdentity]",
        "authenticationKey": "[parameters('simResources')[copyIndex()].authenticationKey]",
        "operatorKeyCode": "[parameters('simResources')[copyIndex()].operatorKeyCode]",
        "deviceType": "[parameters('simResources')[copyIndex()].deviceType]",
        "simPolicy": {
          "id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks/simPolicies', parameters('existingMobileNetworkName'), parameters('existingSimPolicyName'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.MobileNetwork/simGroups', parameters('simGroupName'))]"
      ]
    },
    {
      "type": "Microsoft.MobileNetwork/simGroups",
      "apiVersion": "2022-11-01",
      "name": "[parameters('simGroupName')]",
      "location": "[parameters('location')]",
      "properties": {
        "mobileNetwork": {
          "id": "[resourceId('Microsoft.MobileNetwork/mobileNetworks', parameters('existingMobileNetworkName'))]"
        },
        "encryptionKey": {
          "keyUrl": "[parameters('existingEncryptionKeyUrl')]"
        }
      },
      "identity": "[if(not(empty(parameters('existingUserAssignedIdentityResourceId'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', parameters('existingUserAssignedIdentityResourceId')), createObject())), createObject('type', 'None'))]"
    }
  ]
}

The following Azure resources are defined in the template.

Deploy the template

  1. Select the following link to sign in to Azure and open a template.

    Deploy to Azure.

  2. Select or enter the following values, using the information you retrieved in Prerequisites.

    • Subscription: select the Azure subscription you used to create your private mobile network.
    • Resource group: select the resource group containing the Mobile Network resource representing your private mobile network.
    • Region: select the region in which you deployed the private mobile network.
    • Location: enter the code name of the region in which you deployed the private mobile network. For the East US region, this is eastus; for West Europe, this is westeurope.
    • Existing Mobile Network Name: enter the name of the Mobile Network resource representing your private mobile network.
    • Existing Sim Policy Name: enter the name of the SIM policy you want to assign to the SIMs.
    • Sim Group Name: enter the name for the new SIM group.
    • Sim Resources: paste in the JSON array you prepared in Prepare an array for your SIMs.

    Screenshot of the Azure portal showing the configuration fields for the SIMs ARM template.

  3. Select Review + create.

  4. Azure will now validate the configuration values you've entered. You should see a message indicating that your values have passed validation.

    If the validation fails, you'll see an error message and the Configuration tab(s) containing the invalid configuration will be flagged. Select the flagged tab(s) and use the error messages to correct invalid configuration before returning to the Review + create tab.

  5. Once your configuration has been validated, you can select Create to provision your SIMs. The Azure portal will display a confirmation screen when the SIMs have been provisioned.

Review deployed resources

  1. Select Go to resource group.

    Screenshot of the Azure portal showing a deployment confirmation for the ARM template.

  2. Confirm that the SIM Group resource has been created in the resource group.

    Screenshot of the Azure portal showing a resource group containing a newly created SIM group.

  3. Select the SIM Group resource and confirm that all of your SIMs have been provisioned correctly.

    Screenshot of the Azure portal showing a SIM group resource containing SIMs.

Next steps

If you've configured static IP address allocation for your packet core instance(s) and you haven't already assigned static IP addresses to the SIMs you've provisioned, you can do so by following the steps in Assign static IP addresses.