From b68fc4cddb509f78e1299f8660f47991d0ab2bb9 Mon Sep 17 00:00:00 2001 From: Andrew Oakley Date: Tue, 16 Aug 2016 14:34:57 -0700 Subject: [PATCH] Initial commit --- .gitattributes | 66 +++ .gitignore | 212 +++++++ .travis.yml | 31 + guidance-compute-multi-vm/Deployment.targets | 123 ++++ .../networkSecurityGroups.parameters.json | 38 ++ .../linux/virtualMachine.parameters.json | 103 ++++ .../linux/virtualNetwork.parameters.json | 22 + .../networkSecurityGroups.parameters.json | 38 ++ .../windows/virtualMachine.parameters.json | 103 ++++ .../windows/virtualNetwork.parameters.json | 22 + .../Scripts/Deploy_ReferenceArchitecture.ps1 | 39 ++ .../Scripts/deploy-reference-architecture.sh | 138 +++++ .../Templates/azuredeploy.json | 88 +++ .../guidance-compute-multi-vm.deployproj | 45 ++ guidance-compute-single-vm/Deployment.targets | 123 ++++ .../networkSecurityGroups.parameters.json | 37 ++ .../linux/virtualMachine.parameters.json | 63 ++ .../linux/virtualNetwork.parameters.json | 22 + .../networkSecurityGroups.parameters.json | 37 ++ .../windows/virtualMachine.parameters.json | 64 +++ .../windows/virtualNetwork.parameters.json | 22 + .../Scripts/Deploy-ReferenceArchitecture.ps1 | 54 ++ .../Scripts/deploy-reference-architecture.sh | 152 +++++ .../Templates/azuredeploy.json | 90 +++ .../guidance-compute-single-vm.deployproj | 42 ++ .../Deployment.targets | 123 ++++ .../linux/businessTier.parameters.json | 105 ++++ .../Parameters/linux/dataTier.parameters.json | 105 ++++ .../linux/managementTier.parameters.json | 67 +++ .../networkSecurityGroup.parameters.json | 163 ++++++ .../linux/virtualNetwork.parameters.json | 34 ++ .../Parameters/linux/webTier.parameters.json | 108 ++++ .../windows/businessTier.parameters.json | 105 ++++ .../windows/dataTier.parameters.json | 105 ++++ .../windows/managementTier.parameters.json | 67 +++ .../networkSecurityGroup.parameters.json | 164 ++++++ .../windows/virtualNetwork.parameters.json | 34 ++ .../windows/webTier.parameters.json | 108 ++++ .../Scripts/Deploy-ReferenceArchitecture.ps1 | 61 ++ .../Templates/azuredeploy.json | 149 +++++ .../guidance-compute-n-tier.deployproj | 47 ++ guidance-hybrid-network-er/Deployment.targets | 123 ++++ .../expressRouteCircuit.parameters.json | 22 + .../Parameters/virtualNetwork.parameters.json | 25 + .../virtualNetworkGateway.parameters.json | 31 + .../Scripts/Deploy-ReferenceArchitecture.ps1 | 63 ++ .../Scripts/deploy-reference-architecture.sh | 165 ++++++ .../azuredeploy-expressRouteCircuit.json | 41 ++ .../Templates/azuredeploy.json | 60 ++ .../guidance-hybrid-network-er.deployproj | 40 ++ guidance-hybrid-network-secure-vnet/README.md | 1 + .../ra-vnet-subnets-udr-nsg/README.md | 1 + .../ra-vnet-subnets-udr-nsg/azuredeploy.json | 235 ++++++++ .../azuredeploy.parameters.json | 6 + .../azuredeploy.sh | 294 ++++++++++ ...ance-hybrid-network-secure-vnet.deployproj | 35 ++ .../Deployment.targets | 123 ++++ .../expressRouteCircuit.parameters.json | 22 + .../Parameters/virtualNetwork.parameters.json | 25 + ...etworkGateway-expressRoute.parameters.json | 31 + .../virtualNetworkGateway-vpn.parameters.json | 34 ++ .../Scripts/Deploy-ReferenceArchitecture.ps1 | 70 +++ .../Scripts/deploy-reference-architecture.sh | 177 ++++++ .../azuredeploy-expressRouteCircuit.json | 41 ++ .../Templates/azuredeploy.json | 79 +++ .../guidance-hybrid-network-vpn-er.deployproj | 41 ++ .../Deployment.targets | 123 ++++ .../Parameters/virtualNetwork.parameters.json | 25 + .../virtualNetworkGateway.parameters.json | 34 ++ .../Scripts/Deploy-ReferenceArchitecture.ps1 | 48 ++ .../Scripts/deploy-reference-architecture.sh | 133 +++++ .../Templates/azuredeploy.json | 60 ++ .../guidance-hybrid-network-vpn.deployproj | 38 ++ guidance-iaas-ad/Deployment.targets | 123 ++++ .../loadBalancer-adfs-proxy.parameters.json | 113 ++++ .../loadBalancer-adfs.parameters.json | 113 ++++ .../networkSecurityGroup-ad.parameters.json | 279 +++++++++ ...rkSecurityGroup-adfs-proxy.parameters.json | 114 ++++ .../networkSecurityGroup-adfs.parameters.json | 114 ++++ .../networkSecurityGroup-mgmt.parameters.json | 81 +++ .../networkSecurityGroup.parameters.json | 540 ++++++++++++++++++ .../virtualMachine-jumpbox.parameters.json | 60 ++ .../Parameters/virtualNetwork.parameters.json | 54 ++ guidance-iaas-ad/Templates/azuredeploy.json | 118 ++++ guidance-iaas-ad/guidance-iaas-ad.deployproj | 47 ++ test/execute-ra.sh | 16 + test/test-setup.sh | 7 + 87 files changed, 7344 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 guidance-compute-multi-vm/Deployment.targets create mode 100644 guidance-compute-multi-vm/Parameters/linux/networkSecurityGroups.parameters.json create mode 100644 guidance-compute-multi-vm/Parameters/linux/virtualMachine.parameters.json create mode 100644 guidance-compute-multi-vm/Parameters/linux/virtualNetwork.parameters.json create mode 100644 guidance-compute-multi-vm/Parameters/windows/networkSecurityGroups.parameters.json create mode 100644 guidance-compute-multi-vm/Parameters/windows/virtualMachine.parameters.json create mode 100644 guidance-compute-multi-vm/Parameters/windows/virtualNetwork.parameters.json create mode 100644 guidance-compute-multi-vm/Scripts/Deploy_ReferenceArchitecture.ps1 create mode 100644 guidance-compute-multi-vm/Scripts/deploy-reference-architecture.sh create mode 100644 guidance-compute-multi-vm/Templates/azuredeploy.json create mode 100644 guidance-compute-multi-vm/guidance-compute-multi-vm.deployproj create mode 100644 guidance-compute-single-vm/Deployment.targets create mode 100644 guidance-compute-single-vm/Parameters/linux/networkSecurityGroups.parameters.json create mode 100644 guidance-compute-single-vm/Parameters/linux/virtualMachine.parameters.json create mode 100644 guidance-compute-single-vm/Parameters/linux/virtualNetwork.parameters.json create mode 100644 guidance-compute-single-vm/Parameters/windows/networkSecurityGroups.parameters.json create mode 100644 guidance-compute-single-vm/Parameters/windows/virtualMachine.parameters.json create mode 100644 guidance-compute-single-vm/Parameters/windows/virtualNetwork.parameters.json create mode 100644 guidance-compute-single-vm/Scripts/Deploy-ReferenceArchitecture.ps1 create mode 100644 guidance-compute-single-vm/Scripts/deploy-reference-architecture.sh create mode 100644 guidance-compute-single-vm/Templates/azuredeploy.json create mode 100644 guidance-compute-single-vm/guidance-compute-single-vm.deployproj create mode 100644 guidance-compute-three-tier/Deployment.targets create mode 100644 guidance-compute-three-tier/Parameters/linux/businessTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/linux/dataTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/linux/managementTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/linux/networkSecurityGroup.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/linux/virtualNetwork.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/linux/webTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/businessTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/dataTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/managementTier.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/networkSecurityGroup.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/virtualNetwork.parameters.json create mode 100644 guidance-compute-three-tier/Parameters/windows/webTier.parameters.json create mode 100644 guidance-compute-three-tier/Scripts/Deploy-ReferenceArchitecture.ps1 create mode 100644 guidance-compute-three-tier/Templates/azuredeploy.json create mode 100644 guidance-compute-three-tier/guidance-compute-n-tier.deployproj create mode 100644 guidance-hybrid-network-er/Deployment.targets create mode 100644 guidance-hybrid-network-er/Parameters/expressRouteCircuit.parameters.json create mode 100644 guidance-hybrid-network-er/Parameters/virtualNetwork.parameters.json create mode 100644 guidance-hybrid-network-er/Parameters/virtualNetworkGateway.parameters.json create mode 100644 guidance-hybrid-network-er/Scripts/Deploy-ReferenceArchitecture.ps1 create mode 100644 guidance-hybrid-network-er/Scripts/deploy-reference-architecture.sh create mode 100644 guidance-hybrid-network-er/Templates/azuredeploy-expressRouteCircuit.json create mode 100644 guidance-hybrid-network-er/Templates/azuredeploy.json create mode 100644 guidance-hybrid-network-er/guidance-hybrid-network-er.deployproj create mode 100644 guidance-hybrid-network-secure-vnet/README.md create mode 100644 guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/README.md create mode 100644 guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.json create mode 100644 guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.parameters.json create mode 100644 guidance-hybrid-network-secure-vnet/azuredeploy.sh create mode 100644 guidance-hybrid-network-secure-vnet/guidance-hybrid-network-secure-vnet.deployproj create mode 100644 guidance-hybrid-network-vpn-er/Deployment.targets create mode 100644 guidance-hybrid-network-vpn-er/Parameters/expressRouteCircuit.parameters.json create mode 100644 guidance-hybrid-network-vpn-er/Parameters/virtualNetwork.parameters.json create mode 100644 guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-expressRoute.parameters.json create mode 100644 guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-vpn.parameters.json create mode 100644 guidance-hybrid-network-vpn-er/Scripts/Deploy-ReferenceArchitecture.ps1 create mode 100644 guidance-hybrid-network-vpn-er/Scripts/deploy-reference-architecture.sh create mode 100644 guidance-hybrid-network-vpn-er/Templates/azuredeploy-expressRouteCircuit.json create mode 100644 guidance-hybrid-network-vpn-er/Templates/azuredeploy.json create mode 100644 guidance-hybrid-network-vpn-er/guidance-hybrid-network-vpn-er.deployproj create mode 100644 guidance-hybrid-network-vpn/Deployment.targets create mode 100644 guidance-hybrid-network-vpn/Parameters/virtualNetwork.parameters.json create mode 100644 guidance-hybrid-network-vpn/Parameters/virtualNetworkGateway.parameters.json create mode 100644 guidance-hybrid-network-vpn/Scripts/Deploy-ReferenceArchitecture.ps1 create mode 100644 guidance-hybrid-network-vpn/Scripts/deploy-reference-architecture.sh create mode 100644 guidance-hybrid-network-vpn/Templates/azuredeploy.json create mode 100644 guidance-hybrid-network-vpn/guidance-hybrid-network-vpn.deployproj create mode 100644 guidance-iaas-ad/Deployment.targets create mode 100644 guidance-iaas-ad/Parameters/loadBalancer-adfs-proxy.parameters.json create mode 100644 guidance-iaas-ad/Parameters/loadBalancer-adfs.parameters.json create mode 100644 guidance-iaas-ad/Parameters/networkSecurityGroup-ad.parameters.json create mode 100644 guidance-iaas-ad/Parameters/networkSecurityGroup-adfs-proxy.parameters.json create mode 100644 guidance-iaas-ad/Parameters/networkSecurityGroup-adfs.parameters.json create mode 100644 guidance-iaas-ad/Parameters/networkSecurityGroup-mgmt.parameters.json create mode 100644 guidance-iaas-ad/Parameters/networkSecurityGroup.parameters.json create mode 100644 guidance-iaas-ad/Parameters/virtualMachine-jumpbox.parameters.json create mode 100644 guidance-iaas-ad/Parameters/virtualNetwork.parameters.json create mode 100644 guidance-iaas-ad/Templates/azuredeploy.json create mode 100644 guidance-iaas-ad/guidance-iaas-ad.deployproj create mode 100644 test/execute-ra.sh create mode 100644 test/test-setup.sh diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..11d6cfb91 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,66 @@ +############################################################################### +# Set default behavior to automatically normalize line endings. +############################################################################### +* text=auto + +# Keep shell scripts with LF +*.sh text eol=lf + +############################################################################### +# Set default behavior for command prompt diff. +# +# This is need for earlier builds of msysgit that does not have it on by +# default for csharp files. +# Note: This is only used by command line +############################################################################### +#*.cs diff=csharp + +############################################################################### +# Set the merge driver for project and solution files +# +# Merging from the command prompt will add diff markers to the files if there +# are conflicts (Merging from VS is not affected by the settings below, in VS +# the diff markers are never inserted). Diff markers may cause the following +# file extensions to fail to load in VS. An alternative would be to treat +# these files as binary and thus will always conflict and require user +# intervention with every merge. To do so, just uncomment the entries below +############################################################################### +#*.sln merge=binary +#*.csproj merge=binary +#*.vbproj merge=binary +#*.vcxproj merge=binary +#*.vcproj merge=binary +#*.dbproj merge=binary +#*.fsproj merge=binary +#*.lsproj merge=binary +#*.wixproj merge=binary +#*.modelproj merge=binary +#*.sqlproj merge=binary +#*.wwaproj merge=binary + +############################################################################### +# behavior for image files +# +# image files are treated as binary by default. +############################################################################### +#*.jpg binary +#*.png binary +#*.gif binary + +############################################################################### +# diff behavior for common document formats +# +# Convert binary document formats to text before diffing them. This feature +# is only available from the command line. Turn it on by uncommenting the +# entries below. +############################################################################### +#*.doc diff=astextplain +#*.DOC diff=astextplain +#*.docx diff=astextplain +#*.DOCX diff=astextplain +#*.dot diff=astextplain +#*.DOT diff=astextplain +#*.pdf diff=astextplain +#*.PDF diff=astextplain +#*.rtf diff=astextplain +#*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..b06e864a3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,212 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +build/ +bld/ +[Bb]in/ +[Oo]bj/ + +# Visual Studio 2015 cache/options directory +.vs/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# DNX +project.lock.json +artifacts/ + +*_i.c +*_p.c +*_i.h +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding add-in +.JustCode + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +_NCrunch_* +.*crunch*.local.xml + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +## TODO: Comment the next line if you want to checkin your +## web deploy settings but do note that will include unencrypted +## passwords +#*.pubxml + +*.publishproj + +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/packages/* +# except build/, which is used as an MSBuild target. +!**/packages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/packages/repositories.config + +# Windows Azure Build Output +csx/ +*.build.csdef + +# Windows Store app package directory +AppPackages/ + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ + +# Others +ClientBin/ +[Ss]tyle[Cc]op.* +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.pfx +*.publishsettings +node_modules/ +orleans.codegen.cs + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +*.mdf +*.ldf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings + +# Microsoft Fakes +FakesAssemblies/ + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# LightSwitch generated files +GeneratedArtifacts/ +_Pvt_Extensions/ +ModelManifest.xml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 000000000..70e62476c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,31 @@ +language: generic +sudo: required +dist: trusty + +env: + global: + - secure: mpkqppDHKlLrvHAOvLzIXItREWKugA0h8HH/zlEu017hGTvIiafIrWswrC9fQcPnEnq87hkU/PdudMMw0oWkFReamqQj7d2lY//XJwJfIc5UocVyactQeBDcCIvfbUKdjk+WvlW7K0aSTjTGLtz8WqKYFnF1hyvoIxjjRAyR2O8R4OMxkDlmPDVewjq1qONqWb+jD7/m84IzXw4KLap4KPhQSyF98UVE5v3dUT+jUNMYgq5CPdb3wFV7loplGIka05VS8J17w2pLmKS8+qJqcH5zlqfpz1OwMoFHc8Yq8nFCA/ZYyR9r56acBf8Py6gmT7ISOZE7xZUHowIett7u/bS0pbT2+TxwX/1NXtSQd+vH+ReVDg4vOXFxqyacx4fNv1IOqCLfLTjJ5slylN2WHWgqA77IaO1gmkH12awL5EsJ9b2Yq1xVDuEvmHvdbOaJ1jioXKEOWEJ1ChAbdoY2ecJq81aPphU9JXBB05CeAiBR578UqeB3ZyDj3I9iIBtypJ/IdSBWvb6/TrCW31kD1bBI7qmOw7pBcvpKF6zpRxTGvzo6SFFUh0Daf0YfCh6H8D3x5/tbqzihCpeSz6zo3OJgTCTTYhAxaXY6zRv1j9H0O7I51MKoY7aHTiqBzfOKfNvUhrLw0y6cFsqivkUuJmapjG4u0fbhwN9iqdineMs= + - secure: NdQF3ywJBna3Iup/PaMS/+YGhTowTiKrWfR+E/dPw6upZhN5jlJU0dwlN5EEHD+Tb7vWojM7jQREK78+QW6WiuUGOX7tmACPtr0sp+wHld0YO3yrhDh4Z7pVEnSfwLZVcGG6UEHuT1n3VfChI0kmMl5PhpfJmYCvhWuHXEeNZiwezlbY0lM9Jv28xuWZ7DVhriSGWuzrMn6886uGiVDIfkVmjWuz+LXw+MLyAKqpJZKpY+noHShgCxXOkLXeu2hQ6GKOA28cbcd1Fha8X8Es+vXBNEt/JID7s/YdxomaJmOQYqPNEzEolKS7ix4KV7uurpyFsGPteFYwtLYvvqW0Lvl4QSD54BBfJP3bWrPTBWI3WS0j8TOuRGknWCitf3o81LvtC2SBr/0AdspXcR8Sv1Wv74vNKzncMIYEaXNGIgTmpUt6k6Gs9Xr9Eo1oP7rLBV4K0Sql4M6GJLUok64xs1HaoGZTU4g3cnJZlOR/GqPNSicq7SlCVyJaUMSlz356u6E65suoJOqBAAifDeMkvBFA/qB+agCA/91twCPMxuuRys9AB7OVuExtS3CHAOP4a+ZzLHFvjEeB/8he/T1FpCtoS6Lz8+q33sc6M8uKrmTEYYjlAwQME5CVJ+y6oaqUQgdnpQAgUtUIyVIaIpd9ogLJ0jaiigIh0Dzc4W5mEqc= + - secure: oNFI61TDzh+wOfogvJxAw7yuYPYg16e/PRM1ZgzBB+K/J2msiTY7qPxpqHf0jceMzAC9l/+XsgW05QBOl6tiwsJcs4mhlBce0z5ppuJK3qr2Q7yamqMa9FhmZv2Jw816zMSWr5F/60IHL100kK4Hbvq5frqwdBQj04wB7TmRhXzWrT6ymHLCKJD/OPKqhp0x7DZKQ4y/6giWTgCLY4Ypf8rThVBbUmCqsn45KSvWTEsOXft3+/bcR27ms9CgpL0zHHnraGgBHnRlrEePnzfEVdEM5FJr5SRagQWESC0kdO3krO2iJR7M/NeaH8vx4ymXyIwgMnTBy174ozdi1XkefRTPDtHxtC9qmqP2si7Ck5qypbd/2+SriRRlsTTr+Z/l54D/MfSWBxOZcfKblop/p4UU+NmgX7zOFjTIGB8Kq22UIlDG7H4DzdoaUV4qnWrUGHd3Zo6D+3H+D0sEEqnFjRVUnawhJB93DZZOUnAqvxzg1o+P/gDZ6zWEXWE4tri/XDANQo+QL7OD49qCgr0PTT+c6MUL126ek629QFidEtnltQbpN/yecP3+Xcq0AT1IN69nOSnw65MrZRBNqLuDJutiyJE2sogsFCAVJ6g0239rPmNpgqHMpMGmZ5QSBgfmofA3OZGsrv0PHBPcI1bmyWbF22ZjGJqtotPhFLb7ynM= + - secure: P2GInKK0wBAT1hsfud92hlPk2xFMRMeb+uf6szAJkNJ/lAY3MY3qeXyjGanDJnVKgk+H6tLA0ZoNtnrtbASJEH8iRl47Ow1nHYYcpxkIDeYC/h96tpubFiMQ9gt1BZ6aez3v1VkjwBbg55aQvSHecCa9BglY+vINt8SGq35ZrqOHKnO1sR+7a6XTte2xKlR9JiXLt97eo1vQGEOdH3Zwg5L4ZGbkjBqrZtg9LsthFgPNIOm8HPZiTkelOZ1TXSY1RwviDCLOnTDPkMaNyzmVZy2kCqQSCOzOCoAbJBdgvmrfKxJgJ4cMrVx9XmkFO6hfaQj6i1CSbsm/lb5xo7c7jvjdB9E3O2SVd5IBCaqIuSz+jHbkinX0FgzZSsvOx8d4CQlLJ0MJOXpkMWZ82SP/63UdDAXjSC8TAryL2WU9c9KTEYWRoRME0a+tbAURUlSwEFeZ9ucMNalj2hXCzevrRL1Pepz9BPeWDE5BSMIs0dN0OQu0Ynb3aHHe+5VZV0V8MYl/ZrzbkRZM+lW8n8FkzkxnuQ6naWiiDetOa2h5d1DuZDoF6V3fsDFueWZvj5y4bNwBPLMMn6Posos1DC37S7ZQokjFr8HJhSWh7b9/bOApqH2OiO4BYdBo7mncU4MWIwm0OMFYTE4Cl0t6huphUzfWL+2mkqTAaLf8UYYO+vY= + +branches: + only: + - master + +before_install: +- curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash - +- sudo apt-get install -y nodejs +- sudo npm install -g azure-cli + +script: +- chmod +x ./test/test-setup.sh +- chmod +x ./test/execute-ra.sh +- ./test/test-setup.sh +- ./test/execute-ra.sh ra-single-vm guidance-compute-single-vm/Scripts/deploy-reference-architecture.sh --subscription $S --os-type linux +- azure group delete --name ra-single-vm-rg --subscription $S --quiet +- ./test/execute-ra.sh ra-multi-vm guidance-compute-multi-vm/Scripts/deploy-reference-architecture.sh --subscription $S --os-type linux +- azure group delete --name ra-multi-vm-rg --subscription $S --quiet +- ./test/execute-ra.sh ra-hybrid-vpn guidance-hybrid-network-vpn/Scripts/deploy-reference-architecture.sh --subscription $S +- azure group delete --name ra-hybrid-vpn-rg --subscription $S --quiet + diff --git a/guidance-compute-multi-vm/Deployment.targets b/guidance-compute-multi-vm/Deployment.targets new file mode 100644 index 000000000..f3be9fe9a --- /dev/null +++ b/guidance-compute-multi-vm/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-compute-multi-vm/Parameters/linux/networkSecurityGroups.parameters.json b/guidance-compute-multi-vm/Parameters/linux/networkSecurityGroups.parameters.json new file mode 100644 index 000000000..e8c9fd97f --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/linux/networkSecurityGroups.parameters.json @@ -0,0 +1,38 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "app1-nsg", + "subnets": [ + "app1-subnet" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "default-allow-ssh", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "22", + "access": "Allow", + "protocol": "Tcp" + } + ] + } + ] + } + } +} + diff --git a/guidance-compute-multi-vm/Parameters/linux/virtualMachine.parameters.json b/guidance-compute-multi-vm/Parameters/linux/virtualMachine.parameters.json new file mode 100644 index 000000000..1374dd4d6 --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/linux/virtualMachine.parameters.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "app1", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "osType": "linux", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "sshPublicKey": "", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "false", + "subnetName": "app1-subnet", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "isPrimary": "true", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-dev-as" + } + } + }, + "loadBalancerSettings": { + "value": { + "name": "dev-lb", + "frontendIPConfigurations": [ + { + "name": "config1", + "loadBalancerType": "public", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.0.250", + "subnetName": "app1-subnet" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "config1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 2, + "vmStartIndex": 0 + } + } + } +} + diff --git a/guidance-compute-multi-vm/Parameters/linux/virtualNetwork.parameters.json b/guidance-compute-multi-vm/Parameters/linux/virtualNetwork.parameters.json new file mode 100644 index 000000000..d74adab51 --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/linux/virtualNetwork.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg", + "addressPrefixes": [ + "10.0.0.0/16" + ], + "subnets": [ + { + "name": "app1-subnet", + "addressPrefix": "10.0.0.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-compute-multi-vm/Parameters/windows/networkSecurityGroups.parameters.json b/guidance-compute-multi-vm/Parameters/windows/networkSecurityGroups.parameters.json new file mode 100644 index 000000000..6754fbb80 --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/windows/networkSecurityGroups.parameters.json @@ -0,0 +1,38 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "app1-nsg", + "subnets": [ + "app1-subnet" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "RDPAllow", + "direction": "Inbound", + "priority": 100, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "Tcp" + } + ] + } + ] + } + } +} + diff --git a/guidance-compute-multi-vm/Parameters/windows/virtualMachine.parameters.json b/guidance-compute-multi-vm/Parameters/windows/virtualMachine.parameters.json new file mode 100644 index 000000000..6eb256f29 --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/windows/virtualMachine.parameters.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "app1", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "osType": "windows", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "sshPublicKey": "", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "false", + "subnetName": "app1-subnet", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "isPrimary": "true", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-dev-as" + } + } + }, + "loadBalancerSettings": { + "value": { + "name": "dev-lb", + "frontendIPConfigurations": [ + { + "name": "config1", + "loadBalancerType": "public", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.0.250", + "subnetName": "app1-subnet" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "config1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 2, + "vmStartIndex": 0 + } + } + } +} + diff --git a/guidance-compute-multi-vm/Parameters/windows/virtualNetwork.parameters.json b/guidance-compute-multi-vm/Parameters/windows/virtualNetwork.parameters.json new file mode 100644 index 000000000..d74adab51 --- /dev/null +++ b/guidance-compute-multi-vm/Parameters/windows/virtualNetwork.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg", + "addressPrefixes": [ + "10.0.0.0/16" + ], + "subnets": [ + { + "name": "app1-subnet", + "addressPrefix": "10.0.0.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-compute-multi-vm/Scripts/Deploy_ReferenceArchitecture.ps1 b/guidance-compute-multi-vm/Scripts/Deploy_ReferenceArchitecture.ps1 new file mode 100644 index 000000000..917bb18a3 --- /dev/null +++ b/guidance-compute-multi-vm/Scripts/Deploy_ReferenceArchitecture.ps1 @@ -0,0 +1,39 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US", + [Parameter(Mandatory=$false)] + [ValidateSet("Windows", "Linux")] + $OSType = "Linux" +) + +$templateRootUri = New-Object System.Uri -ArgumentList @("https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/") +$virtualNetworkTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json") +$virtualMachineTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json") +$networkSecurityGroupTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json") +$virtualNetworkParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "virtualNetwork.parameters.json") +$virtualMachineParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "virtualMachine.parameters.json") +$networkSecurityGroupParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "networkSecurityGroups.parameters.json") + +$resourceGroupName = "app1-dev-rg" +# Login to Azure and select your subscription +Login-AzureRmAccount -SubscriptionId $SubscriptionId | Out-Null + +# Create the resource group +$resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location + +Write-Host "Deploying virtual network..." +New-AzureRmResourceGroupDeployment -Name "ra-multi-vm-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersFile + +Write-Host "Deploying virtual machine..." +New-AzureRmResourceGroupDeployment -Name "ra-multi-vm-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualMachineTemplate.AbsoluteUri -TemplateParameterFile $virtualMachineParametersFile + +Write-Host "Deploying network security group..." +New-AzureRmResourceGroupDeployment -Name "ra-multi-vm-nsg-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $networkSecurityGroupTemplate.AbsoluteUri -TemplateParameterFile $networkSecurityGroupParametersFile diff --git a/guidance-compute-multi-vm/Scripts/deploy-reference-architecture.sh b/guidance-compute-multi-vm/Scripts/deploy-reference-architecture.sh new file mode 100644 index 000000000..a0100ae19 --- /dev/null +++ b/guidance-compute-multi-vm/Scripts/deploy-reference-architecture.sh @@ -0,0 +1,138 @@ +#!/bin/bash + +RESOURCE_GROUP_NAME="app1-dev-rg" +LOCATION="centralus" + +validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +showErrorAndUsage() { + echo + if [[ "$1" != "" ]] + then + echo " error: $1" + echo + fi + echo " usage: $(basename ${0}) [options]" + echo " options:" + echo " -s, --subscription " + echo " -o, --os-type " + echo + exit 1 +} + +if [[ $# < 1 ]] +then + showErrorAndUsage +fi + +while [[ $# > 0 ]] +do + key="$1" + case $key in + -o|--os-type) + OS_TYPE="$2" + shift + ;; + -s|--subscription) + # Explicitly set the subscription to avoid confusion as to which subscription + # is active/default + SUBSCRIPTION_ID="$2" + shift + ;; + -l|--location) + LOCATION="$2" + shift + ;; + *) + echo Unknown option "$1" + exit 1 + ;; + esac + shift +done + +if ! [[ $SUBSCRIPTION_ID =~ ^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$ ]]; +then + showErrorAndUsage "Invalid Subscription ID" +fi + +if validate $OS_TYPE "windows" "linux"; +then + showErrorAndUsage "Invalid OS Type: '${OS_TYPE}' Valid values are 'windows' or 'linux'" +fi + +if validateNotEmpty $LOCATION; +then + showErrorAndUsage "Location must be provided" +fi + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +TEMPLATE_ROOT_URI="https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/ARMBuildingBlocks/Templates/" + +VIRTUAL_NETWORK_TEMPLATE_URI="${TEMPLATE_ROOT_URI}buildingBlocks/vnet-n-subnet/azuredeploy.json" +VIRTUAL_NETWORK_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/virtualNetwork.parameters.json" +VIRTUAL_NETWORK_DEPLOYMENT_NAME="ra-multi-vm-vnet-deployment" + +LOAD_BALANCER_TEMPLATE_URI="${TEMPLATE_ROOT_URI}buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json" +LOAD_BALANCER_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/virtualMachine.parameters.json" +LOAD_BALANCER_DEPLOYMENT_NAME="ra-multi-vm-deployment" + +NETWORK_SECURITY_GROUP_TEMPLATE_URI="${TEMPLATE_ROOT_URI}buildingBlocks/networkSecurityGroups/azuredeploy.json" +NETWORK_SECURITY_GROUP_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/networkSecurityGroups.parameters.json" +NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME="ra-multi-vm-nsg-deployment" + +azure config mode arm + +# Create the resource group, saving the output for later. +RESOURCE_GROUP_OUTPUT=$(azure group create --name $RESOURCE_GROUP_NAME --location $LOCATION --subscription $SUBSCRIPTION_ID --json) || exit 1 + +# Create the virtual network +echo "Deploying virtual network..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--template-uri $VIRTUAL_NETWORK_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +echo "Deploying virtual machines..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $LOAD_BALANCER_DEPLOYMENT_NAME \ +--template-uri $LOAD_BALANCER_TEMPLATE_URI --parameters-file $LOAD_BALANCER_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +echo "Deploying network security group..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME \ +--template-uri $NETWORK_SECURITY_GROUP_TEMPLATE_URI --parameters-file $NETWORK_SECURITY_GROUP_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +# Display json output +echo "===================================" + +echo $RESOURCE_GROUP_OUTPUT + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $LOAD_BALANCER_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +echo "===================================" diff --git a/guidance-compute-multi-vm/Templates/azuredeploy.json b/guidance-compute-multi-vm/Templates/azuredeploy.json new file mode 100644 index 000000000..0dafa89cf --- /dev/null +++ b/guidance-compute-multi-vm/Templates/azuredeploy.json @@ -0,0 +1,88 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "osType": { + "type": "string", + "allowedValues": [ + "windows", + "linux" + ], + "defaultValue": "linux", + "metadata": { + "description": "Relative path decider for the template parameters." + } + } + }, + "variables": { + "templateRootUri": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "templates": { + "deployment": { + "lb": "[concat(variables('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json')]", + "vnet": "[concat(variables('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "nsg": "[concat(variables('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json')]" + }, + "parameter": { + "vnet": "[concat(variables('templateRootUri'), 'guidance-compute-multi-vm/Parameters/', parameters('osType'), '/virtualNetwork.parameters.json')]", + "nsg": "[concat(variables('templateRootUri'), 'guidance-compute-multi-vm/Parameters/', parameters('osType'), '/networkSecurityGroups.parameters.json')]", + "lb": "[concat(variables('templateRootUri'), 'guidance-compute-multi-vm/Parameters/', parameters('osType'), '/virtualMachine.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-multi-vm-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.vnet]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.vnet]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-multi-vm-deployment", + "dependsOn": [ + "ra-multi-vm-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.lb]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.lb]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-multi-vm-nsg-deployment", + "dependsOn": [ + "ra-multi-vm-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.nsg]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.nsg]", + "contentVersion": "1.0.0.0" + } + } + } + ], + "outputs": { + } +} + diff --git a/guidance-compute-multi-vm/guidance-compute-multi-vm.deployproj b/guidance-compute-multi-vm/guidance-compute-multi-vm.deployproj new file mode 100644 index 000000000..9a575a182 --- /dev/null +++ b/guidance-compute-multi-vm/guidance-compute-multi-vm.deployproj @@ -0,0 +1,45 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + 58119f1a-4cf6-46f9-ad16-444e3b873f03 + + + Deployment + 1.0 + + + + + + + + + + + + + + False + + + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-compute-single-vm/Deployment.targets b/guidance-compute-single-vm/Deployment.targets new file mode 100644 index 000000000..4616e6bb8 --- /dev/null +++ b/guidance-compute-single-vm/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-compute-single-vm/Parameters/linux/networkSecurityGroups.parameters.json b/guidance-compute-single-vm/Parameters/linux/networkSecurityGroups.parameters.json new file mode 100644 index 000000000..656ba8435 --- /dev/null +++ b/guidance-compute-single-vm/Parameters/linux/networkSecurityGroups.parameters.json @@ -0,0 +1,37 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "ra-single-vm-nsg", + "subnets": [ + "ra-single-vm-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "default-allow-ssh", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "22", + "access": "Allow", + "protocol": "Tcp" + } + ] + } + ] + } + } +} diff --git a/guidance-compute-single-vm/Parameters/linux/virtualMachine.parameters.json b/guidance-compute-single-vm/Parameters/linux/virtualMachine.parameters.json new file mode 100644 index 000000000..1a990f2eb --- /dev/null +++ b/guidance-compute-single-vm/Parameters/linux/virtualMachine.parameters.json @@ -0,0 +1,63 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "ra-single-vm", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "osType": "linux", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "true", + "subnetName": "ra-single-vm-sn", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ + ], + "isPrimary": "true" + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "dataDisks": { + "count": 2, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 1, + "vmStartIndex": 0 + } + } + } +} diff --git a/guidance-compute-single-vm/Parameters/linux/virtualNetwork.parameters.json b/guidance-compute-single-vm/Parameters/linux/virtualNetwork.parameters.json new file mode 100644 index 000000000..993777e11 --- /dev/null +++ b/guidance-compute-single-vm/Parameters/linux/virtualNetwork.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg", + "addressPrefixes": [ + "172.17.0.0/16" + ], + "subnets": [ + { + "name": "ra-single-vm-sn", + "addressPrefix": "172.17.0.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-compute-single-vm/Parameters/windows/networkSecurityGroups.parameters.json b/guidance-compute-single-vm/Parameters/windows/networkSecurityGroups.parameters.json new file mode 100644 index 000000000..db244fc5a --- /dev/null +++ b/guidance-compute-single-vm/Parameters/windows/networkSecurityGroups.parameters.json @@ -0,0 +1,37 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "ra-single-vm-nsg", + "subnets": [ + "ra-single-vm-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "RDPAllow", + "direction": "Inbound", + "priority": 100, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "Tcp" + } + ] + } + ] + } + } +} diff --git a/guidance-compute-single-vm/Parameters/windows/virtualMachine.parameters.json b/guidance-compute-single-vm/Parameters/windows/virtualMachine.parameters.json new file mode 100644 index 000000000..7be706a90 --- /dev/null +++ b/guidance-compute-single-vm/Parameters/windows/virtualMachine.parameters.json @@ -0,0 +1,64 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "ra-single-vm", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "osType": "windows", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "sshPublicKey": "", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "true", + "subnetName": "ra-single-vm-sn", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ + ], + "isPrimary": "true" + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 2, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 1, + "vmStartIndex": 0 + } + } + } +} diff --git a/guidance-compute-single-vm/Parameters/windows/virtualNetwork.parameters.json b/guidance-compute-single-vm/Parameters/windows/virtualNetwork.parameters.json new file mode 100644 index 000000000..993777e11 --- /dev/null +++ b/guidance-compute-single-vm/Parameters/windows/virtualNetwork.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-single-vm-vnet", + "resourceGroup": "ra-single-vm-rg", + "addressPrefixes": [ + "172.17.0.0/16" + ], + "subnets": [ + { + "name": "ra-single-vm-sn", + "addressPrefix": "172.17.0.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-compute-single-vm/Scripts/Deploy-ReferenceArchitecture.ps1 b/guidance-compute-single-vm/Scripts/Deploy-ReferenceArchitecture.ps1 new file mode 100644 index 000000000..0abae2f54 --- /dev/null +++ b/guidance-compute-single-vm/Scripts/Deploy-ReferenceArchitecture.ps1 @@ -0,0 +1,54 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US", + [Parameter(Mandatory=$false)] + [ValidateSet("Windows", "Linux")] + $OSType = "Linux" +) + +$ErrorActionPreference = "Stop" + +$templateRootUriString = $env:TEMPLATE_ROOT_URI +if ($templateRootUriString -eq $null) { + $templateRootUriString = "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/" +} + +if (![System.Uri]::IsWellFormedUriString($templateRootUriString, [System.UriKind]::Absolute)) { + throw "Invalid value for TEMPLATE_ROOT_URI: $env:TEMPLATE_ROOT_URI" +} + +Write-Host +Write-Host "Using $templateRootUriString to locate templates" +Write-Host + +$templateRootUri = New-Object System.Uri -ArgumentList @($templateRootUriString) +$virtualNetworkTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json") +$virtualMachineTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json") +$networkSecurityGroupTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json") +$virtualNetworkParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "virtualNetwork.parameters.json") +$virtualMachineParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "virtualMachine.parameters.json") +$networkSecurityGroupParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters", $OSType.ToLower(), "networkSecurityGroups.parameters.json") + +$resourceGroupName = "ra-single-vm-rg" +# Login to Azure and select your subscription +Login-AzureRmAccount -SubscriptionId $SubscriptionId | Out-Null + +# Create the resource group +$resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location + +Write-Host "Deploying virtual network..." +New-AzureRmResourceGroupDeployment -Name "ra-single-vm-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersFile + +Write-Host "Deploying virtual machine..." +New-AzureRmResourceGroupDeployment -Name "ra-single-vm-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualMachineTemplate.AbsoluteUri -TemplateParameterFile $virtualMachineParametersFile + +Write-Host "Deploying network security groups..." +New-AzureRmResourceGroupDeployment -Name "ra-single-vm-nsg-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $networkSecurityGroupTemplate.AbsoluteUri -TemplateParameterFile $networkSecurityGroupParametersFile \ No newline at end of file diff --git a/guidance-compute-single-vm/Scripts/deploy-reference-architecture.sh b/guidance-compute-single-vm/Scripts/deploy-reference-architecture.sh new file mode 100644 index 000000000..0618334d9 --- /dev/null +++ b/guidance-compute-single-vm/Scripts/deploy-reference-architecture.sh @@ -0,0 +1,152 @@ +#!/bin/bash + +RESOURCE_GROUP_NAME="ra-single-vm-rg" +LOCATION="centralus" + +TEMPLATE_ROOT_URI=${TEMPLATE_ROOT_URI:="https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/"} +# Make sure we have a trailing slash +[[ "${TEMPLATE_ROOT_URI}" != */ ]] && TEMPLATE_ROOT_URI="${TEMPLATE_ROOT_URI}/" + +# For validating HTTP URIs only +URI_REGEX="^((?:https?://(?:(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,64}(?::(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,25})?@)?)?(?:(([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF-]{0,61}[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]){0,1}\.)+[a-zA-Z\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]{2,63}|((25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[0-9]))))(?::\d{1,5})?)(/(?:(?:[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF;/?:@&=#~.+!*(),_-])|(?:%[a-fA-F0-9]{2}))*)?(?:\b|$)$" + +validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +showErrorAndUsage() { + echo + if [[ "$1" != "" ]] + then + echo " error: $1" + echo + fi + echo " usage: $(basename ${0}) [options]" + echo " options:" + echo " -l, --location " + echo " -o, --os-type " + echo " -s, --subscription " + echo + exit 1 +} + +if [[ $# < 1 ]] +then + showErrorAndUsage +fi + +while [[ $# > 0 ]] +do + key="$1" + case $key in + -o|--os-type) + OS_TYPE="$2" + shift + ;; + -s|--subscription) + # Explicitly set the subscription to avoid confusion as to which subscription + # is active/default + SUBSCRIPTION_ID="$2" + shift + ;; + -l|--location) + LOCATION="$2" + shift + ;; + *) + showErrorAndUsage "Unknown option: $1" + ;; + esac + shift +done + +if ! [[ $SUBSCRIPTION_ID =~ ^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$ ]]; +then + showErrorAndUsage "Invalid Subscription ID" +fi + +if validate $OS_TYPE "windows" "linux"; +then + showErrorAndUsage "Invalid OS Type: '${OS_TYPE}' Valid values are 'windows' or 'linux'" +fi + +if validateNotEmpty $LOCATION; +then + showErrorAndUsage "Location must be provided" +fi + +if grep -P -v $URI_REGEX <<< $TEMPLATE_ROOT_URI > /dev/null +then + showErrorAndUsage "Invalid value for TEMPLATE_ROOT_URI: ${TEMPLATE_ROOT_URI}" +fi + +echo +echo "Using ${TEMPLATE_ROOT_URI} to locate templates" +echo + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +VIRTUAL_NETWORK_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json" +VIRTUAL_NETWORK_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/virtualNetwork.parameters.json" +VIRTUAL_NETWORK_DEPLOYMENT_NAME="ra-single-vm-vnet-deployment" + +VIRTUAL_MACHINE_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json" +VIRTUAL_MACHINE_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/virtualMachine.parameters.json" +VIRTUAL_MACHINE_DEPLOYMENT_NAME="ra-single-vm-deployment" + +NETWORK_SECURITY_GROUP_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json" +NETWORK_SECURITY_GROUP_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/${OS_TYPE}/networkSecurityGroups.parameters.json" +NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME="ra-single-vm-nsg-deployment" + +azure config mode arm + +# Create the resource group, saving the output for later. +RESOURCE_GROUP_OUTPUT=$(azure group create --name $RESOURCE_GROUP_NAME --location $LOCATION --subscription $SUBSCRIPTION_ID --json) || exit 1 + +# Create the virtual network +echo "Deploying virtual network..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--template-uri $VIRTUAL_NETWORK_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +echo "Deploying virtual machine..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_MACHINE_DEPLOYMENT_NAME \ +--template-uri $VIRTUAL_MACHINE_TEMPLATE_URI --parameters-file $VIRTUAL_MACHINE_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +echo "Deploying network security group..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME \ +--template-uri $NETWORK_SECURITY_GROUP_TEMPLATE_URI --parameters-file $NETWORK_SECURITY_GROUP_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +# Display json output +echo "===================================" + +echo $RESOURCE_GROUP_OUTPUT + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_MACHINE_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $NETWORK_SECURITY_GROUP_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +echo "===================================" diff --git a/guidance-compute-single-vm/Templates/azuredeploy.json b/guidance-compute-single-vm/Templates/azuredeploy.json new file mode 100644 index 000000000..d48b38344 --- /dev/null +++ b/guidance-compute-single-vm/Templates/azuredeploy.json @@ -0,0 +1,90 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "windows", + "linux" + ], + "defaultValue": "linux", + "metadata": { + "description": "Relative path decider for the template parameters." + } + } + }, + "variables": { + "templates": { + "deployment": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "virtualMachine": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json')]", + "networkSecurityGroup": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json')]" + }, + "parameter": { + "virtualNetwork": "[uri(parameters('templateRootUri'), concat('guidance-compute-single-vm/Parameters/', parameters('osType'), '/virtualNetwork.parameters.json'))]", + "virtualMachine": "[uri(parameters('templateRootUri'), concat('guidance-compute-single-vm/Parameters/', parameters('osType'), '/virtualMachine.parameters.json'))]", + "networkSecurityGroup": "[uri(parameters('templateRootUri'), concat('guidance-compute-single-vm/Parameters/', parameters('osType'), '/networkSecurityGroups.parameters.json'))]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-single-vm-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetwork]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetwork]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-single-vm-deployment", + "dependsOn": [ + "ra-single-vm-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualMachine]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualMachine]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-single-vm-nsg-deployment", + "dependsOn": [ + "ra-single-vm-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.networkSecurityGroup]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.networkSecurityGroup]" + } + } + } + ], + "outputs": { + } +} diff --git a/guidance-compute-single-vm/guidance-compute-single-vm.deployproj b/guidance-compute-single-vm/guidance-compute-single-vm.deployproj new file mode 100644 index 000000000..bd7211227 --- /dev/null +++ b/guidance-compute-single-vm/guidance-compute-single-vm.deployproj @@ -0,0 +1,42 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + b7b33ae1-e56a-458d-93fb-d06ddb93cd7f + + + Deployment + 1.0 + + + + + + + + + + + + False + + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-compute-three-tier/Deployment.targets b/guidance-compute-three-tier/Deployment.targets new file mode 100644 index 000000000..f3be9fe9a --- /dev/null +++ b/guidance-compute-three-tier/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-compute-three-tier/Parameters/linux/businessTier.parameters.json b/guidance-compute-three-tier/Parameters/linux/businessTier.parameters.json new file mode 100644 index 000000000..812a92084 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/businessTier.parameters.json @@ -0,0 +1,105 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-biz-ilb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.1.250", + "subnetName": "app1-biz-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "linux", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-biz-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [] + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-biz-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 3, + "vmStartIndex": 4 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/linux/dataTier.parameters.json b/guidance-compute-three-tier/Parameters/linux/dataTier.parameters.json new file mode 100644 index 000000000..cf56f48fb --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/dataTier.parameters.json @@ -0,0 +1,105 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-data-ilb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.2.10", + "subnetName": "app1-data-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "linux", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-data-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-data-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 2, + "vmStartIndex": 7 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/linux/managementTier.parameters.json b/guidance-compute-three-tier/Parameters/linux/managementTier.parameters.json new file mode 100644 index 000000000..db9dd2f95 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/managementTier.parameters.json @@ -0,0 +1,67 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "linux", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "true", + "isPrimary": "true", + "subnetName": "app1-mgmt-sn", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 1, + "vmStartIndex": 9 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/linux/networkSecurityGroup.parameters.json b/guidance-compute-three-tier/Parameters/linux/networkSecurityGroup.parameters.json new file mode 100644 index 000000000..4092ac291 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/networkSecurityGroup.parameters.json @@ -0,0 +1,163 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "networkSecurityGroupSettings": { + "value": [ + { + "name": "app1-biz-nsg", + "subnets": [ + "app1-biz-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-web-traffic", + "description": "Allow traffic originating from web layer.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.0.0/24", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-data-nsg", + "subnets": [ + "app1-data-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-biz-traffic", + "description": "Allow traffic originating from biz layer.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.1.0/24", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-web-nsg", + "subnets": [ + "app1-web-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-web-traffic-from-external", + "description": "Allow web traffic originating externally.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "allow-web-traffic-from-vnet", + "description": "Allow web traffic originating from vnet.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 110, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-mgmt-nsg", + "subnets": [ + "app1-mgmt-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "default-allow-ssh", + "direction": "Inbound", + "priority": 100, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "22", + "access": "Allow", + "protocol": "Tcp" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + } + ] + } + } +} diff --git a/guidance-compute-three-tier/Parameters/linux/virtualNetwork.parameters.json b/guidance-compute-three-tier/Parameters/linux/virtualNetwork.parameters.json new file mode 100644 index 000000000..9ab0c7f7c --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/virtualNetwork.parameters.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "addressPrefixes": [ + "10.0.0.0/16" + ], + "subnets": [ + { + "name": "app1-web-sn", + "addressPrefix": "10.0.0.0/24" + }, + { + "name": "app1-biz-sn", + "addressPrefix": "10.0.1.0/24" + }, + { + "name": "app1-data-sn", + "addressPrefix": "10.0.2.0/24" + }, + { + "name": "app1-mgmt-sn", + "addressPrefix": "10.0.3.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/linux/webTier.parameters.json b/guidance-compute-three-tier/Parameters/linux/webTier.parameters.json new file mode 100644 index 000000000..d4d8b754d --- /dev/null +++ b/guidance-compute-three-tier/Parameters/linux/webTier.parameters.json @@ -0,0 +1,108 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-web-lb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "public", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.0.250", + "subnetName": "app1-web-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "linux", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-web-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "RedHat", + "offer": "RHEL", + "sku": "7.2", + "version": "latest" + }, + "osDisk": { + "caching": "ReadWrite" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-web-as" + } + }, + "metadata": { + "description": "Settings for Virtual Machines" + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 3, + "vmStartIndex": 1 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/windows/businessTier.parameters.json b/guidance-compute-three-tier/Parameters/windows/businessTier.parameters.json new file mode 100644 index 000000000..d0d7e0abe --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/businessTier.parameters.json @@ -0,0 +1,105 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-biz-ilb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.1.250", + "subnetName": "app1-biz-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "windows", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-biz-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-biz-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 3, + "vmStartIndex": 4 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/windows/dataTier.parameters.json b/guidance-compute-three-tier/Parameters/windows/dataTier.parameters.json new file mode 100644 index 000000000..aa8b90858 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/dataTier.parameters.json @@ -0,0 +1,105 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-data-ilb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.2.10", + "subnetName": "app1-data-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "windows", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-data-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-data-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 2, + "vmStartIndex": 7 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/windows/managementTier.parameters.json b/guidance-compute-three-tier/Parameters/windows/managementTier.parameters.json new file mode 100644 index 000000000..f64f049f8 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/managementTier.parameters.json @@ -0,0 +1,67 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "windows", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "true", + "isPrimary": "true", + "subnetName": "app1-mgmt-sn", + "privateIPAllocationMethod": "dynamic", + "publicIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 1, + "vmStartIndex": 9 + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/windows/networkSecurityGroup.parameters.json b/guidance-compute-three-tier/Parameters/windows/networkSecurityGroup.parameters.json new file mode 100644 index 000000000..de6c4e610 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/networkSecurityGroup.parameters.json @@ -0,0 +1,164 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + } + }, + "networkSecurityGroupSettings": { + "value": [ + { + "name": "app1-biz-nsg", + "subnets": [ + "app1-biz-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-web-traffic", + "description": "Allow traffic originating from web layer.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.0.0/24", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-data-nsg", + "subnets": [ + "app1-data-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-biz-traffic", + "description": "Allow traffic originating from biz layer.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.1.0/24", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-web-nsg", + "subnets": [ + "app1-web-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "allow-web-traffic-from-external", + "description": "Allow web traffic originating externally.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "allow-web-traffic-from-vnet", + "description": "Allow web traffic originating from vnet.", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 110, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + }, + { + "name": "app1-mgmt-nsg", + "subnets": [ + "app1-mgmt-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "RDP", + "description": "Allow RDP Subnet", + "protocol": "tcp", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + }, + { + "name": "deny-other-traffic", + "description": "Deny all other traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 120, + "direction": "Inbound" + } + ] + } + ] + } + } +} diff --git a/guidance-compute-three-tier/Parameters/windows/virtualNetwork.parameters.json b/guidance-compute-three-tier/Parameters/windows/virtualNetwork.parameters.json new file mode 100644 index 000000000..9ab0c7f7c --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/virtualNetwork.parameters.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "addressPrefixes": [ + "10.0.0.0/16" + ], + "subnets": [ + { + "name": "app1-web-sn", + "addressPrefix": "10.0.0.0/24" + }, + { + "name": "app1-biz-sn", + "addressPrefix": "10.0.1.0/24" + }, + { + "name": "app1-data-sn", + "addressPrefix": "10.0.2.0/24" + }, + { + "name": "app1-mgmt-sn", + "addressPrefix": "10.0.3.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} + diff --git a/guidance-compute-three-tier/Parameters/windows/webTier.parameters.json b/guidance-compute-three-tier/Parameters/windows/webTier.parameters.json new file mode 100644 index 000000000..d0132cf38 --- /dev/null +++ b/guidance-compute-three-tier/Parameters/windows/webTier.parameters.json @@ -0,0 +1,108 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "app1-web-lb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "public", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.0.250", + "subnetName": "app1-web-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "lbr1", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "lbp1", + "port": 80, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "a0", + "computerNamePrefix": "cn", + "size": "Standard_DS1", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osType": "windows", + "osAuthenticationType": "password", + "sshPublicKey": "", + "nics": [ + { + "isPublic": "false", + "isPrimary": "true", + "subnetName": "app1-web-sn", + "privateIPAllocationMethod": "dynamic", + "enableIPForwarding": false, + "dnsServers": [ ] + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "osDisk": { + "caching": "ReadWrite" + }, + "dataDisks": { + "count": 1, + "properties": { + "diskSizeGB": 128, + "caching": "None", + "createOption": "Empty" + } + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "app1-web-as" + } + }, + "metadata": { + "description": "Settings for Virtual Machines" + } + }, + "virtualNetworkSettings": { + "value": { + "name": "app1-vnet", + "resourceGroup": "app1-dev-rg" + }, + "metadata": { + "description": "Virtual network settings" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 3, + "vmStartIndex": 1 + } + } + } +} + diff --git a/guidance-compute-three-tier/Scripts/Deploy-ReferenceArchitecture.ps1 b/guidance-compute-three-tier/Scripts/Deploy-ReferenceArchitecture.ps1 new file mode 100644 index 000000000..2b2bd8b80 --- /dev/null +++ b/guidance-compute-three-tier/Scripts/Deploy-ReferenceArchitecture.ps1 @@ -0,0 +1,61 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US", + [Parameter(Mandatory=$false)] + [ValidateSet("Windows", "Linux")] + $OSType = "Linux" +) + +$resourceGroupName = 'app1-dev-rg' + +$templateRootUri = New-Object System.Uri -ArgumentList @('https://raw.githubusercontent.com/mspnp/arm-building-blocks/kirpas/vm-name-fix/ARMBuildingBlocks/Templates/') + +# Deployer templates for respective resources +$virtualNetworkTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, 'buildingBlocks/vnet-n-subnet/azuredeploy.json') +$loadBalancedVmSetTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, 'buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json') +$virtualMachineTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, 'buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json') +$networkSecurityGroupTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, 'resources/Microsoft.Network/networkSecurityGroups/networkSecurityGroups.json') + +# Template parameters for respective deployments +$virtualNetworkParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'virtualNetwork.parameters.json') +$businessTierParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'businessTier.parameters.json') +$dataTierParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'dataTier.parameters.json') +$webTierParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'webTier.parameters.json') +$managementTierParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'managementTier.parameters.json') +$networkSecurityGroupParametersFile = [System.IO.Path]::Combine($PSScriptRoot, '..\Parameters', $OSType.ToLower(), 'networkSecurityGroup.parameters.json') + +# Login to Azure and select your subscription +Login-AzureRmAccount | Out-Null +Select-AzureRmSubscription -SubscriptionId $SubscriptionId | Out-Null + +# Create the resource group +$resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location + +Write-Host "Deploying virtual network..." +New-AzureRmResourceGroupDeployment -Name "ra-ntier-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersFile + +Write-Host "Deploying business tier..." +New-AzureRmResourceGroupDeployment -Name "ra-ntier-biz-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $loadBalancedVmSetTemplate.AbsoluteUri -TemplateParameterFile $businessTierParametersFile + +Write-Host "Deploying data tier..." +New-AzureRmResourceGroupDeployment -Name "ra-ntier-biz-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $loadBalancedVmSetTemplate.AbsoluteUri -TemplateParameterFile $dataTierParametersFile + +Write-Host "Deploying web tier..." +New-AzureRmResourceGroupDeployment -Name "ra-ntier-biz-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $loadBalancedVmSetTemplate.AbsoluteUri -TemplateParameterFile $webTierParametersFile + +Write-Host "Deploying management tier..." +New-AzureRmResourceGroupDeployment -Name "ra-ntier-biz-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualMachineTemplate.AbsoluteUri -TemplateParameterFile $managementTierParametersFile + +Write-Host "Deploying network security group" +New-AzureRmResourceGroupDeployment -Name "ra-ntier-vm-nsg-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $networkSecurityGroupTemplate.AbsoluteUri -TemplateParameterFile $networkSecurityGroupParametersFile diff --git a/guidance-compute-three-tier/Templates/azuredeploy.json b/guidance-compute-three-tier/Templates/azuredeploy.json new file mode 100644 index 000000000..ceb12f096 --- /dev/null +++ b/guidance-compute-three-tier/Templates/azuredeploy.json @@ -0,0 +1,149 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "osType": { + "type": "string", + "allowedValues": [ + "windows", + "linux" + ], + "defaultValue": "windows", + "metadata": { + "description": "Relative path decider for the template parameters." + } + } + }, + "variables": { + "armBbUri": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/kirpas/vm-name-fix/ARMBuildingBlocks/Templates/", + "templates": { + "deployment": { + "lb": "[concat(variables('armBbUri'), 'buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json')]", + "vnet": "[concat(variables('armBbUri'), 'buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "vm": "[concat(variables('armBbUri'), 'buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json')]", + "nsg": "[concat(variables('armBbUri'), 'resources/Microsoft.Network/networkSecurityGroups/networkSecurityGroups.json')]" + }, + "parameter": { + "vnet": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/virtualNetwork.parameters.json'))]", + "nsg": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/networkSecurityGroup.parameters.json'))]", + "lb": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/virtualMachine.parameters.json'))]", + "webTier": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/webTier.parameters.json'))]", + "dataTier": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/dataTier.parameters.json'))]", + "businessTier": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/businessTier.parameters.json'))]", + "managementTier": "[uri(deployment().properties.templateLink.uri, concat('../Parameters/', parameters('osType'), '/managementTier.parameters.json'))]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "deploy-network", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.vnet]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.vnet]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "deploy-web-tier", + "dependsOn": [ + "Microsoft.Resources/deployments/deploy-network" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.lb]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.webTier]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "deploy-biz-tier", + "dependsOn": [ + "Microsoft.Resources/deployments/deploy-network" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.lb]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.businessTier]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "deploy-data-tier", + "dependsOn": [ + "Microsoft.Resources/deployments/deploy-network" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.lb]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.dataTier]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "deploy-mgmt-tier", + "dependsOn": [ + "Microsoft.Resources/deployments/deploy-network" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.vm]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.managementTier]", + "contentVersion": "1.0.0.0" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "name": "deploy-nsg", + "apiVersion": "2015-01-01", + "dependsOn": [ + "Microsoft.Resources/deployments/deploy-network", + "Microsoft.Resources/deployments/deploy-web-tier", + "Microsoft.Resources/deployments/deploy-data-tier", + "Microsoft.Resources/deployments/deploy-biz-tier", + "Microsoft.Resources/deployments/deploy-mgmt-tier" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.nsg]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.nsg]", + "contentVersion": "1.0.0.0" + } + } + } + ] +} + diff --git a/guidance-compute-three-tier/guidance-compute-n-tier.deployproj b/guidance-compute-three-tier/guidance-compute-n-tier.deployproj new file mode 100644 index 000000000..7ef4bf827 --- /dev/null +++ b/guidance-compute-three-tier/guidance-compute-n-tier.deployproj @@ -0,0 +1,47 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + 37bd5438-1465-443b-8826-a112cca2e409 + + + Deployment + 1.0 + + + + + + + + + + + + False + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-hybrid-network-er/Deployment.targets b/guidance-hybrid-network-er/Deployment.targets new file mode 100644 index 000000000..4616e6bb8 --- /dev/null +++ b/guidance-hybrid-network-er/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-hybrid-network-er/Parameters/expressRouteCircuit.parameters.json b/guidance-hybrid-network-er/Parameters/expressRouteCircuit.parameters.json new file mode 100644 index 000000000..7616c0ef7 --- /dev/null +++ b/guidance-hybrid-network-er/Parameters/expressRouteCircuit.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentContext": { + "value": { + "parentTemplateUniqueString": "" + } + }, + "expressRouteCircuitSettings": { + "value": { + "name": "ra-hybrid-er-erc", + "skuTier": "Premium", + "skuFamily": "UnlimitedData", + "serviceProviderName": "Equinix", + "peeringLocation": "Silicon Valley", + "bandwidthInMbps": 50, + "allowClassicOperations": false + } + } + } +} diff --git a/guidance-hybrid-network-er/Parameters/virtualNetwork.parameters.json b/guidance-hybrid-network-er/Parameters/virtualNetwork.parameters.json new file mode 100644 index 000000000..7829c2f3a --- /dev/null +++ b/guidance-hybrid-network-er/Parameters/virtualNetwork.parameters.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-er-vnet", + "addressPrefixes": [ + "10.20.0.0/16" + ], + "subnets": [ + { + "name": "GatewaySubnet", + "addressPrefix": "10.20.255.224/27" + }, + { + "name": "ra-hybrid-er-sn", + "addressPrefix": "10.20.0.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-hybrid-network-er/Parameters/virtualNetworkGateway.parameters.json b/guidance-hybrid-network-er/Parameters/virtualNetworkGateway.parameters.json new file mode 100644 index 000000000..36d6c5ad8 --- /dev/null +++ b/guidance-hybrid-network-er/Parameters/virtualNetworkGateway.parameters.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-er-vnet" + } + }, + "virtualNetworkGatewaySettings": { + "value": { + "name": "ra-hybrid-er-vgw", + "gatewayType": "ExpressRoute", + "vpnType": "RouteBased", + "sku": "Standard" + } + }, + "connectionSettings": { + "value": { + "name": "ra-hybrid-er-cn", + "connectionType": "ExpressRoute", + "virtualNetworkGateway1": { + "name": "ra-hybrid-er-vgw" + }, + "expressRouteCircuit": { + "name": "ra-hybrid-er-erc" + } + } + } + } +} diff --git a/guidance-hybrid-network-er/Scripts/Deploy-ReferenceArchitecture.ps1 b/guidance-hybrid-network-er/Scripts/Deploy-ReferenceArchitecture.ps1 new file mode 100644 index 000000000..cd5b2e1d2 --- /dev/null +++ b/guidance-hybrid-network-er/Scripts/Deploy-ReferenceArchitecture.ps1 @@ -0,0 +1,63 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US", + [Parameter(Mandatory=$true)] + [ValidateSet("Circuit", "Network")] + $Mode +) + +$ErrorActionPreference = "Stop" + +$templateRootUriString = $env:TEMPLATE_ROOT_URI +if ($templateRootUriString -eq $null) { + $templateRootUriString = "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/" +} + +if (![System.Uri]::IsWellFormedUriString($templateRootUriString, [System.UriKind]::Absolute)) { + throw "Invalid value for TEMPLATE_ROOT_URI: $env:TEMPLATE_ROOT_URI" +} + +Write-Host +Write-Host "Using $templateRootUriString to locate templates" +Write-Host + +$templateRootUri = New-Object System.Uri -ArgumentList @($templateRootUriString) + +$expressRouteCircuitTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json") +$expressRouteCircuitParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\expressRouteCircuit.parameters.json") + +$virtualNetworkTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json") +$virtualNetworkParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetwork.parameters.json") + +$virtualNetworkGatewayTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json") +$virtualNetworkGatewayParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetworkGateway.parameters.json") + +$resourceGroupName = "ra-hybrid-er-rg" +# Login to Azure and select your subscription +Login-AzureRmAccount -SubscriptionId $SubscriptionId | Out-Null + +$resourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -Location $Location -ErrorAction SilentlyContinue +if ($resourceGroup -eq $null) { + # Create the resource group + $resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location +} + +if ($Mode -eq "Circuit") { + Write-Host "Creating ExpressRoute circuit..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-circuit-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $expressRouteCircuitTemplate.AbsoluteUri -TemplateParameterFile $expressRouteCircuitParametersFile +} +elseif ($Mode -eq "Network") { + Write-Host "Deploying virtual network..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersFile + + Write-Host "Deploying virtual network gateway..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-gateway-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkGatewayTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkGatewayParametersFile +} diff --git a/guidance-hybrid-network-er/Scripts/deploy-reference-architecture.sh b/guidance-hybrid-network-er/Scripts/deploy-reference-architecture.sh new file mode 100644 index 000000000..5f03742a5 --- /dev/null +++ b/guidance-hybrid-network-er/Scripts/deploy-reference-architecture.sh @@ -0,0 +1,165 @@ +#!/bin/bash + +RESOURCE_GROUP_NAME="ra-hybrid-er-rg" +LOCATION="centralus" +MODE="" + +TEMPLATE_ROOT_URI=${TEMPLATE_ROOT_URI:="https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/"} +# Make sure we have a trailing slash +[[ "${TEMPLATE_ROOT_URI}" != */ ]] && TEMPLATE_ROOT_URI="${TEMPLATE_ROOT_URI}/" + +# For validating HTTP URIs only +URI_REGEX="^((?:https?://(?:(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,64}(?::(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,25})?@)?)?(?:(([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF-]{0,61}[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]){0,1}\.)+[a-zA-Z\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]{2,63}|((25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[0-9]))))(?::\d{1,5})?)(/(?:(?:[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF;/?:@&=#~.+!*(),_-])|(?:%[a-fA-F0-9]{2}))*)?(?:\b|$)$" + +validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +showErrorAndUsage() { + echo + if [[ "$1" != "" ]] + then + echo " error: $1" + echo + fi + echo " usage: $(basename ${0}) [options]" + echo " options:" + echo " -l, --location " + echo " -m, --mode " + echo " -s, --subscription " + echo + exit 1 +} + +if [[ $# < 1 ]] +then + showErrorAndUsage +fi + +while [[ $# > 0 ]] +do + key="$1" + case $key in + -l|--location) + LOCATION="$2" + shift + ;; + -m|--mode) + MODE="$2" + shift + ;; + -s|--subscription) + SUBSCRIPTION_ID="$2" + shift + ;; + *) + showErrorAndUsage "Unknown option: $1" + ;; + esac + shift +done + +if ! [[ $SUBSCRIPTION_ID =~ ^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$ ]]; +then + showErrorAndUsage "Invalid Subscription ID." +fi + +if validateNotEmpty $LOCATION; +then + showErrorAndUsage "Location must be provided." +fi + +if validate $MODE "circuit" "network"; +then + showErrorAndUsage "Invalid mode: '${MODE}'. Valid values are 'circuit' or 'network'." +fi + +if grep -P -v $URI_REGEX <<< $TEMPLATE_ROOT_URI > /dev/null +then + showErrorAndUsage "Invalid value for TEMPLATE_ROOT_URI: ${TEMPLATE_ROOT_URI}" +fi + +echo +echo "Using ${TEMPLATE_ROOT_URI} to locate templates" +echo + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +EXPRESS_ROUTE_CIRCUIT_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json" +EXPRESS_ROUTE_CIRCUIT_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/expressRouteCircuit.parameters.json" +EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME="ra-hybrid-er-circuit-deployment" + +VIRTUAL_NETWORK_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json" +VIRTUAL_NETWORK_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetwork.parameters.json" +VIRTUAL_NETWORK_DEPLOYMENT_NAME="ra-hybrid-er-vnet-deployment" + +VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json" +VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetworkGateway.parameters.json" +VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME="ra-hybrid-er-gateway-deployment" + +azure config mode arm + +if ! RESOURCE_GROUP_OUTPUT=$(azure group show --name $RESOURCE_GROUP_NAME --subscription $SUBSCRIPTION_ID --json) +then + # The resource group doesn't exist, so create the resource group and save the output for later. + RESOURCE_GROUP_OUTPUT=$(azure group create --name $RESOURCE_GROUP_NAME --location $LOCATION --subscription $SUBSCRIPTION_ID --json) || exit 1 +fi + +if [[ $MODE == "circuit" ]] +then + echo "Creating ExpressRoute circuit..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME \ + --template-uri $EXPRESS_ROUTE_CIRCUIT_TEMPLATE_URI --parameters-file $EXPRESS_ROUTE_CIRCUIT_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + # Display json output + echo "===================================" + + echo $RESOURCE_GROUP_OUTPUT + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + echo "===================================" +elif [[ $MODE == "network" ]] +then + # Create the virtual network + echo "Deploying virtual network..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ + --template-uri $VIRTUAL_NETWORK_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + echo "Deploying virtual network gateway..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ + --template-uri $VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + # Display json output + echo "===================================" + + echo $RESOURCE_GROUP_OUTPUT + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + echo "===================================" +fi diff --git a/guidance-hybrid-network-er/Templates/azuredeploy-expressRouteCircuit.json b/guidance-hybrid-network-er/Templates/azuredeploy-expressRouteCircuit.json new file mode 100644 index 000000000..42bd17249 --- /dev/null +++ b/guidance-hybrid-network-er/Templates/azuredeploy-expressRouteCircuit.json @@ -0,0 +1,41 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "expressRouteCircuit": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json')]" + }, + "parameter": { + "expressRouteCircuit": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-er/Parameters/expressRouteCircuit.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-er-circuit-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.expressRouteCircuit]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.expressRouteCircuit]" + } + } + } + ], + "outputs": { + } +} \ No newline at end of file diff --git a/guidance-hybrid-network-er/Templates/azuredeploy.json b/guidance-hybrid-network-er/Templates/azuredeploy.json new file mode 100644 index 000000000..270dc82d8 --- /dev/null +++ b/guidance-hybrid-network-er/Templates/azuredeploy.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json')]" + }, + "parameter": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-er/Parameters/virtualNetwork.parameters.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-er/Parameters/virtualNetworkGateway.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-er-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetwork]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetwork]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-er-deployment", + "dependsOn": [ + "ra-hybrid-er-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetworkGateway]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetworkGateway]" + } + } + } + ], + "outputs": { + } +} diff --git a/guidance-hybrid-network-er/guidance-hybrid-network-er.deployproj b/guidance-hybrid-network-er/guidance-hybrid-network-er.deployproj new file mode 100644 index 000000000..89eab42b7 --- /dev/null +++ b/guidance-hybrid-network-er/guidance-hybrid-network-er.deployproj @@ -0,0 +1,40 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + 334ed53a-1f21-48e3-bb52-1b96e4a49592 + + + Deployment + 1.0 + + + + + + + + + + + False + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-hybrid-network-secure-vnet/README.md b/guidance-hybrid-network-secure-vnet/README.md new file mode 100644 index 000000000..e02abfc9b --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/README.md @@ -0,0 +1 @@ + diff --git a/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/README.md b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/README.md new file mode 100644 index 000000000..e02abfc9b --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/README.md @@ -0,0 +1 @@ + diff --git a/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.json b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.json new file mode 100644 index 000000000..3c576b496 --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.json @@ -0,0 +1,235 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "baseName": { "type": "string" }, + "onpremNetPrefix": { "type": "string" }, + "vnetPrefix": { "type": "string" }, + "vnetMgmtSubnetPrefix": { "type": "string" }, + "vnetNvaFeSubnetPrefix": { "type": "string" }, + "vnetNvaBeSubnetPrefix": { "type": "string" }, + "vnetWebSubnetPrefix": { "type": "string" }, + "vnetBizSubnetPrefix": { "type": "string" }, + "vnetDbSubnetPrefix": { "type": "string" }, + "vnetGwSubnetPrefix": { "type": "string" } + }, + "variables": { + "location": "[resourceGroup().location]", + "vnetName": "[concat(parameters('baseName'),'-vnet')]", + "vnetNvaFeSubnetName": "[concat(parameters('baseName'),'-nva-fe-sn')]", + "vnetNvaBeSubnetName": "[concat(parameters('baseName'),'-nva-be-sn')]", + "vnetMgmtSubnetName": "[concat(parameters('baseName'),'-mgmt-sn')]", + "vnetWebSubnetName": "[concat(parameters('baseName'),'-web-sn')]", + "vnetBizSubnetName": "[concat(parameters('baseName'),'-biz-sn')]", + "vnetDbSubnetName": "[concat(parameters('baseName'),'-db-sn')]", + "webUdrName": "[concat(parameters('baseName'),'-web-udr')]", + "bizUdrName": "[concat(parameters('baseName'),'-biz-udr')]", + "dbUdrName": "[concat(parameters('baseName'),'-db-udr')]", + + "nsgTemplate": "https://raw.githubusercontent.com/mspnp/blueprints/master/ARMBuildingBlocks/ARMBuildingBlocks/Templates/bb-nsg.json" + }, + "resources": [ + + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "mgmt-nsg", + "properties": { + "mode": "Incremental", + "templateLink": { "uri": "[variables('nsgTemplate')]" }, + "parameters": { + "baseName": { "value": "[parameters('baseName')]" }, + "nsgNamePrefix": { "value": "mgmt" }, + "rulesNames": { "value": [ "on-prem-rdp-allow", "on-prem-ssh-allow", "gateway-allow", "self-allow", "vnet-deny" ] }, + "rulesDirections": { "value": [ "Inbound", "Inbound", "Inbound", "Inbound", "Inbound" ] }, + "rulesAccess": { "value": [ "Allow", "Allow", "Allow", "Allow", "Deny" ] }, + "rulesSourceAddressPrefixes": { "value": [ "[parameters('onpremNetPrefix')]", "[parameters('onpremNetPrefix')]", "[parameters('vnetGwSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "*" ] }, + "rulesSourcePorts": { "value": [ "*", "*", "*", "*", "*" ] }, + "rulesDestinationAddressPrefixes": { "value": [ "*", "*", "*", "*", "*" ] }, + "rulesDestinationPorts": { "value": [ 3389, 22, "*", "*", "*" ] }, + "rulesProtocol": { "value": [ "*", "*", "*", "*", "*" ] } + } + } + }, + + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "web-nsg", + "properties": { + "mode": "Incremental", + "templateLink": { "uri": "[variables('nsgTemplate')]" }, + "parameters": { + "baseName": { "value": "[parameters('baseName')]" }, + "nsgNamePrefix": { "value": "web" }, + "rulesNames": { "value": [ "on-prem-allow", "vnet-allow", "mgmt-rdp-allow", "mgmt-ssh-allow", "vnet-deny" ] }, + "rulesDirections": { "value": [ "Inbound", "Inbound", "Inbound", "Inbound", "Inbound" ] }, + "rulesAccess": { "value": [ "Allow", "Allow", "Allow", "Allow", "Deny" ] }, + "rulesSourceAddressPrefixes": { "value": [ "[parameters('onpremNetPrefix')]", "[parameters('vnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "*" ] }, + "rulesSourcePorts": { "value": [ "*", "*", "*", "*", "*" ] }, + "rulesDestinationAddressPrefixes": { "value": [ "*", "*", "*", "*", "*" ] }, + "rulesDestinationPorts": { "value": [ 80, 80, 3389, 22, "*" ] }, + "rulesProtocol": { "value": [ "TCP", "TCP", "*", "*", "*" ] } + } + } + }, + + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "biz-nsg", + "properties": { + "mode": "Incremental", + "templateLink": { "uri": "[variables('nsgTemplate')]" }, + "parameters": { + "baseName": { "value": "[parameters('baseName')]" }, + "nsgNamePrefix": { "value": "biz" }, + "rulesNames": { "value": [ "web-allow", "mgmt-rdp-allow", "mgmt-ssh-allow", "vnet-deny" ] }, + "rulesDirections": { "value": [ "Inbound", "Inbound", "Inbound", "Inbound" ] }, + "rulesAccess": { "value": [ "Allow", "Allow", "Allow", "Deny" ] }, + "rulesSourceAddressPrefixes": { "value": [ "[parameters('vnetWebSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "*" ] }, + "rulesSourcePorts": { "value": [ "*", "*", "*", "*" ] }, + "rulesDestinationAddressPrefixes": { "value": [ "*", "*", "*", "*" ] }, + "rulesDestinationPorts": { "value": [ "*", 3389, 22, "*" ] }, + "rulesProtocol": { "value": [ "*", "*", "*", "*" ] } + } + } + }, + + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "db-nsg", + "properties": { + "mode": "Incremental", + "templateLink": { "uri": "[variables('nsgTemplate')]" }, + "parameters": { + "baseName": { "value": "[parameters('baseName')]" }, + "nsgNamePrefix": { "value": "db" }, + "rulesNames": { "value": [ "biz-allow", "mgmt-rdp-allow", "mgmt-ssh-allow", "vnet-deny" ] }, + "rulesDirections": { "value": [ "Inbound", "Inbound", "Inbound", "Inbound" ] }, + "rulesAccess": { "value": [ "Allow", "Allow", "Allow", "Deny" ] }, + "rulesSourceAddressPrefixes": { "value": [ "[parameters('vnetBizSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "[parameters('vnetMgmtSubnetPrefix')]", "*" ] }, + "rulesSourcePorts": { "value": [ "*", "*", "*", "*" ] }, + "rulesDestinationAddressPrefixes": { "value": [ "*", "*", "*", "*" ] }, + "rulesDestinationPorts": { "value": [ "*", 3389, 22, "*" ] }, + "rulesProtocol": { "value": [ "*", "*", "*", "*" ] } + } + } + }, + + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2016-03-30", + "location": "[variables('location')]", + "name": "[variables('webUdrName')]", + "properties": { + "routes": [] + } + }, + + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2016-03-30", + "location": "[variables('location')]", + "name": "[variables('bizUdrName')]", + "properties": { + "routes": [] + } + }, + + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2016-03-30", + "location": "[variables('location')]", + "name": "[variables('dbUdrName')]", + "properties": { + "routes": [] + } + }, + + { + "name": "[variables('vnetName')]", + "type": "Microsoft.Network/virtualNetworks", + "location": "[resourceGroup().location]", + "apiVersion": "2015-06-15", + "dependsOn": [ + "Microsoft.Resources/deployments/mgmt-nsg", + "Microsoft.Resources/deployments/web-nsg", + "Microsoft.Resources/deployments/biz-nsg", + "Microsoft.Resources/deployments/db-nsg", + "[concat('Microsoft.Network/routeTables/',variables('webUdrName'))]", + "[concat('Microsoft.Network/routeTables/',variables('bizUdrName'))]", + "[concat('Microsoft.Network/routeTables/',variables('dbUdrName'))]" + ], + "tags": { + "displayName": "vnet" + }, + "properties": { + "mode": "Incremental", + "addressSpace": { + "addressPrefixes": [ + "[parameters('vnetPrefix')]" + ] + }, + "subnets": [ + { + "name": "[variables('vnetMgmtSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetMgmtSubnetPrefix')]", + "networkSecurityGroup": { "id": "[reference('mgmt-nsg').outputs.nsgid.value]" } + } + }, + { + "name": "[variables('vnetNvaFeSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetNvaFeSubnetPrefix')]" + } + }, + { + "name": "[variables('vnetNvaBeSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetNvaBeSubnetPrefix')]" + } + }, + { + "name": "[variables('vnetWebSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetWebSubnetPrefix')]", + "networkSecurityGroup": { "id": "[reference('web-nsg').outputs.nsgid.value]" }, + "routeTable": {"id": "[resourceId('Microsoft.Network/routeTables', variables('webUdrName'))]"} + } + }, + { + "name": "[variables('vnetBizSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetBizSubnetPrefix')]", + "networkSecurityGroup": { "id": "[reference('biz-nsg').outputs.nsgid.value]" }, + "routeTable": {"id": "[resourceId('Microsoft.Network/routeTables', variables('bizUdrName'))]"} + } + }, + { + "name": "[variables('vnetDbSubnetName')]", + "properties": { + "addressPrefix": "[parameters('vnetDbSubnetPrefix')]", + "networkSecurityGroup": { "id": "[reference('db-nsg').outputs.nsgid.value]" }, + "routeTable": { "id": "[resourceId('Microsoft.Network/routeTables', variables('dbUdrName'))]" } + } + }, + + { + "name": "GatewaySubnet", + "properties": { + "addressPrefix": "[parameters('vnetGwSubnetPrefix')]" + } + } + + + ] + } + } + + ], + "outputs": { + } +} diff --git a/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.parameters.json b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.parameters.json new file mode 100644 index 000000000..325c7f5a3 --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.parameters.json @@ -0,0 +1,6 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + } +} diff --git a/guidance-hybrid-network-secure-vnet/azuredeploy.sh b/guidance-hybrid-network-secure-vnet/azuredeploy.sh new file mode 100644 index 000000000..fc0b94174 --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/azuredeploy.sh @@ -0,0 +1,294 @@ + +# error handling or interruption via ctrl-c. +# line number and error code of executed command is passed to errhandle function + +trap 'errhandle $LINENO $?' SIGINT ERR + +errhandle() +{ + echo "Error or Interruption at line ${1} exit code ${2} " + exit ${2} +} + +############################################################################ + +############################################################################ +## Command Arguments +############################################################################ +function validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +function validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +############################################################################ +## Command Arguments +############################################################################ + +URI_BASE=https://raw.githubusercontent.com/mspnp/blueprints/master/ARMBuildingBlocks + +# Default parameter values +BASE_NAME= +SUBSCRIPTION= +LOCATION=centralus +OS_TYPE=Windows +ADMIN_USER_NAME=adminUser +ADMIN_PASSWORD=adminP@ssw0rd + +NTWK_RESOURCE_GROUP=${BASE_NAME}-ntwk-rg + +# VPN parameter defaults +INPUT_ON_PREMISES_PUBLIC_IP=11.22.33.44 +INPUT_ON_PREMISES_ADDRESS_SPACE=192.168.0.0/24 +INPUT_VPN_IPSEC_SHARED_KEY=myipsecsharedkey123 + +# VNet parameter defaults +VNET_PREFIX=10.0.0.0/16 +VNET_MGMT_SUBNET_PREFIX=10.0.0.0/24 +VNET_NVA_FE_SUBNET_PREFIX=10.0.1.0/24 +VNET_NVA_BE_SUBNET_PREFIX=10.0.2.0/24 +VNET_WEB_SUBNET_PREFIX=10.0.3.0/24 +VNET_BIZ_SUBNET_PREFIX=10.0.4.0/24 +VNET_DB_SUBNET_PREFIX=10.0.5.0/24 +VNET_GATEWAY_SUBNET_ADDRESS_PREFIX=10.0.255.224/27 + +# the following variables are used in the creation of vpn, web/biz/db tier, but not using in vnet creation +MGMT_JUMPBOX_IP_ADDRESS=10.0.0.254 +NVA_FE_ILB_IP_ADDRESS=10.0.1.254 +WEB_ILB_IP_ADDRESS=10.0.3.254 +BIZ_ILB_IP_ADDRESS=10.0.4.254 +DB_ILB_IP_ADDRESS=10.0.5.254 + +WEB_NUMBER_VMS=2 +BIZ_NUMBER_VMS=2 +DB_NUMBER_VMS=2 + +if validateNotEmpty ${SUBSCRIPTION}; +then + echo "A value for SUBSCRIPTION must be provided" + exit +fi + +if validateNotEmpty ${BASE_NAME}; +then + echo "A value for BASE_NAME must be provided" + exit +fi + +echo +echo +echo azure config mode arm + azure config mode arm +############################################################################ +## Create vNet and Subnets for mgmt, nva-fe, nva-be, web, biz, db +############################################################################ + + +TEMPLATE_URI=${URI_BASE}/guidance-hybrid-network-secure-vnet/Templates/ra-vnet-subnets-udr-nsg/azuredeploy.json + +RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +ON_PREM_NET_PREFIX=${INPUT_ON_PREMISES_ADDRESS_SPACE} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"onpremNetPrefix\":{\"value\":\"${ON_PREM_NET_PREFIX}\"},\"vnetPrefix\":{\"value\":\"${VNET_PREFIX}\"},\"vnetMgmtSubnetPrefix\":{\"value\":\"${VNET_MGMT_SUBNET_PREFIX}\"},\"vnetNvaFeSubnetPrefix\":{\"value\":\"${VNET_NVA_FE_SUBNET_PREFIX}\"},\"vnetNvaBeSubnetPrefix\":{\"value\":\"${VNET_NVA_BE_SUBNET_PREFIX}\"},\"vnetWebSubnetPrefix\":{\"value\":\"${VNET_WEB_SUBNET_PREFIX}\"},\"vnetBizSubnetPrefix\":{\"value\":\"${VNET_BIZ_SUBNET_PREFIX}\"},\"vnetDbSubnetPrefix\":{\"value\":\"${VNET_DB_SUBNET_PREFIX}\"},\"vnetGwSubnetPrefix\":{\"value\":\"${VNET_GATEWAY_SUBNET_ADDRESS_PREFIX}\"}}" + +echo +echo +echo azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + +# the following variables are used in the above resource group, you need to use them later to create web/biz/db tier. don't change their values. +DEPLOYED_VNET_NAME=${BASE_NAME}-vnet +DEPLOYED_MGMT_SUBNET_NAME_PREFIX=mgmt +DEPLOYED_NVA_FE_SUBNET_NAME_PREFIX=nva-fe +DEPLOYED_NVA_BE_SUBNET_NAME_PREFIX=nva-be +DEPLOYED_WEB_SUBNET_NAME_PREFIX=web +DEPLOYED_BIZ_SUBNET_NAME_PREFIX=biz +DEPLOYED_DB_SUBNET_NAME_PREFIX=db + +DEPLOYED_WEB_SUBNET_NAME=${BASE_NAME}-web-sn +DEPLOYED_BIZ_SUBNET_NAME=${BASE_NAME}-biz-sn +DEPLOYED_DB_SUBNET_NAME=${BASE_NAME}-db-sn + +DEPLOYED_WEB_UDR_NAME=${BASE_NAME}-web-udr +DEPLOYED_BIZ_UDR_NAME=${BASE_NAME}-biz-udr +DEPLOYED_DB_UDR_NAME=${BASE_NAME}-db-udr + + +############################################################################ +## Create ILB and VMs in web, biz, db +############################################################################ +# create web tier +TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/bb-ilb-backend-http-https.json +SUBNET_NAME_PREFIX=${DEPLOYED_WEB_SUBNET_NAME_PREFIX} +ILB_IP_ADDRESS=${WEB_ILB_IP_ADDRESS} +NUMBER_VMS=${WEB_NUMBER_VMS} + +RESOURCE_GROUP=${BASE_NAME}-${SUBNET_NAME_PREFIX}-tier-rg +VM_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VM_COMPUTER_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VNET_RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +VNET_NAME=${DEPLOYED_VNET_NAME} +SUBNET_NAME=${DEPLOYED_WEB_SUBNET_NAME} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"vnetResourceGroup\":{\"value\":\"${VNET_RESOURCE_GROUP}\"},\"vnetName\":{\"value\":\"${VNET_NAME}\"},\"subnetName\":{\"value\":\"${SUBNET_NAME}\"},\"adminUsername\":{\"value\":\"${ADMIN_USER_NAME}\"},\"adminPassword\":{\"value\":\"${ADMIN_PASSWORD}\"},\"subnetNamePrefix\":{\"value\":\"${SUBNET_NAME_PREFIX}\"},\"ilbIpAddress\":{\"value\":\"${ILB_IP_ADDRESS}\"},\"osType\":{\"value\":\"${OS_TYPE}\"},\"numberVMs\":{\"value\":${NUMBER_VMS}},\"vmNamePrefix\":{\"value\":\"${VM_NAME_PREFIX}\"},\"vmComputerNamePrefix\":{\"value\":\"${VM_COMPUTER_NAME_PREFIX}\"}}" + +echo +echo +echo azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + +# install iis/apache to web vms +for i in `seq 1 ${NUMBER_VMS}`; +do + VM_NAME=${BASE_NAME}-${VM_NAME_PREFIX}${i}-vm + PARAMETERS="{\"vmName\":{\"value\":\"${VM_NAME}\"}}" + if [ "${OS_TYPE}" == "Windows" ]; then + TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/ibb-vm-iis.json + echo + echo + echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + fi + if [ "${OS_TYPE}" == "Ubuntu" ]; then + TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/ibb-vm-apache.json + echo + echo + echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + fi +done + +# create biz tier +TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/bb-ilb-backend-http-https.json +SUBNET_NAME_PREFIX=${DEPLOYED_BIZ_SUBNET_NAME_PREFIX} +ILB_IP_ADDRESS=${BIZ_ILB_IP_ADDRESS} +NUMBER_VMS=${BIZ_NUMBER_VMS} + +RESOURCE_GROUP=${BASE_NAME}-${SUBNET_NAME_PREFIX}-tier-rg +VM_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VM_COMPUTER_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VNET_RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +VNET_NAME=${DEPLOYED_VNET_NAME} +SUBNET_NAME=${DEPLOYED_BIZ_SUBNET_NAME} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"vnetResourceGroup\":{\"value\":\"${VNET_RESOURCE_GROUP}\"},\"vnetName\":{\"value\":\"${VNET_NAME}\"},\"subnetName\":{\"value\":\"${SUBNET_NAME}\"},\"adminUsername\":{\"value\":\"${ADMIN_USER_NAME}\"},\"adminPassword\":{\"value\":\"${ADMIN_PASSWORD}\"},\"subnetNamePrefix\":{\"value\":\"${SUBNET_NAME_PREFIX}\"},\"ilbIpAddress\":{\"value\":\"${ILB_IP_ADDRESS}\"},\"osType\":{\"value\":\"${OS_TYPE}\"},\"numberVMs\":{\"value\":${NUMBER_VMS}},\"vmNamePrefix\":{\"value\":\"${VM_NAME_PREFIX}\"},\"vmComputerNamePrefix\":{\"value\":\"${VM_COMPUTER_NAME_PREFIX}\"}}" + +echo +echo +echo azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + +# create db tier +TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/bb-ilb-backend-http-https.json +SUBNET_NAME_PREFIX=${DEPLOYED_DB_SUBNET_NAME_PREFIX} +ILB_IP_ADDRESS=${DB_ILB_IP_ADDRESS} +NUMBER_VMS=${DB_NUMBER_VMS} + +RESOURCE_GROUP=${BASE_NAME}-${SUBNET_NAME_PREFIX}-tier-rg +VM_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VM_COMPUTER_NAME_PREFIX=${SUBNET_NAME_PREFIX} +VNET_RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +VNET_NAME=${DEPLOYED_VNET_NAME} +SUBNET_NAME=${DEPLOYED_DB_SUBNET_NAME} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"vnetResourceGroup\":{\"value\":\"${VNET_RESOURCE_GROUP}\"},\"vnetName\":{\"value\":\"${VNET_NAME}\"},\"subnetName\":{\"value\":\"${SUBNET_NAME}\"},\"adminUsername\":{\"value\":\"${ADMIN_USER_NAME}\"},\"adminPassword\":{\"value\":\"${ADMIN_PASSWORD}\"},\"subnetNamePrefix\":{\"value\":\"${SUBNET_NAME_PREFIX}\"},\"ilbIpAddress\":{\"value\":\"${ILB_IP_ADDRESS}\"},\"osType\":{\"value\":\"${OS_TYPE}\"},\"numberVMs\":{\"value\":${NUMBER_VMS}},\"vmNamePrefix\":{\"value\":\"${VM_NAME_PREFIX}\"},\"vmComputerNamePrefix\":{\"value\":\"${VM_COMPUTER_NAME_PREFIX}\"}}" + +echo +echo +echo azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + +############################################################################ +## Create ILB and VMs in nva subnet and jumbox in management subnet +############################################################################ +MGMT_RESOURCE_GROUP=${BASE_NAME}-mgmt-rg +RESOURCE_GROUP=${MGMT_RESOURCE_GROUP} +TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/ibb-nvas-mgmt.json + +MGMT_SUBNET_NAME_PREFIX=${DEPLOYED_MGMT_SUBNET_NAME_PREFIX} +NVA_FE_SUBNET_NAME_PREFIX=${DEPLOYED_NVA_FE_SUBNET_NAME_PREFIX} +NVA_BE_SUBNET_NAME_PREFIX=${DEPLOYED_NVA_BE_SUBNET_NAME_PREFIX} + +MGMT_SUBNET_PREFIX=${VNET_MGMT_SUBNET_PREFIX} +VNET_PREFIX=${VNET_PREFIX} + +FE_SUBNET_ID=/subscriptions/${SUBSCRIPTION}/resourceGroups/${NTWK_RESOURCE_GROUP}/providers/Microsoft.Network/virtualNetworks/${BASE_NAME}-vnet/subnets/${BASE_NAME}-${NVA_FE_SUBNET_NAME_PREFIX}-sn +BE_SUBNET_ID=/subscriptions/${SUBSCRIPTION}/resourceGroups/${NTWK_RESOURCE_GROUP}/providers/Microsoft.Network/virtualNetworks/${BASE_NAME}-vnet/subnets/${BASE_NAME}-${NVA_BE_SUBNET_NAME_PREFIX}-sn +MGMT_SUBNET_ID=/subscriptions/${SUBSCRIPTION}/resourceGroups/${NTWK_RESOURCE_GROUP}/providers/Microsoft.Network/virtualNetworks/${BASE_NAME}-vnet/subnets/${BASE_NAME}-${MGMT_SUBNET_NAME_PREFIX}-sn +ILB_IP_ADDRESS=${NVA_FE_ILB_IP_ADDRESS} +JUMPBOX_IP_ADDRESS=${MGMT_JUMPBOX_IP_ADDRESS} +VM_SIZE=Standard_DS3 +JUMPBOX_OS_TYPE=${OS_TYPE} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"vnetPrefix\":{\"value\":\"${VNET_PREFIX}\"},\"mgmtSubnetPrefix\":{\"value\":\"${MGMT_SUBNET_PREFIX}\"},\"feSubnetId\":{\"value\":\"${FE_SUBNET_ID}\"},\"beSubnetId\":{\"value\":\"${BE_SUBNET_ID}\"},\"mgmtSubnetId\":{\"value\":\"${MGMT_SUBNET_ID}\"},\"ilbIpAddress\":{\"value\":\"${ILB_IP_ADDRESS}\"},\"jumpboxIpAddress\":{\"value\":\"${JUMPBOX_IP_ADDRESS}\"},\"adminUsername\":{\"value\":\"${ADMIN_USER_NAME}\"},\"adminPassword\":{\"value\":\"${ADMIN_PASSWORD}\"},\"jumpboxOSType\":{\"value\":\"${JUMPBOX_OS_TYPE}\"},\"vmSize\":{\"value\":\"${VM_SIZE}\"}}" +echo +echo +echo azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} + azure group create --name ${RESOURCE_GROUP} --location ${LOCATION} --subscription ${SUBSCRIPTION} +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + + +#the folloiwng parameters are from the mgmt tier, and is needed for vpn creation +DEPLOYED_GW_UDR_NAME=${BASE_NAME}-gw-udr + +############################################################################ +## Create VPN Gateway and VPN connection to connect to on premises network +############################################################################ +TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/bb-vpn-gateway-connection.json + +RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +GATEWAY_SUBNET_ADDRESS_PREFIX=${VNET_GATEWAY_SUBNET_ADDRESS_PREFIX} +VNET_NAME=${DEPLOYED_VNET_NAME} +UDR_NAME=${DEPLOYED_GW_UDR_NAME} +VPN_TYPE=RouteBased +UDR_RESOURCE_GROUP=${MGMT_RESOURCE_GROUP} +ON_PREMISES_PIP=${INPUT_ON_PREMISES_PUBLIC_IP} +ON_PREMISES_ADDRESS_SPACE=${INPUT_ON_PREMISES_ADDRESS_SPACE} +SHARED_KEY=${INPUT_VPN_IPSEC_SHARED_KEY} +PARAMETERS="{\"baseName\":{\"value\":\"${BASE_NAME}\"},\"vnetName\":{\"value\":\"${VNET_NAME}\"},\"gatewaySubnetAddressPrefix\":{\"value\":\"${GATEWAY_SUBNET_ADDRESS_PREFIX}\"},\"vpnType\":{\"value\":\"${VPN_TYPE}\"},\"udrName\":{\"value\":\"${UDR_NAME}\"},\"udrResourceGroup\":{\"value\":\"${UDR_RESOURCE_GROUP}\"},\"onPremisesPIP\":{\"value\":\"${ON_PREMISES_PIP}\"},\"onPremisesAddressSpace\":{\"value\":\"${ON_PREMISES_ADDRESS_SPACE}\"},\"sharedKey\":{\"value\":\"${SHARED_KEY}\"}}" + +echo +echo +echo azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} + +############################################################################ +## UnComment the following lines to enable forced tunneling in web/biz/db tier +#TEMPLATE_URI=${URI_BASE}/ARMBuildingBlocks/Templates/bb-ntwk-forced-tunneling.json +#RESOURCE_GROUP=${NTWK_RESOURCE_GROUP} +#WEB_UDR_NAME=${DEPLOYED_WEB_UDR_NAME} +#BIZ_UDR_NAME=${DEPLOYED_BIZ_UDR_NAME} +#DB_UDR_NAME=${DEPLOYED_DB_UDR_NAME} +#PARAMETERS="{\"webUdrName\":{\"value\":\"${WEB_UDR_NAME}\"},\"bizUdrName\":{\"value\":\"${BIZ_UDR_NAME}\"},\"dbUdrName\":{\"value\":\"${DB_UDR_NAME}\"}}" +#azure group deployment create --template-uri ${TEMPLATE_URI} -g ${RESOURCE_GROUP} -p ${PARAMETERS} +############################################################################ + diff --git a/guidance-hybrid-network-secure-vnet/guidance-hybrid-network-secure-vnet.deployproj b/guidance-hybrid-network-secure-vnet/guidance-hybrid-network-secure-vnet.deployproj new file mode 100644 index 000000000..6442708b7 --- /dev/null +++ b/guidance-hybrid-network-secure-vnet/guidance-hybrid-network-secure-vnet.deployproj @@ -0,0 +1,35 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + 5b5343ce-caff-42cf-893d-cabcc55858bb + + + Deployment + 1.0 + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-hybrid-network-vpn-er/Deployment.targets b/guidance-hybrid-network-vpn-er/Deployment.targets new file mode 100644 index 000000000..4616e6bb8 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-hybrid-network-vpn-er/Parameters/expressRouteCircuit.parameters.json b/guidance-hybrid-network-vpn-er/Parameters/expressRouteCircuit.parameters.json new file mode 100644 index 000000000..14711ce73 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Parameters/expressRouteCircuit.parameters.json @@ -0,0 +1,22 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentContext": { + "value": { + "parentTemplateUniqueString": "" + } + }, + "expressRouteCircuitSettings": { + "value": { + "name": "ra-hybrid-vpn-er-erc", + "skuTier": "Premium", + "skuFamily": "UnlimitedData", + "serviceProviderName": "Equinix", + "peeringLocation": "Silicon Valley", + "bandwidthInMbps": 50, + "allowClassicOperations": false + } + } + } +} \ No newline at end of file diff --git a/guidance-hybrid-network-vpn-er/Parameters/virtualNetwork.parameters.json b/guidance-hybrid-network-vpn-er/Parameters/virtualNetwork.parameters.json new file mode 100644 index 000000000..e9133de97 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Parameters/virtualNetwork.parameters.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-vpn-er-vnet", + "addressPrefixes": [ + "10.20.0.0/16" + ], + "subnets": [ + { + "name": "GatewaySubnet", + "addressPrefix": "10.20.255.224/27" + }, + { + "name": "ra-hybrid-vpn-er-sn", + "addressPrefix": "10.20.1.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-expressRoute.parameters.json b/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-expressRoute.parameters.json new file mode 100644 index 000000000..e1b83089d --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-expressRoute.parameters.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-vpn-er-vnet" + } + }, + "virtualNetworkGatewaySettings": { + "value": { + "name": "ra-hybrid-er-vgw", + "gatewayType": "ExpressRoute", + "vpnType": "RouteBased", + "sku": "Standard" + } + }, + "connectionSettings": { + "value": { + "name": "ra-hybrid-er-cn", + "connectionType": "ExpressRoute", + "virtualNetworkGateway1": { + "name": "ra-hybrid-er-vgw" + }, + "expressRouteCircuit": { + "name": "ra-hybrid-vpn-er-erc" + } + } + } + } +} diff --git a/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-vpn.parameters.json b/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-vpn.parameters.json new file mode 100644 index 000000000..874266195 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-vpn.parameters.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-vpn-er-vnet" + } + }, + "virtualNetworkGatewaySettings": { + "value": { + "name": "ra-hybrid-vpn-vgw", + "gatewayType": "Vpn", + "vpnType": "RouteBased", + "sku": "Standard" + } + }, + "connectionSettings": { + "value": { + "name": "ra-hybrid-vpn-cn", + "connectionType": "IPsec", + "sharedKey": "123secret", + "virtualNetworkGateway1": { + "name": "ra-hybrid-vpn-vgw" + }, + "localNetworkGateway": { + "name": "ra-hybrid-vpn-lgw", + "ipAddress": "40.50.60.70", + "addressPrefixes": [ "192.168.0.0/16" ] + } + } + } + } +} diff --git a/guidance-hybrid-network-vpn-er/Scripts/Deploy-ReferenceArchitecture.ps1 b/guidance-hybrid-network-vpn-er/Scripts/Deploy-ReferenceArchitecture.ps1 new file mode 100644 index 000000000..c3bb1b8fd --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Scripts/Deploy-ReferenceArchitecture.ps1 @@ -0,0 +1,70 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US", + [Parameter(Mandatory=$true)] + [ValidateSet("Circuit", "Network")] + $Mode +) + +$ErrorActionPreference = "Stop" + +$templateRootUriString = $env:TEMPLATE_ROOT_URI +if ($templateRootUriString -eq $null) { + $templateRootUriString = "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/" +} + +if (![System.Uri]::IsWellFormedUriString($templateRootUriString, [System.UriKind]::Absolute)) { + throw "Invalid value for TEMPLATE_ROOT_URI: $env:TEMPLATE_ROOT_URI" +} + +Write-Host +Write-Host "Using $templateRootUriString to locate templates" +Write-Host + +$templateRootUri = New-Object System.Uri -ArgumentList @($templateRootUriString) + +$expressRouteCircuitTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json") +$expressRouteCircuitParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\expressRouteCircuit.parameters.json") + +$virtualNetworkTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json") +$virtualNetworkParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetwork.parameters.json") + +$expressRouteGatewayTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json") +$expressRouteGatewayParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetworkGateway-expressRoute.parameters.json") + +$virtualNetworkGatewayTemplate = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json") +$virtualNetworkGatewayParametersFile = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetworkGateway-vpn.parameters.json") + +$resourceGroupName = "ra-hybrid-vpn-er-rg" +# Login to Azure and select your subscription +Login-AzureRmAccount -SubscriptionId $SubscriptionId | Out-Null + +$resourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -Location $Location -ErrorAction SilentlyContinue +if ($resourceGroup -eq $null) { + # Create the resource group + $resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location +} + +if ($Mode -eq "Circuit") { + Write-Host "Creating ExpressRoute circuit..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-circuit-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $expressRouteCircuitTemplate.AbsoluteUri -TemplateParameterFile $expressRouteCircuitParametersFile +} +elseif ($Mode -eq "Network") { + Write-Host "Deploying virtual network..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersFile + + Write-Host "Deploying expressroute gateway..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-er-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $expressRouteGatewayTemplate.AbsoluteUri -TemplateParameterFile $expressRouteGatewayParametersFile + + Write-Host "Deploying virtual network gateway..." + New-AzureRmResourceGroupDeployment -Name "ra-hybrid-vpn-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkGatewayTemplate.AbsoluteUri -TemplateParameterFile $virtualNetworkGatewayParametersFile +} diff --git a/guidance-hybrid-network-vpn-er/Scripts/deploy-reference-architecture.sh b/guidance-hybrid-network-vpn-er/Scripts/deploy-reference-architecture.sh new file mode 100644 index 000000000..254500bbe --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Scripts/deploy-reference-architecture.sh @@ -0,0 +1,177 @@ +#!/bin/bash + +RESOURCE_GROUP_NAME="ra-hybrid-vpn-er-rg" +LOCATION="centralus" +MODE="" + +TEMPLATE_ROOT_URI=${TEMPLATE_ROOT_URI:="https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/"} +# Make sure we have a trailing slash +[[ "${TEMPLATE_ROOT_URI}" != */ ]] && TEMPLATE_ROOT_URI="${TEMPLATE_ROOT_URI}/" + +# For validating HTTP URIs only +URI_REGEX="^((?:https?://(?:(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,64}(?::(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,25})?@)?)?(?:(([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF-]{0,61}[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]){0,1}\.)+[a-zA-Z\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]{2,63}|((25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[0-9]))))(?::\d{1,5})?)(/(?:(?:[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF;/?:@&=#~.+!*(),_-])|(?:%[a-fA-F0-9]{2}))*)?(?:\b|$)$" + +validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +showErrorAndUsage() { + echo + if [[ "$1" != "" ]] + then + echo " error: $1" + echo + fi + echo " usage: $(basename ${0}) [options]" + echo " options:" + echo " -l, --location " + echo " -m, --mode " + echo " -s, --subscription " + echo + exit 1 +} + +if [[ $# < 1 ]] +then + showErrorAndUsage +fi + +while [[ $# > 0 ]] +do + key="$1" + case $key in + -l|--location) + LOCATION="$2" + shift + ;; + -m|--mode) + MODE="$2" + shift + ;; + -s|--subscription) + SUBSCRIPTION_ID="$2" + shift + ;; + *) + showErrorAndUsage "Unknown option: $1" + ;; + esac + shift +done + +if ! [[ $SUBSCRIPTION_ID =~ ^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$ ]]; +then + showErrorAndUsage "Invalid Subscription ID." +fi + +if validateNotEmpty $LOCATION; +then + showErrorAndUsage "Location must be provided." +fi + +if validate $MODE "circuit" "network"; +then + showErrorAndUsage "Invalid mode: '${MODE}'. Valid values are 'circuit' or 'network'." +fi + +if grep -P -v $URI_REGEX <<< $TEMPLATE_ROOT_URI > /dev/null +then + showErrorAndUsage "Invalid value for TEMPLATE_ROOT_URI: ${TEMPLATE_ROOT_URI}" +fi + +echo +echo "Using ${TEMPLATE_ROOT_URI} to locate templates" +echo + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +EXPRESS_ROUTE_CIRCUIT_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json" +EXPRESS_ROUTE_CIRCUIT_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/expressRouteCircuit.parameters.json" +EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME="ra-hybrid-vpn-er-circuit-deployment" + +VIRTUAL_NETWORK_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json" +VIRTUAL_NETWORK_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetwork.parameters.json" +VIRTUAL_NETWORK_DEPLOYMENT_NAME="ra-hybrid-vpn-er-vnet-deployment" + +EXPRESS_ROUTE_GATEWAY_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json" +EXPRESS_ROUTE_GATEWAY_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetworkGateway-expressRoute.parameters.json" +EXPRESS_ROUTE_GATEWAY_DEPLOYMENT_NAME="ra-hybrid-er-deployment" + +VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json" +VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetworkGateway-vpn.parameters.json" +VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME="ra-hybrid-vpn-deployment" + +azure config mode arm + +if ! RESOURCE_GROUP_OUTPUT=$(azure group show --name $RESOURCE_GROUP_NAME --subscription $SUBSCRIPTION_ID --json) +then + # The resource group doesn't exist, so create the resource group and save the output for later. + RESOURCE_GROUP_OUTPUT=$(azure group create --name $RESOURCE_GROUP_NAME --location $LOCATION --subscription $SUBSCRIPTION_ID --json) || exit 1 +fi + +if [[ $MODE == "circuit" ]] +then + echo "Creating ExpressRoute circuit..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME \ + --template-uri $EXPRESS_ROUTE_CIRCUIT_TEMPLATE_URI --parameters-file $EXPRESS_ROUTE_CIRCUIT_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + # Display json output + echo "===================================" + + echo $RESOURCE_GROUP_OUTPUT + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_CIRCUIT_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + echo "===================================" +elif [[ $MODE == "network" ]] +then + # Create the virtual network + echo "Deploying virtual network..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ + --template-uri $VIRTUAL_NETWORK_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + echo "Deploying expressroute gateway..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_GATEWAY_DEPLOYMENT_NAME \ + --template-uri $EXPRESS_ROUTE_GATEWAY_TEMPLATE_URI --parameters-file $EXPRESS_ROUTE_GATEWAY_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + echo "Deploying virtual network gateway..." + azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ + --template-uri $VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH \ + --subscription $SUBSCRIPTION_ID || exit 1 + + # Display json output + echo "===================================" + + echo $RESOURCE_GROUP_OUTPUT + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $EXPRESS_ROUTE_GATEWAY_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ + --subscription $SUBSCRIPTION_ID --json || exit 1 + + echo "===================================" +fi diff --git a/guidance-hybrid-network-vpn-er/Templates/azuredeploy-expressRouteCircuit.json b/guidance-hybrid-network-vpn-er/Templates/azuredeploy-expressRouteCircuit.json new file mode 100644 index 000000000..276c5d8ac --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Templates/azuredeploy-expressRouteCircuit.json @@ -0,0 +1,41 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "expressRouteCircuit": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/resources/Microsoft.Network/expressRouteCircuits/expressRouteCircuit.json')]" + }, + "parameter": { + "expressRouteCircuit": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn-er/Parameters/expressRouteCircuit.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-vpn-er-circuit-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.expressRouteCircuit]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.expressRouteCircuit]" + } + } + } + ], + "outputs": { + } +} \ No newline at end of file diff --git a/guidance-hybrid-network-vpn-er/Templates/azuredeploy.json b/guidance-hybrid-network-vpn-er/Templates/azuredeploy.json new file mode 100644 index 000000000..357f4a2a0 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/Templates/azuredeploy.json @@ -0,0 +1,79 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "expressRouteGateway": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json')]" + }, + "parameter": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn-er/Parameters/virtualNetwork.parameters.json')]", + "expressRouteGateway": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-expressRoute.parameters.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn-er/Parameters/virtualNetworkGateway-vpn.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-vpn-er-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetwork]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetwork]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-er-deployment", + "dependsOn": [ + "ra-hybrid-vpn-er-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.expressRouteGateway]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.expressRouteGateway]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-vpn-deployment", + "dependsOn": [ + "ra-hybrid-er-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetworkGateway]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetworkGateway]" + } + } + } + ], + "outputs": { + } +} diff --git a/guidance-hybrid-network-vpn-er/guidance-hybrid-network-vpn-er.deployproj b/guidance-hybrid-network-vpn-er/guidance-hybrid-network-vpn-er.deployproj new file mode 100644 index 000000000..2f05a8f01 --- /dev/null +++ b/guidance-hybrid-network-vpn-er/guidance-hybrid-network-vpn-er.deployproj @@ -0,0 +1,41 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + cfeb9da3-a1f6-495d-8027-d58cbe1bd4cd + + + Deployment + 1.0 + + + + + + + + + + + False + + + + + + + + + + + + \ No newline at end of file diff --git a/guidance-hybrid-network-vpn/Deployment.targets b/guidance-hybrid-network-vpn/Deployment.targets new file mode 100644 index 000000000..4616e6bb8 --- /dev/null +++ b/guidance-hybrid-network-vpn/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-hybrid-network-vpn/Parameters/virtualNetwork.parameters.json b/guidance-hybrid-network-vpn/Parameters/virtualNetwork.parameters.json new file mode 100644 index 000000000..4880da6fb --- /dev/null +++ b/guidance-hybrid-network-vpn/Parameters/virtualNetwork.parameters.json @@ -0,0 +1,25 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-vpn-vnet", + "addressPrefixes": [ + "10.20.0.0/16" + ], + "subnets": [ + { + "name": "GatewaySubnet", + "addressPrefix": "10.20.255.224/27" + }, + { + "name": "ra-hybrid-vpn-sn", + "addressPrefix": "10.20.1.0/24" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-hybrid-network-vpn/Parameters/virtualNetworkGateway.parameters.json b/guidance-hybrid-network-vpn/Parameters/virtualNetworkGateway.parameters.json new file mode 100644 index 000000000..d360664b7 --- /dev/null +++ b/guidance-hybrid-network-vpn/Parameters/virtualNetworkGateway.parameters.json @@ -0,0 +1,34 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-hybrid-vpn-vnet" + } + }, + "virtualNetworkGatewaySettings": { + "value": { + "name": "ra-hybrid-vpn-vgw", + "gatewayType": "Vpn", + "vpnType": "RouteBased", + "sku": "Standard" + } + }, + "connectionSettings": { + "value": { + "name": "ra-hybrid-vpn-cn", + "connectionType": "IPsec", + "sharedKey": "123secret", + "virtualNetworkGateway1": { + "name": "ra-hybrid-vpn-vgw" + }, + "localNetworkGateway": { + "name": "ra-hybrid-vpn-lgw", + "ipAddress": "40.50.60.70", + "addressPrefixes": [ "10.10.0.0/16" ] + } + } + } + } +} diff --git a/guidance-hybrid-network-vpn/Scripts/Deploy-ReferenceArchitecture.ps1 b/guidance-hybrid-network-vpn/Scripts/Deploy-ReferenceArchitecture.ps1 new file mode 100644 index 000000000..8e2335f71 --- /dev/null +++ b/guidance-hybrid-network-vpn/Scripts/Deploy-ReferenceArchitecture.ps1 @@ -0,0 +1,48 @@ +# +# Deploy_ReferenceArchitecture.ps1 +# +param( + [Parameter(Mandatory=$true)] + $SubscriptionId, + [Parameter(Mandatory=$false)] + $Location = "Central US" +) +$ErrorActionPreference = "Stop" + +$templateRootUriString = $env:TEMPLATE_ROOT_URI +if ($templateRootUriString -eq $null) { + $templateRootUriString = "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/" +} + +if (![System.Uri]::IsWellFormedUriString($templateRootUriString, [System.UriKind]::Absolute)) { + throw "Invalid value for TEMPLATE_ROOT_URI: $env:TEMPLATE_ROOT_URI" +} + +Write-Host +Write-Host "Using $templateRootUriString to locate templates" +Write-Host + +$templateRootUri = New-Object System.Uri -ArgumentList @($templateRootUriString) + + +$virtualNetworkTemplateUri = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json") +$virtualNetworkParametersPath = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetwork.parameters.json") + +$virtualNetworkGatewayTemplateUri = New-Object System.Uri -ArgumentList @($templateRootUri, "ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json") +$virtualNetworkGatewayParametersPath = [System.IO.Path]::Combine($PSScriptRoot, "..\Parameters\virtualNetworkGateway.parameters.json") + +$resourceGroupName = "ra-hybrid-vpn-rg" + +# Login to Azure and select the subscription +Login-AzureRmAccount -SubscriptionId $SubscriptionId | Out-Null + +# Create the resource group +$resourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $Location + +Write-Host "Deploying virtual network..." +New-AzureRmResourceGroupDeployment -Name "ra-hybrid-vpn-vnet-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkTemplateUri.AbsoluteUri -TemplateParameterFile $virtualNetworkParametersPath + +Write-Host "Deploying virtual network gateway..." +New-AzureRmResourceGroupDeployment -Name "ra-hybrid-vpn-gateway-deployment" -ResourceGroupName $resourceGroup.ResourceGroupName ` + -TemplateUri $virtualNetworkGatewayTemplateUri.AbsoluteUri -TemplateParameterFile $virtualNetworkGatewayParametersPath diff --git a/guidance-hybrid-network-vpn/Scripts/deploy-reference-architecture.sh b/guidance-hybrid-network-vpn/Scripts/deploy-reference-architecture.sh new file mode 100644 index 000000000..1da89a0df --- /dev/null +++ b/guidance-hybrid-network-vpn/Scripts/deploy-reference-architecture.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +RESOURCE_GROUP_NAME="ra-hybrid-vpn-rg" +LOCATION="centralus" + +TEMPLATE_ROOT_URI=${TEMPLATE_ROOT_URI:="https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/"} +# Make sure we have a trailing slash +[[ "${TEMPLATE_ROOT_URI}" != */ ]] && TEMPLATE_ROOT_URI="${TEMPLATE_ROOT_URI}/" + +# For validating HTTP URIs only +URI_REGEX="^((?:https?://(?:(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,64}(?::(?:[a-zA-Z0-9$.+!*(),;?&=_-]|(?:%[a-fA-F0-9]{2})){1,25})?@)?)?(?:(([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]([a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF-]{0,61}[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]){0,1}\.)+[a-zA-Z\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF]{2,63}|((25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9])\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[1-9]|0)\.(25[0-5]|2[0-4][0-9]|[0-1][0-9]{2}|[1-9][0-9]|[0-9]))))(?::\d{1,5})?)(/(?:(?:[a-zA-Z0-9\x00A0-\xD7FF\xF900-\xFDCF\xFDF0-\xFFEF;/?:@&=#~.+!*(),_-])|(?:%[a-fA-F0-9]{2}))*)?(?:\b|$)$" + +validate() { + for i in "${@:2}"; do + if [[ "$1" == "$i" ]] + then + return 1 + fi + done + + return 0 +} + +validateNotEmpty() { + if [[ "$1" != "" ]] + then + return 1 + else + return 0 + fi +} + +showErrorAndUsage() { + echo + if [[ "$1" != "" ]] + then + echo " error: $1" + echo + fi + echo " usage: $(basename ${0}) [options]" + echo " options:" + echo " -l, --location " + echo " -s, --subscription " + echo + exit 1 +} + +if [[ $# < 1 ]] +then + showErrorAndUsage +fi + +while [[ $# > 0 ]] +do + key="$1" + case $key in + -l|--location) + LOCATION="$2" + shift + ;; + -s|--subscription) + # Explicitly set the subscription to avoid confusion as to which subscription + # is active/default + SUBSCRIPTION_ID="$2" + shift + ;; + *) + showErrorAndUsage "Unknown option: $1" + ;; + esac + shift +done + +if ! [[ $SUBSCRIPTION_ID =~ ^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$ ]]; +then + showErrorAndUsage "Invalid Subscription ID" +fi + +if validateNotEmpty $LOCATION; +then + showErrorAndUsage "Location must be provided" +fi + +if grep -P -v $URI_REGEX <<< $TEMPLATE_ROOT_URI > /dev/null +then + showErrorAndUsage "Invalid value for TEMPLATE_ROOT_URI: ${TEMPLATE_ROOT_URI}" +fi + +echo +echo "Using ${TEMPLATE_ROOT_URI} to locate templates" +echo + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +VIRTUAL_NETWORK_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json" +VIRTUAL_NETWORK_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetwork.parameters.json" +VIRTUAL_NETWORK_DEPLOYMENT_NAME="ra-hybrid-vpn-vnet-deployment" + +VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI="${TEMPLATE_ROOT_URI}ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json" +VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH="${SCRIPT_DIR}/../Parameters/virtualNetworkGateway.parameters.json" +VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME="ra-hybrid-vpn-gateway-deployment" + +azure config mode arm + +if ! RESOURCE_GROUP_OUTPUT=$(azure group show --name $RESOURCE_GROUP_NAME --subscription $SUBSCRIPTION_ID --json) +then + # The resource group doesn't exist, so create the resource group and save the output for later. + RESOURCE_GROUP_OUTPUT=$(azure group create --name $RESOURCE_GROUP_NAME --location $LOCATION --subscription $SUBSCRIPTION_ID --json) || exit 1 +fi + +# Create the virtual network +echo "Deploying virtual network..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--template-uri $VIRTUAL_NETWORK_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +echo "Deploying virtual network gateway..." +azure group deployment create --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ +--template-uri $VIRTUAL_NETWORK_GATEWAY_TEMPLATE_URI --parameters-file $VIRTUAL_NETWORK_GATEWAY_PARAMETERS_PATH \ +--subscription $SUBSCRIPTION_ID || exit 1 + +# Display json output +echo "===================================" + +echo $RESOURCE_GROUP_OUTPUT + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +azure group deployment show --resource-group $RESOURCE_GROUP_NAME --name $VIRTUAL_NETWORK_GATEWAY_DEPLOYMENT_NAME \ +--subscription $SUBSCRIPTION_ID --json || exit 1 + +echo "===================================" diff --git a/guidance-hybrid-network-vpn/Templates/azuredeploy.json b/guidance-hybrid-network-vpn/Templates/azuredeploy.json new file mode 100644 index 000000000..e813767eb --- /dev/null +++ b/guidance-hybrid-network-vpn/Templates/azuredeploy.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vpn-gateway-vpn-connection/azuredeploy.json')]" + }, + "parameter": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn/Parameters/virtualNetwork.parameters.json')]", + "virtualNetworkGateway": "[uri(parameters('templateRootUri'), 'guidance-hybrid-network-vpn/Parameters/virtualNetworkGateway.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetwork]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetwork]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-hybrid-vpn-deployment", + "dependsOn": [ + "ra-hybrid-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetworkGateway]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetworkGateway]" + } + } + } + ], + "outputs": { + } +} diff --git a/guidance-hybrid-network-vpn/guidance-hybrid-network-vpn.deployproj b/guidance-hybrid-network-vpn/guidance-hybrid-network-vpn.deployproj new file mode 100644 index 000000000..43f33acab --- /dev/null +++ b/guidance-hybrid-network-vpn/guidance-hybrid-network-vpn.deployproj @@ -0,0 +1,38 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + 832cb7c6-ceca-424e-a82a-faa4c342fd85 + + + Deployment + 1.0 + + + + + + + + + + + False + + + + + + + + + \ No newline at end of file diff --git a/guidance-iaas-ad/Deployment.targets b/guidance-iaas-ad/Deployment.targets new file mode 100644 index 000000000..4616e6bb8 --- /dev/null +++ b/guidance-iaas-ad/Deployment.targets @@ -0,0 +1,123 @@ + + + + Debug + AnyCPU + bin\$(Configuration)\ + false + true + false + None + obj\ + $(BaseIntermediateOutputPath)\ + $(BaseIntermediateOutputPath)$(Configuration)\ + $(IntermediateOutputPath)ProjectReferences + $(ProjectReferencesOutputPath)\ + true + + + + false + false + + + + + + + + + + + Always + + + Never + + + false + Build + + + + + + + + _GetDeploymentProjectContent; + _CalculateContentOutputRelativePaths; + _GetReferencedProjectsOutput; + _CalculateArtifactStagingDirectory; + _CopyOutputToArtifactStagingDirectory; + + + + + + + + + + + + + + + + + Configuration=$(Configuration);Platform=$(Platform) + + + + + + + $([System.IO.Path]::GetFileNameWithoutExtension('%(ProjectReference.Identity)')) + + + + + + + $(OutDir) + $(OutputPath) + $(ArtifactStagingDirectory)\ + $(ArtifactStagingDirectory)staging\ + $(Build_StagingDirectory) + + + + + + + <_OriginalIdentity>%(DeploymentProjectContentOutput.Identity) + <_RelativePath>$(_OriginalIdentity.Replace('$(MSBuildProjectDirectory)', '')) + + + + + $(_RelativePath) + + + + + + + + + PrepareForRun + + + + + + + + + + + diff --git a/guidance-iaas-ad/Parameters/loadBalancer-adfs-proxy.parameters.json b/guidance-iaas-ad/Parameters/loadBalancer-adfs-proxy.parameters.json new file mode 100644 index 000000000..42d611890 --- /dev/null +++ b/guidance-iaas-ad/Parameters/loadBalancer-adfs-proxy.parameters.json @@ -0,0 +1,113 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "adfs-proxy-lb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.255.158", + "subnetName": "adfs-proxy-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "http-rule", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + }, + { + "name": "https-rule", + "frontendPort": 443, + "backendPort": 443, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "http-probe", + "port": 80, + "protocol": "Http", + "requestPath": "/" + }, + { + "name": "https-probe", + "port": 443, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ], + "inboundNatRules": [ ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "ra-ad-adfs-proxy", + "computerNamePrefix": "adfsp", + "size": "Standard_DS2", + "osType": "windows", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "false", + "subnetName": "adfs-proxy-sn", + "privateIPAllocationMethod": "static", + "startingIPAddress": "10.0.255.156", + "enableIPForwarding": false, + "dnsServers": [ + ], + "isPrimary": "true" + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 0, + "properties": { } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "adfs-proxy-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 2, + "vmCount": 2, + "vmStartIndex": 0 + } + } + } +} diff --git a/guidance-iaas-ad/Parameters/loadBalancer-adfs.parameters.json b/guidance-iaas-ad/Parameters/loadBalancer-adfs.parameters.json new file mode 100644 index 000000000..4add52d7e --- /dev/null +++ b/guidance-iaas-ad/Parameters/loadBalancer-adfs.parameters.json @@ -0,0 +1,113 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "loadBalancerSettings": { + "value": { + "name": "adfs-lb", + "frontendIPConfigurations": [ + { + "name": "lbfe1", + "loadBalancerType": "internal", + "internalLoadBalancerSettings": { + "privateIPAddress": "10.0.255.190", + "subnetName": "adfs-sn" + } + } + ], + "loadBalancingRules": [ + { + "name": "http-rule", + "frontendPort": 80, + "backendPort": 80, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + }, + { + "name": "https-rule", + "frontendPort": 443, + "backendPort": 443, + "protocol": "Tcp", + "backendPoolName": "lb-bep1", + "frontendIPConfigurationName": "lbfe1" + } + ], + "probes": [ + { + "name": "http-probe", + "port": 80, + "protocol": "Http", + "requestPath": "/" + }, + { + "name": "https-probe", + "port": 443, + "protocol": "Http", + "requestPath": "/" + } + ], + "backendPools": [ + { + "name": "lb-bep1", + "nicIndex": 0 + } + ], + "inboundNatRules": [ ] + } + }, + "virtualMachinesSettings": { + "value": { + "namePrefix": "ra-ad-adfs", + "computerNamePrefix": "adfs", + "size": "Standard_DS2", + "osType": "windows", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "false", + "subnetName": "adfs-sn", + "privateIPAllocationMethod": "static", + "startingIPAddress": "10.0.255.188", + "enableIPForwarding": false, + "dnsServers": [ + ], + "isPrimary": "true" + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 0, + "properties": { } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "adfs-as" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 2, + "vmCount": 2, + "vmStartIndex": 0 + } + } + } +} diff --git a/guidance-iaas-ad/Parameters/networkSecurityGroup-ad.parameters.json b/guidance-iaas-ad/Parameters/networkSecurityGroup-ad.parameters.json new file mode 100644 index 000000000..0fd8dc716 --- /dev/null +++ b/guidance-iaas-ad/Parameters/networkSecurityGroup-ad.parameters.json @@ -0,0 +1,279 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "ad-nsg", + "subnets": [ + "ad-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "out-port53", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port88", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port135", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port389", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port445", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "445", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port464", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-rpc-dynamic", + "direction": "Outbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "49152-65535", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port53", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port88", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port135", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port137-139", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "137-139", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port389", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port464", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-rpc-dynamic", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "49152-65535", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port53", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port88", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port135", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port389", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port464", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + } + ] + } + } +} diff --git a/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs-proxy.parameters.json b/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs-proxy.parameters.json new file mode 100644 index 000000000..3955174eb --- /dev/null +++ b/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs-proxy.parameters.json @@ -0,0 +1,114 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "adfs-proxy-nsg", + "subnets": [ + "adfs-proxy-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "onprem-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-https-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-https-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + } + ] + } + } +} diff --git a/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs.parameters.json b/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs.parameters.json new file mode 100644 index 000000000..10c4c1f63 --- /dev/null +++ b/guidance-iaas-ad/Parameters/networkSecurityGroup-adfs.parameters.json @@ -0,0 +1,114 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "adfs-nsg", + "subnets": [ + "adfs-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "onprem-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-https-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-https-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + } + ] + } + } +} diff --git a/guidance-iaas-ad/Parameters/networkSecurityGroup-mgmt.parameters.json b/guidance-iaas-ad/Parameters/networkSecurityGroup-mgmt.parameters.json new file mode 100644 index 000000000..8738360c8 --- /dev/null +++ b/guidance-iaas-ad/Parameters/networkSecurityGroup-mgmt.parameters.json @@ -0,0 +1,81 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "mgmt-nsg", + "subnets": [ + "mgmt-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "on-prem-rdp-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "on-prem-ssh-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "22", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + } + ] + } + } +} diff --git a/guidance-iaas-ad/Parameters/networkSecurityGroup.parameters.json b/guidance-iaas-ad/Parameters/networkSecurityGroup.parameters.json new file mode 100644 index 000000000..6a92d058d --- /dev/null +++ b/guidance-iaas-ad/Parameters/networkSecurityGroup.parameters.json @@ -0,0 +1,540 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "networkSecurityGroupsSettings": { + "value": [ + { + "name": "ad-nsg", + "subnets": [ + "ad-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "out-port53", + "direction": "Outbound", + "priority": 100, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port88", + "direction": "Outbound", + "priority": 200, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port135", + "direction": "Outbound", + "priority": 300, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port389", + "direction": "Outbound", + "priority": 400, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port445", + "direction": "Outbound", + "priority": 500, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "445", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-port464", + "direction": "Outbound", + "priority": 600, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "out-rpc-dynamic", + "direction": "Outbound", + "priority": 700, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "192.168.0.0/24", + "sourcePortRange": "*", + "destinationPortRange": "49152-65535", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port53", + "direction": "Inbound", + "priority": 800, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port88", + "direction": "Inbound", + "priority": 900, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port135", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port137-139", + "direction": "Inbound", + "priority": 1100, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "137-139", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port389", + "direction": "Inbound", + "priority": 1200, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-port464", + "direction": "Inbound", + "priority": 1300, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-to-rpc-dynamic", + "direction": "Inbound", + "priority": 1400, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "49152-65535", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port53", + "direction": "Inbound", + "priority": 1500, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "53", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port88", + "direction": "Inbound", + "priority": 1600, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "88", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port135", + "direction": "Inbound", + "priority": 1700, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "135", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port389", + "direction": "Inbound", + "priority": 1800, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-ad-to-port464", + "direction": "Inbound", + "priority": 1900, + "sourceAddressPrefix": "192.168.0.0/24", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "464", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 2000, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 2100, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 2200, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 2300, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + }, + { + "name": "adfs-nsg", + "subnets": [ + "adfs-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "onprem-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-https-allow", + "direction": "Inbound", + "priority": 1100, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-http-allow", + "direction": "Inbound", + "priority": 1200, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-https-allow", + "direction": "Inbound", + "priority": 1300, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 1400, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1500, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1600, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1700, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + }, + { + "name": "adfs-proxy-nsg", + "subnets": [ + "adfs-proxy-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "onprem-http-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "onprem-https-allow", + "direction": "Inbound", + "priority": 1100, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-http-allow", + "direction": "Inbound", + "priority": 1200, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "80", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-https-allow", + "direction": "Inbound", + "priority": 1300, + "sourceAddressPrefix": "10.0.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "443", + "access": "Allow", + "protocol": "*" + }, + { + "name": "mgmt-rdp-allow", + "direction": "Inbound", + "priority": 1400, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1500, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1600, + "sourceAddressPrefix": "10.0.255.192/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1700, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + }, + { + "name": "mgmt-nsg", + "subnets": [ + "mgmt-sn" + ], + "networkInterfaces": [ + ], + "securityRules": [ + { + "name": "on-prem-rdp-allow", + "direction": "Inbound", + "priority": 1000, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "3389", + "access": "Allow", + "protocol": "*" + }, + { + "name": "on-prem-ssh-allow", + "direction": "Inbound", + "priority": 1100, + "sourceAddressPrefix": "192.168.0.0/16", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "22", + "access": "Allow", + "protocol": "*" + }, + { + "name": "gateway-allow", + "direction": "Inbound", + "priority": 1200, + "sourceAddressPrefix": "10.0.255.224/27", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "self-allow", + "direction": "Inbound", + "priority": 1300, + "sourceAddressPrefix": "10.0.0.128/25", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Allow", + "protocol": "*" + }, + { + "name": "vnet-deny", + "direction": "Inbound", + "priority": 1400, + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "access": "Deny", + "protocol": "*" + } + ] + } + ] + } + } +} diff --git a/guidance-iaas-ad/Parameters/virtualMachine-jumpbox.parameters.json b/guidance-iaas-ad/Parameters/virtualMachine-jumpbox.parameters.json new file mode 100644 index 000000000..6d5370421 --- /dev/null +++ b/guidance-iaas-ad/Parameters/virtualMachine-jumpbox.parameters.json @@ -0,0 +1,60 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachinesSettings": { + "value": { + "namePrefix": "ra-ad-mgmt", + "computerNamePrefix": "jumpbox", + "size": "Standard_DS1", + "osType": "windows", + "adminUsername": "testuser", + "adminPassword": "AweS0me@PW", + "sshPublicKey": "", + "osAuthenticationType": "password", + "nics": [ + { + "isPublic": "false", + "subnetName": "mgmt-sn", + "privateIPAllocationMethod": "static", + "startingIPAddress": "10.0.0.254", + "enableIPForwarding": false, + "dnsServers": [ + ], + "isPrimary": "true" + } + ], + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2012-R2-Datacenter", + "version": "latest" + }, + "dataDisks": { + "count": 0, + "properties": { } + }, + "osDisk": { + "caching": "ReadWrite" + }, + "availabilitySet": { + "useExistingAvailabilitySet": "No", + "name": "" + } + } + }, + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg" + } + }, + "buildingBlockSettings": { + "value": { + "storageAccountsCount": 1, + "vmCount": 1, + "vmStartIndex": 0 + } + } + } +} diff --git a/guidance-iaas-ad/Parameters/virtualNetwork.parameters.json b/guidance-iaas-ad/Parameters/virtualNetwork.parameters.json new file mode 100644 index 000000000..98f6ef2b5 --- /dev/null +++ b/guidance-iaas-ad/Parameters/virtualNetwork.parameters.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualNetworkSettings": { + "value": { + "name": "ra-ad-vnet", + "resourceGroup": "ra-ad-rg", + "addressPrefixes": [ + "10.0.0.0/16" + ], + "subnets": [ + { + "name": "nva-frontend-sn", + "addressPrefix": "10.0.0.0/27" + }, + { + "name": "nva-backend-sn", + "addressPrefix": "10.0.0.32/27" + }, + { + "name": "dmz-frontend-sn", + "addressPrefix": "10.0.0.64/27" + }, + { + "name": "dmz-backend-sn", + "addressPrefix": "10.0.0.96/27" + }, + { + "name": "mgmt-sn", + "addressPrefix": "10.0.0.128/25" + }, + { + "name": "GatewaySubnet", + "addressPrefix": "10.0.255.224/27" + }, + { + "name": "ad-sn", + "addressPrefix": "10.0.255.192/27" + }, + { + "name": "adfs-sn", + "addressPrefix": "10.0.255.160/27" + }, + { + "name": "adfs-proxy-sn", + "addressPrefix": "10.0.255.128/27" + } + ], + "dnsServers": [ ] + } + } + } +} diff --git a/guidance-iaas-ad/Templates/azuredeploy.json b/guidance-iaas-ad/Templates/azuredeploy.json new file mode 100644 index 000000000..8407608a1 --- /dev/null +++ b/guidance-iaas-ad/Templates/azuredeploy.json @@ -0,0 +1,118 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "templateRootUri": { + "type": "string", + "defaultValue": "https://raw.githubusercontent.com/mspnp/arm-building-blocks/master/", + "metadata": { + "description": "Root path for templates" + } + } + }, + "variables": { + "templates": { + "deployment": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/vnet-n-subnet/azuredeploy.json')]", + "networkSecurityGroup": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/networkSecurityGroups/azuredeploy.json')]", + "virtualMachines": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/multi-vm-n-nic-m-storage/azuredeploy.json')]", + "loadBalancer": "[uri(parameters('templateRootUri'), 'ARMBuildingBlocks/Templates/buildingBlocks/loadBalancer-backend-n-vm/azuredeploy.json')]" + }, + "parameter": { + "virtualNetwork": "[uri(parameters('templateRootUri'), 'guidance-iaas-ad/Parameters/virtualNetwork.parameters.json')]", + "networkSecurityGroup": "[uri(parameters('templateRootUri'), 'guidance-iaas-ad/Parameters/networkSecurityGroup.parameters.json')]", + "jumpbox": "[uri(parameters('templateRootUri'), 'guidance-iaas-ad/Parameters/virtualMachine-jumpbox.parameters.json')]", + "adfsLoadBalancer": "[uri(parameters('templateRootUri'), 'guidance-iaas-ad/Parameters/loadBalancer-adfs.parameters.json')]", + "adfsProxyLoadBalancer": "[uri(parameters('templateRootUri'), 'guidance-iaas-ad/Parameters/loadBalancer-adfs-proxy.parameters.json')]" + } + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-iaas-ad-vnet-deployment", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualNetwork]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.virtualNetwork]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-iaas-ad-jumpbox-deployment", + "dependsOn": [ + "ra-iaas-ad-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.virtualMachines]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.jumpbox]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-iaas-ad-adfs-lb-deployment", + "dependsOn": [ + "ra-iaas-ad-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.loadBalancer]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.adfsLoadBalancer]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-iaas-ad-adfs-proxy-lb-deployment", + "dependsOn": [ + "ra-iaas-ad-vnet-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.loadBalancer]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.adfsProxyLoadBalancer]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2015-01-01", + "name": "ra-iaas-ad-nsg-deployment", + "dependsOn": [ + "ra-iaas-ad-jumpbox-deployment", + "ra-iaas-ad-adfs-lb-deployment", + "ra-iaas-ad-adfs-proxy-lb-deployment" + ], + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "[variables('templates').deployment.networkSecurityGroup]" + }, + "parametersLink": { + "uri": "[variables('templates').parameter.networkSecurityGroup]" + } + } + } + ], + "outputs": { + } +} diff --git a/guidance-iaas-ad/guidance-iaas-ad.deployproj b/guidance-iaas-ad/guidance-iaas-ad.deployproj new file mode 100644 index 000000000..48fd4d602 --- /dev/null +++ b/guidance-iaas-ad/guidance-iaas-ad.deployproj @@ -0,0 +1,47 @@ + + + + + Debug + AnyCPU + + + Release + AnyCPU + + + + aebdae84-0e70-4e7a-ad5f-2e05007f30a6 + + + Deployment + 1.0 + + + + + + + + + + + + + + + False + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test/execute-ra.sh b/test/execute-ra.sh new file mode 100644 index 000000000..71d59d156 --- /dev/null +++ b/test/execute-ra.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -o pipefail +fold_label=$1 +shift +dir_name=$(dirname $1) +script_name=$(basename $1) +shift + +echo -en "travis_fold:start:${fold_label}\r" +pushd "${dir_name}/" +sudo chmod +x ./$script_name +./$script_name $@ +exit_code=$? +popd +echo -en "travis_fold:end:${fold_label}\r" +exit $exit_code diff --git a/test/test-setup.sh b/test/test-setup.sh new file mode 100644 index 000000000..2db8ab9b8 --- /dev/null +++ b/test/test-setup.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +echo -en 'travis_fold:start:setup-azure-cli\\r' +azure telemetry --disable +azure login --username $SPN --password $SPP --tenant $T --service-principal +echo -en 'travis_fold:end:setup-azure-cli\\r' +echo