diff --git a/Environments/SharedServices/orchestration.json b/Environments/SharedServices/orchestration.json index 938fee7..98d4528 100644 --- a/Environments/SharedServices/orchestration.json +++ b/Environments/SharedServices/orchestration.json @@ -172,9 +172,6 @@ "OverrideParameters": { "routeTableName": { "value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}" - }, - "routes": { - "value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}" } } } @@ -191,9 +188,6 @@ "vnetAddressPrefixes": { "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AddressPrefixes}" }, - "dnsServers": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}" - }, "subnets": { "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets}" }, @@ -222,96 +216,6 @@ } } }, - { - "Name": "VirtualNetworkGateway", - "ModuleDefinitionName": "VirtualNetworkGateway", - "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}", - "Deployment": { - "OverrideParameters": { - "virtualNetworkGatewayName": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.Name}" - }, - "virtualNetworkGatewayType": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewayType}" - }, - "virtualNetworkGatewaySku": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewaySku}" - }, - "vpnType": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnType}" - }, - "vNetId": { - "value": "reference(VirtualNetwork.vNetResourceId)" - }, - "enableBgp": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" - } - } - } - }, - { - "Name": "LocalVirtualNetworkGatewayConnection", - "Comments": "Connect Shared Services Virtual Network Gateway to a Simulated On-Premises Virtual Network Gateway", - "ModuleDefinitionName": "VirtualNetworkGatewayConnection", - "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}", - "Deployment": { - "OverrideParameters": { - "localVirtualNetworkGatewayName": { - "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)" - }, - "remoteVirtualNetworkGatewayName": { - "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}" - }, - "remoteVirtualNetworkResourceGroup": { - "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}" - }, - "remoteVirtualNetworkGatewaySubscriptionId": { - "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.SubscriptionId}" - }, - "enableBgp": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" - }, - "vpnSharedKey": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}" - }, - "remoteConnectionName": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.LocalConnection.Name}" - } - } - } - }, - { - "Name": "RemoteVirtualNetworkGatewayConnection", - "Comments": "Connect On-Premises Virtual Network Gateway to a Simulated Shared Services Virtual Network Gateway", - "ModuleDefinitionName": "VirtualNetworkGatewayConnection", - "Subscription": "OnPremises", - "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}", - "Deployment": { - "OverrideParameters": { - "localVirtualNetworkGatewayName": { - "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}" - }, - "remoteVirtualNetworkGatewayName": { - "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)" - }, - "remoteVirtualNetworkResourceGroup": { - "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayResourceGroup)" - }, - "remoteVirtualNetworkGatewaySubscriptionId": { - "value": "${Subscriptions.SharedServices.SubscriptionId}" - }, - "enableBgp": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" - }, - "vpnSharedKey": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}" - }, - "remoteConnectionName": { - "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.RemoteConnection.Name}" - } - } - } - }, { "Name": "AzureFirewall", "ModuleDefinitionName": "AzureFirewall", @@ -339,6 +243,19 @@ } } }, + { + "Name": "AddRoutesToSharedServicesRouteTable", + "ModuleDefinitionName": "RouteTables", + "Updates": "SharedServicesRouteTable", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.RouteTables.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "routes": { + "value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}" + } + } + } + }, { "Name": "KeyVault", "ModuleDefinitionName": "KeyVault", @@ -486,6 +403,86 @@ } } }, + { + "Name": "ActiveDirectory", + "ModuleDefinitionName": "ActiveDirectory", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ResourceGroup}", + "Comments": "Creates Active Directory Domain Services VMs", + "Deployment": { + "OverrideParameters": { + "virtualMachineName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.Name}" + }, + "virtualMachineSize": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.VMSize}" + }, + "virtualMachineOSImage": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.OSImage}" + }, + "artifactsStorageAccountSasKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountSasToken)" + }, + "artifactsStorageAccountName": { + "value": "reference(ArtifactsStorageAccount.storageAccountName)" + }, + "artifactsStorageAccountKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceId)" + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)" + }, + "diagnosticsStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticsStorageAccountSasToken": { + "value": "reference(DiagnosticStorageAccount.storageAccountSasToken)" + }, + "adIpAddress": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + }, + "domainControllerAsgId": { + "value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)" + }, + "subnetName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.SubnetName}" + }, + "cloudZone": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.CloudZone}" + }, + "domainName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainName}" + }, + "adSitename": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ADSitename}" + }, + "domainAdminUsername": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUsername}" + }, + "domainAdminPassword": { + "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}" + } + } + } + }, + { + "Name": "EnableDnsServersOnVirtualNetwork", + "ModuleDefinitionName": "vNet", + "Updates": "VirtualNetwork", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "dnsServers": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}" + } + } + } + }, { "Name": "ActiveDirectoryDomainServices", "ModuleDefinitionName": "ActiveDirectoryDomainServices", @@ -533,12 +530,7 @@ "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminUsername}" }, "adminPassword": { - "reference": { - "keyVault": { - "id": "reference(KeyVault.keyVaultResourceId)" - }, - "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}" - } + "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminPassword}" }, "addsAddressStart": { "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AddsIPAddressStart}" @@ -562,12 +554,7 @@ "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminUsername}" }, "domainAdminPassword": { - "reference": { - "keyVault": { - "id": "reference(KeyVault.keyVaultResourceId)" - }, - "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}" - } + "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}" }, "domainControllerAsgId": { "value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)" diff --git a/Environments/SharedServices/parameters.json b/Environments/SharedServices/parameters.json index 40c5423..5caa24c 100644 --- a/Environments/SharedServices/parameters.json +++ b/Environments/SharedServices/parameters.json @@ -5,22 +5,6 @@ "Subscription": "SharedServices", "ModuleConfigurationParameters": { "DeploymentUserId": "env(DEPLOYMENT_USER_ID)", - "OnPremisesInformation": { - "ActiveDirectory": { - "PrimaryDomainControllerIP": "192.168.1.4", - "DomainName": "fontoso.com", - "ADSitename": "Cloud-Site", - "DomainAdminUserName": "fontoso" - }, - "Network": { - "AddressPrefix": "192.168.1.0/28" - }, - "VirtualNetworkGateway": { - "Name": "fontoso-onprem-gw", - "ResourceGroup": "fontoso-onprem-net-rg" - }, - "SubscriptionId": "${Subscriptions.OnPremises.SubscriptionId}" - }, "DiagnosticStorageAccount": { "Name": "${Parameters.Organization}${Parameters.DeploymentName}diag01", "ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg", @@ -213,7 +197,7 @@ "direction": "Inbound", "priority": 120, "protocol": "Tcp", - "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", + "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}", "sourcePortRange": "*", "sourcePortRanges": [], "destinationApplicationSecurityGroups": [ @@ -245,7 +229,7 @@ "direction": "Inbound", "priority": 130, "protocol": "Udp", - "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", + "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}", "sourcePortRange": "*", "sourcePortRanges": [], "destinationApplicationSecurityGroups": [ @@ -296,7 +280,7 @@ "direction": "Inbound", "priority": 150, "protocol": "TCP", - "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}", + "sourceAddressPrefix": "VirtualNetwork", "sourcePortRange": "*", "sourcePortRanges": [], "destinationApplicationSecurityGroups": [ @@ -448,16 +432,9 @@ "name": "default", "properties": { "addressPrefix": "0.0.0.0/0", - "nextHopIpAddress": "172.0.3.4", + "nextHopIpAddress": "reference(AzureFirewall.azureFirewallPrivateIp)", "nextHopType": "VirtualAppliance" } - }, - { - "name": "to-on-premises", - "properties": { - "addressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}", - "nextHopType": "VirtualNetworkGateway" - } } ] } @@ -521,7 +498,7 @@ } ], "DnsServers": [ - "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}" + "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}" ] }, "VirtualNetworkGateway": { @@ -747,7 +724,7 @@ "secretValue": "env(ADMIN_USER_PWD)" }, { - "secretName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainAdminUserName}", + "secretName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUserName}", "secretValue": "env(DOMAIN_ADMIN_USER_PWD)" } ] @@ -792,12 +769,42 @@ } } }, + "ActiveDirectory": { + "Name": "primary-ad", + "ResourceGroup": "${Parameters.InstanceName}-adds-rg", + "Comments": "Windows VM name cannot exceed 13 characters.", + "PrimaryDomainControllerIP": "172.0.0.10", + "DomainName": "fontoso.com", + "ADSitename": "Cloud-Site", + "CloudZone": "fontosocloud.com", + "DomainAdminUsername": "fontoso", + "DomainAdminPassword": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}" + }, + "VMSize": "Standard_DS3_v2", + "OSImage": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2016-Datacenter" + }, + "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}" + }, "ActiveDirectoryDomainServices": { "Name": "adds-vm", - "ResourceGroup": "${Parameters.InstanceName}-adds-rg", - "Comments": "Windows VM name cannot exceed 13 characters", + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ResourceGroup}", + "Comments": "Windows VM name cannot exceed 13 characters. Additionally, Make sure that AddsIPAddressStart and ActiveDirectory.PrimaryDomainControllerIP are in the same subnet address prefix and they don't overlap", "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", - "DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}", + "AdminPassword": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}" + }, + "DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminUsername}", + "DomainAdminPassword": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainAdminPassword}", "VMCount": 2, "VMSize": "Standard_DS3_v2", "OSImage": { @@ -806,9 +813,9 @@ "sku": "2016-Datacenter" }, "AddsIPAddressStart": "172.0.0.20", - "DomainName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainName}", - "PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", - "ADSitename": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.ADSitename}", + "DomainName": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.DomainName}", + "PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.PrimaryDomainControllerIP}", + "ADSitename": "${Parameters.ModuleConfigurationParameters.ActiveDirectory.ADSitename}", "DomaincontrollerDriveLetter": "F", "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}" } diff --git a/Environments/SharedServices/pipeline.yml b/Environments/SharedServices/pipeline.yml index db2271a..f377097 100644 --- a/Environments/SharedServices/pipeline.yml +++ b/Environments/SharedServices/pipeline.yml @@ -307,66 +307,6 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) - - job: VirtualNetworkGateway - pool: - name: 'vdc-self-hosted' - dependsOn: SetupValidationResourceGroup - steps: - - task: PowerShell@2 - displayName: "Pester Tests for Module - Virtual Network Gateway" - inputs: - targetType: 'inline' - script: '# Write your powershell commands here. - - Invoke-Pester -Script "./Modules/VirtualNetworkGateway/2.0/Tests"; - - # Use the environment variables input below to pass secret variables to this script.' - pwsh: true - - task: AzurePowerShell@4 - displayName: "ARM Validation - Virtual Network Gateway" - inputs: - azureSubscription: 'vdc2-hub' - ScriptType: 'FilePath' - ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' - ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway" -Validate' - azurePowerShellVersion: 'LatestVersion' - env: - VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) - VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) - DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) - ADMIN_USER_PWD: $(ADMIN_USER_PWD) - DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) - TENANT_ID: $(TENANT_ID) - - job: VirtualNetworkGatewayConnection - pool: - name: 'vdc-self-hosted' - dependsOn: SetupValidationResourceGroup - steps: - - task: PowerShell@2 - displayName: "Pester Tests for Module - Virtual Network Gateway Connection" - inputs: - targetType: 'inline' - script: '# Write your powershell commands here. - - Invoke-Pester -Script "./Modules/VirtualNetworkGatewayConnection/2.0/Tests"; - - # Use the environment variables input below to pass secret variables to this script.' - pwsh: true - - task: AzurePowerShell@4 - displayName: "ARM Validation - Local Virtual Network Gateway Connection" - inputs: - azureSubscription: 'vdc2-hub' - ScriptType: 'FilePath' - ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' - ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection" -Validate' - azurePowerShellVersion: 'LatestVersion' - env: - VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) - VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) - DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) - ADMIN_USER_PWD: $(ADMIN_USER_PWD) - DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) - TENANT_ID: $(TENANT_ID) - job: AzureFirewall pool: name: 'vdc-self-hosted' @@ -457,6 +397,36 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: ActiveDirectory + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - ActiveDirectory" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/ActiveDirectory/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - ActiveDirectory" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectory" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) - job: ActiveDirectoryDomainServices pool: name: 'vdc-self-hosted' @@ -490,7 +460,7 @@ stages: - job: TearDownValidationResourceGroup pool: name: 'vdc-self-hosted' - dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, VirtualNetworkGateway, VirtualNetworkGatewayConnection, AzureFirewall, Jumpbox, ActiveDirectoryDomainServices ] + dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, AzureFirewall, Jumpbox, ActiveDirectory, ActiveDirectoryDomainServices ] steps: - task: AzurePowerShell@4 displayName: "Teardown Validation Resource Group" @@ -502,7 +472,7 @@ stages: azurePowerShellVersion: 'LatestVersion' - stage: Deploy jobs: - - job: Deployment + - job: DiagnosticStorageAccount timeoutInMinutes: 0 pool: name: 'vdc-self-hosted' @@ -522,6 +492,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: LogAnalytics + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: DiagnosticStorageAccount + steps: - task: AzurePowerShell@4 displayName: "Log Analytics" inputs: @@ -537,6 +513,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: AutomationAccounts + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [LogAnalytics, DiagnosticStorageAccount] + steps: - task: AzurePowerShell@4 displayName: "Automation Accounts" inputs: @@ -552,6 +534,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: LinkLogAnalyticsWithAutomationAccount + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: LogAnalytics + steps: - task: AzurePowerShell@4 displayName: "Link Log Analytics With Automation Account" inputs: @@ -567,6 +555,11 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: JumpboxASG + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + steps: - task: AzurePowerShell@4 displayName: "JumpboxASG" inputs: @@ -582,6 +575,11 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: DomainControllerASG + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + steps: - task: AzurePowerShell@4 displayName: "Domain Controller ASG" inputs: @@ -597,6 +595,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: SharedServicesNSG + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [JumpboxASG, DomainControllerASG, LogAnalytics, DiagnosticStorageAccount] + steps: - task: AzurePowerShell@4 displayName: "Shared Services NSG" inputs: @@ -612,6 +616,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: DMZNSG + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [JumpboxASG, DomainControllerASG, LogAnalytics, DiagnosticStorageAccount] + steps: - task: AzurePowerShell@4 displayName: "DMZ NSG" inputs: @@ -627,6 +637,11 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: SharedServicesRouteTable + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + steps: - task: AzurePowerShell@4 displayName: "Shared Services Route Table" inputs: @@ -642,6 +657,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: VirtualNetwork + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [SharedServicesNSG, DMZNSG, SharedServicesRouteTable] + steps: - task: AzurePowerShell@4 displayName: "Virtual Network" inputs: @@ -657,6 +678,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: EnableServiceEndpointOnDiagnosticStorage + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [DiagnosticStorageAccount, VirtualNetwork] + steps: - task: AzurePowerShell@4 displayName: "Enable Service Endpoint On Diagnostic Storage Account" inputs: @@ -672,51 +699,12 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) - - task: AzurePowerShell@4 - displayName: "Virtual Network Gateway" - inputs: - azureSubscription: 'vdc2-hub' - ScriptType: 'FilePath' - ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' - ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway"' - azurePowerShellVersion: 'LatestVersion' - env: - VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) - VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) - DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) - ADMIN_USER_PWD: $(ADMIN_USER_PWD) - DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) - TENANT_ID: $(TENANT_ID) - - task: AzurePowerShell@4 - displayName: "Local Virtual Network Gateway Connection" - inputs: - azureSubscription: 'vdc2-hub' - ScriptType: 'FilePath' - ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' - ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection"' - azurePowerShellVersion: 'LatestVersion' - env: - VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) - VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) - DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) - ADMIN_USER_PWD: $(ADMIN_USER_PWD) - DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) - TENANT_ID: $(TENANT_ID) - - task: AzurePowerShell@4 - displayName: "Remote Virtual Network Gateway Connection" - inputs: - azureSubscription: 'vdc2-hub' - ScriptType: 'FilePath' - ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' - ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "RemoteVirtualNetworkGatewayConnection"' - azurePowerShellVersion: 'LatestVersion' - env: - VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) - VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) - DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) - ADMIN_USER_PWD: $(ADMIN_USER_PWD) - DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) - TENANT_ID: $(TENANT_ID) + - job: AzureFirewall + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics] + steps: - task: AzurePowerShell@4 displayName: "Azure Firewall" inputs: @@ -732,6 +720,33 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: AddRoutesToSharedServicesRouteTable + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [SharedServicesRouteTable, AzureFirewall] + steps: + - task: AzurePowerShell@4 + displayName: "Add Routes to Shared Services Route Table" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AddRoutesToSharedServicesRouteTable"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: KeyVault + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics] + steps: - task: AzurePowerShell@4 displayName: "Key Vault" inputs: @@ -747,6 +762,11 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: ArtifactsStorageAccount + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + steps: - task: AzurePowerShell@4 displayName: "Artifacts Storage Account" inputs: @@ -774,6 +794,54 @@ stages: uploadDirectory: 'Scripts' sasTokenStartTime: '1m' sasTokenExpiryTime: '1h' + - job: ActiveDirectory + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount] + steps: + - task: AzurePowerShell@4 + displayName: "ActiveDirectory" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectory"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: EnableDNSServerOnVirtualNetwork + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [ActiveDirectory, VirtualNetwork] + steps: + - task: AzurePowerShell@4 + displayName: "Enable DNS Server on Virtual Network" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableDnsServersOnVirtualNetwork"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: Jumpbox + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount] + steps: - task: AzurePowerShell@4 displayName: "Jumpbox" inputs: @@ -789,8 +857,14 @@ stages: ADMIN_USER_PWD: $(ADMIN_USER_PWD) DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) TENANT_ID: $(TENANT_ID) + - job: ActiveDirectoryDomainServices + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + dependsOn: [ActiveDirectory, EnableDNSServerOnVirtualNetwork, VirtualNetwork, DiagnosticStorageAccount, LogAnalytics, KeyVault, ArtifactsStorageAccount] + steps: - task: AzurePowerShell@4 - displayName: "ActiveDirectoryDomainServices" + displayName: "Active Directory Domain Services" inputs: azureSubscription: 'vdc2-hub' ScriptType: 'FilePath' diff --git a/Environments/SharedServices_ExtendsOnpremises/definition.json b/Environments/SharedServices_ExtendsOnpremises/definition.json new file mode 100644 index 0000000..dba4af8 --- /dev/null +++ b/Environments/SharedServices_ExtendsOnpremises/definition.json @@ -0,0 +1,5 @@ +{ + "Subscriptions": "env(VDC_SUBSCRIPTIONS)", + "Parameters": "file(./parameters.json)", + "Orchestration": "file(./orchestration.json)" +} \ No newline at end of file diff --git a/Environments/SharedServices_ExtendsOnpremises/orchestration.json b/Environments/SharedServices_ExtendsOnpremises/orchestration.json new file mode 100644 index 0000000..6d15e71 --- /dev/null +++ b/Environments/SharedServices_ExtendsOnpremises/orchestration.json @@ -0,0 +1,569 @@ +{ + "ModuleConfigurationsPath": "../../Modules", + "ModuleConfigurations": [ + { + "Name": "DiagnosticStorageAccount", + "ModuleDefinitionName": "StorageAccounts", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}", + "Comments": "Storage Account that is used for ...", + "Version": "2.0", + "Policies": { + "Comments": "Optional - If no object is specified, no Policies deployment will occur", + "OverrideParameters": { + "effect": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Policies.Effect}" + }, + "resourceGroup": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.ResourceGroup}" + }, + "resourceGroupLocation": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}" + } + } + }, + "Deployment": { + "Comments": "We need the 'update' module instance to lock this resource after the Virtual Network got created", + "TemplatePath": "../../Modules/StorageAccounts/2.0/deploy.json", + "OverrideParameters": { + "storageAccountName": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Name}" + }, + "storageAccountSku": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Sku}" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}" + } + } + } + }, + { + "Name": "LogAnalytics", + "ModuleDefinitionName": "LogAnalytics", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.LogAnalytics.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "logAnalyticsWorkspaceName": { + "value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Name}" + }, + "diagnosticStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "diagnosticStorageAccountAccessKey": { + "value": "reference(DiagnosticStorageAccount.storageAccountAccessKey)" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}" + } + } + } + }, + { + "Name": "AutomationAccounts", + "ModuleDefinitionName": "AutomationAccounts", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "automationAccountName": { + "value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.Name}" + }, + "location": { + "value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.Location}" + }, + "umTimeZone": { + "value": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.UpdateManagementTimeZone}" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + } + } + } + }, + { + "Name": "LinkLogAnalyticsWithAutomationAccount", + "ModuleDefinitionName": "LogAnalytics", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AutomationAccounts.ResourceGroup}", + "Updates": "LogAnalytics", + "Deployment": { + "OverrideParameters": { + "automationAccountId": { + "value": "reference(AutomationAccounts.automationAccountResourceId)" + } + } + } + }, + { + "Name": "JumpboxASG", + "ModuleDefinitionName": "ApplicationSecurityGroups", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "applicationSecurityGroupName": { + "value": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}" + } + } + } + }, + { + "Name": "DomainControllerASG", + "ModuleDefinitionName": "ApplicationSecurityGroups", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "applicationSecurityGroupName": { + "value": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + } + } + }, + { + "Name": "SharedServicesNSG", + "ModuleDefinitionName": "NetworkSecurityGroups", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "networkSecurityGroupName": { + "value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Name}" + }, + "networkSecurityGroupSecurityRules": { + "value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Rules}" + } + } + } + }, + { + "Name": "DMZNSG", + "ModuleDefinitionName": "NetworkSecurityGroups", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "networkSecurityGroupName": { + "value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Name}" + }, + "networkSecurityGroupSecurityRules": { + "value": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Rules}" + } + } + } + }, + { + "Name": "SharedServicesRouteTable", + "ModuleDefinitionName": "RouteTables", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.RouteTables.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "routeTableName": { + "value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}" + }, + "routes": { + "value": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Routes}" + } + } + } + }, + { + "Name": "VirtualNetwork", + "ModuleDefinitionName": "vNet", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "vnetName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Name}" + }, + "vnetAddressPrefixes": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.AddressPrefixes}" + }, + "dnsServers": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.DnsServers}" + }, + "subnets": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets}" + }, + "enableDdosProtection": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.EnableDdosProtection}" + }, + "enableVmProtection": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.EnableVmProtection}" + } + } + } + }, + { + "Name": "EnableServiceEndpointOnDiagnosticStorageAccount", + "ModuleDefinitionName": "StorageAccounts", + "Updates": "DiagnosticStorageAccount", + "Comments": "Enables Service endpoint on the Storage Account", + "Deployment": { + "OverrideParameters": { + "networkAcls": { + "value": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.NetworkAcls}" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + } + } + } + }, + { + "Name": "VirtualNetworkGateway", + "ModuleDefinitionName": "VirtualNetworkGateway", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "virtualNetworkGatewayName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.Name}" + }, + "virtualNetworkGatewayType": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewayType}" + }, + "virtualNetworkGatewaySku": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VirtualNetworkGatewaySku}" + }, + "vpnType": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnType}" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + }, + "enableBgp": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" + } + } + } + }, + { + "Name": "LocalVirtualNetworkGatewayConnection", + "Comments": "Connect Shared Services Virtual Network Gateway to a Simulated On-Premises Virtual Network Gateway", + "ModuleDefinitionName": "VirtualNetworkGatewayConnection", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "localVirtualNetworkGatewayName": { + "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)" + }, + "remoteVirtualNetworkGatewayName": { + "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}" + }, + "remoteVirtualNetworkResourceGroup": { + "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}" + }, + "remoteVirtualNetworkGatewaySubscriptionId": { + "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.SubscriptionId}" + }, + "enableBgp": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" + }, + "vpnSharedKey": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}" + }, + "remoteConnectionName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.LocalConnection.Name}" + } + } + } + }, + { + "Name": "RemoteVirtualNetworkGatewayConnection", + "Comments": "Connect On-Premises Virtual Network Gateway to a Simulated Shared Services Virtual Network Gateway", + "ModuleDefinitionName": "VirtualNetworkGatewayConnection", + "Subscription": "OnPremises", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "localVirtualNetworkGatewayName": { + "value": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.VirtualNetworkGateway.Name}" + }, + "remoteVirtualNetworkGatewayName": { + "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayName)" + }, + "remoteVirtualNetworkResourceGroup": { + "value": "reference(VirtualNetworkGateway.virtualNetworkGatewayResourceGroup)" + }, + "remoteVirtualNetworkGatewaySubscriptionId": { + "value": "${Subscriptions.SharedServices.SubscriptionId}" + }, + "enableBgp": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.EnableBgp}" + }, + "vpnSharedKey": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.VpnSharedKey}" + }, + "remoteConnectionName": { + "value": "${Parameters.ModuleConfigurationParameters.VirtualNetworkGateway.RemoteConnection.Name}" + } + } + } + }, + { + "Name": "AzureFirewall", + "ModuleDefinitionName": "AzureFirewall", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.AzureFirewall.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "azureFirewallName": { + "value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.Name}" + }, + "applicationRuleCollections": { + "value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.ApplicationRuleCollections}" + }, + "networkRuleCollections": { + "value": "${Parameters.ModuleConfigurationParameters.AzureFirewall.networkRuleCollections}" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + } + } + } + }, + { + "Name": "KeyVault", + "ModuleDefinitionName": "KeyVault", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.KeyVault.ResourceGroup}", + "Deployment": { + "OverrideParameters": { + "keyVaultName": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.Name}" + }, + "accessPolicies": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.AccessPolicies}" + }, + "secretsObject": { + "value": { + "secrets": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets}" + } + }, + "enableVaultForDeployment": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDeployment}" + }, + "enableVaultForDiskEncryption": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForDiskEncryption}" + }, + "enableVaultForTemplateDeployment": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.EnableVaultForTemplateDeployment}" + }, + "vaultSku": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.Sku}" + }, + "diagnosticStorageAccountId": { + "value": "reference(DiagnosticStorageAccount.storageAccountResourceId)" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceResourceId)" + }, + "networkAcls": { + "value": "${Parameters.ModuleConfigurationParameters.KeyVault.NetworkAcls}" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + } + } + } + }, + { + "Name": "ArtifactsStorageAccount", + "Subscription": "Artifacts", + "ModuleDefinitionName": "StorageAccounts", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}", + "Comments": "Storage Account that is used for ...", + "Policies": { + "Comments": "Optional - If no object is specified, no Policies deployment will occur", + "OverrideParameters": { + "effect": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Policies.Effect}" + }, + "resourceGroup": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.ResourceGroup}" + }, + "resourceGroupLocation": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Location}" + } + } + }, + "Deployment": { + "OverrideParameters": { + "storageAccountName": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Name}" + }, + "storageAccountSku": { + "value": "${Parameters.ModuleConfigurationParameters.ArtifactsStorageAccount.Sku}" + } + } + } + }, + { + "Name": "Jumpbox", + "ModuleDefinitionName": "Jumpbox", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.Jumpbox.ResourceGroup}", + "Comments": "Creates Windows and Linux Jumpboxes", + "Deployment": { + "OverrideParameters": { + "windowsVirtualMachineName": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.Name}" + }, + "linuxVirtualMachineName": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.Name}" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceId)" + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)" + }, + "artifactsStorageAccountKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)" + }, + "artifactsStorageAccountName": { + "value": "reference(ArtifactsStorageAccount.storageAccountName)" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + }, + "jumpboxAsgId": { + "value": "reference(JumpboxASG.applicationSecurityGroupResourceId)" + }, + "subnetName": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.SubnetName}" + }, + "adminUsername": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.AdminUsername}" + }, + "adminPassword": { + "reference": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}" + } + }, + "windowsVirtualMachineCount": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMCount}" + }, + "windowsVirtualMachineSize": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.VMSize}" + }, + "windowsOSImage": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Windows.OSImage}" + }, + "linuxVirtualMachineCount": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.VMCount}" + }, + "linuxVirtualMachineSize": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.VMSize}" + }, + "linuxOSImage": { + "value": "${Parameters.ModuleConfigurationParameters.Jumpbox.Linux.OSImage}" + }, + "diagnosticsStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticsStorageAccountSasToken": { + "value": "reference(DiagnosticStorageAccount.storageAccountSasToken)" + } + } + } + }, + { + "Name": "ActiveDirectoryDomainServices", + "ModuleDefinitionName": "ActiveDirectoryDomainServices", + "ResourceGroupName": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.ResourceGroup}", + "Comments": "Creates Active Directory Domain Services VMs", + "Deployment": { + "OverrideParameters": { + "virtualMachineName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.Name}" + }, + "virtualMachineOSImage": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.OSImage}" + }, + "virtualMachineCount": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.VMCount}" + }, + "virtualMachineSize": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.VMSize}" + }, + "artifactsStorageAccountSasKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountSasToken)" + }, + "artifactsStorageAccountKey": { + "value": "reference(ArtifactsStorageAccount.storageAccountAccessKey)" + }, + "artifactsStorageAccountName": { + "value": "reference(ArtifactsStorageAccount.storageAccountName)" + }, + "workspaceId": { + "value": "reference(LogAnalytics.logAnalyticsWorkspaceId)" + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "value": "reference(LogAnalytics.logAnalyticsPrimarySharedKey)" + }, + "diagnosticsStorageAccountName": { + "value": "reference(DiagnosticStorageAccount.storageAccountName)" + }, + "diagnosticsStorageAccountSasToken": { + "value": "reference(DiagnosticStorageAccount.storageAccountSasToken)" + }, + "vNetId": { + "value": "reference(VirtualNetwork.vNetResourceId)" + }, + "adminUsername": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminUsername}" + }, + "adminPassword": { + "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AdminPassword}" + }, + "addsAddressStart": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.AddsIPAddressStart}" + }, + "domainName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainName}" + }, + "primaryDCIP": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.PrimaryDomainControllerIP}" + }, + "ADSitename": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.ADSitename}" + }, + "domaincontrollerDriveLetter": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomaincontrollerDriveLetter}" + }, + "subnetName": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.SubnetName}" + }, + "domainAdminUsername": { + "value": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminUsername}" + }, + "domainAdminPassword": { + "reference": "${Parameters.ModuleConfigurationParameters.ActiveDirectoryDomainServices.DomainAdminPassword}" + }, + "domainControllerAsgId": { + "value": "reference(DomainControllerASG.applicationSecurityGroupResourceId)" + } + } + } + } + ] +} \ No newline at end of file diff --git a/Environments/SharedServices_ExtendsOnpremises/parameters.json b/Environments/SharedServices_ExtendsOnpremises/parameters.json new file mode 100644 index 0000000..c4f1abf --- /dev/null +++ b/Environments/SharedServices_ExtendsOnpremises/parameters.json @@ -0,0 +1,828 @@ +{ + "Organization": "file(../_Common/organizationName.txt)", + "DeploymentName": "shrdsvcs", + "InstanceName": "${Parameters.Organization}-${Parameters.DeploymentName}", + "Subscription": "SharedServices", + "ModuleConfigurationParameters": { + "DeploymentUserId": "env(DEPLOYMENT_USER_ID)", + "OnPremisesInformation": { + "ActiveDirectory": { + "PrimaryDomainControllerIP": "192.168.1.4", + "DomainName": "fontoso.com", + "ADSitename": "Cloud-Site", + "DomainAdminUserName": "fontoso" + }, + "Network": { + "AddressPrefix": "192.168.1.0/28" + }, + "VirtualNetworkGateway": { + "Name": "fontoso-onprem-gw", + "ResourceGroup": "fontoso-onprem-net-rg" + }, + "SubscriptionId": "${Subscriptions.OnPremises.SubscriptionId}" + }, + "DiagnosticStorageAccount": { + "Name": "${Parameters.Organization}${Parameters.DeploymentName}diag01", + "ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg", + "Location": "${Parameters.Location}", + "Sku": "Standard_GRS", + "NetworkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "virtualNetworkRules": [ + { + "subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}" + } + ], + "ipRules": [] + }, + "Policies": { + "Effect": "Audit" + } + }, + "LogAnalytics": { + "Name": "${Parameters.InstanceName}-la", + "Comments": "Log Analytics and Diagnostic Storage Account must be deployed in the same region", + "ResourceGroup": "${Parameters.InstanceName}-diagnostics-rg", + "Location": "${Parameters.ModuleConfigurationParameters.DiagnosticStorageAccount.Location}", + "ListOfAllowedRegions": [ + "Australia Central", + "Australia East", + "Australia Southeast", + "Canada Central", + "Central India", + "Central US", + "East Asia", + "East US", + "East US 2", + "France Central", + "Japan East", + "Korea Central", + "North Europe", + "South Central US", + "Southeast Asia", + "UK South", + "West Europe", + "West US", + "West US 2" + ] + }, + "AutomationAccounts": { + "Name": "${Parameters.InstanceName}-automation", + "Comments": "Automation Account and Log Analytics must be deployed in the same region", + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.LogAnalytics.ResourceGroup}", + "Location": "${Parameters.ModuleConfigurationParameters.LogAnalytics.Location}", + "UpdateManagementTimeZone": "America/Chicago", + "ListOfAllowedRegions": [ + "Australia Central", + "Australia East", + "Australia Southeast", + "Brazil South", + "Canada Central", + "Central India", + "East US", + "East US 2", + "France Central", + "Japan East", + "Korea Central", + "North Europe", + "South Central US", + "Southeast Asia", + "UK South", + "West Central US", + "West Europe", + "West US 2" + ] + }, + "ApplicationSecurityGroups": { + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "Jumpbox": { + "Name": "jumpbox-asg" + }, + "DomainController": { + "Name": "dc-asg" + } + }, + "NetworkSecurityGroups": { + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "SharedServices": { + "Name": "${Parameters.DeploymentName}-nsg", + "Rules": [ + { + "name": "allow-tcp-between-adds", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRange": "", + "destinationPortRanges": [ + "389", + "42", + "88", + "636", + "3268", + "3269", + "445", + "25", + "135", + "5722", + "464", + "9389", + "139", + "53", + "49152-65535" + ], + "direction": "Inbound", + "priority": 100, + "protocol": "Tcp", + "sourceAddressPrefix": "", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ] + } + }, + { + "name": "allow-udp-between-adds", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRange": "", + "destinationPortRanges": [ + "389", + "88", + "445", + "123", + "464", + "138", + "137", + "53", + "49152-65535" + ], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "direction": "Inbound", + "priority": 110, + "protocol": "Udp", + "sourceAddressPrefix": "", + "sourcePortRange": "*", + "sourcePortRanges": [], + "sourceApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ] + } + }, + { + "name": "allow-tcp-ad", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRange": "", + "destinationPortRanges": [ + "389", + "42", + "88", + "636", + "3268", + "3269", + "445", + "25", + "135", + "5722", + "464", + "9389", + "139", + "53", + "49152-65535" + ], + "direction": "Inbound", + "priority": 120, + "protocol": "Tcp", + "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "allow-udp-ad", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRange": "", + "destinationPortRanges": [ + "389", + "88", + "445", + "123", + "464", + "138", + "137", + "53", + "49152-65535" + ], + "direction": "Inbound", + "priority": 130, + "protocol": "Udp", + "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "allow-rdp-into-dc", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRange": "3389", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 140, + "protocol": "TCP", + "sourceAddressPrefix": "", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}" + } + ] + } + }, + { + "name": "allow-rdp-ssh-into-jb", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRanges": [ + "3389", + "22" + ], + "destinationPortRange": "", + "direction": "Inbound", + "priority": 150, + "protocol": "TCP", + "sourceAddressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.Jumpbox.Name}" + } + ], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "allow-tcp-vnet-adds", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRanges": [ + "389", + "42", + "88", + "636", + "3268", + "3269", + "445", + "25", + "135", + "5722", + "464", + "9389", + "139", + "53", + "49152-65535" + ], + "destinationPortRange": "", + "direction": "Inbound", + "priority": 160, + "protocol": "TCP", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "allow-udp-vnet-adds", + "properties": { + "access": "Allow", + "destinationAddressPrefixes": [], + "destinationAddressPrefix": "", + "destinationPortRanges": [ + "389", + "88", + "445", + "123", + "464", + "138", + "137", + "53", + "49152-65535" + ], + "destinationPortRange": "", + "direction": "Inbound", + "priority": 170, + "protocol": "UDP", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [ + { + "name": "${Parameters.ModuleConfigurationParameters.ApplicationSecurityGroups.DomainController.Name}" + } + ], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "deny-vnet", + "properties": { + "access": "Deny", + "destinationAddressPrefix": "VirtualNetwork", + "destinationAddressPrefixes": [], + "destinationPortRange": "*", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 4096, + "protocol": "*", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [], + "sourceApplicationSecurityGroups": [] + } + }, + { + "name": "allow-vnet", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "*", + "destinationPortRanges": [], + "direction": "Outbound", + "priority": 100, + "protocol": "*", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [], + "sourceApplicationSecurityGroups": [] + } + } + ] + }, + "DMZ": { + "Name": "dmz-nsg", + "Rules": [ + { + "name": "allow-vnet", + "properties": { + "access": "Allow", + "destinationAddressPrefix": "*", + "destinationAddressPrefixes": [], + "destinationPortRange": "*", + "destinationPortRanges": [], + "direction": "Inbound", + "priority": 100, + "protocol": "*", + "sourceAddressPrefix": "VirtualNetwork", + "sourcePortRange": "*", + "sourcePortRanges": [], + "destinationApplicationSecurityGroups": [], + "sourceApplicationSecurityGroups": [] + } + } + ] + } + }, + "RouteTables": { + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "SharedServices": { + "Name": "${Parameters.DeploymentName}-udr", + "Routes": [ + { + "name": "default", + "properties": { + "addressPrefix": "0.0.0.0/0", + "nextHopIpAddress": "172.0.3.4", + "nextHopType": "VirtualAppliance" + } + }, + { + "name": "to-on-premises", + "properties": { + "addressPrefix": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.Network.AddressPrefix}", + "nextHopType": "VirtualNetworkGateway" + } + } + ] + } + }, + "VirtualNetwork": { + "Name": "${Parameters.InstanceName}-vnet", + "ResourceGroup": "${Parameters.InstanceName}-network-rg", + "AddressPrefixes": [ + "172.0.0.0/16" + ], + "EnableDdosProtection": false, + "EnableVmProtection": false, + "Subnets": [ + { + "name": "${Parameters.DeploymentName}", + "addressPrefix": "172.0.0.0/24", + "networkSecurityGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.SharedServices.Name}", + "routeTableName": "${Parameters.ModuleConfigurationParameters.RouteTables.SharedServices.Name}", + "serviceEndpoints": [ + { + "service": "Microsoft.EventHub" + }, + { + "service": "Microsoft.Sql" + }, + { + "service": "Microsoft.Storage" + }, + { + "service": "Microsoft.KeyVault" + } + ] + }, + { + "name": "dmz", + "addressPrefix": "172.0.1.0/24", + "networkSecurityGroupName": "${Parameters.ModuleConfigurationParameters.NetworkSecurityGroups.DMZ.Name}", + "routeTableName": "", + "serviceEndpoints": [] + }, + { + "name": "AppGateway", + "addressPrefix": "172.0.2.0/24", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + }, + { + "name": "AzureFirewallSubnet", + "addressPrefix": "172.0.3.0/24", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + }, + { + "name": "GatewaySubnet", + "addressPrefix": "172.0.4.0/24", + "networkSecurityGroupName": "", + "routeTableName": "", + "serviceEndpoints": [] + } + ], + "DnsServers": [ + "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}" + ] + }, + "VirtualNetworkGateway": { + "Name": "${Parameters.InstanceName}-vgw", + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "VirtualNetworkGatewayType": "vpn", + "VirtualNetworkGatewaySku": "VpnGw1", + "VpnType": "RouteBased", + "EnableBgp": false, + "VpnSharedKey": "asodgfhjkaw4tu0w9vuijv0qu3409tu", + "LocalConnection": { + "Name": "${Parameters.Organization}-to-onprem" + }, + "RemoteConnection": { + "Name": "onprem-to-${Parameters.Organization}" + } + }, + "AzureFirewall": { + "Name": "${Parameters.InstanceName}-azfw", + "ResourceGroup": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.ResourceGroup}", + "ApplicationRuleCollections": [ + { + "name": "allow-app-rules", + "properties": { + "priority": 100, + "action": { + "type": "allow" + }, + "rules": [ + { + "name": "allow-ase-tags", + "sourceAddresses": [ + "*" + ], + "protocols": [ + { + "protocolType": "HTTP", + "port": "80" + }, + { + "protocolType": "HTTPS", + "port": "443" + } + ], + "fqdnTags": [ + "AppServiceEnvironment", + "WindowsUpdate" + ] + }, + { + "name": "allow-ase-management", + "sourceAddresses": [ + "*" + ], + "protocols": [ + { + "protocolType": "HTTP", + "port": "80" + }, + { + "protocolType": "HTTPS", + "port": "443" + } + ], + "targetFqdns": [ + "management.azure.com", + "*.digicert.com", + "*.data.microsoft.com", + "global.metrics.nsatc.net", + "ocsp.msocsp.com" + ] + }, + { + "name": "allow-sites", + "sourceAddresses": [ + "*" + ], + "protocols": [ + { + "protocolType": "HTTP", + "port": "80" + }, + { + "protocolType": "HTTPS", + "port": "443" + } + ], + "targetFqdns": [ + "*.trafficmanager.net", + "*.azureedge.net", + "*.microsoft.com", + "*.core.windows.net", + "*.windows.com", + "*.opinsights.azure.com", + "*.azure-automation.net", + "*.visualstudio.com", + "*.bing.com", + "*.ubuntu.com", + "api.snapcraft.io", + "api.rubygems.org", + "*.powershellgallery.com", + "powershellgallery.com", + "*.msecnd.net", + "msecnd.net", + "*.nuget.org", + "nuget.org", + "*.azureprofilerfrontdoor.cloudapp.net", + "azureprofilerfrontdoor.cloudapp.net", + "*.download.opensuse.org", + "download.opensuse.org", + "*.monitoring.azure.com", + "monitoring.azure.com" + ] + } + ] + } + } + ], + "NetworkRuleCollections": [ + { + "name": "allow-network-rules", + "properties": { + "priority": 100, + "action": { + "type": "allow" + }, + "rules": [ + { + "name": "allow-ntp", + "sourceAddresses": [ + "*" + ], + "destinationAddresses": [ + "*" + ], + "destinationPorts": [ + "123", + "12000" + ], + "protocols": [ + "Any" + ] + }, + { + "name": "allow-windows-activation-server", + "sourceAddresses": [ + "*" + ], + "destinationAddresses": [ + "23.102.135.246" + ], + "destinationPorts": [ + "1688" + ], + "protocols": [ + "TCP" + ] + }, + { + "name": "allow-udp-adds", + "sourceAddresses": [ + "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].addressPrefix}" + ], + "destinationAddresses": [ + "*" + ], + "destinationPorts": [ + "*" + ], + "protocols": [ + "UDP" + ] + }, + { + "name": "allow-tcp-adds", + "sourceAddresses": [ + "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].addressPrefix}" + ], + "destinationAddresses": [ + "*" + ], + "destinationPorts": [ + "*" + ], + "protocols": [ + "TCP" + ] + } + ] + } + } + ] + }, + "KeyVault": { + "Name": "${Parameters.InstanceName}-kv03", + "ResourceGroup": "${Parameters.InstanceName}-keyvault-rg", + "Sku": "Premium", + "EnableVaultForDeployment": true, + "EnableVaultForDiskEncryption": true, + "EnableVaultForTemplateDeployment": true, + "AccessPolicies": [ + { + "tenantId": "${Parameters.TenantId}", + "objectId": "${Parameters.ModuleConfigurationParameters.DeploymentUserId}", + "permissions": { + "certificates": [ + "All" + ], + "keys": [ + "All" + ], + "secrets": [ + "All" + ] + } + } + ], + "SecretsObject": { + "Comments": "Creating an object so we can use a secretsobject parameter type in our ARM template", + "Secrets": [ + { + "secretName": "admin-user", + "secretValue": "env(ADMIN_USER_PWD)" + }, + { + "secretName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainAdminUserName}", + "secretValue": "env(DOMAIN_ADMIN_USER_PWD)" + } + ] + }, + "NetworkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "virtualNetworkRules": [ + { + "subnet": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].Name}" + } + ], + "ipRules": [] + } + }, + "ArtifactsStorageAccount": "file(../_Common/artifactsStorageAccount.json)", + "Jumpbox": { + "ResourceGroup": "${Parameters.InstanceName}-jumpbox-rg", + "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", + "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}", + "Windows": { + "Comments": "Windows VM name cannot exceed 13 characters", + "Name": "win-jb-vm", + "VMCount": 1, + "VMSize": "Standard_DS2_v2", + "OSImage": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2016-Datacenter" + } + }, + "Linux": { + "Comments": "Linux VM name cannot exceed 63 characters", + "Name": "linux-jb-vm", + "VMCount": 1, + "VMSize": "Standard_D2s_v3", + "OSImage": { + "publisher": "Canonical", + "offer": "UbuntuServer", + "sku": "18.04-LTS", + "version": "latest" + } + } + }, + "ActiveDirectoryDomainServices": { + "Name": "adds-vm", + "ResourceGroup": "${Parameters.InstanceName}-adds-rg", + "Comments": "Windows VM name cannot exceed 13 characters", + "AdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}", + "AdminPassword": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[0].secretName}" + }, + "DomainAdminUsername": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}", + "DomainAdminPassword": { + "keyVault": { + "id": "reference(KeyVault.keyVaultResourceId)" + }, + "secretName": "${Parameters.ModuleConfigurationParameters.KeyVault.SecretsObject.Secrets[1].secretName}" + }, + "VMCount": 2, + "VMSize": "Standard_DS3_v2", + "OSImage": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2016-Datacenter" + }, + "AddsIPAddressStart": "172.0.0.20", + "DomainName": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.DomainName}", + "PrimaryDomainControllerIP": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.PrimaryDomainControllerIP}", + "ADSitename": "${Parameters.ModuleConfigurationParameters.OnPremisesInformation.ActiveDirectory.ADSitename}", + "DomaincontrollerDriveLetter": "F", + "SubnetName": "${Parameters.ModuleConfigurationParameters.VirtualNetwork.Subnets[0].name}" + } + } +} \ No newline at end of file diff --git a/Environments/SharedServices_ExtendsOnpremises/pipeline.yml b/Environments/SharedServices_ExtendsOnpremises/pipeline.yml new file mode 100644 index 0000000..db2271a --- /dev/null +++ b/Environments/SharedServices_ExtendsOnpremises/pipeline.yml @@ -0,0 +1,806 @@ +# VDC Starter pipeline +# Start with a minimal pipeline that you can customize to build and deploy your code. +# Add steps that build, run tests, deploy, and more: +# https://aka.ms/yaml +# Set variables once +variables: +- group: VDC_SECRETS +trigger: +- master +stages: +- stage: Validate + jobs: + - job: SetupValidationResourceGroup + pool: + name: 'vdc-self-hosted' + steps: + - task: AzurePowerShell@4 + displayName: "Setup Validation Resource Group" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ValidationResourceGroupSetup.ps1' + ScriptArguments: '-ResourceGroupName vdc-validation-rg -SetupResourceGroup' + azurePowerShellVersion: 'LatestVersion' + - job: StorageAccounts + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Storage Accounts" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/StorageAccounts/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Diagnostic Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DiagnosticStorageAccount" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ARM Validation - Enable Service Endpoint On Diagnostic Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ARM Validation - Artifacts Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ArtifactsStorageAccount" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: LogAnalytics + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Log Analytics" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/LogAnalytics/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Log Analytics" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LogAnalytics" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ARM Validation - Link Log Analytics With Automation Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LinkLogAnalyticsWithAutomationAccount" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: AutomationAccounts + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Automation Accounts" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/AutomationAccounts/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Automation Accounts" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AutomationAccounts" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: ApplicationSecurityGroups + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Application Security Groups" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/ApplicationSecurityGroups/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Jumpbox ASG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "JumpboxASG" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ARM Validation - Domain Controller ASG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DomainControllerASG" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: NetworkSecurityGroups + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Network Security Groups" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/NetworkSecurityGroups/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Shared Services NSG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesNSG" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ARM Validation - DMZ NSG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DMZNSG" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: RouteTables + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Route Tables" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/RouteTables/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Shared Services Route Table" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesRouteTable" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: vNet + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - vNet" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/vNet/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Virtual Network" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetwork" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: VirtualNetworkGateway + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Virtual Network Gateway" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/VirtualNetworkGateway/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Virtual Network Gateway" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: VirtualNetworkGatewayConnection + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Virtual Network Gateway Connection" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/VirtualNetworkGatewayConnection/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Local Virtual Network Gateway Connection" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: AzureFirewall + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Azure Firewall" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/AzureFirewall/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Azure Firewall" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AzureFirewall" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: KeyVault + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Key Vault" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/KeyVault/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Key Vault" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "KeyVault" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: Jumpbox + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - Jumpbox" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/Jumpbox/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - Jumpbox" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "Jumpbox" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: ActiveDirectoryDomainServices + pool: + name: 'vdc-self-hosted' + dependsOn: SetupValidationResourceGroup + steps: + - task: PowerShell@2 + displayName: "Pester Tests for Module - ActiveDirectoryDomainServices" + inputs: + targetType: 'inline' + script: '# Write your powershell commands here. + + Invoke-Pester -Script "./Modules/ActiveDirectoryDomainServices/2.0/Tests"; + + # Use the environment variables input below to pass secret variables to this script.' + pwsh: true + - task: AzurePowerShell@4 + displayName: "ARM Validation - ActiveDirectoryDomainServices" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectoryDomainServices" -Validate' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - job: TearDownValidationResourceGroup + pool: + name: 'vdc-self-hosted' + dependsOn: [ StorageAccounts, LogAnalytics, AutomationAccounts, ApplicationSecurityGroups, NetworkSecurityGroups, RouteTables, vNet, VirtualNetworkGateway, VirtualNetworkGatewayConnection, AzureFirewall, Jumpbox, ActiveDirectoryDomainServices ] + steps: + - task: AzurePowerShell@4 + displayName: "Teardown Validation Resource Group" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ValidationResourceGroupSetup.ps1' + ScriptArguments: '-TearDownResourceGroup' + azurePowerShellVersion: 'LatestVersion' +- stage: Deploy + jobs: + - job: Deployment + timeoutInMinutes: 0 + pool: + name: 'vdc-self-hosted' + steps: + - task: AzurePowerShell@4 + displayName: "Diagnostic Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DiagnosticStorageAccount"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Log Analytics" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LogAnalytics"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Automation Accounts" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AutomationAccounts"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Link Log Analytics With Automation Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LinkLogAnalyticsWithAutomationAccount"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "JumpboxASG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "JumpboxASG"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Domain Controller ASG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DomainControllerASG"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Shared Services NSG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesNSG"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "DMZ NSG" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "DMZNSG"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Shared Services Route Table" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "SharedServicesRouteTable"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Virtual Network" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetwork"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Enable Service Endpoint On Diagnostic Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "EnableServiceEndpointOnDiagnosticStorageAccount"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Virtual Network Gateway" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "VirtualNetworkGateway"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Local Virtual Network Gateway Connection" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "LocalVirtualNetworkGatewayConnection"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Remote Virtual Network Gateway Connection" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "RemoteVirtualNetworkGatewayConnection"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Azure Firewall" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "AzureFirewall"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Key Vault" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "KeyVault"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "Artifacts Storage Account" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ArtifactsStorageAccount"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: turtlesystems-azure-storage@1 + displayName: "Upload Scripts to Artifacts Storage" + inputs: + azureSubscription: 'vdc2-hub' + action: 'create' + resourceGroupName: $(vdc_cache_ArtifactsStorageAccount_StorageAccountResourceGroup) + location: $(vdc_cache_ArtifactsStorageAccount_StorageAccountRegion) + storageAccountName: $(vdc_cache_ArtifactsStorageAccount_StorageAccountName) + containerName: 'scripts' + uploadDirectory: 'Scripts' + sasTokenStartTime: '1m' + sasTokenExpiryTime: '1h' + - task: AzurePowerShell@4 + displayName: "Jumpbox" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "Jumpbox"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) + - task: AzurePowerShell@4 + displayName: "ActiveDirectoryDomainServices" + inputs: + azureSubscription: 'vdc2-hub' + ScriptType: 'FilePath' + ScriptPath: 'Orchestration/OrchestrationService/ModuleConfigurationDeployment.ps1' + ScriptArguments: '-DefinitionPath "Environments/SharedServices/definition.json" -ModuleConfigurationName "ActiveDirectoryDomainServices"' + azurePowerShellVersion: 'LatestVersion' + env: + VDC_SUBSCRIPTIONS: $(VDC_SUBSCRIPTIONS) + VDC_TOOLKIT_SUBSCRIPTION: $(VDC_TOOLKIT_SUBSCRIPTION) + DEPLOYMENT_USER_ID: $(DEPLOYMENT_USER_ID) + ADMIN_USER_PWD: $(ADMIN_USER_PWD) + DOMAIN_ADMIN_USER_PWD: $(DOMAIN_ADMIN_USER_PWD) + TENANT_ID: $(TENANT_ID) \ No newline at end of file diff --git a/Modules/ActiveDirectory/2.0/Policy/git_placeholder.md b/Modules/ActiveDirectory/2.0/Policy/git_placeholder.md new file mode 100644 index 0000000..e69de29 diff --git a/Modules/ActiveDirectory/2.0/RBAC/git_placeholder.md b/Modules/ActiveDirectory/2.0/RBAC/git_placeholder.md new file mode 100644 index 0000000..e69de29 diff --git a/Modules/ActiveDirectory/2.0/Scripts/git_placeholder.md b/Modules/ActiveDirectory/2.0/Scripts/git_placeholder.md new file mode 100644 index 0000000..e69de29 diff --git a/Modules/ActiveDirectory/2.0/Tests/module.tests.ps1 b/Modules/ActiveDirectory/2.0/Tests/module.tests.ps1 new file mode 100644 index 0000000..e923c7d --- /dev/null +++ b/Modules/ActiveDirectory/2.0/Tests/module.tests.ps1 @@ -0,0 +1,151 @@ +<# + .NOTES + ============================================================================================== + Copyright(c) Microsoft Corporation. All rights reserved. + + File: module.tests.ps1 + + Purpose: Pester - Test ADDS ARM Templates + + Version: 1.0.0.0 - 1st April 2019 - Azure Virtual Datacenter Development Team + ============================================================================================== + + .SYNOPSIS + This script contains functionality used to test Azure Storage Account ARM template synatax. + + .DESCRIPTION + This script contains functionality used to test Azure Storage Account ARM template synatax. + + Deployment steps of the script are outlined below. + 1) Test Template File Syntax + 2) Test Parameter File Syntax + 3) Test Template and Parameter File Compactibility +#> + +#Requires -Version 5 + +#region Parameters + +$here = Split-Path -Parent $MyInvocation.MyCommand.Path +$here = Join-Path $here ".." +$template = Split-Path -Leaf $here +$TemplateFileTestCases = @() +ForEach ( $File in (Get-ChildItem (Join-Path "$here" "deploy.json") -Recurse | Select-Object -ExpandProperty Name) ) { + $TemplateFileTestCases += @{ TemplateFile = $File } +} +$ParameterFileTestCases = @() +ForEach ( $File in (Get-ChildItem (Join-Path "$here" "parameters.json") -Recurse | Select-Object -ExpandProperty Name) ) { + $ParameterFileTestCases += @{ ParameterFile = $File } +} +$Modules = @(); +ForEach ( $File in (Get-ChildItem (Join-Path "$here" "deploy.json") ) ) { + $Module = [PSCustomObject]@{ + 'Template' = $null + 'Parameters' = $null + } + $Module.Template = $File.FullName; + $Module.Parameters = (Get-ChildItem -Path (Join-Path $($File.DirectoryName) "parameters.json")).FullName; + $Modules += @{ Module = $Module }; + +} + +#endregion + +#region Run Pester Test Script +Describe "Template: $template - Storage Accounts" -Tags Unit { + + Context "Template File Syntax" { + + It "Has a JSON template file" { + (Join-Path "$here" "deploy.json") | Should Exist + } + + It "Converts from JSON and has the expected properties" -TestCases $TemplateFileTestCases { + Param( $TemplateFile ) + $expectedProperties = '$schema', + 'contentVersion', + 'parameters', + 'variables', + 'resources', + 'outputs' | Sort-Object + $templateProperties = (Get-Content (Join-Path "$here" "$TemplateFile") ` + | ConvertFrom-Json -ErrorAction SilentlyContinue) ` + | Get-Member -MemberType NoteProperty ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $templateProperties | Should Be $expectedProperties + } + } + + Context "Parameter File Syntax" { + + It "Has environment parameters file" { + (Join-Path "$here" "parameters.json") | Should Exist + } + + It "Parameter file does not contains the expected properties" -TestCases $ParameterFileTestCases { + Param( $ParameterFile ) + $expectedProperties = '$schema', + 'contentVersion', + 'parameters' | Sort-Object + $templateFileProperties = (Get-Content (Join-Path "$here" "$ParameterFile") ` + | ConvertFrom-Json -ErrorAction SilentlyContinue) ` + | Get-Member -MemberType NoteProperty ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $templateFileProperties | Should Be $expectedProperties + } + + } + + + Context "Template and Parameter Compactibility" { + + It "Is count of required parameters in template file equal or lesser than count of all parameters in parameters file" -TestCases $Modules { + Param( $Module ) + + $requiredParametersInTemplateFile = (Get-Content "$($Module.Template)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Where-Object -FilterScript { -not ($_.Value.PSObject.Properties.Name -eq "defaultValue") } ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $allParametersInParametersFile = (Get-Content "$($Module.Parameters)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $requiredParametersInTemplateFile.Count | Should Not BeGreaterThan $allParametersInParametersFile.Count; + + } + + It "Has all parameters in parameters file existing in template file" -TestCases $Modules { + Param( $Module ) + + $allParametersInTemplateFile = (Get-Content "$($Module.Template)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $allParametersInParametersFile = (Get-Content "$($Module.Parameters)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Sort-Object -Property Name ` + | ForEach-Object Name + @($allParametersInParametersFile| Where-Object {$allParametersInTemplateFile -notcontains $_}).Count | Should Be 0; + } + + It "Has required parameters in template file existing in parameters file" -TestCases $Modules { + Param( $Module ) + + $requiredParametersInTemplateFile = (Get-Content "$($Module.Template)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Where-Object -FilterScript { -not ($_.Value.PSObject.Properties.Name -eq "defaultValue") } ` + | Sort-Object -Property Name ` + | ForEach-Object Name + $allParametersInParametersFile = (Get-Content "$($Module.Parameters)" ` + | ConvertFrom-Json -ErrorAction SilentlyContinue).Parameters.PSObject.Properties ` + | Sort-Object -Property Name ` + | ForEach-Object Name + @($requiredParametersInTemplateFile| Where-Object {$allParametersInParametersFile -notcontains $_}).Count | Should Be 0; + } + } + +} +#endregion \ No newline at end of file diff --git a/Modules/ActiveDirectory/2.0/deploy.json b/Modules/ActiveDirectory/2.0/deploy.json new file mode 100644 index 0000000..46a1562 --- /dev/null +++ b/Modules/ActiveDirectory/2.0/deploy.json @@ -0,0 +1,1039 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachineName": { + "type": "string", + "minLength": 1, + "maxLength": 13, + "metadata": { + "description": "Required. Name for the ADDS VMs" + } + }, + "virtualMachineSize": { + "type": "string", + "defaultValue": "Standard_DS2_v2", + "metadata": { + "description": "Optional. Size of the ADDS VMs" + } + }, + "virtualMachineOSImage": { + "type": "object", + "metadata": { + "description": "Required. OS image used for the ADDS VMs" + } + }, + "artifactsStorageAccountSasKey": { + "type": "securestring", + "metadata": { + "description": "Required. Shared Access Signature Key used to download custom scripts" + } + }, + "artifactsStorageAccountName": { + "type": "securestring", + "metadata": { + "description": "Required. Default storage account name. Storage account that contains output parameters and common scripts" + } + }, + "artifactsStorageAccountKey": { + "type": "securestring", + "metadata": { + "description": "Required. Default storage account Key. Storage account that contains output parameters and common scripts" + } + }, + "workspaceId": { + "type": "string", + "metadata": { + "description": "Required. WorkspaceId or CustomerId value of OMS. This value is referenced in OMS VM Extension" + } + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "type": "securestring", + "metadata": { + "description": "Required. WorkspaceKey value of OMS. This value is referenced in OMS VM Extension" + } + }, + "diagnosticsStorageAccountName": { + "type": "string", + "metadata": { + "description": "Required. Storage account used to store diagnostic information" + } + }, + "diagnosticsStorageAccountSasToken": { + "type": "securestring", + "metadata": { + "description": "Required. Diagnostic Storage Account SAS token" + } + }, + "adIpAddress": { + "type": "string", + "metadata": { + "description": "Required. IP address used as initial Active Directory Domain Services IP" + } + }, + "keyVaultId": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. AKV Resource Id" + } + }, + "keyVaultURL": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. AKV URL" + } + }, + "adKeyEncryptionURL": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Active Directory AKV encryption key" + } + }, + "vNetId": { + "type": "string", + "metadata": { + "description": "Required. Shared services Virtual Network resource identifier" + } + }, + "domainControllerAsgId": { + "type": "string", + "metadata": { + "description": "Required. ASG associated to Domain Controllers" + } + }, + "subnetName": { + "type": "string", + "metadata": { + "description": "Required. Name of Shared Services Subnet, this name is used to get the SubnetId" + } + }, + "cloudZone": { + "type": "string", + "metadata": { + "description": "Required. Cloud AD zone name, this zone is used to establish one way trust relationship" + } + }, + "domainName": { + "type": "string", + "metadata": { + "description": "Required. AD domain name" + } + }, + "adSitename": { + "type": "string", + "metadata": { + "description": "Required. Active Directory site name, this site is used to place all Active Directory Domain Services Virtual Machines." + } + }, + "domainAdminUsername": { + "type": "securestring", + "metadata": { + "description": "Required. Domain user that has privileges to join a VM into a Domain" + } + }, + "domainAdminPassword": { + "type": "securestring", + "metadata": { + "description": "Required. Domain user that has privileges to join a VM into a Domain" + } + } + }, + "variables": { + "enableDiskEncryption": "[not(or(or(empty(parameters('keyVaultURL')), empty(parameters('keyVaultId'))), empty(parameters('adKeyEncryptionURL'))))]", + "uniqueString": "[uniqueString(subscription().id, resourceGroup().id, concat(parameters('virtualMachineName'), '-adds'))]", + "subnetName": "[parameters('subnetName')]", + "availabilitySetName": "[concat(parameters('virtualMachineName'), '-as')]", + "subnetId": "[concat(parameters('vNetId'), '/subnets/', variables('subnetName'))]", + "antimalwareExtensionName": "IaaSAntimalware", + "diagnosticsExtensionName": "IaaSDiagnostics", + "networkWatcherExtensionName": "NetworkWatcher", + "MMAExtensionName": "OMSExtension", + "azureDiskEncryptionExtensionName": "AzureDiskEncryption", + "customAddsExtensionName": "DSCSetupADDS", + "encryptionOperation": "EnableEncryption", + "keyEncryptionAlgorithm": "RSA-OAEP", + "tagPatching": "3rdSat7pm", + "windowsPasswordPoliciesExtensionName": "PwdPolicies", + "windowsDependencyExtensionName": "DependencyAgent", + "windowsDependencyExtensionPublisher": "Microsoft.Azure.Monitoring.DependencyAgent", + "windowsDependencyExtensionType": "DependencyAgentWindows", + "windowsDependencyExtensionHandlerVersion": "9.6", + "maxPasswordAge": 70, + "minPasswordAge": 1, + "minPasswordLength": 14, + "pwdHistoryCount": 24, + "pwdMinLengthConfigName": "MinimumPasswordLength", + "pwdMinAgeConfigName": "MinimumPasswordAge", + "pwdNotLast24ConfigMName": "EnforcePasswordHistory", + "pwdWithoutReversibleEncryptionConfigName": "StorePasswordsUsingReversibleEncryption", + "pwdMaxAgeConfigName": "MaximumPasswordAge", + "pwdComplexityConfigName": "PasswordMustMeetComplexityRequirements", + "webServerWithTls1.1ConfigName": "AuditSecureProtocol" + }, + "resources": [ + { + "type": "Microsoft.Compute/availabilitySets", + "apiVersion": "2016-04-30-preview", + "location": "[resourceGroup().location]", + "name": "[variables('availabilitySetName')]", + "tags": { + "layer": "Identity" + }, + "properties": { + "platformFaultDomainCount": 2, + "platformUpdateDomainCount": 5, + "managed": true + }, + "sku": { + "name": "Aligned" + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2017-09-01", + "location": "[resourceGroup().location]", + "name": "[concat(parameters('virtualMachineName'), '-nic')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "privateIPAllocationMethod": "Static", + "privateIPAddress": "[parameters('adIpAddress')]", + "subnet": { + "id": "[variables('subnetId')]" + }, + "applicationSecurityGroups": [ + { + "id": "[parameters('domainControllerAsgId')]" + } + ] + } + } + ] + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "name": "[parameters('virtualMachineName')]", + "tags": { + "layer": "Identity", + "computerName": "[parameters('virtualMachineName')]", + "UpdateManagement": "[variables('tagPatching')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('virtualMachineName'), '-nic'))]" + ], + "properties": { + "availabilitySet": { + "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]" + }, + "osProfile": { + "computerName": "[parameters('virtualMachineName')]", + "adminUsername": "[parameters('domainAdminUsername')]", + "adminPassword": "[parameters('domainAdminPassword')]" + }, + "hardwareProfile": { + "vmSize": "[parameters('virtualMachineSize')]" + }, + "storageProfile": { + "imageReference": { + "publisher": "[parameters('virtualMachineOSImage').publisher]", + "offer": "[parameters('virtualMachineOSImage').offer]", + "sku": "[parameters('virtualMachineOSImage').sku]", + "version": "latest" + }, + "osDisk": { + "name": "[replace(toLower(substring(concat(parameters('virtualMachineName'), '-osdisk', '-', replace(concat(variables('uniqueString'), variables('uniqueString')), '-', '')), 0, 30)), '-', '')]", + "osType": "Windows", + "createOption": "FromImage", + "diskSizeGB": 256 + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('virtualMachineName'), '-nic'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": true, + "storageUri": "[concat('https://', parameters('diagnosticsStorageAccountName'), '.blob.core.windows.net/')]" + } + } + }, + "resources": [ + { + "type": "extensions", + "name": "[variables('MMAExtensionName')]", + "apiVersion": "2015-06-15", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "publisher": "Microsoft.EnterpriseCloud.Monitoring", + "type": "MicrosoftMonitoringAgent", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "settings": { + "workspaceId": "[parameters('workspaceId')]" + }, + "protectedSettings": { + "workspaceKey": "[parameters('logAnalyticsWorkspacePrimarySharedKey')]" + } + } + }, + { + "type": "extensions", + "name": "[variables('antimalwareExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('customAddsExtensionName'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.Security", + "type": "IaaSAntimalware", + "typeHandlerVersion": "1.5", + "autoUpgradeMinorVersion": true, + "settings": { + "AntimalwareEnabled": true, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "isEnabled": "true", + "scanType": "Quick", + "day": "7", + "time": "120" + } + } + } + }, + { + "type": "extensions", + "name": "[variables('diagnosticsExtensionName')]", + "location": "[resourceGroup().location]", + "apiVersion": "2017-03-30", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('customAddsExtensionName'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.Diagnostics", + "type": "IaaSDiagnostics", + "typeHandlerVersion": "1.5", + "autoUpgradeMinorVersion": true, + "settings": { + "StorageAccount": "[parameters('diagnosticsStorageAccountName')]", + "StorageType": "Blob", + "WadCfg": { + "DiagnosticMonitorConfiguration": { + "overallQuotaInMB": 5120, + "Metrics": { + "resourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "MetricAggregation": [ + { + "scheduledTransferPeriod": "PT1H" + }, + { + "scheduledTransferPeriod": "PT1M" + } + ] + }, + "DiagnosticInfrastructureLogs": { + "scheduledTransferLogLevelFilter": "Error" + }, + "PerformanceCounters": { + "scheduledTransferPeriod": "PT1M", + "PerformanceCounterConfiguration": [ + { + "counterSpecifier": "\\Processor Information(_Total)\\% Processor Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Processor Information(_Total)\\% Privileged Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Processor Information(_Total)\\% User Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Processor Information(_Total)\\Processor Frequency", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\System\\Processes", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Process(_Total)\\Thread Count", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Process(_Total)\\Handle Count", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\System\\System Up Time", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\System\\Context Switches/sec", + "unit": "CountPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\System\\Processor Queue Length", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\% Committed Bytes In Use", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Available Bytes", + "unit": "Bytes", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Committed Bytes", + "unit": "Bytes", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Cache Bytes", + "unit": "Bytes", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Pool Paged Bytes", + "unit": "Bytes", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Pool Nonpaged Bytes", + "unit": "Bytes", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Pages/sec", + "unit": "CountPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Memory\\Page Faults/sec", + "unit": "CountPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Process(_Total)\\Working Set", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Process(_Total)\\Working Set - Private", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Read Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\% Disk Write Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\% Idle Time", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Bytes/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Read Bytes/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Write Bytes/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Transfers/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Reads/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Disk Writes/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Transfer", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Read", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk sec/Write", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Queue Length", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Read Queue Length", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Avg. Disk Write Queue Length", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\% Free Space", + "unit": "Percent", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\LogicalDisk(_Total)\\Free Megabytes", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Bytes Total/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Bytes Sent/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Bytes Received/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Packets/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Packets Sent/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Packets Received/sec", + "unit": "BytesPerSecond", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Packets Outbound Errors", + "unit": "Count", + "sampleRate": "PT60S" + }, + { + "counterSpecifier": "\\Network Interface(*)\\Packets Received Errors", + "unit": "Count", + "sampleRate": "PT60S" + } + ] + }, + "WindowsEventLog": { + "scheduledTransferPeriod": "PT1M", + "DataSource": [ + { + "name": "Application!*[System[(Level = 1 or Level = 2 or Level = 3)]]" + }, + { + "name": "Security!*[System[band(Keywords,4503599627370496)]]" + }, + { + "name": "System!*[System[(Level = 1 or Level = 2 or Level = 3)]]" + } + ] + } + } + } + }, + "protectedSettings": { + "storageAccountName": "[parameters('diagnosticsStorageAccountName')]", + "storageAccountSasToken": "[parameters('diagnosticsStorageAccountSasToken')]", + "storageAccountEndPoint": "https://core.windows.net" + } + } + }, + { + "type": "extensions", + "name": "[variables('networkWatcherExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('customAddsExtensionName'))]" + ], + "properties": { + "publisher": "Microsoft.Azure.NetworkWatcher", + "type": "NetworkWatcherAgentWindows", + "typeHandlerVersion": "1.4", + "autoUpgradeMinorVersion": true + } + }, + { + "type": "extensions", + "name": "[variables('customAddsExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "publisher": "Microsoft.Powershell", + "type": "DSC", + "typeHandlerVersion": "2.9", + "autoUpgradeMinorVersion": true, + "settings": { + "configuration": { + "url": "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/newADDomain.zip?', parameters('artifactsStorageAccountSasKey'))]", + "script": "newDomain.ps1", + "function": "NewDomain" + }, + "configurationArguments": { + "DomainName": "[parameters('domainName')]" + } + }, + "protectedSettings": { + "configurationArguments": { + "AdminCreds": { + "UserName": "[parameters('domainAdminUsername')]", + "Password": "[parameters('domainAdminPassword')]" + }, + "SafeModeAdminCreds": { + "UserName": "[parameters('domainAdminUsername')]", + "Password": "[parameters('domainAdminPassword')]" + } + } + } + } + }, + { + "type": "extensions", + "name": "[variables('windowsPasswordPoliciesExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.8", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/enable-local-policy-settings.ps1')]" + ] + }, + "protectedSettings": { + "storageAccountName": "[parameters('artifactsStorageAccountName')]", + "storageAccountKey": "[parameters('artifactsStorageAccountKey')]", + "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ./Windows/enable-local-policy-settings.ps1 -MaxPwdAge ', variables('maxPasswordAge'), ' -MinPwdAge ', variables('minPasswordAge'), ' -MinPwdLength ', variables('minPasswordLength'), ' -PwdHistoryCount ', variables('pwdHistoryCount'))]" + } + } + }, + { + "type": "extensions", + "name": "[variables('windowsDependencyExtensionName')]", + "apiVersion": "2018-06-01", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsPasswordPoliciesExtensionName')]" + ], + "properties": { + "publisher": "[variables('windowsDependencyExtensionPublisher')]", + "type": "[variables('windowsDependencyExtensionType')]", + "typeHandlerVersion": "[variables('windowsDependencyExtensionHandlerVersion')]", + "autoUpgradeMinorVersion": true + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdMinLengthConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdMinLengthConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdMinAgeConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdMinAgeConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdNotLast24ConfigMName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdNotLast24ConfigMName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdWithoutReversibleEncryptionConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdWithoutReversibleEncryptionConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('webServerWithTls1.1ConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('webServerWithTls1.1ConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdMaxAgeConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdMaxAgeConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2018-06-30-preview", + "type": "Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments", + "name": "[concat(parameters('virtualMachineName'), '/Microsoft.GuestConfiguration/', variables('pwdComplexityConfigName'))]", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "guestConfiguration": { + "name": "[variables('pwdComplexityConfigName')]", + "version": "1.*" + } + } + }, + { + "apiVersion": "2015-05-01-preview", + "name": "AzurePolicyforWindows", + "type": "extensions", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[variables('windowsDependencyExtensionName')]" + ], + "properties": { + "publisher": "Microsoft.GuestConfiguration", + "type": "ConfigurationforWindows", + "typeHandlerVersion": "1.1", + "autoUpgradeMinorVersion": true, + "settings": {}, + "protectedSettings": {} + } + }, + { + "type": "extensions", + "name": "[variables('azureDiskEncryptionExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "condition": "[variables('enableDiskEncryption')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('customAddsExtensionName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('antimalwareExtensionName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('diagnosticsExtensionName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), variables('networkWatcherExtensionName'))]", + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'AzurePolicyforWindows')]" + ], + "properties": { + "publisher": "Microsoft.Azure.Security", + "type": "AzureDiskEncryption", + "typeHandlerVersion": "2.2", + "autoUpgradeMinorVersion": true, + "forceUpdateTag": "1.0", + "settings": { + "EncryptionOperation": "[variables('encryptionOperation')]", + "KeyVaultURL": "[parameters('keyVaultURL')]", + "KeyVaultResourceId": "[parameters('keyVaultId')]", + "KeyEncryptionKeyURL": "[parameters('adKeyEncryptionURL')]", + "KeyEncryptionAlgorithm": "[variables('keyEncryptionAlgorithm')]", + "VolumeType": "All", + "ResizeOSDisk": false + } + } + } + ] + }, + { + "name": "vmOSEncryptionNestedDeployment", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2016-09-01", + "condition": "[variables('enableDiskEncryption')]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2017-03-30", + "type": "Microsoft.Compute/virtualMachines", + "name": "[concat(parameters('virtualMachineName'), copyindex(1))]", + "condition": "[variables('enableDiskEncryption')]", + "location": "[resourceGroup().location]", + "properties": { + "storageProfile": { + "osDisk": { + "encryptionSettings": { + "enabled": true, + "diskEncryptionKey": { + "sourceVault": { + "id": "[parameters('keyVaultId')]" + }, + "secretUrl": "[if(equals(variables('enableDiskEncryption'), bool('false')), json('null'), reference(resourceId('Microsoft.Compute/virtualMachines/extensions', concat(parameters('virtualMachineName'), copyindex(1)), variables('azureDiskEncryptionExtensionName')), '2018-10-01').instanceView.statuses[0].message)]" + }, + "keyEncryptionKey": { + "sourceVault": { + "id": "[parameters('keyVaultId')]" + }, + "keyUrl": "[parameters('adKeyEncryptionURL')]" + } + } + } + } + } + } + ] + }, + "parameters": {} + } + }, + { + "name": "PSCloudZoneNestedDeployment", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2016-09-01", + "dependsOn": [ + "vmOSEncryptionNestedDeployment" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2017-03-30", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('virtualMachineName')]", + "location": "[resourceGroup().location]", + "resources": [ + { + "type": "extensions", + "name": "[variables('windowsPasswordPoliciesExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.8", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/new-dns-zone.ps1')]" + ] + }, + "protectedSettings": { + "storageAccountName": "[parameters('artifactsStorageAccountName')]", + "storageAccountKey": "[parameters('artifactsStorageAccountKey')]", + "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ./windows/new-dns-zone.ps1 -DnsZone ', parameters('cloudZone'))]" + } + } + } + ] + } + ] + }, + "parameters": {} + } + }, + { + "name": "PSCloudSiteNestedDeployment", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2016-09-01", + "dependsOn": [ + "PSCloudZoneNestedDeployment" + ], + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "resources": [ + { + "apiVersion": "2017-03-30", + "type": "Microsoft.Compute/virtualMachines", + "name": "[parameters('virtualMachineName')]", + "location": "[resourceGroup().location]", + "resources": [ + { + "type": "extensions", + "name": "[variables('windowsPasswordPoliciesExtensionName')]", + "apiVersion": "2017-03-30", + "location": "[resourceGroup().location]", + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.8", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[concat('https://', parameters('artifactsStorageAccountName'), '.blob.core.windows.net/scripts/Windows/create-new-cloud-ad-site.ps1')]" + ] + }, + "protectedSettings": { + "storageAccountName": "[parameters('artifactsStorageAccountName')]", + "storageAccountKey": "[parameters('artifactsStorageAccountKey')]", + "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ./windows/create-new-cloud-ad-site.ps1 -CloudSite ', parameters('adSitename'))]" + } + } + } + ] + } + ] + }, + "parameters": {} + } + } + ], + "outputs": { + "adResourceGroup": { + "type": "string", + "value": "[resourceGroup().name]", + "metadata": { + "description": "The Resource Group that was deployed to." + } + }, + "dnsServers": { + "type": "string", + "value": "[parameters('adIpAddress')]", + "metadata": { + "description": "Static IP of the primary domain controller." + } + } + } +} \ No newline at end of file diff --git a/Modules/ActiveDirectory/2.0/parameters.json b/Modules/ActiveDirectory/2.0/parameters.json new file mode 100644 index 0000000..29e883b --- /dev/null +++ b/Modules/ActiveDirectory/2.0/parameters.json @@ -0,0 +1,67 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "virtualMachineName": { + "value": "adds" + }, + "virtualMachineSize": { + "value": "Standard_DS2_v2" + }, + "virtualMachineOSImage": { + "value": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2016-Datacenter" + } + }, + "artifactsStorageAccountSasKey": { + "value": "" + }, + "artifactsStorageAccountName": { + "value": "vdcstorage" + }, + "artifactsStorageAccountKey": { + "value": "" + }, + "workspaceId": { + "value": "00000000-0000-0000-0000-000000000000" + }, + "logAnalyticsWorkspacePrimarySharedKey": { + "value": "" + }, + "diagnosticsStorageAccountName": { + "value": "contoso-diag-storage" + }, + "diagnosticsStorageAccountSasToken": { + "value": "" + }, + "adIpAddress": { + "value": "11.4.0.46" + }, + "vNetId": { + "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup/providers/Microsoft.Network/virtualNetworks/contoso-vnet-example" + }, + "domainControllerAsgId": { + "value": "dc" + }, + "subnetName": { + "value": "sharedsvcs" + }, + "cloudZone": { + "value": "Cloud-Zone" + }, + "domainName": { + "value": "contoso.com" + }, + "adSitename": { + "value": "Cloud-Site" + }, + "domainAdminUsername": { + "value": "contoso" + }, + "domainAdminPassword": { + "value": "password" + } + } +} \ No newline at end of file diff --git a/Modules/ActiveDirectory/2.0/readme.md b/Modules/ActiveDirectory/2.0/readme.md new file mode 100644 index 0000000..be2771a --- /dev/null +++ b/Modules/ActiveDirectory/2.0/readme.md @@ -0,0 +1,55 @@ +# ADDS + +This template deploys Active Directory Domain Services. + +## Resources + +- Microsoft.Compute/availabilitySets +- Microsoft.Network/networkInterfaces +- Microsoft.Compute/virtualMachines +- Microsoft.Compute/virtualMachines/extensions +- Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments + +## Parameters + +| Parameter Name | Default Value | Description | +| :- | :- | :- | +| `virtualMachineName` | | Required. Name for the ADDS VMs +| `virtualMachineCount` | `2` | Optional. Number of VMs to create +| `virtualMachineSize` | `Standard_DS2_v2` | Optional. Size of the ADDS VMs +| `virtualMachineOSImage` | | Required. OS image used for the ADDS VMs| `artifactsStorageAccountSasKey` | | Required. Shared Access Signature Key used to download custom scripts +| `artifactsStorageAccountName` | | Required. Default storage account name. Storage account that contains output parameters and common scripts +| `artifactsStorageAccountKey` | | Required. Default storage account Key. Storage account that contains output parameters and common scripts +| `workspaceId` | | Required. WorkspaceId or CustomerId value of OMS. This value is referenced in OMS VM Extension +| `logAnalyticsWorkspacePrimarySharedKey` | | Required. WorkspaceKey value of OMS. This value is referenced in OMS VM Extension +| `diagnosticsStorageAccountName` | | Required. Storage account used to store diagnostic information +| `diagnosticsStorageAccountSasToken` | | Required. Diagnostic Storage Account SAS token +| `addsAddressStart` | | Required. IP address used as initial Active Directory Domain Services IP +| `keyVaultId` | `""` | Optional. AKV Resource Id +| `keyVaultURL` | `""` | Optional. AKV URL +| `addsKeyEncryptionURL` | `""` | Optional. Active Directory Domain Services AKV encryption key +| `vNetId` | | Required. Shared services Virtual Network resource identifier +| `domainControllerAsgId` | | Required. ASG associated to Domain Controllers +| `subnetName` | | Required. Name of Shared Services Subnet, this name is used to get the SubnetId +| `adminUsername` | | Required. The username used to establish ADDS VMs +| `adminPassword` | | Required. The password given to the admin user +| `domainName` | | Required. AD domain name +| `primaryDCIP` | | Required. On-premises domain IP +| `ADSitename` | | Required. On-premises Active Directory site name +| `domaincontrollerDriveLetter` | | Required. Drive letter to install ADDS +| `domainAdminPassword` | | Required. Domain user that has privileges to join a VM into a Domain + +## Outputs + +| Output Name | Description | +| :- | :- | +| `aadsResourceGroup` | The Resource Group that was deployed to. + +## Considerations + +*N/A* + +## Additional resources + +- [Active Directory Domain Services](https://docs.microsoft.com/en-us/windows/desktop/ad/active-directory-domain-services) +- [Microsoft.Compute virtualMachines template reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2019-03-01/virtualmachines) diff --git a/Modules/ActiveDirectoryDomainServices/2.0/deploy.json b/Modules/ActiveDirectoryDomainServices/2.0/deploy.json index 2cd7393..9c4583f 100644 --- a/Modules/ActiveDirectoryDomainServices/2.0/deploy.json +++ b/Modules/ActiveDirectoryDomainServices/2.0/deploy.json @@ -179,7 +179,6 @@ "MMAExtensionName": "OMSExtension", "azureDiskEncryptionExtensionName": "AzureDiskEncryption", "customAddsExtensionName": "DSCSetupADDS", - "encryptionExtensionName": "AzureDiskEncryption", "encryptionOperation": "EnableEncryption", "keyEncryptionAlgorithm": "RSA-OAEP", "tagPatching": "3rdSat7pm", @@ -948,7 +947,7 @@ "sourceVault": { "id": "[parameters('keyVaultId')]" }, - "secretUrl": "[if(equals(variables('enableDiskEncryption'), bool('false')), json('null'), reference(resourceId('Microsoft.Compute/virtualMachines/extensions', concat(parameters('virtualMachineName'), copyindex(1)), variables('encryptionExtensionName')), '2018-10-01').instanceView.statuses[0].message)]" + "secretUrl": "[if(equals(variables('enableDiskEncryption'), bool('false')), json('null'), reference(resourceId('Microsoft.Compute/virtualMachines/extensions', concat(parameters('virtualMachineName'), copyindex(1)), variables('azureDiskEncryptionExtensionName')), '2018-10-01').instanceView.statuses[0].message)]" }, "keyEncryptionKey": { "sourceVault": { diff --git a/Modules/RouteTables/2.0/deploy.json b/Modules/RouteTables/2.0/deploy.json index 78e0b8e..b7be3f2 100644 --- a/Modules/RouteTables/2.0/deploy.json +++ b/Modules/RouteTables/2.0/deploy.json @@ -10,9 +10,9 @@ }, "routes": { "type": "array", - "minLength": 1, + "defaultValue": [], "metadata": { - "description": "Required. An Array of Routes to be established within the hub route table." + "description": "Optional. An Array of Routes to be established within the hub route table." } } }, diff --git a/Modules/RouteTables/2.0/parameters.json b/Modules/RouteTables/2.0/parameters.json index b513499..487d777 100644 --- a/Modules/RouteTables/2.0/parameters.json +++ b/Modules/RouteTables/2.0/parameters.json @@ -4,39 +4,6 @@ "parameters": { "routeTableName": { "value": "route-table" - }, - "routes": { - "value": [ - { - "name": "tojumpboxes", - "properties": { - "addressPrefix": "172.16.0.48/28", - "nextHopType": "VnetLocal" - } - }, - { - "name": "tosharedservices", - "properties": { - "addressPrefix": "172.16.0.64/27", - "nextHopType": "VnetLocal" - } - }, - { - "name": "toonprem", - "properties": { - "addressPrefix": "10.0.0.0/8", - "nextHopType": "VirtualNetworkGateway" - } - }, - { - "name": "tonva", - "properties": { - "addressPrefix": "172.16.0.0/18", - "nextHopType": "VirtualAppliance", - "nextHopIpAddress": "172.16.0.20" - } - } - ] } } } diff --git a/Modules/RouteTables/2.0/readme.md b/Modules/RouteTables/2.0/readme.md index 13a5422..6ec60a3 100644 --- a/Modules/RouteTables/2.0/readme.md +++ b/Modules/RouteTables/2.0/readme.md @@ -11,7 +11,7 @@ This template deploys User Defined Route Tables. | Parameter Name | Default Value | Description | | :- | :- | :- | | `routeTableName` | | Required. Name given for the hub route table. -| `routes` | | Required. An Array of Routes to be established within the hub route table. +| `routes` | [] | Optional. An Array of Routes to be established within the hub route table. ### Parameter Usage: `` diff --git a/Modules/vNet/2.0/deploy.json b/Modules/vNet/2.0/deploy.json index 5eb0bee..0d2f98c 100644 --- a/Modules/vNet/2.0/deploy.json +++ b/Modules/vNet/2.0/deploy.json @@ -23,9 +23,9 @@ }, "dnsServers": { "type": "array", - "minLength": 1, + "defaultValue": [], "metadata": { - "description": "Required. DNS Servers associated to the Virtual Network." + "description": "Optional. DNS Servers associated to the Virtual Network." } }, "enableDdosProtection": { @@ -62,7 +62,10 @@ } ] }, - "ddosProtectionPlanName": "[concat(parameters('vNetName'), '-ddos')]" + "ddosProtectionPlanName": "[concat(parameters('vNetName'), '-ddos')]", + "dnsServers": { + "dnsServers": "[parameters('dnsServers')]" + } }, "resources": [ { @@ -83,9 +86,7 @@ "addressPrefixes": "[parameters('vNetAddressPrefixes')]" }, "ddosProtectionPlan": "[if(equals(parameters('enableDdosProtection'), bool('false')), json('null'), json(concat('{\"id\":\"', resourceId('Microsoft.Network/ddosProtectionPlans', variables('ddosProtectionPlanName')),'\"}')))]", - "dhcpOptions": { - "dnsServers": "[parameters('dnsServers')]" - }, + "dhcpOptions": "[if(empty(parameters('dnsServers')), json('null'), variables('dnsServers'))]", "enableDdosProtection": "[parameters('enableDdosProtection')]", "enableVmProtection": "[parameters('enableVmProtection')]", "copy": [ diff --git a/Modules/vNet/2.0/parameters.json b/Modules/vNet/2.0/parameters.json index 1aaff46..ba854db 100644 --- a/Modules/vNet/2.0/parameters.json +++ b/Modules/vNet/2.0/parameters.json @@ -10,11 +10,6 @@ "10.0.0.0/16" ] }, - "dnsServers": { - "value": [ - "192.168.1.4" - ] - }, "subnets": { "value": [ { diff --git a/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 b/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 index 9eb4af3..ef75462 100644 --- a/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 +++ b/Orchestration/IntegrationService/Implementations/AzureResourceManagerDeploymentService.ps1 @@ -359,12 +359,26 @@ Class AzureResourceManagerDeploymentService: IDeploymentService { $cacheItems | ForEach-Object { # Cache Items object's TenantId is null when run in # an AzDO Agent - if ($null -ne $_.TenantId ` - -and $_.TenantId -eq $tenantId ` - -and $_.ExpiresOn -gt (Get-Date)) { - $accessToken = $_.AccessToken; + + # Note, doing a break; in Powershell, exits the entire + # script execution, not only the function. + if([string]::IsNullOrEmpty($accessToken)) + { + if ($null -ne $_.TenantId ` + -and $_.TenantId -eq $tenantId ` + -and $_.ExpiresOn -gt (Get-Date)) { + $accessToken = $_.AccessToken; + Write-Debug "Access token found with tenant id filter"; + } + elseif ($null -eq $_.TenantId ` + -and $_.ExpiresOn -gt (Get-Date)) + { + $accessToken = $_.AccessToken; + Write-Debug "Access token found without tenant id filter"; + } } } + Write-Debug "Access token is: $(ConvertTo-Json $accessToken)"; if([string]::IsNullOrEmpty($accessToken)) { Throw "Login to the right tenant. Tenant specified in the ` subscription file may be different from the logged in Tenant `