├── Changelog.docx
├── DSC
└── Configuration.zip
├── IaaSBuilder.ps1
├── Imgs
├── 1.3.JPG
├── 1.4.JPG
├── 1.6.JPG
├── 1.7.JPG
├── 2.0.JPG
├── 2.2.JPG
├── 2.3.JPG
└── v1.5.2.JPG
├── README.md
├── STIG
├── GenerateStigChecklist.ps1
├── InstallModules.ps1
├── RequiredModules.ps1
├── STIGDeployment.zip
├── Windows.ps1
└── localhost.mof
├── Templates
├── 3NIC_1Tier_HA
│ ├── PAYGDeploy.json
│ └── azureDeploy.json
├── 3NIC_3Tier_HA
│ ├── PAYGDeploy.json
│ └── azureDeploy.json
├── AzureTemplate.json
├── AzureTemplateSACA.json
├── AzureTemplateSpot.json
├── AzureWVD.json
├── Bastion.json
├── HostGroup.json
├── HostGroup.parameters.json
├── Networking.json
├── SACA
│ ├── 1T_SACA_F5_Deploy.json
│ ├── 1T_SACA_NetworkBuild.json
│ ├── 3T_SACA_F5_Deploy.json
│ ├── 3T_SACA_IPSDeploy.json
│ ├── 3T_SACA_NetworkBuild.json
│ └── Baseline
│ │ └── byolscca.json
└── mainTemplate.json
├── form.xml
└── nested
├── AVDandHostPool.json
├── README.md
├── azureadds.json
├── bastion.json
├── keyvault.json
├── networking.json
└── resourcegroup.json
/Changelog.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Changelog.docx
--------------------------------------------------------------------------------
/DSC/Configuration.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/DSC/Configuration.zip
--------------------------------------------------------------------------------
/Imgs/1.3.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/1.3.JPG
--------------------------------------------------------------------------------
/Imgs/1.4.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/1.4.JPG
--------------------------------------------------------------------------------
/Imgs/1.6.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/1.6.JPG
--------------------------------------------------------------------------------
/Imgs/1.7.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/1.7.JPG
--------------------------------------------------------------------------------
/Imgs/2.0.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/2.0.JPG
--------------------------------------------------------------------------------
/Imgs/2.2.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/2.2.JPG
--------------------------------------------------------------------------------
/Imgs/2.3.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/2.3.JPG
--------------------------------------------------------------------------------
/Imgs/v1.5.2.JPG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/Imgs/v1.5.2.JPG
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fchlaplan%2FIaaS-Builder%2Fmaster%2FTemplates%2FmainTemplate.json)
2 |
3 | # IaaS-Builder
4 | Azure Automation IaaS Builder is a GUI based script that allows you to enter basic information about the domain and servers you want to build in Azure.
5 |
6 | Current DSC Packs:
7 | Domain Controller (DC)
8 | Certification Authority (CA)
9 | Exchange 2016
10 | System Center Endpoint Protection (SCEP/SCCM)
11 | Active Directory Federation Services (ADFS)
12 | SharePoint
13 | Workstation - Domain Join
14 | Azure Windows Virtual Desktop
15 |
16 | 
17 |
--------------------------------------------------------------------------------
/STIG/GenerateStigChecklist.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | .SYNOPSIS
3 | When "Run as administrator" this script will generate a checklist file via PowerSTIG for Windows Server 2016/2019 that can be viewed with DISA's StigViewer
4 | (https://public.cyber.mil/stigs/srg-stig-tools/).
5 | A checklist is included with this script as an example of the compliance status with manual checklist entries added.
6 | Please confirm all security settings once deployed to your environment.
7 | .DESCRIPTION
8 | This script is able to generate checklist files for Server 2019 and 2016, with applications installed on base images (Windows Defender, Internet Explorer, Windows Firewall,
9 | and DotNet Framework 4)
10 | .NOTES
11 | This script is included to assist with generating a checklist of a newly deployed VM. Modifications to the script may be required based on organization requirements
12 | .EXAMPLE
13 | .\GenerateChecklist.ps1
14 | #>
15 |
16 | Import-Module PowerStig -verbose -force
17 |
18 | # Get OS version and Paths
19 | $powerSTIGpath = (Get-Module -Name PowerSTIG).ModuleBase
20 | $outputFolder = New-Item -Path "C:\STIG" -ItemType Directory -Force
21 | $outputPath = "$outputFolder\$env:COMPUTERNAME-StigChecklist.ckl"
22 | $fullOsVersion = (Get-WmiObject Win32_OperatingSystem).Caption
23 |
24 | switch -Wildcard ($fullOsVersion) {
25 | "*2016*" {
26 | $osVersion = "2016"
27 | break
28 | }
29 | "*2019*" {
30 | $osVersion = "2019"
31 | break
32 | }
33 | }
34 |
35 | # Wait for configuration to apply and get DSC Results
36 | while ((Get-DscLocalConfigurationManager).LCMState -notmatch "Idle") {
37 | Start-Sleep 5
38 | Write-Host "Waiting 5 seconds for retry"
39 | }
40 | $dscResults = Test-DscConfiguration -Detailed
41 |
42 | # Server STIGs
43 | $latestOsVersion = (Get-Stig -ListAvailable | Where-Object { $_.TechnologyVersion -eq $OsVersion -and $_.TechnologyRole -eq "MS" } | Measure-Object -Maximum -Property Version).Maximum
44 | $serverOsSTIG = '{0}\StigData\Archive\Windows.Server.{1}\U_MS_Windows_Server_{1}_MS_STIG_V{2}R{3}_Manual-xccdf.xml' -f $powerSTIGpath, $OsVersion, $latestOsVersion.Major, $latestOsVersion.Minor
45 | $manServerSTIG = "U_MS_Windows_Server_{0}_MS_STIG_V{1}R{2}_Manual-xccdf.xml" -f $OsVersion, $latestOsVersion.Major, $latestOsVersion.Minor
46 |
47 | # Windows Defender STIG
48 | $latestDefenderVersion = (Get-Stig -ListAvailable | Where-Object Technology -eq "WindowsDefender" | Measure-Object -Maximum -Property Version).Maximum
49 | $defenderSTIG = '{0}\StigData\Archive\Windows.Defender\U_MS_Windows_Defender_Antivirus_STIG_V{1}R{2}_Manual-xccdf.xml' -f $powerSTIGpath, $latestDefenderVersion.Major, $latestDefenderVersion.Minor
50 |
51 | # Internet Explorer STIG
52 | $latestIEVersion = (Get-Stig -ListAvailable | Where-Object Technology -eq "InternetExplorer" | Measure-Object -Maximum -Property Version).Maximum
53 | $internetExplorerSTIG = '{0}\StigData\Archive\InternetExplorer\U_MS_IE11_STIG_V{1}R{2}_Manual-xccdf.xml' -f $powerSTIGpath, $latestIEVersion.Major, $latestIEVersion.Minor
54 |
55 | # Windows Firewall STIG
56 | $latestFirewallVersion = (Get-Stig -ListAvailable | Where-Object Technology -eq "WindowsFirewall" | Measure-Object -Maximum -Property Version).Maximum
57 | $firewallSTIG = '{0}\StigData\Archive\Windows.Firewall\U_Windows_Firewall_STIG_V{1}R{2}_Manual-xccdf.xml' -f $powerSTIGpath, $latestFirewallVersion.Major, $latestFirewallVersion.Minor
58 | $manfirewallSTIG = "U_Windows_Firewall_STIG_V{0}R{1}_Manual-xccdf.xml" -f $latestFirewallVersion.Major, $latestFirewallVersion.Minor
59 |
60 | # Array of STIGS to add to checklist
61 | $xccdfPath = @($serverOsSTIG, $defenderSTIG, $internetExplorerSTIG, $firewallSTIG)
62 | $status = "NotAFinding"
63 | $comments = "Not Applicable"
64 | $details = 'Not applicable for this VM as of deployment time {0} any changes to VM after deployement time may impact this rule' -f $(Get-Date)
65 |
66 | # Set manual rule data
67 | $manualRules = @(
68 | @{
69 | osVersion = "2019"
70 | stig = $manServerSTIG
71 | id = @("V-205624", "V-205657", "V-205661", "V-205664", "V-205677", "V-205699", "V-205721", "V-205727", "V-205746", "V-205844", "V-205847", "V-205848", "V-205852", "V-205853", "V-205854", "V-205855", "V-205710", "V-205707", "V-205700", "V-205658", "V-205846")
72 | },
73 | @{
74 | osVersion = "2016"
75 | stig = $manServerSTIG
76 | id = @("V-224819", "V-224820", "V-224822", "V-224823", "V-224824", "V-224825", "V-224827", "V-224836", "V-224837", "V-224841", "V-224842", "V-224843", "V-224845", "V-224848", "V-224849", "V-224860", "V-224861", "V-224863", "V-225007","V-224829","V-224839","V-224846","V-224838")
77 | },
78 | @{
79 | osVersion = "2016|2019"
80 | stig = $manfirewallSTIG
81 | id = @("V-36440")
82 | }
83 |
84 | )
85 |
86 | # Generate manual checklist file
87 | $outputPath2 = "c:\ManualCheck.xml"
88 | $xmlWriterSettings = [System.Xml.XmlWriterSettings]::new()
89 | $xmlWriterSettings.Indent = $true
90 | $xmlWriterSettings.IndentChars = "`t"
91 | $xmlWriterSettings.NewLineChars = "`n"
92 | $writer = [System.Xml.XmlWriter]::Create($OutputPath2, $xmlWriterSettings)
93 | $writer.WriteStartElement("stigManualChecklistData")
94 |
95 | foreach ($item in $manualRules) {
96 | if ($osVersion -match $item.osVersion) {
97 | foreach ($rule in $item.id) {
98 |
99 | $writer.WriteStartElement("stigRuleData")
100 | $writer.WriteStartElement("STIG")
101 | $writer.WriteString($item.stig)
102 | $writer.WriteEndElement()
103 | $writer.WriteStartElement("ID")
104 | $writer.WriteString($rule)
105 | $writer.WriteEndElement()
106 | $writer.WriteStartElement("Status")
107 | $writer.WriteString($status)
108 | $writer.WriteEndElement()
109 | $writer.WriteStartElement("Comments")
110 | $writer.WriteString($comments)
111 | $writer.WriteEndElement()
112 | $writer.WriteStartElement("Details")
113 | $writer.WriteString($details)
114 | $writer.WriteEndElement()
115 | $writer.WriteEndElement()
116 | }
117 | }
118 | }
119 |
120 | $writer.WriteEndDocument()
121 | $writer.Flush()
122 | $writer.Close()
123 |
124 | # Generate Checklist
125 | New-StigCheckList -DscResult $dscResults -XccdfPath $xccdfPath -OutputPath $outputPath -ManualChecklistEntriesFile $outputPath2
126 |
127 | # Cleanup checklist manual entries
128 | Remove-Item -Path $outputPath2 -Force -Confirm:$false
129 |
130 | # Get CKL Content and set Localhost Data
131 | [string]$localIP = (Get-NetIPAddress -AddressFamily IPV4 | Where-Object { $_.IpAddress -notlike "127.*" } | Select-Object -First 1).IPAddress
132 | [string]$localMac = (Get-NetAdapter | Where-Object {$_.Status -eq "Up"} | Select-Object MacAddress | Select-Object -First 1).MacAddress
133 | $xml = [xml](Get-Content $outputPath)
134 | $xml.CHECKLIST.ASSET.ROLE = 'Member Server'
135 | $xml.CHECKLIST.ASSET.HOST_NAME = $env:COMPUTERNAME
136 | $xml.CHECKLIST.ASSET.HOST_IP = $localIP
137 | $xml.CHECKLIST.ASSET.HOST_MAC = $localMac
138 | $xml.CHECKLIST.ASSET.HOST_FQDN = $env:COMPUTERNAME
139 |
140 | # Import Localhost Data to Checklist
141 | $stringbuilder = New-Object System.Text.StringBuilder
142 | $writer = [System.Xml.XmlWriter]::Create($stringbuilder, $xmlWriterSettings)
143 | $xml.WriteContentTo($Writer)
144 | $Writer.Close()
145 | $xmlDoc = [System.Xml.XmlDocument]::new()
146 | $xmlDoc.PreserveWhitespace = $true
147 | $xmlDoc.LoadXml($stringbuilder.ToString())
148 | $xmlDoc.save($outputPath)
--------------------------------------------------------------------------------
/STIG/InstallModules.ps1:
--------------------------------------------------------------------------------
1 | Param(
2 | [Parameter(Mandatory = $false)] [String]$autoInstallDependencies = $false,
3 | [Parameter(Mandatory = $false)] [String]$STIG
4 | )
5 |
6 | $osVersion = (Get-WmiObject Win32_OperatingSystem).Caption
7 |
8 | if($osVersion -Match "Windows 10")
9 | {
10 | winrm quickconfig -quiet
11 |
12 | # winrm settings require NIC to be not Public
13 | $networkName = (Get-NetConnectionProfile)[0].Name
14 | Set-NetConnectionProfile -Name $networkName -NetworkCategory Private
15 |
16 | }
17 |
18 | if ($autoInstallDependencies -eq $true) {
19 | . "$PSScriptRoot\RequiredModules.ps1"
20 |
21 | # Added to support package provider download on Server 2016
22 | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
23 |
24 | Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
25 |
26 | $requiredModules = Get-RequiredModules
27 |
28 | # Install the required modules
29 | foreach ($requiredModule in $requiredModules) {
30 | Install-Module -Name $requiredModule.ModuleName -RequiredVersion $requiredModule.ModuleVersion -Force
31 | }
32 | }
33 |
34 | if ($stig -eq $true) {
35 | . "$PSScriptRoot\Windows.ps1"
36 |
37 | Start-DscConfiguration -Path "$PSScriptRoot\"
38 | }
39 |
40 | # Increase the MaxEnvelope Size
41 | Set-Item -Path WSMan:\localhost\MaxEnvelopeSizekb -Value 8192
42 |
43 | # Set Local Admin account password expires True (V-205658)
44 | $localAdmin = Get-LocalUser | Where-Object Description -eq "Built-in account for administering the computer/domain"
45 | Set-LocalUser -name $localAdmin.Name -PasswordNeverExpires $false
--------------------------------------------------------------------------------
/STIG/RequiredModules.ps1:
--------------------------------------------------------------------------------
1 | function Get-RequiredModules {
2 | return @(
3 | @{ModuleName = 'AuditPolicyDsc'; ModuleVersion = '1.4.0.0' },
4 | @{ModuleName = 'AuditSystemDsc'; ModuleVersion = '1.1.0' },
5 | @{ModuleName = 'AccessControlDsc'; ModuleVersion = '1.4.1' },
6 | @{ModuleName = 'CertificateDsc'; ModuleVersion = '5.0.0'},
7 | @{ModuleName = 'ComputerManagementDsc'; ModuleVersion = '8.4.0' },
8 | @{ModuleName = 'FileContentDsc'; ModuleVersion = '1.3.0.151' },
9 | @{ModuleName = 'GPRegistryPolicyDsc'; ModuleVersion = '1.2.0' },
10 | @{ModuleName = 'nx'; ModuleVersion = '1.0'}
11 | @{ModuleName = 'PSDscResources'; ModuleVersion = '2.12.0.0' },
12 | @{ModuleName = 'SecurityPolicyDsc'; ModuleVersion = '2.10.0.0' },
13 | @{ModuleName = 'SqlServerDsc'; ModuleVersion = '13.3.0' },
14 | @{ModuleName = 'WindowsDefenderDsc'; ModuleVersion = '2.1.0' },
15 | @{ModuleName = 'xDnsServer'; ModuleVersion = '1.16.0.0' },
16 | @{ModuleName = 'xWebAdministration'; ModuleVersion = '3.2.0' },
17 | @{ModuleName = 'PowerSTIG'; ModuleVersion = '4.9.0' }
18 | )
19 | }
--------------------------------------------------------------------------------
/STIG/STIGDeployment.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chlaplan/IaaS-Builder/d36b1e62db824b70b63b7cc910a99ecb3bf923f4/STIG/STIGDeployment.zip
--------------------------------------------------------------------------------
/STIG/Windows.ps1:
--------------------------------------------------------------------------------
1 | configuration Windows
2 | {
3 | Import-DscResource -ModuleName PowerSTIG -ModuleVersion 4.9.0
4 | Import-DscResource -ModuleName SecurityPolicyDsc -ModuleVersion 2.10.0.0
5 |
6 | [scriptblock]$localConfigurationManager = {
7 | LocalConfigurationManager {
8 | ActionAfterReboot = 'ContinueConfiguration'
9 | ConfigurationMode = 'ApplyOnly'
10 | RebootNodeIfNeeded = $true
11 | }
12 | }
13 |
14 | [scriptblock]$microsoftEdgeStig = {
15 |
16 | Edge STIG_MicrosoftEdge
17 | {
18 |
19 | }
20 | }
21 |
22 | [scriptblock]$ie11Stig = {
23 |
24 | InternetExplorer STIG_IE11
25 | {
26 | BrowserVersion = '11'
27 | SkipRule = 'V-46477'
28 | }
29 | }
30 |
31 | [scriptblock]$dotnetFrameworkStig = {
32 |
33 | DotNetFramework STIG_DotnetFramework
34 | {
35 | FrameworkVersion = '4'
36 | }
37 | }
38 |
39 | [scriptblock]$windowsFirewallStig = {
40 |
41 | WindowsFirewall STIG_WindowsFirewall
42 | {
43 | Skiprule = @('V-17443', 'V-17442')
44 | }
45 | }
46 |
47 | [scriptblock]$windowsDefenderStig = {
48 |
49 | WindowsDefender STIG_WindowsDefender
50 | {
51 | OrgSettings = @{
52 | 'V-213450' = @{ValueData = '1' }
53 | }
54 | }
55 | }
56 |
57 | [scriptblock]$windowsStig = {
58 |
59 | $osVersion = (Get-WmiObject Win32_OperatingSystem).Caption
60 | $certificateTest = Get-ChildItem -Path "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\*\Downloads\0\*.cer"
61 |
62 | if($osVersion -match "Windows 10")
63 | {
64 | WindowsClient STIG_WindowsClient
65 | {
66 | OsVersion = '10'
67 | SkipRule = @("V-220740","V-220739","V-220741", "V-220908")
68 | Exception = @{
69 | 'V-220972' = @{
70 | Identity = 'Guests'
71 | }
72 | 'V-220968' = @{
73 | Identity = 'Guests'
74 | }
75 | 'V-220969' = @{
76 | Identity = 'Guests'
77 | }
78 | 'V-220971' = @{
79 | Identity = 'Guests'
80 | }
81 | }
82 | OrgSettings = @{
83 | 'V-220912' = @{
84 | OptionValue = 'xGuest'
85 | }
86 | }
87 | }
88 | AccountPolicy BaseLine2
89 | {
90 | Name = "Windows10fix"
91 | Account_lockout_threshold = 3
92 | Account_lockout_duration = 15
93 | Reset_account_lockout_counter_after = 15
94 | }
95 | break
96 | }
97 |
98 | switch -Wildcard ($osVersion)
99 | {
100 | "*2016*"
101 | {
102 | $osVersion = '2016'
103 | $skipRules = @('V-224866', 'V-224867', 'V-224868')
104 | $exceptions = @{
105 | 'V-225019' = @{Identity = 'Guests'}
106 | 'V-225016' = @{Identity = 'Guests'}
107 | 'V-225018' = @{Identity = 'Guests'}
108 | }
109 |
110 | if ($null -eq $certificateTest -or $certificateTest.count -lt 8)
111 | {
112 | $orgSettings = @{
113 | 'V-225015' = @{Identity = 'Guests'}
114 | 'V-225027' = @{OptionValue = 'xGuest'}
115 | 'V-225063' = @{ValueData = '2'}
116 | }
117 | }
118 | else
119 | {
120 | $orgSettings = @{
121 | 'V-225015' = @{Identity = 'Guests'}
122 | 'V-225027' = @{OptionValue = 'xGuest'}
123 | 'V-225063' = @{ValueData = '2'}
124 | 'V-225021.a' = @{Location = ($certificateTest | Where-Object FullName -match "8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561.cer").FullName}
125 | 'V-225021.b' = @{Location = ($certificateTest | Where-Object FullName -match "D73CA91102A2204A36459ED32213B467D7CE97FB.cer").FullName}
126 | 'V-225021.c' = @{Location = ($certificateTest | Where-Object FullName -match "B8269F25DBD937ECAFD4C35A9838571723F2D026.cer").FullName}
127 | 'V-225021.d' = @{Location = ($certificateTest | Where-Object FullName -match "4ECB5CC3095670454DA1CBD410FC921F46B8564B.cer").FullName}
128 | 'V-225022.a' = @{Location = ($certificateTest | Where-Object FullName -match "AC06108CA348CC03B53795C64BF84403C1DBD341.cer").FullName}
129 | 'V-225022.b' = @{Location = ($certificateTest | Where-Object FullName -match "A8C27332CCB4CA49554CE55D34062A7DD2850C02.cer").FullName}
130 | 'V-225023' = @{Location = ($certificateTest | Where-Object FullName -match "AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9.cer").FullName}
131 | }
132 | }
133 |
134 | WindowsServer STIG_WindowsServer
135 | {
136 | OsVersion = $osVersion
137 | OsRole = 'MS'
138 | Exception = $exceptions
139 | OrgSettings = $orgSettings
140 | SkipRule = $skipRules
141 | }
142 |
143 | AccountPolicy BaseLine2
144 | {
145 | Name = "2016fix"
146 | Account_lockout_threshold = 3
147 | Account_lockout_duration = 15
148 | Reset_account_lockout_counter_after = 15
149 | }
150 | break
151 | }
152 | "*2019*"
153 | {
154 | $osVersion = '2019'
155 | $exceptions = @{
156 | 'V-205733' = @{Identity = 'Guests'}
157 | 'V-205672' = @{Identity = 'Guests'}
158 | 'V-205673' = @{Identity = 'Guests'}
159 | 'V-205675' = @{Identity = 'Guests'}
160 | }
161 |
162 | if ($null -eq $certificateTest -or $certificateTest.count -lt 8)
163 | {
164 | $orgSettings = @{
165 | 'V-205910' = @{OptionValue = 'xGuest'}
166 | 'V-205717' = @{ValueData = '2'}
167 | }
168 | }
169 | else
170 | {
171 | $orgSettings = @{
172 | 'V-205910' = @{OptionValue = 'xGuest'}
173 | 'V-205717' = @{ValueData = '2'}
174 | 'V-205648.a' = @{Location = ($certificateTest | Where-Object FullName -match "8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561.cer").FullName}
175 | 'V-205648.b' = @{Location = ($certificateTest | Where-Object FullName -match "D73CA91102A2204A36459ED32213B467D7CE97FB.cer").FullName}
176 | 'V-205648.c' = @{Location = ($certificateTest | Where-Object FullName -match "B8269F25DBD937ECAFD4C35A9838571723F2D026.cer").FullName}
177 | 'V-205648.d' = @{Location = ($certificateTest | Where-Object FullName -match "4ECB5CC3095670454DA1CBD410FC921F46B8564B.cer").FullName}
178 | 'V-205649.a' = @{Location = ($certificateTest | Where-Object FullName -match "AC06108CA348CC03B53795C64BF84403C1DBD341.cer").FullName}
179 | 'V-205649.b' = @{Location = ($certificateTest | Where-Object FullName -match "A8C27332CCB4CA49554CE55D34062A7DD2850C02.cer").FullName}
180 | 'V-205650.a' = @{Location = ($certificateTest | Where-Object FullName -match "AF132AC65DE86FC4FB3FE51FD637EBA0FF0B12A9.cer").FullName}
181 | 'V-205650.b' = @{Location = ($certificateTest | Where-Object FullName -match "929BF3196896994C0A201DF4A5B71F603FEFBF2E.cer").FullName}
182 | }
183 | }
184 |
185 | WindowsServer STIG_WindowsServer
186 | {
187 | OsVersion = $osVersion
188 | OsRole = 'MS'
189 | Exception = $exceptions
190 | OrgSettings = $orgSettings
191 | }
192 | break
193 | }
194 | }
195 | }
196 |
197 | Node localhost
198 | {
199 | $localConfigurationManager.invoke()
200 | $windowsStig.invoke()
201 | $ie11Stig.invoke()
202 | $dotnetFrameworkStig.invoke()
203 | $windowsDefenderStig.invoke()
204 | $windowsFirewallStig.invoke()
205 | $microsoftEdgeStig.invoke()
206 | }
207 | }
--------------------------------------------------------------------------------
/Templates/AzureTemplate.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "prefix": {
6 | "type": "string",
7 | "minLength": 2,
8 | "maxLength": 9,
9 | "metadata": {
10 | "description": "The prefix name of machines. "
11 | }
12 | },
13 | "vmsize": {
14 | "type": "string",
15 | "metadata": {
16 | "description": "VM Size. "
17 | }
18 | },
19 | "vmdisk": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "VM disk. "
23 | }
24 | },
25 | "NSG": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "Name of Network Security Group. "
29 | }
30 | },
31 | "DHostID": {
32 | "type": "string",
33 | "defaultValue": "",
34 | "metadata": {
35 | "description": "Dedicated Host ID. "
36 | }
37 | },
38 | "VirtualNetworkName": {
39 | "type": "string",
40 | "metadata": {
41 | "description": "Name of Virtual Network. "
42 | }
43 | },
44 | "subnetname": {
45 | "type": "string",
46 | "metadata": {
47 | "description": "Name of Subnet. "
48 | }
49 | },
50 | "addressprefix": {
51 | "type": "string",
52 | "metadata": {
53 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
54 | }
55 | },
56 | "addresssubnet": {
57 | "type": "string",
58 | "metadata": {
59 | "description": "Subnet for servers"
60 | }
61 | },
62 | "bastionsubnet": {
63 | "type": "string",
64 | "metadata": {
65 | "description": "Subnet for Bastion Connections. "
66 | }
67 | },
68 | "role": {
69 | "type": "string",
70 | "metadata": {
71 | "description": "DSC to run on the machine"
72 | }
73 | },
74 | "servername": {
75 | "type": "string",
76 | "metadata": {
77 | "description": "Name of extra server. "
78 | }
79 | },
80 | "DCName": {
81 | "type": "string",
82 | "metadata": {
83 | "description": "Name of Domain Controller server. "
84 | }
85 | },
86 | "PSName": {
87 | "type": "string",
88 | "metadata": {
89 | "description": "Name of SCCM Primary server. "
90 | }
91 | },
92 | "DPMPName": {
93 | "type": "string",
94 | "metadata": {
95 | "description": "Name of SCCM DP/MP server. "
96 | }
97 | },
98 | "ip": {
99 | "type": "string",
100 | "metadata": {
101 | "description": "Private IP Address. "
102 | }
103 | },
104 | "DCip": {
105 | "type": "string",
106 | "metadata": {
107 | "description": "DC IP Address. "
108 | }
109 | },
110 | "SQLName": {
111 | "type": "string",
112 | "metadata": {
113 | "description": "Name of SQL Server "
114 | }
115 | },
116 | "STIG": {
117 | "type": "string",
118 | "metadata": {
119 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
120 | }
121 | },
122 | "MSFTBaseline": {
123 | "type": "string",
124 | "metadata": {
125 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
126 | }
127 | },
128 | "sharePointVersion": {
129 | "type": "string",
130 | "defaultValue": "2016",
131 | "metadata": {
132 | "description": "Private IP Address. "
133 | }
134 | },
135 | "publisher": {
136 | "type": "string",
137 | "metadata": {
138 | "description": "Private IP Address. "
139 | }
140 | },
141 | "offer": {
142 | "type": "string",
143 | "metadata": {
144 | "description": "Private IP Address. "
145 | }
146 | },
147 | "sku": {
148 | "type": "string",
149 | "metadata": {
150 | "description": "Private IP Address. "
151 | }
152 | },
153 | "adminUsername": {
154 | "type": "string",
155 | "minLength": 2,
156 | "maxLength": 10,
157 | "metadata": {
158 | "description": "The name of the administrator account of the new VM. The domain name is contoso.com "
159 | },
160 | "defaultValue": "xadmin"
161 | },
162 | "adminPassword": {
163 | "type": "securestring",
164 | "minLength": 8,
165 | "metadata": {
166 | "description": "Input must meet password complexity requirements as documented for property 'adminPassword' in https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update"
167 | }
168 | },
169 | "DomainName": {
170 | "type": "string",
171 | "metadata": {
172 | "description": "Specifies the Domain Name."
173 | }
174 | },
175 | "_artifactsLocation": {
176 | "type": "string",
177 | "metadata": {
178 | "description": "The base URI where artifacts required by this template are located including a trailing '/'"
179 | }
180 | },
181 | "_artifactsLocationSasToken": {
182 | "type": "securestring",
183 | "metadata": {
184 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. "
185 | },
186 | "defaultValue": ""
187 | },
188 | "AdfsServiceAccountName": {
189 | "type": "string",
190 | "metadata": {
191 | "description": "Specifies the name of the ADFS service account."
192 | },
193 | "defaultValue": "svc.adfs"
194 | },
195 | "location": {
196 | "type": "string",
197 | "defaultValue": "[resourceGroup().location]",
198 | "metadata": {
199 | "description": "Location for all resources."
200 | }
201 | }
202 | },
203 | "variables": {
204 | "dscScript": "dsc/Configuration.zip",
205 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
206 | //"virtualNetworkName": "[concat(toLower(parameters('prefix')), '-vnet')]",
207 | "domainName": "[parameters('DomainName')]",
208 | "networkSettings": {
209 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
210 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
211 | "virtualMachinesIPAddress": "[parameters('ip')]",
212 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
213 | "privateIPAllocationMethod": "Static",
214 | "publicIpAllocationMethod": "Dynamic"
215 | },
216 | "spSettings": {
217 | "sqlAlias": "SQLAlias",
218 | "spSuperUserName": "spSuperUser",
219 | "spSuperReaderName": "spSuperReader",
220 | "sqlSvcUserName": "sqlsvc",
221 | "sqlSvcPassword": "[parameters('adminPassword')]",
222 | "spSetupUserName": "spsetup",
223 | "spSetupPassword": "[parameters('adminPassword')]",
224 | "spFarmUserName": "spfarm",
225 | "spFarmPassword": "[parameters('adminPassword')]",
226 | "spSvcUserName": "spsvc",
227 | "spSvcPassword": "[parameters('adminPassword')]",
228 | "spAppPoolUserName": "spapppool",
229 | "spAppPoolPassword": "[parameters('adminPassword')]",
230 | "spPassphrase": "[parameters('adminPassword')]"
231 | },
232 | //"securityGroupRule": {
233 | // "name": "default-allow-rdp",
234 | // "priority": 1000,
235 | // "sourceAddressPrefix": "*",
236 | // "protocol": "Tcp",
237 | // "destinationPortRange": "3389",
238 | // "access": "Allow",
239 | // "direction": "Inbound",
240 | // "sourcePortRange": "*",
241 | // "destinationAddressPrefix": "*"
242 | //},
243 | "vmrole": "[parameters('role')]",
244 | "vmname": "[parameters('servername')]",
245 | "vmDiskType": "[parameters('vmDisk')]",
246 | "vmSize": "[parameters('vmsize')]",
247 |
248 | "imageReference": {
249 | "[parameters('role')]": {
250 | "publisher": "[parameters('publisher')]",
251 | "offer": "[parameters('offer')]",
252 | "sku": "[parameters('sku')]",
253 | "version": "latest"
254 | }
255 | }
256 | },
257 | "resources": [
258 | {
259 | "type": "Microsoft.Network/publicIpAddresses",
260 | "apiVersion": "2020-05-01",
261 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]",
262 | "location": "[parameters('location')]",
263 | "properties": {
264 | "publicIpAllocationMethod": "[variables('networkSettings').publicIpAllocationMethod]"
265 | }
266 | },
267 | {
268 | "type": "Microsoft.Network/networkInterfaces",
269 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]",
270 | "apiVersion": "2020-05-01",
271 | "location": "[parameters('location')]",
272 | "dependsOn": [
273 | "[concat('Microsoft.Network/publicIpAddresses/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]"
274 | ],
275 | "properties": {
276 | "ipConfigurations": [
277 | {
278 | "name": "ipconfig1",
279 | "properties": {
280 | "subnet": {
281 | "id": "[variables('networkSettings').subnetRef]"
282 | },
283 | "privateIPAllocationMethod": "[variables('networkSettings').privateIPAllocationMethod]",
284 | "privateIPAddress": "[concat(variables('networkSettings').virtualMachinesIPAddress)]",
285 | "publicIpAddress": {
286 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip'))]"
287 | }
288 | }
289 | }
290 | ],
291 | "networkSecurityGroup": {
292 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', concat(toLower(parameters('prefix')), '-nsg'))]"
293 | }
294 | }
295 | },
296 | {
297 | "type": "Microsoft.Compute/virtualMachines",
298 | "apiVersion": "2019-12-01",
299 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
300 | "location": "[parameters('location')]",
301 | //"copy": {
302 | // "name": "vmcopy"
303 | //"count": 5
304 | //},
305 | "dependsOn": [
306 | "[concat('Microsoft.Network/networkInterfaces/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]"
307 | ],
308 | "properties": {
309 | "osProfile": {
310 | "computerName": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
311 | "adminUsername": "[parameters('adminUsername')]",
312 | "adminPassword": "[parameters('adminPassword')]",
313 | "windowsConfiguration": {
314 | "provisionVmAgent": "true"
315 | }
316 | },
317 | "hardwareProfile": {
318 | "vmSize": "[variables('vmSize')]"
319 | },
320 | "storageProfile": {
321 | "imageReference": "[variables('imageReference')[variables('vmrole')]]",
322 | "osDisk": {
323 | "osType": "Windows",
324 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')),'-OsDisk')]",
325 | "createOption": "FromImage",
326 | "caching": "ReadWrite",
327 | "managedDisk": {
328 | "storageAccountType": "[variables('vmDiskType')]"
329 | },
330 | "diskSizeGB": 150
331 | },
332 | "dataDisks": []
333 | },
334 | "networkProfile": {
335 | "networkInterfaces": [
336 | {
337 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni'))]"
338 | }
339 | ]
340 | },
341 | "host": {
342 | "id": "[if(not(empty(parameters('DHostID'))), parameters('DHostID'), json('null'))]"
343 | },
344 | "diagnosticsProfile": {
345 | "bootDiagnostics": {
346 | "enabled": false
347 | }
348 | }
349 | }
350 | },
351 | {
352 | "type": "Microsoft.Compute/virtualMachines/extensions",
353 | "apiVersion": "2019-12-01",
354 | "name": "[concat(toLower(parameters('prefix')),variables('vmname'),'/WorkFlow')]",
355 | "location": "[parameters('location')]",
356 | "dependsOn": [
357 | "[concat('Microsoft.Compute/virtualMachines/',toLower(parameters('prefix')),variables('vmname'))]"
358 | ],
359 | "properties": {
360 | "publisher": "Microsoft.Powershell",
361 | "type": "DSC",
362 | "typeHandlerVersion": "2.9", //2.21
363 | "autoUpgradeMinorVersion": true,
364 | "settings": {
365 | "modulesUrl": "[Uri(parameters('_artifactsLocation'),concat(variables('dscScript'),parameters('_artifactsLocationSasToken')))]",
366 | "configurationFunction": "[concat(variables('vmrole'),'Configuration.ps1\\Configuration')]",
367 | "Properties": {
368 | "DomainName": "[variables('domainName')]",
369 | "DCName": "[concat(parameters('prefix'),parameters('DCName'))]",
370 | "DCNameFQDN": "[concat(parameters('prefix'),parameters('DCName'),'.',variables('domainName'))]",
371 | "DPMPName": "[concat(parameters('prefix'),parameters('DPMPName'))]",
372 | //"ClientName": "[concat(parameters('prefix'),variables('vmname'))]",
373 | "STIG": "[parameters('STIG')]",
374 | "MSFTBaseline": "[parameters('MSFTBaseline')]",
375 | "PSName": "[concat(parameters('prefix'),variables('vmname'))]",
376 | "DNSIPAddress": "[parameters('DCip')]",
377 | "FedServiceDisplayName": "[concat(parameters('prefix'),'_adfs')]",
378 | "FedServiceName": "[concat('sts.',parameters('domainName'))]",
379 | "AdfsSrvActName": "[parameters('AdfsServiceAccountName')]",
380 | "SQLName": "[concat(parameters('prefix'),parameters('SQLName'))]",
381 | "SQLAlias": "[variables('spSettings').sqlAlias]",
382 | "SharePointVersion": "[parameters('sharePointVersion')]",
383 | "AdminCreds": {
384 | "UserName": "[parameters('adminUsername')]",
385 | "Password": "PrivateSettingsRef:AdminPassword"
386 | },
387 | "SqlSvcCreds": {
388 | "UserName": "[variables('spSettings').sqlSvcUserName]",
389 | "Password": "PrivateSettingsRef:AdminPassword"
390 | },
391 | "SPSetupCreds": {
392 | "UserName": "[variables('spSettings').spSetupUserName]",
393 | "Password": "PrivateSettingsRef:AdminPassword"
394 | },
395 | "SPFarmCreds": {
396 | "UserName": "[variables('spSettings').spFarmUserName]",
397 | "Password": "PrivateSettingsRef:AdminPassword"
398 | },
399 | "SPSvcCreds": {
400 | "UserName": "[variables('spSettings').spSvcUserName]",
401 | "Password": "PrivateSettingsRef:AdminPassword"
402 | },
403 | "SPAppPoolCreds": {
404 | "UserName": "[variables('spSettings').spAppPoolUserName]",
405 | "Password": "PrivateSettingsRef:AdminPassword"
406 | },
407 | "SPPassphraseCreds": {
408 | "UserName": "Passphrase",
409 | "Password": "PrivateSettingsRef:AdminPassword"
410 | },
411 | "SPSuperUserCreds": {
412 | "UserName": "[variables('spSettings').spSuperUserName]",
413 | "Password": "PrivateSettingsRef:AdminPassword"
414 | },
415 | "SPSuperReaderCreds": {
416 | "UserName": "[variables('spSettings').spSuperReaderName]",
417 | "Password": "PrivateSettingsRef:AdminPassword"
418 | }
419 | }
420 | },
421 | "protectedSettings": {
422 | "Items": {
423 | "AdminPassword": "[parameters('adminPassword')]"
424 | }
425 | }
426 | }
427 | }
428 |
429 | ],
430 | "outputs": {
431 |
432 | }
433 | }
434 |
--------------------------------------------------------------------------------
/Templates/AzureTemplateSACA.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "prefix": {
6 | "type": "string",
7 | "minLength": 2,
8 | "maxLength": 9,
9 | "metadata": {
10 | "description": "The prefix name of machines. "
11 | }
12 | },
13 | "vmsize": {
14 | "type": "string",
15 | "metadata": {
16 | "description": "VM Size. "
17 | }
18 | },
19 | "vmdisk": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "VM disk. "
23 | }
24 | },
25 | "NSG": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "Name of Network Security Group. "
29 | }
30 | },
31 | "DHostID": {
32 | "type": "string",
33 | "defaultValue": "",
34 | "metadata": {
35 | "description": "Dedicated Host ID. "
36 | }
37 | },
38 | "VirtualNetworkName": {
39 | "type": "string",
40 | "metadata": {
41 | "description": "Name of Virtual Network. "
42 | }
43 | },
44 | "subnetname": {
45 | "type": "string",
46 | "metadata": {
47 | "description": "Name of Subnet. "
48 | }
49 | },
50 | "addressprefix": {
51 | "type": "string",
52 | "metadata": {
53 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
54 | }
55 | },
56 | "addresssubnet": {
57 | "type": "string",
58 | "metadata": {
59 | "description": "Subnet for servers"
60 | }
61 | },
62 | "bastionsubnet": {
63 | "type": "string",
64 | "metadata": {
65 | "description": "Subnet for Bastion Connections. "
66 | }
67 | },
68 | "role": {
69 | "type": "string",
70 | "metadata": {
71 | "description": "DSC to run on the machine"
72 | }
73 | },
74 | "servername": {
75 | "type": "string",
76 | "metadata": {
77 | "description": "Name of extra server. "
78 | }
79 | },
80 | "DCName": {
81 | "type": "string",
82 | "metadata": {
83 | "description": "Name of Domain Controller server. "
84 | }
85 | },
86 | "PSName": {
87 | "type": "string",
88 | "metadata": {
89 | "description": "Name of SCCM Primary server. "
90 | }
91 | },
92 | "DPMPName": {
93 | "type": "string",
94 | "metadata": {
95 | "description": "Name of SCCM DP/MP server. "
96 | }
97 | },
98 | "ip": {
99 | "type": "string",
100 | "metadata": {
101 | "description": "Private IP Address. "
102 | }
103 | },
104 | "DCip": {
105 | "type": "string",
106 | "metadata": {
107 | "description": "DC IP Address. "
108 | }
109 | },
110 | "SQLName": {
111 | "type": "string",
112 | "metadata": {
113 | "description": "Name of SQL Server "
114 | }
115 | },
116 | "STIG": {
117 | "type": "string",
118 | "metadata": {
119 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
120 | }
121 | },
122 | "MSFTBaseline": {
123 | "type": "string",
124 | "metadata": {
125 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
126 | }
127 | },
128 | "sharePointVersion": {
129 | "type": "string",
130 | "defaultValue": "2016",
131 | "metadata": {
132 | "description": "Private IP Address. "
133 | }
134 | },
135 | "publisher": {
136 | "type": "string",
137 | "metadata": {
138 | "description": "Private IP Address. "
139 | }
140 | },
141 | "offer": {
142 | "type": "string",
143 | "metadata": {
144 | "description": "Private IP Address. "
145 | }
146 | },
147 | "sku": {
148 | "type": "string",
149 | "metadata": {
150 | "description": "Private IP Address. "
151 | }
152 | },
153 | "adminUsername": {
154 | "type": "string",
155 | "minLength": 2,
156 | "maxLength": 10,
157 | "metadata": {
158 | "description": "The name of the administrator account of the new VM. The domain name is contoso.com "
159 | },
160 | "defaultValue": "xadmin"
161 | },
162 | "adminPassword": {
163 | "type": "securestring",
164 | "minLength": 8,
165 | "metadata": {
166 | "description": "Input must meet password complexity requirements as documented for property 'adminPassword' in https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update"
167 | }
168 | },
169 | "DomainName": {
170 | "type": "string",
171 | "metadata": {
172 | "description": "Specifies the Domain Name."
173 | }
174 | },
175 | "_artifactsLocation": {
176 | "type": "string",
177 | "metadata": {
178 | "description": "The base URI where artifacts required by this template are located including a trailing '/'"
179 | }
180 | },
181 | "_artifactsLocationSasToken": {
182 | "type": "securestring",
183 | "metadata": {
184 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. "
185 | },
186 | "defaultValue": ""
187 | },
188 | "AdfsServiceAccountName": {
189 | "type": "string",
190 | "metadata": {
191 | "description": "Specifies the name of the ADFS service account."
192 | },
193 | "defaultValue": "svc.adfs"
194 | },
195 | "location": {
196 | "type": "string",
197 | "defaultValue": "[resourceGroup().location]",
198 | "metadata": {
199 | "description": "Location for all resources."
200 | }
201 | }
202 | },
203 | "variables": {
204 | "dscScript": "dsc/Configuration.zip",
205 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
206 | //"virtualNetworkName": "[concat(toLower(parameters('prefix')), '-vnet')]",
207 | "domainName": "[parameters('DomainName')]",
208 | "networkSettings": {
209 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
210 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
211 | "virtualMachinesIPAddress": "[parameters('ip')]",
212 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
213 | "privateIPAllocationMethod": "Static",
214 | "publicIpAllocationMethod": "Dynamic"
215 | },
216 | "spSettings": {
217 | "sqlAlias": "SQLAlias",
218 | "spSuperUserName": "spSuperUser",
219 | "spSuperReaderName": "spSuperReader",
220 | "sqlSvcUserName": "sqlsvc",
221 | "sqlSvcPassword": "[parameters('adminPassword')]",
222 | "spSetupUserName": "spsetup",
223 | "spSetupPassword": "[parameters('adminPassword')]",
224 | "spFarmUserName": "spfarm",
225 | "spFarmPassword": "[parameters('adminPassword')]",
226 | "spSvcUserName": "spsvc",
227 | "spSvcPassword": "[parameters('adminPassword')]",
228 | "spAppPoolUserName": "spapppool",
229 | "spAppPoolPassword": "[parameters('adminPassword')]",
230 | "spPassphrase": "[parameters('adminPassword')]"
231 | },
232 | //"securityGroupRule": {
233 | // "name": "default-allow-rdp",
234 | // "priority": 1000,
235 | // "sourceAddressPrefix": "*",
236 | // "protocol": "Tcp",
237 | // "destinationPortRange": "3389",
238 | // "access": "Allow",
239 | // "direction": "Inbound",
240 | // "sourcePortRange": "*",
241 | // "destinationAddressPrefix": "*"
242 | //},
243 | "vmrole": "[parameters('role')]",
244 | "vmname": "[parameters('servername')]",
245 | "vmDiskType": "[parameters('vmDisk')]",
246 | "vmSize": "[parameters('vmsize')]",
247 |
248 | "imageReference": {
249 | "[parameters('role')]": {
250 | "publisher": "[parameters('publisher')]",
251 | "offer": "[parameters('offer')]",
252 | "sku": "[parameters('sku')]",
253 | "version": "latest"
254 | }
255 | }
256 | },
257 | "resources": [
258 | //{
259 | // "type": "Microsoft.Network/publicIpAddresses",
260 | // "apiVersion": "2020-05-01",
261 | // "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]",
262 | // "location": "[parameters('location')]",
263 | // "properties": {
264 | // "publicIpAllocationMethod": "[variables('networkSettings').publicIpAllocationMethod]"
265 | // }
266 | //},
267 | {
268 | "type": "Microsoft.Network/networkInterfaces",
269 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]",
270 | "apiVersion": "2020-05-01",
271 | "location": "[parameters('location')]",
272 | //"dependsOn": [
273 | // "[concat('Microsoft.Network/publicIpAddresses/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]"
274 | //],
275 | "properties": {
276 | "ipConfigurations": [
277 | {
278 | "name": "ipconfig1",
279 | "properties": {
280 | "subnet": {
281 | "id": "[variables('networkSettings').subnetRef]"
282 | },
283 | "privateIPAllocationMethod": "[variables('networkSettings').privateIPAllocationMethod]",
284 | "privateIPAddress": "[concat(variables('networkSettings').virtualMachinesIPAddress)]",
285 | //"publicIpAddress": {
286 | // "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip'))]"
287 | //}
288 | }
289 | }
290 | ]
291 | }
292 | },
293 | {
294 | "type": "Microsoft.Compute/virtualMachines",
295 | "apiVersion": "2019-12-01",
296 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
297 | "location": "[parameters('location')]",
298 | //"copy": {
299 | // "name": "vmcopy"
300 | //"count": 5
301 | //},
302 | "dependsOn": [
303 | "[concat('Microsoft.Network/networkInterfaces/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]"
304 | ],
305 | "properties": {
306 | "osProfile": {
307 | "computerName": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
308 | "adminUsername": "[parameters('adminUsername')]",
309 | "adminPassword": "[parameters('adminPassword')]",
310 | "windowsConfiguration": {
311 | "provisionVmAgent": "true"
312 | }
313 | },
314 | "hardwareProfile": {
315 | "vmSize": "[variables('vmSize')]"
316 | },
317 | "storageProfile": {
318 | "imageReference": "[variables('imageReference')[variables('vmrole')]]",
319 | "osDisk": {
320 | "osType": "Windows",
321 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')),'-OsDisk')]",
322 | "createOption": "FromImage",
323 | "caching": "ReadWrite",
324 | "managedDisk": {
325 | "storageAccountType": "[variables('vmDiskType')]"
326 | },
327 | "diskSizeGB": 150
328 | },
329 | "dataDisks": []
330 | },
331 | "networkProfile": {
332 | "networkInterfaces": [
333 | {
334 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni'))]"
335 | }
336 | ]
337 | },
338 | "host": {
339 | "id": "[if(not(empty(parameters('DHostID'))), parameters('DHostID'), json('null'))]"
340 | },
341 | "diagnosticsProfile": {
342 | "bootDiagnostics": {
343 | "enabled": false
344 | }
345 | }
346 | }
347 | },
348 | {
349 | "type": "Microsoft.Compute/virtualMachines/extensions",
350 | "apiVersion": "2019-12-01",
351 | "name": "[concat(toLower(parameters('prefix')),variables('vmname'),'/WorkFlow')]",
352 | "location": "[parameters('location')]",
353 | "dependsOn": [
354 | "[concat('Microsoft.Compute/virtualMachines/',toLower(parameters('prefix')),variables('vmname'))]"
355 | ],
356 | "properties": {
357 | "publisher": "Microsoft.Powershell",
358 | "type": "DSC",
359 | "typeHandlerVersion": "2.9", //2.21
360 | "autoUpgradeMinorVersion": true,
361 | "settings": {
362 | "modulesUrl": "[Uri(parameters('_artifactsLocation'),concat(variables('dscScript'),parameters('_artifactsLocationSasToken')))]",
363 | "configurationFunction": "[concat(variables('vmrole'),'Configuration.ps1\\Configuration')]",
364 | "Properties": {
365 | "DomainName": "[variables('domainName')]",
366 | "DCName": "[concat(parameters('prefix'),parameters('DCName'))]",
367 | "DCNameFQDN": "[concat(parameters('prefix'),parameters('DCName'),'.',variables('domainName'))]",
368 | "DPMPName": "[concat(parameters('prefix'),parameters('DPMPName'))]",
369 | //"ClientName": "[concat(parameters('prefix'),variables('vmname'))]",
370 | "STIG": "[parameters('STIG')]",
371 | "MSFTBaseline": "[parameters('MSFTBaseline')]",
372 | "PSName": "[concat(parameters('prefix'),variables('vmname'))]",
373 | "DNSIPAddress": "[parameters('DCip')]",
374 | "FedServiceDisplayName": "[concat(parameters('prefix'),'_adfs')]",
375 | "FedServiceName": "[concat('sts.',parameters('domainName'))]",
376 | "AdfsSrvActName": "[parameters('AdfsServiceAccountName')]",
377 | "SQLName": "[concat(parameters('prefix'),parameters('SQLName'))]",
378 | "SQLAlias": "[variables('spSettings').sqlAlias]",
379 | "SharePointVersion": "[parameters('sharePointVersion')]",
380 | "AdminCreds": {
381 | "UserName": "[parameters('adminUsername')]",
382 | "Password": "PrivateSettingsRef:AdminPassword"
383 | },
384 | "SqlSvcCreds": {
385 | "UserName": "[variables('spSettings').sqlSvcUserName]",
386 | "Password": "PrivateSettingsRef:AdminPassword"
387 | },
388 | "SPSetupCreds": {
389 | "UserName": "[variables('spSettings').spSetupUserName]",
390 | "Password": "PrivateSettingsRef:AdminPassword"
391 | },
392 | "SPFarmCreds": {
393 | "UserName": "[variables('spSettings').spFarmUserName]",
394 | "Password": "PrivateSettingsRef:AdminPassword"
395 | },
396 | "SPSvcCreds": {
397 | "UserName": "[variables('spSettings').spSvcUserName]",
398 | "Password": "PrivateSettingsRef:AdminPassword"
399 | },
400 | "SPAppPoolCreds": {
401 | "UserName": "[variables('spSettings').spAppPoolUserName]",
402 | "Password": "PrivateSettingsRef:AdminPassword"
403 | },
404 | "SPPassphraseCreds": {
405 | "UserName": "Passphrase",
406 | "Password": "PrivateSettingsRef:AdminPassword"
407 | },
408 | "SPSuperUserCreds": {
409 | "UserName": "[variables('spSettings').spSuperUserName]",
410 | "Password": "PrivateSettingsRef:AdminPassword"
411 | },
412 | "SPSuperReaderCreds": {
413 | "UserName": "[variables('spSettings').spSuperReaderName]",
414 | "Password": "PrivateSettingsRef:AdminPassword"
415 | }
416 | }
417 | },
418 | "protectedSettings": {
419 | "Items": {
420 | "AdminPassword": "[parameters('adminPassword')]"
421 | }
422 | }
423 | }
424 | }
425 |
426 | ],
427 | "outputs": {
428 |
429 | }
430 | }
431 |
--------------------------------------------------------------------------------
/Templates/AzureTemplateSpot.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "prefix": {
6 | "type": "string",
7 | "minLength": 2,
8 | "maxLength": 9,
9 | "metadata": {
10 | "description": "The prefix name of machines. "
11 | }
12 | },
13 | "vmsize": {
14 | "type": "string",
15 | "metadata": {
16 | "description": "VM Size. "
17 | }
18 | },
19 | "vmdisk": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "VM disk. "
23 | }
24 | },
25 | "NSG": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "Name of Network Security Group. "
29 | }
30 | },
31 | "DHostID": {
32 | "type": "string",
33 | "defaultValue": "",
34 | "metadata": {
35 | "description": "Dedicated Host ID. "
36 | }
37 | },
38 | "VirtualNetworkName": {
39 | "type": "string",
40 | "metadata": {
41 | "description": "Name of Virtual Network. "
42 | }
43 | },
44 | "subnetname": {
45 | "type": "string",
46 | "metadata": {
47 | "description": "Name of Subnet. "
48 | }
49 | },
50 | "addressprefix": {
51 | "type": "string",
52 | "metadata": {
53 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
54 | }
55 | },
56 | "addresssubnet": {
57 | "type": "string",
58 | "metadata": {
59 | "description": "Subnet for servers"
60 | }
61 | },
62 | "bastionsubnet": {
63 | "type": "string",
64 | "metadata": {
65 | "description": "Subnet for Bastion Connections. "
66 | }
67 | },
68 | "role": {
69 | "type": "string",
70 | "metadata": {
71 | "description": "DSC to run on the machine"
72 | }
73 | },
74 | "servername": {
75 | "type": "string",
76 | "metadata": {
77 | "description": "Name of extra server. "
78 | }
79 | },
80 | "DCName": {
81 | "type": "string",
82 | "metadata": {
83 | "description": "Name of Domain Controller server. "
84 | }
85 | },
86 | "PSName": {
87 | "type": "string",
88 | "metadata": {
89 | "description": "Name of SCCM Primary server. "
90 | }
91 | },
92 | "DPMPName": {
93 | "type": "string",
94 | "metadata": {
95 | "description": "Name of SCCM DP/MP server. "
96 | }
97 | },
98 | "ip": {
99 | "type": "string",
100 | "metadata": {
101 | "description": "Private IP Address. "
102 | }
103 | },
104 | "DCip": {
105 | "type": "string",
106 | "metadata": {
107 | "description": "DC IP Address. "
108 | }
109 | },
110 | "SQLName": {
111 | "type": "string",
112 | "metadata": {
113 | "description": "Name of SQL Server "
114 | }
115 | },
116 | "STIG": {
117 | "type": "string",
118 | "metadata": {
119 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
120 | }
121 | },
122 | "MSFTBaseline": {
123 | "type": "string",
124 | "metadata": {
125 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
126 | }
127 | },
128 | "sharePointVersion": {
129 | "type": "string",
130 | "defaultValue": "2016",
131 | "metadata": {
132 | "description": "Private IP Address. "
133 | }
134 | },
135 | "publisher": {
136 | "type": "string",
137 | "metadata": {
138 | "description": "Private IP Address. "
139 | }
140 | },
141 | "offer": {
142 | "type": "string",
143 | "metadata": {
144 | "description": "Private IP Address. "
145 | }
146 | },
147 | "sku": {
148 | "type": "string",
149 | "metadata": {
150 | "description": "Private IP Address. "
151 | }
152 | },
153 | "adminUsername": {
154 | "type": "string",
155 | "minLength": 2,
156 | "maxLength": 10,
157 | "metadata": {
158 | "description": "The name of the administrator account of the new VM. The domain name is contoso.com "
159 | },
160 | "defaultValue": "xadmin"
161 | },
162 | "adminPassword": {
163 | "type": "securestring",
164 | "minLength": 8,
165 | "metadata": {
166 | "description": "Input must meet password complexity requirements as documented for property 'adminPassword' in https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update"
167 | }
168 | },
169 | "DomainName": {
170 | "type": "string",
171 | "metadata": {
172 | "description": "Specifies the Domain Name."
173 | }
174 | },
175 | "_artifactsLocation": {
176 | "type": "string",
177 | "metadata": {
178 | "description": "The base URI where artifacts required by this template are located including a trailing '/'"
179 | }
180 | },
181 | "_artifactsLocationSasToken": {
182 | "type": "securestring",
183 | "metadata": {
184 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. "
185 | },
186 | "defaultValue": ""
187 | },
188 | "AdfsServiceAccountName": {
189 | "type": "string",
190 | "metadata": {
191 | "description": "Specifies the name of the ADFS service account."
192 | },
193 | "defaultValue": "svc.adfs"
194 | },
195 | "location": {
196 | "type": "string",
197 | "defaultValue": "[resourceGroup().location]",
198 | "metadata": {
199 | "description": "Location for all resources."
200 | }
201 | }
202 | },
203 | "variables": {
204 | "dscScript": "dsc/Configuration.zip",
205 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
206 | //"virtualNetworkName": "[concat(toLower(parameters('prefix')), '-vnet')]",
207 | "domainName": "[parameters('DomainName')]",
208 | "networkSettings": {
209 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
210 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
211 | "virtualMachinesIPAddress": "[parameters('ip')]",
212 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
213 | "privateIPAllocationMethod": "Static",
214 | "publicIpAllocationMethod": "Dynamic"
215 | },
216 | "spSettings": {
217 | "sqlAlias": "SQLAlias",
218 | "spSuperUserName": "spSuperUser",
219 | "spSuperReaderName": "spSuperReader",
220 | "sqlSvcUserName": "sqlsvc",
221 | "sqlSvcPassword": "[parameters('adminPassword')]",
222 | "spSetupUserName": "spsetup",
223 | "spSetupPassword": "[parameters('adminPassword')]",
224 | "spFarmUserName": "spfarm",
225 | "spFarmPassword": "[parameters('adminPassword')]",
226 | "spSvcUserName": "spsvc",
227 | "spSvcPassword": "[parameters('adminPassword')]",
228 | "spAppPoolUserName": "spapppool",
229 | "spAppPoolPassword": "[parameters('adminPassword')]",
230 | "spPassphrase": "[parameters('adminPassword')]"
231 | },
232 | //"securityGroupRule": {
233 | // "name": "default-allow-rdp",
234 | // "priority": 1000,
235 | // "sourceAddressPrefix": "*",
236 | // "protocol": "Tcp",
237 | // "destinationPortRange": "3389",
238 | // "access": "Allow",
239 | // "direction": "Inbound",
240 | // "sourcePortRange": "*",
241 | // "destinationAddressPrefix": "*"
242 | //},
243 | "vmrole": "[parameters('role')]",
244 | "vmname": "[parameters('servername')]",
245 | "vmDiskType": "[parameters('vmDisk')]",
246 | "vmSize": "[parameters('vmsize')]",
247 |
248 | "imageReference": {
249 | "[parameters('role')]": {
250 | "publisher": "[parameters('publisher')]",
251 | "offer": "[parameters('offer')]",
252 | "sku": "[parameters('sku')]",
253 | "version": "latest"
254 | }
255 | }
256 | },
257 | "resources": [
258 | {
259 | "type": "Microsoft.Network/publicIpAddresses",
260 | "apiVersion": "2020-05-01",
261 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]",
262 | "location": "[parameters('location')]",
263 | "properties": {
264 | "publicIpAllocationMethod": "[variables('networkSettings').publicIpAllocationMethod]"
265 | }
266 | },
267 | {
268 | "type": "Microsoft.Network/networkInterfaces",
269 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]",
270 | "apiVersion": "2020-05-01",
271 | "location": "[parameters('location')]",
272 | "dependsOn": [
273 | "[concat('Microsoft.Network/publicIpAddresses/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ip')]"
274 | ],
275 | "properties": {
276 | "ipConfigurations": [
277 | {
278 | "name": "ipconfig1",
279 | "properties": {
280 | "subnet": {
281 | "id": "[variables('networkSettings').subnetRef]"
282 | },
283 | "privateIPAllocationMethod": "[variables('networkSettings').privateIPAllocationMethod]",
284 | "privateIPAddress": "[concat(variables('networkSettings').virtualMachinesIPAddress)]",
285 | "publicIpAddress": {
286 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ip'))]"
287 | }
288 | }
289 | }
290 | ],
291 | "networkSecurityGroup": {
292 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/networkSecurityGroups', concat(toLower(parameters('prefix')), '-nsg'))]"
293 | }
294 | }
295 | },
296 | {
297 | "type": "Microsoft.Compute/virtualMachines",
298 | "apiVersion": "2019-12-01",
299 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
300 | "location": "[parameters('location')]",
301 | //"copy": {
302 | // "name": "vmcopy"
303 | //"count": 5
304 | //},
305 | "dependsOn": [
306 | "[concat('Microsoft.Network/networkInterfaces/',toLower(parameters('prefix')),toLower(variables('vmname')), '-ni')]"
307 | ],
308 | "properties": {
309 | "osProfile": {
310 | "computerName": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')))]",
311 | "adminUsername": "[parameters('adminUsername')]",
312 | "adminPassword": "[parameters('adminPassword')]",
313 | "windowsConfiguration": {
314 | "provisionVmAgent": "true"
315 | }
316 | },
317 | "hardwareProfile": {
318 | "vmSize": "[variables('vmSize')]"
319 | },
320 | "storageProfile": {
321 | "imageReference": "[variables('imageReference')[variables('vmrole')]]",
322 | "osDisk": {
323 | "osType": "Windows",
324 | "name": "[concat(toLower(parameters('prefix')),toLower(variables('vmname')),'-OsDisk')]",
325 | "createOption": "FromImage",
326 | "caching": "ReadWrite",
327 | "managedDisk": {
328 | "storageAccountType": "[variables('vmDiskType')]"
329 | },
330 | "diskSizeGB": 150
331 | },
332 | "dataDisks": []
333 | },
334 | "networkProfile": {
335 | "networkInterfaces": [
336 | {
337 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(toLower(parameters('prefix')),toLower(variables('vmname')), '-ni'))]"
338 | }
339 | ]
340 | },
341 | "host": {
342 | "id": "[if(not(empty(parameters('DHostID'))), parameters('DHostID'), json('null'))]"
343 | },
344 | "licenseType": "Windows_Server",
345 | "priority": "Spot",
346 | "evictionPolicy": "Deallocate",
347 | "billingProfile": {
348 | "maxPrice": -1
349 | },
350 | "diagnosticsProfile": {
351 | "bootDiagnostics": {
352 | "enabled": false
353 | }
354 | }
355 | }
356 | },
357 | {
358 | "type": "Microsoft.Compute/virtualMachines/extensions",
359 | "apiVersion": "2019-12-01",
360 | "name": "[concat(toLower(parameters('prefix')),variables('vmname'),'/WorkFlow')]",
361 | "location": "[parameters('location')]",
362 | "dependsOn": [
363 | "[concat('Microsoft.Compute/virtualMachines/',toLower(parameters('prefix')),variables('vmname'))]"
364 | ],
365 | "properties": {
366 | "publisher": "Microsoft.Powershell",
367 | "type": "DSC",
368 | "typeHandlerVersion": "2.9", //2.21
369 | "autoUpgradeMinorVersion": true,
370 | "settings": {
371 | "modulesUrl": "[Uri(parameters('_artifactsLocation'),concat(variables('dscScript'),parameters('_artifactsLocationSasToken')))]",
372 | "configurationFunction": "[concat(variables('vmrole'),'Configuration.ps1\\Configuration')]",
373 | "Properties": {
374 | "DomainName": "[variables('domainName')]",
375 | "DCName": "[concat(parameters('prefix'),parameters('DCName'))]",
376 | "DCNameFQDN": "[concat(parameters('prefix'),parameters('DCName'),'.',variables('domainName'))]",
377 | "DPMPName": "[concat(parameters('prefix'),parameters('DPMPName'))]",
378 | //"ClientName": "[concat(parameters('prefix'),variables('vmname'))]",
379 | "STIG": "[parameters('STIG')]",
380 | "MSFTBaseline": "[parameters('MSFTBaseline')]",
381 | "PSName": "[concat(parameters('prefix'),variables('vmname'))]",
382 | "DNSIPAddress": "[parameters('DCip')]",
383 | "FedServiceDisplayName": "[concat(parameters('prefix'),'_adfs')]",
384 | "FedServiceName": "[concat('sts.',parameters('domainName'))]",
385 | "AdfsSrvActName": "[parameters('AdfsServiceAccountName')]",
386 | "SQLName": "[concat(parameters('prefix'),parameters('SQLName'))]",
387 | "SQLAlias": "[variables('spSettings').sqlAlias]",
388 | "SharePointVersion": "[parameters('sharePointVersion')]",
389 | "AdminCreds": {
390 | "UserName": "[parameters('adminUsername')]",
391 | "Password": "PrivateSettingsRef:AdminPassword"
392 | },
393 | "SqlSvcCreds": {
394 | "UserName": "[variables('spSettings').sqlSvcUserName]",
395 | "Password": "PrivateSettingsRef:AdminPassword"
396 | },
397 | "SPSetupCreds": {
398 | "UserName": "[variables('spSettings').spSetupUserName]",
399 | "Password": "PrivateSettingsRef:AdminPassword"
400 | },
401 | "SPFarmCreds": {
402 | "UserName": "[variables('spSettings').spFarmUserName]",
403 | "Password": "PrivateSettingsRef:AdminPassword"
404 | },
405 | "SPSvcCreds": {
406 | "UserName": "[variables('spSettings').spSvcUserName]",
407 | "Password": "PrivateSettingsRef:AdminPassword"
408 | },
409 | "SPAppPoolCreds": {
410 | "UserName": "[variables('spSettings').spAppPoolUserName]",
411 | "Password": "PrivateSettingsRef:AdminPassword"
412 | },
413 | "SPPassphraseCreds": {
414 | "UserName": "Passphrase",
415 | "Password": "PrivateSettingsRef:AdminPassword"
416 | },
417 | "SPSuperUserCreds": {
418 | "UserName": "[variables('spSettings').spSuperUserName]",
419 | "Password": "PrivateSettingsRef:AdminPassword"
420 | },
421 | "SPSuperReaderCreds": {
422 | "UserName": "[variables('spSettings').spSuperReaderName]",
423 | "Password": "PrivateSettingsRef:AdminPassword"
424 | }
425 | }
426 | },
427 | "protectedSettings": {
428 | "Items": {
429 | "AdminPassword": "[parameters('adminPassword')]"
430 | }
431 | }
432 | }
433 | }
434 |
435 | ],
436 | "outputs": {
437 |
438 | }
439 | }
440 |
--------------------------------------------------------------------------------
/Templates/AzureWVD.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nestedTemplatesLocation": {
6 | "type": "string",
7 | "metadata": {
8 | "description": "The base URI where artifacts required by this template are located."
9 | },
10 | "defaultValue": "https://catalogartifact.azureedge.net/publicartifacts/Microsoft.Hostpool-ARM-1.0.15-preview/"
11 | },
12 | "artifactsLocation": {
13 | "type": "string",
14 | "metadata": {
15 | "description": "The base URI where artifacts required by this template are located."
16 | },
17 | "defaultValue": "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration.zip"
18 | },
19 | "hostpoolName": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "The name of the Hostpool to be created."
23 | }
24 | },
25 | "hostpoolFriendlyName": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "The friendly name of the Hostpool to be created."
29 | },
30 | "defaultValue": ""
31 | },
32 | "hostpoolDescription": {
33 | "type": "string",
34 | "metadata": {
35 | "description": "The description of the Hostpool to be created."
36 | },
37 | "defaultValue": ""
38 | },
39 | "location": {
40 | "type": "string",
41 | "metadata": {
42 | "description": "The location where the resources will be deployed."
43 | }
44 | },
45 | "workSpaceName": {
46 | "type": "string",
47 | "metadata": {
48 | "description": "The name of the workspace to be attach to new Applicaiton Group."
49 | },
50 | "defaultValue": ""
51 | },
52 | "workspaceLocation": {
53 | "type": "string",
54 | "metadata": {
55 | "description": "The location of the workspace."
56 | },
57 | "defaultValue": ""
58 | },
59 | "workspaceResourceGroup": {
60 | "type": "string",
61 | "metadata": {
62 | "description": "The workspace resource group Name."
63 | },
64 | "defaultValue": ""
65 | },
66 | "allApplicationGroupReferences": {
67 | "type": "string",
68 | "metadata": {
69 | "description": "The existing app groups references of the workspace selected."
70 | },
71 | "defaultValue": ""
72 | },
73 | "addToWorkspace": {
74 | "type": "bool",
75 | "metadata": {
76 | "description": "Whether to add applicationGroup to workspace."
77 | }
78 | },
79 | "administratorAccountUsername": {
80 | "type": "string",
81 | "metadata": {
82 | "description": "A username in the domain that has privileges to join the session hosts to the domain. For example, 'user1@contoso.com'."
83 | },
84 | "defaultValue": ""
85 | },
86 | "administratorAccountPassword": {
87 | "type": "securestring",
88 | "metadata": {
89 | "description": "The password that corresponds to the existing domain username."
90 | },
91 | "defaultValue": ""
92 | },
93 | "createAvailabilitySet": {
94 | "type": "bool",
95 | "metadata": {
96 | "description": "Whether to create a new availability set for the VMs"
97 | },
98 | "defaultValue": false
99 | },
100 | "vmResourceGroup": {
101 | "type": "string",
102 | "metadata": {
103 | "description": "The resource group of the session host VMs."
104 | },
105 | "defaultValue": ""
106 | },
107 | "vmLocation": {
108 | "type": "string",
109 | "metadata": {
110 | "description": "The location of the session host VMs."
111 | },
112 | "defaultValue": ""
113 | },
114 | "vmSize": {
115 | "type": "string",
116 | "metadata": {
117 | "description": "The size of the session host VMs."
118 | },
119 | "defaultValue": ""
120 | },
121 | "vmNumberOfInstances": {
122 | "type": "int",
123 | "metadata": {
124 | "description": "Number of session hosts that will be created and added to the hostpool."
125 | },
126 | "defaultValue": 0
127 | },
128 | "vmNamePrefix": {
129 | "type": "string",
130 | "metadata": {
131 | "description": "This prefix will be used in combination with the VM number to create the VM name. If using 'rdsh' as the prefix, VMs would be named 'rdsh-0', 'rdsh-1', etc. You should use a unique prefix to reduce name collisions in Active Directory."
132 | },
133 | "defaultValue": ""
134 | },
135 | "vmImageType": {
136 | "type": "string",
137 | "metadata": {
138 | "description": "Select the image source for the session host vms. VMs from a Gallery image will be created with Managed Disks."
139 | },
140 | "defaultValue": "Gallery",
141 | "allowedValues": [
142 | "CustomVHD",
143 | "CustomImage",
144 | "Gallery"
145 | ]
146 | },
147 | "vmGalleryImageOffer": {
148 | "type": "string",
149 | "metadata": {
150 | "description": "(Required when vmImageType = Gallery) Gallery image Offer."
151 | },
152 | "defaultValue": ""
153 | },
154 | "vmGalleryImagePublisher": {
155 | "type": "string",
156 | "metadata": {
157 | "description": "(Required when vmImageType = Gallery) Gallery image Publisher."
158 | },
159 | "defaultValue": ""
160 | },
161 | "vmGalleryImageSKU": {
162 | "type": "string",
163 | "metadata": {
164 | "description": "(Required when vmImageType = Gallery) Gallery image SKU."
165 | },
166 | "defaultValue": ""
167 | },
168 | "vmImageVhdUri": {
169 | "type": "string",
170 | "metadata": {
171 | "description": "(Required when vmImageType = CustomVHD) URI of the sysprepped image vhd file to be used to create the session host VMs. For example, https://rdsstorage.blob.core.windows.net/vhds/sessionhostimage.vhd"
172 | },
173 | "defaultValue": ""
174 | },
175 | "vmCustomImageSourceId": {
176 | "type": "string",
177 | "metadata": {
178 | "description": "(Required when vmImageType = CustomImage) Resource ID of the image"
179 | },
180 | "defaultValue": ""
181 | },
182 | "vmDiskType": {
183 | "type": "string",
184 | "allowedValues": [
185 | "Premium_LRS",
186 | "StandardSSD_LRS",
187 | "Standard_LRS"
188 | ],
189 | "metadata": {
190 | "description": "The VM disk type for the VM: HDD or SSD."
191 | },
192 | "defaultValue": "StandardSSD_LRS"
193 | },
194 | "vmUseManagedDisks": {
195 | "type": "bool",
196 | "metadata": {
197 | "description": "True indicating you would like to use managed disks or false indicating you would like to use unmanaged disks."
198 | },
199 | "defaultValue": true
200 | },
201 | "storageAccountResourceGroupName": {
202 | "type": "string",
203 | "metadata": {
204 | "description": "(Required when vmUseManagedDisks = False) The resource group containing the storage account of the image vhd file."
205 | },
206 | "defaultValue": ""
207 | },
208 | "existingVnetName": {
209 | "type": "string",
210 | "metadata": {
211 | "description": "The name of the virtual network the VMs will be connected to."
212 | },
213 | "defaultValue": ""
214 | },
215 | "existingSubnetName": {
216 | "type": "string",
217 | "metadata": {
218 | "description": "The subnet the VMs will be placed in."
219 | },
220 | "defaultValue": ""
221 | },
222 | "virtualNetworkResourceGroupName": {
223 | "type": "string",
224 | "metadata": {
225 | "description": "The resource group containing the existing virtual network."
226 | },
227 | "defaultValue": ""
228 | },
229 | "usePublicIP": {
230 | "type": "bool",
231 | "metadata": {
232 | "description": "Whether to use a Public IP"
233 | },
234 | "defaultValue": false
235 | },
236 | "publicIpAddressSku": {
237 | "type": "string",
238 | "metadata": {
239 | "description": "The sku name of the Public IP"
240 | },
241 | "allowedValues": [
242 | "Basic",
243 | "Standard"
244 | ],
245 | "defaultValue": "Basic"
246 | },
247 | "publicIpAddressType": {
248 | "type": "string",
249 | "metadata": {
250 | "description": "The address type of the Public IP"
251 | },
252 | "allowedValues": [
253 | "Dynamic",
254 | "Static"
255 | ],
256 | "defaultValue": "Dynamic"
257 | },
258 | "createNetworkSecurityGroup": {
259 | "type": "bool",
260 | "metadata": {
261 | "description": "Whether to create a new network security group or use an existing one"
262 | },
263 | "defaultValue": false
264 | },
265 | "networkSecurityGroupId": {
266 | "type": "string",
267 | "metadata": {
268 | "description": "The resource id of an existing network security group"
269 | },
270 | "defaultValue": ""
271 | },
272 | "networkSecurityGroupRules": {
273 | "type": "array",
274 | "metadata": {
275 | "description": "The rules to be given to the new network security group"
276 | },
277 | "defaultValue": []
278 | },
279 | "hostpoolType": {
280 | "type": "string",
281 | "allowedValues": [
282 | "Personal",
283 | "Pooled"
284 | ],
285 | "metadata": {
286 | "description": "Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to false."
287 | }
288 | },
289 | "personalDesktopAssignmentType": {
290 | "type": "string",
291 | "allowedValues": [
292 | "Automatic",
293 | "Direct",
294 | ""
295 | ],
296 | "metadata": {
297 | "description": "Set the type of assignment for a Personal hostpool type"
298 | },
299 | "defaultValue": ""
300 | },
301 | "maxSessionLimit": {
302 | "type": "int",
303 | "metadata": {
304 | "description": "Maximum number of sessions."
305 | },
306 | "defaultValue": 99999
307 | },
308 | "loadBalancerType": {
309 | "type": "string",
310 | "allowedValues": [
311 | "BreadthFirst",
312 | "DepthFirst",
313 | "Persistent"
314 | ],
315 | "metadata": {
316 | "description": "Type of load balancer algorithm."
317 | },
318 | "defaultValue": "BreadthFirst"
319 | },
320 | "customRdpProperty": {
321 | "type": "string",
322 | "metadata": {
323 | "description": "Hostpool rdp properties"
324 | },
325 | "defaultValue": ""
326 | },
327 | "vmTemplate": {
328 | "type": "string",
329 | "metadata": {
330 | "description": "The necessary information for adding more VMs to this Hostpool"
331 | },
332 | "defaultValue": ""
333 | },
334 | "tokenExpirationTime": {
335 | "type": "string",
336 | "metadata": {
337 | "description": "Hostpool token expiration time"
338 | }
339 | },
340 | "hostpoolTags": {
341 | "type": "object",
342 | "metadata": {
343 | "description": "The tags to be assigned to the hostpool"
344 | },
345 | "defaultValue": {}
346 | },
347 | "applicationGroupTags": {
348 | "type": "object",
349 | "metadata": {
350 | "description": "The tags to be assigned to the application group"
351 | },
352 | "defaultValue": {}
353 | },
354 | "availabilitySetTags": {
355 | "type": "object",
356 | "metadata": {
357 | "description": "The tags to be assigned to the availability set"
358 | },
359 | "defaultValue": {}
360 | },
361 | "networkInterfaceTags": {
362 | "type": "object",
363 | "metadata": {
364 | "description": "The tags to be assigned to the network interfaces"
365 | },
366 | "defaultValue": {}
367 | },
368 | "networkSecurityGroupTags": {
369 | "type": "object",
370 | "metadata": {
371 | "description": "The tags to be assigned to the network security groups"
372 | },
373 | "defaultValue": {}
374 | },
375 | "publicIPAddressTags": {
376 | "type": "object",
377 | "metadata": {
378 | "description": "The tags to be assigned to the public ip addresses"
379 | },
380 | "defaultValue": {}
381 | },
382 | "virtualMachineTags": {
383 | "type": "object",
384 | "metadata": {
385 | "description": "The tags to be assigned to the virtual machines"
386 | },
387 | "defaultValue": {}
388 | },
389 | "imageTags": {
390 | "type": "object",
391 | "metadata": {
392 | "description": "The tags to be assigned to the images"
393 | },
394 | "defaultValue": {}
395 | },
396 | "apiVersion": {
397 | "type": "string",
398 | "metadata": {
399 | "description": "WVD api version"
400 | },
401 | "defaultValue": "2019-12-10-preview"
402 | },
403 | "deploymentId": {
404 | "type": "string",
405 | "metadata": {
406 | "description": "GUID for the deployment"
407 | },
408 | "defaultValue": ""
409 | },
410 | "validationEnvironment": {
411 | "type": "bool",
412 | "metadata": {
413 | "description": "Whether to use validation enviroment."
414 | },
415 | "defaultValue": false
416 | },
417 | "preferredAppGroupType": {
418 | "type": "string",
419 | "metadata": {
420 | "description": "Preferred App Group type to display"
421 | },
422 | "defaultValue": "Desktop"
423 | },
424 | "ouPath": {
425 | "type": "string",
426 | "metadata": {
427 | "description": "OUPath for the domain join"
428 | },
429 | "defaultValue": ""
430 | },
431 | "domain": {
432 | "type": "string",
433 | "metadata": {
434 | "description": "Domain to join"
435 | },
436 | "defaultValue": ""
437 | }
438 | },
439 | "variables": {
440 | "createVMs": "[greater(parameters('vmNumberOfInstances'),0)]",
441 | "rdshManagedDisks": "[if(equals(parameters('vmImageType'), 'CustomVHD'), parameters('vmUseManagedDisks'), bool('true'))]",
442 | "rdshPrefix": "[concat(parameters('vmNamePrefix'),'-')]",
443 | "avSetSKU": "[if(variables('rdshManagedDisks'), 'Aligned', 'Classic')]",
444 | "existingDomainUsername": "[first(split(parameters('administratorAccountUsername'), '@'))]",
445 | "vhds": "[concat('vhds','/', variables('rdshPrefix'))]",
446 | "subnet-id": "[resourceId(parameters('virtualNetworkResourceGroupName'),'Microsoft.Network/virtualNetworks/subnets',parameters('existingVnetName'), parameters('existingSubnetName'))]",
447 | "hostpoolName": "[replace(parameters('hostpoolName'),'\"','')]",
448 | "hostpoolFriendlyName": "[parameters('hostpoolFriendlyName')]",
449 | "vmTemplateName": "[concat( if(variables('rdshManagedDisks'), 'managedDisks', 'unmanagedDisks'), '-', toLower(replace(parameters('vmImageType'),' ', '')), 'vm')]",
450 | "vmTemplateUri": "[concat(parameters('nestedTemplatesLocation'), variables('vmTemplateName'),'.json')]",
451 | "rdshVmNamesOutput": {
452 | "copy": [
453 | {
454 | "name": "rdshVmNamesCopy",
455 | "count": "[if(variables('createVMs'), parameters('vmNumberOfInstances'), 1)]",
456 | "input": {
457 | "name": "[concat(variables('rdshPrefix'),copyIndex('rdshVmNamesCopy'))]"
458 | }
459 | }
460 | ]
461 | },
462 | "appGroupName": "[concat(variables('hostpoolName'),'-DAG')]",
463 | "appGroupResourceId": "[createArray(resourceId('Microsoft.DesktopVirtualization/applicationgroups/', variables('appGroupName')))]",
464 | "workspaceResourceGroup": "[if(empty(parameters('workspaceResourceGroup')), resourceGroup().name, parameters('workspaceResourceGroup'))]",
465 | "applicationGroupReferencesArr": "[if(equals('',parameters('allApplicationGroupReferences')), variables('appGroupResourceId'), concat(split(parameters('allApplicationGroupReferences'),','), variables('appGroupResourceId')))]"
466 | },
467 | "resources": [
468 | {
469 | "name": "[parameters('hostpoolName')]",
470 | "apiVersion": "[parameters('apiVersion')]",
471 | "type": "Microsoft.DesktopVirtualization/hostpools",
472 | "location": "[parameters('location')]",
473 | "tags": "[parameters('hostpoolTags')]",
474 | "properties": {
475 | "friendlyName": "[parameters('hostpoolFriendlyName')]",
476 | "description": "[parameters('hostpoolDescription')]",
477 | "hostpoolType": "[parameters('hostpoolType')]",
478 | "customRdpProperty": "[parameters('customRdpProperty')]",
479 | "personalDesktopAssignmentType": "[parameters('personalDesktopAssignmentType')]",
480 | "maxSessionLimit": "[parameters('maxSessionLimit')]",
481 | "loadBalancerType": "[parameters('loadBalancerType')]",
482 | "validationEnvironment": "[parameters('validationEnvironment')]",
483 | "preferredAppGroupType": "[parameters('preferredAppGroupType')]",
484 | "ring": null,
485 | "registrationInfo": {
486 | "expirationTime": "[parameters('tokenExpirationTime')]",
487 | "token": null,
488 | "registrationTokenOperation": "Update"
489 | },
490 | "vmTemplate": "[parameters('vmTemplate')]"
491 | }
492 | },
493 | {
494 | "name": "[variables('appGroupName')]",
495 | "apiVersion": "[parameters('apiVersion')]",
496 | "type": "Microsoft.DesktopVirtualization/applicationgroups",
497 | "location": "[parameters('location')]",
498 | "tags": "[parameters('applicationGroupTags')]",
499 | "properties": {
500 | "hostpoolarmpath": "[resourceId('Microsoft.DesktopVirtualization/hostpools/', parameters('hostpoolName'))]",
501 | "friendlyName": "Default Desktop",
502 | "description": "Desktop Application Group created through the Hostpool Wizard",
503 | "applicationGroupType": "Desktop"
504 | },
505 | "dependsOn": [
506 | "[resourceId('Microsoft.DesktopVirtualization/hostpools/', parameters('hostpoolName'))]"
507 | ]
508 | },
509 | {
510 | "apiVersion": "2018-05-01",
511 | "name": "[concat('Workspace-linkedTemplate-', parameters('deploymentId'))]",
512 | "type": "Microsoft.Resources/deployments",
513 | "resourceGroup": "[variables('workspaceResourceGroup')]",
514 | "condition": "[parameters('addToWorkspace')]",
515 | "properties": {
516 | "mode": "Incremental",
517 | "template": {
518 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
519 | "contentVersion": "1.0.0.0",
520 | "resources": [
521 | {
522 | "apiVersion": "[parameters('apiVersion')]",
523 | "name": "[parameters('workSpaceName')]",
524 | "type": "Microsoft.DesktopVirtualization/workspaces",
525 | "location": "[parameters('workspaceLocation')]",
526 | "properties": {
527 | "applicationGroupReferences": "[variables('applicationGroupReferencesArr')]"
528 | }
529 | }
530 | ]
531 | }
532 | },
533 | "dependsOn": [
534 | "[resourceId('Microsoft.DesktopVirtualization/applicationgroups/', variables('appGroupName'))]"
535 | ]
536 | },
537 | {
538 | "apiVersion": "2018-05-01",
539 | "name": "[concat('AVSet-linkedTemplate-', parameters('deploymentId'))]",
540 | "type": "Microsoft.Resources/deployments",
541 | "resourceGroup": "[parameters('vmResourceGroup')]",
542 | "condition": "[parameters('createAvailabilitySet')]",
543 | "properties": {
544 | "mode": "Incremental",
545 | "template": {
546 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
547 | "contentVersion": "1.0.0.0",
548 | "resources": [
549 | {
550 | "apiVersion": "2018-10-01",
551 | "type": "Microsoft.Compute/availabilitySets",
552 | "name": "[concat(variables('rdshPrefix'), 'availabilitySet-', parameters('vmLocation'))]",
553 | "location": "[parameters('vmLocation')]",
554 | "tags": "[parameters('availabilitySetTags')]",
555 | "properties": {
556 | "platformUpdateDomainCount": 5,
557 | "platformFaultDomainCount": 2
558 | },
559 | "sku": {
560 | "name": "[variables('avSetSKU')]"
561 | }
562 | }
563 | ]
564 | }
565 | },
566 | "dependsOn": [
567 | "[resourceId('Microsoft.DesktopVirtualization/applicationgroups', variables('appGroupName'))]"
568 | ]
569 | },
570 | {
571 | "apiVersion": "2018-05-01",
572 | "name": "[concat('vmCreation-linkedTemplate-', parameters('deploymentId'))]",
573 | "type": "Microsoft.Resources/deployments",
574 | "condition": "[variables('createVMs')]",
575 | "resourceGroup": "[parameters('vmResourceGroup')]",
576 | "dependsOn": [
577 | "[concat('AVSet-linkedTemplate-', parameters('deploymentId'))]"
578 | ],
579 | "properties": {
580 | "mode": "Incremental",
581 | "templateLink": {
582 | "uri": "[variables('vmTemplateUri')]",
583 | "contentVersion": "1.0.0.0"
584 | },
585 | "parameters": {
586 | "artifactsLocation": {
587 | "value": "[parameters('artifactsLocation')]"
588 | },
589 | "vmImageVhdUri": {
590 | "value": "[parameters('vmImageVhdUri')]"
591 | },
592 | "storageAccountResourceGroupName": {
593 | "value": "[parameters('storageAccountResourceGroupName')]"
594 | },
595 | "vmGalleryImageOffer": {
596 | "value": "[parameters('vmGalleryImageOffer')]"
597 | },
598 | "vmGalleryImagePublisher": {
599 | "value": "[parameters('vmGalleryImagePublisher')]"
600 | },
601 | "vmGalleryImageSKU": {
602 | "value": "[parameters('vmGalleryImageSKU')]"
603 | },
604 | "rdshPrefix": {
605 | "value": "[variables('rdshPrefix')]"
606 | },
607 | "rdshNumberOfInstances": {
608 | "value": "[parameters('vmNumberOfInstances')]"
609 | },
610 | "rdshVMDiskType": {
611 | "value": "[parameters('vmDiskType')]"
612 | },
613 | "rdshVmSize": {
614 | "value": "[parameters('vmSize')]"
615 | },
616 | "enableAcceleratedNetworking": {
617 | "value": false
618 | },
619 | "administratorAccountUsername": {
620 | "value": "[parameters('administratorAccountUsername')]"
621 | },
622 | "administratorAccountPassword": {
623 | "value": "[parameters('administratorAccountPassword')]"
624 | },
625 | "subnet-id": {
626 | "value": "[variables('subnet-id')]"
627 | },
628 | "vhds": {
629 | "value": "[variables('vhds')]"
630 | },
631 | "rdshImageSourceId": {
632 | "value": "[parameters('vmCustomImageSourceId')]"
633 | },
634 | "location": {
635 | "value": "[parameters('vmLocation')]"
636 | },
637 | "usePublicIP": {
638 | "value": "[parameters('usePublicIP')]"
639 | },
640 | "publicIpAddressType": {
641 | "value": "[parameters('publicIpAddressType')]"
642 | },
643 | "publicIpAddressSku": {
644 | "value": "[parameters('publicIpAddressSku')]"
645 | },
646 | "createNetworkSecurityGroup": {
647 | "value": "[parameters('createNetworkSecurityGroup')]"
648 | },
649 | "networkSecurityGroupId": {
650 | "value": "[parameters('networkSecurityGroupId')]"
651 | },
652 | "networkSecurityGroupRules": {
653 | "value": "[parameters('networkSecurityGroupRules')]"
654 | },
655 | "networkInterfaceTags": {
656 | "value": "[parameters('networkInterfaceTags')]"
657 | },
658 | "networkSecurityGroupTags": {
659 | "value": "[parameters('networkSecurityGroupTags')]"
660 | },
661 | "publicIPAddressTags": {
662 | "value": "[parameters('publicIPAddressTags')]"
663 | },
664 | "virtualMachineTags": {
665 | "value": "[parameters('virtualMachineTags')]"
666 | },
667 | "imageTags": {
668 | "value": "[parameters('imageTags')]"
669 | },
670 | "hostpoolToken": {
671 | "value": "[reference(parameters('hostpoolName')).registrationInfo.token]"
672 | },
673 | "hostpoolName": {
674 | "value": "[parameters('hostpoolName')]"
675 | },
676 | "domain": {
677 | "value": "[parameters('domain')]"
678 | },
679 | "ouPath": {
680 | "value": "[parameters('ouPath')]"
681 | },
682 | "_guidValue": {
683 | "value": "[parameters('deploymentId')]"
684 | }
685 | }
686 | }
687 | }
688 | ],
689 | "outputs": {
690 | "rdshVmNamesObject": {
691 | "value": "[variables('rdshVmNamesOutput')]",
692 | "type": "object"
693 | }
694 | }
695 | }
--------------------------------------------------------------------------------
/Templates/Bastion.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "prefix": {
6 | "type": "string",
7 | "minLength": 2,
8 | "maxLength": 9,
9 | "metadata": {
10 | "description": "The prefix name of machines. "
11 | }
12 | },
13 | "NSG": {
14 | "type": "string",
15 | "metadata": {
16 | "description": "Name of Network Security Group. "
17 | }
18 | },
19 | "VirtualNetworkName": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "Name of Virtual Network. "
23 | }
24 | },
25 | "subnetname": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "Name of Subnet. "
29 | }
30 | },
31 | "addressprefix": {
32 | "type": "string",
33 | "metadata": {
34 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
35 | }
36 | },
37 | "addresssubnet": {
38 | "type": "string",
39 | "metadata": {
40 | "description": "Subnet for servers"
41 | }
42 | },
43 | "bastionsubnet": {
44 | "type": "string",
45 | "metadata": {
46 | "description": "Subnet for Bastion Connections. "
47 | }
48 | },
49 | "DCName": {
50 | "type": "string",
51 | "metadata": {
52 | "description": "Name of Domain Controller server. "
53 | }
54 | },
55 | "PSName": {
56 | "type": "string",
57 | "metadata": {
58 | "description": "Name of SCCM Primary server. "
59 | }
60 | },
61 | "DPMPName": {
62 | "type": "string",
63 | "metadata": {
64 | "description": "Name of SCCM DP/MP server. "
65 | }
66 | },
67 | "DCip": {
68 | "type": "string",
69 | "metadata": {
70 | "description": "DC IP Address. "
71 | }
72 | },
73 | "SQLName": {
74 | "type": "string",
75 | "metadata": {
76 | "description": "Name of SQL Server "
77 | }
78 | },
79 | "STIG": {
80 | "type": "string",
81 | "metadata": {
82 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
83 | }
84 | },
85 | "MSFTBaseline": {
86 | "type": "string",
87 | "metadata": {
88 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
89 | }
90 | },
91 | "sharePointVersion": {
92 | "type": "string",
93 | "defaultValue": "2016",
94 | "metadata": {
95 | "description": "Private IP Address. "
96 | }
97 | },
98 | "adminUsername": {
99 | "type": "string",
100 | "minLength": 2,
101 | "maxLength": 10,
102 | "metadata": {
103 | "description": "The name of the administrator account of the new VM. The domain name is contoso.com "
104 | },
105 | "defaultValue": "xadmin"
106 | },
107 | "adminPassword": {
108 | "type": "securestring",
109 | "minLength": 8,
110 | "metadata": {
111 | "description": "Input must meet password complexity requirements as documented for property 'adminPassword' in https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update"
112 | }
113 | },
114 | "DomainName": {
115 | "type": "string",
116 | "metadata": {
117 | "description": "Specifies the Domain Name."
118 | }
119 | },
120 | "_artifactsLocation": {
121 | "type": "string",
122 | "metadata": {
123 | "description": "The base URI where artifacts required by this template are located including a trailing '/'"
124 | }
125 | },
126 | "_artifactsLocationSasToken": {
127 | "type": "securestring",
128 | "metadata": {
129 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. "
130 | },
131 | "defaultValue": ""
132 | },
133 | "AdfsServiceAccountName": {
134 | "type": "string",
135 | "metadata": {
136 | "description": "Specifies the name of the ADFS service account."
137 | },
138 | "defaultValue": "svc.adfs"
139 | },
140 | "location": {
141 | "type": "string",
142 | "defaultValue": "[resourceGroup().location]",
143 | "metadata": {
144 | "description": "Location for all resources."
145 | }
146 | }
147 | },
148 | "variables": {
149 | "dscScript": "dsc/Configuration.zip",
150 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
151 | //"virtualNetworkName": "[concat(toLower(parameters('prefix')), '-vnet')]",
152 | "domainName": "[parameters('DomainName')]",
153 | "networkSettings": {
154 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
155 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
156 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
157 | "privateIPAllocationMethod": "Static",
158 | "publicIpAllocationMethod": "Dynamic"
159 | },
160 | "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
161 | "BastionSubnetId": "[concat(variables('vnetId'), '/subnets/', 'AzureBastionSubnet')]",
162 |
163 | "spSettings": {
164 | "sqlAlias": "SQLAlias",
165 | "spSuperUserName": "spSuperUser",
166 | "spSuperReaderName": "spSuperReader",
167 | "sqlSvcUserName": "sqlsvc",
168 | "sqlSvcPassword": "[parameters('adminPassword')]",
169 | "spSetupUserName": "spsetup",
170 | "spSetupPassword": "[parameters('adminPassword')]",
171 | "spFarmUserName": "spfarm",
172 | "spFarmPassword": "[parameters('adminPassword')]",
173 | "spSvcUserName": "spsvc",
174 | "spSvcPassword": "[parameters('adminPassword')]",
175 | "spAppPoolUserName": "spapppool",
176 | "spAppPoolPassword": "[parameters('adminPassword')]",
177 | "spPassphrase": "[parameters('adminPassword')]"
178 | }
179 | },
180 | "resources": [
181 | {
182 | "apiVersion": "2020-05-01",
183 | "type": "Microsoft.Network/publicIpAddresses",
184 | "name": "AzureBastionSubnet-ip",
185 | "location": "[parameters('location')]",
186 | "sku": {
187 | "name": "Standard"
188 | },
189 | "properties": {
190 | "publicIPAllocationMethod": "Static"
191 | },
192 | "tags": {}
193 | },
194 | {
195 | "apiVersion": "2020-05-01",
196 | "type": "Microsoft.Network/bastionHosts",
197 | "name": "Bastion",
198 | "location": "[parameters('location')]",
199 | "dependsOn": [
200 | "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', 'AzureBastionSubnet-ip')]",
201 | "[variables('BastionSubnetId')]"
202 | ],
203 | "properties": {
204 | "ipConfigurations": [
205 | {
206 | "name": "IpConf",
207 | "properties": {
208 | "subnet": {
209 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('virtualNetworkName'),'AzureBastionSubnet')]"
210 | },
211 | "publicIPAddress": {
212 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', 'AzureBastionSubnet-ip')]"
213 | }
214 | }
215 | }
216 | ]
217 | },
218 | "tags": {}
219 | },
220 | {
221 | "apiVersion": "2019-06-01",
222 | "type": "Microsoft.Network/virtualNetworks/subnets",
223 | "name": "[concat(parameters('VirtualNetworkName'), '/', 'AzureBastionSubnet')]",
224 | "location": "[parameters('location')]",
225 | "properties": {
226 | "addressPrefix": "[parameters('BastionSubnet')]"
227 | }
228 | }
229 | ],
230 | "outputs": {
231 |
232 | }
233 | }
234 |
--------------------------------------------------------------------------------
/Templates/HostGroup.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "resourceName": {
6 | "type": "string",
7 | "metadata": {
8 | "description": "The name of the Host group resource."
9 | }
10 | },
11 | "location": {
12 | "type": "string",
13 | "metadata": {
14 | "description": "The location of the Host group resource."
15 | }
16 | },
17 | "platformFaultDomainCount": {
18 | "type": "string",
19 | "metadata": {
20 | "description": "The platform fault domain count of the Host group resource."
21 | }
22 | }
23 | },
24 | "resources": [
25 | {
26 | "type": "Microsoft.Compute/hostgroups",
27 | "name": "[parameters('resourceName')]",
28 | "apiVersion": "2019-12-01",
29 | "location": "[parameters('location')]",
30 | "properties": {
31 | "platformFaultDomainCount": "[parameters('platformFaultDomainCount')]"
32 | },
33 | "tags": {}
34 | }
35 | ]
36 | }
--------------------------------------------------------------------------------
/Templates/HostGroup.parameters.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "resourceName": {
6 | "value": "TEST"
7 | },
8 | "location": {
9 | "value": "eastus2"
10 | },
11 | "platformFaultDomainCount": {
12 | "value": "1"
13 | }
14 | }
15 | }
--------------------------------------------------------------------------------
/Templates/Networking.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "prefix": {
6 | "type": "string",
7 | "minLength": 2,
8 | "maxLength": 9,
9 | "metadata": {
10 | "description": "The prefix name of machines. "
11 | }
12 | },
13 | "vmsize": {
14 | "type": "string",
15 | "metadata": {
16 | "description": "VM Size. "
17 | }
18 | },
19 | "vmdisk": {
20 | "type": "string",
21 | "metadata": {
22 | "description": "VM disk. "
23 | }
24 | },
25 | "VirtualNetworkName": {
26 | "type": "string",
27 | "metadata": {
28 | "description": "Name of Virtual Network. "
29 | }
30 | },
31 | "NSG": {
32 | "type": "string",
33 | "metadata": {
34 | "description": "Name of Network Security Group. "
35 | }
36 | },
37 | "subnetname": {
38 | "type": "string",
39 | "metadata": {
40 | "description": "Name of Subnet. "
41 | }
42 | },
43 | "addressprefix": {
44 | "type": "string",
45 | "metadata": {
46 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
47 | }
48 | },
49 | "addresssubnet": {
50 | "type": "string",
51 | "metadata": {
52 | "description": "Subnet for servers"
53 | }
54 | },
55 | "bastionsubnet": {
56 | "type": "string",
57 | "metadata": {
58 | "description": "Subnet for Bastion Connections. "
59 | }
60 | },
61 | "role": {
62 | "type": "string",
63 | "metadata": {
64 | "description": "DSC to run on the machine"
65 | }
66 | },
67 | "servername": {
68 | "type": "string",
69 | "metadata": {
70 | "description": "Name of extra server. "
71 | }
72 | },
73 | "DCName": {
74 | "type": "string",
75 | "metadata": {
76 | "description": "Name of Domain Controller server. "
77 | }
78 | },
79 | "PSName": {
80 | "type": "string",
81 | "metadata": {
82 | "description": "Name of SCCM Primary server. "
83 | }
84 | },
85 | "DPMPName": {
86 | "type": "string",
87 | "metadata": {
88 | "description": "Name of SCCM DP/MP server. "
89 | }
90 | },
91 | "ip": {
92 | "type": "string",
93 | "metadata": {
94 | "description": "Private IP Address. "
95 | }
96 | },
97 | "DCip": {
98 | "type": "string",
99 | "metadata": {
100 | "description": "DC IP Address. "
101 | }
102 | },
103 | "SQLName": {
104 | "type": "string",
105 | "metadata": {
106 | "description": "Name of SQL Server "
107 | }
108 | },
109 | "STIG": {
110 | "type": "string",
111 | "metadata": {
112 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
113 | }
114 | },
115 | "MSFTBaseline": {
116 | "type": "string",
117 | "metadata": {
118 | "description": "If STIG -eq $True, STIGs will be downloaded from DISA and Imported into AD "
119 | }
120 | },
121 | "sharePointVersion": {
122 | "type": "string",
123 | "defaultValue": "2016",
124 | "metadata": {
125 | "description": "Private IP Address. "
126 | }
127 | },
128 | "publisher": {
129 | "type": "string",
130 | "metadata": {
131 | "description": "Private IP Address. "
132 | }
133 | },
134 | "offer": {
135 | "type": "string",
136 | "metadata": {
137 | "description": "Private IP Address. "
138 | }
139 | },
140 | "sku": {
141 | "type": "string",
142 | "metadata": {
143 | "description": "Private IP Address. "
144 | }
145 | },
146 | "adminUsername": {
147 | "type": "string",
148 | "minLength": 2,
149 | "maxLength": 10,
150 | "metadata": {
151 | "description": "The name of the administrator account of the new VM. The domain name is contoso.com "
152 | },
153 | "defaultValue": "xadmin"
154 | },
155 | "adminPassword": {
156 | "type": "securestring",
157 | "minLength": 8,
158 | "metadata": {
159 | "description": "Input must meet password complexity requirements as documented for property 'adminPassword' in https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update"
160 | }
161 | },
162 | "DomainName": {
163 | "type": "string",
164 | "metadata": {
165 | "description": "Specifies the Domain Name."
166 | }
167 | },
168 | "_artifactsLocation": {
169 | "type": "string",
170 | "metadata": {
171 | "description": "The base URI where artifacts required by this template are located including a trailing '/'"
172 | }
173 | },
174 | "_artifactsLocationSasToken": {
175 | "type": "securestring",
176 | "metadata": {
177 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. "
178 | },
179 | "defaultValue": ""
180 | },
181 | "AdfsServiceAccountName": {
182 | "type": "string",
183 | "metadata": {
184 | "description": "Specifies the name of the ADFS service account."
185 | },
186 | "defaultValue": "svc.adfs"
187 | },
188 | "location": {
189 | "type": "string",
190 | "defaultValue": "[resourceGroup().location]",
191 | "metadata": {
192 | "description": "Location for all resources."
193 | }
194 | }
195 | },
196 | "variables": {
197 | "dscScript": "dsc/Configuration.zip",
198 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
199 | //"virtualNetworkName": "[concat(toLower(parameters('prefix')), '-vnet')]",
200 | "domainName": "[parameters('DomainName')]",
201 | "networkSettings": {
202 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
203 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
204 | "virtualMachinesIPAddress": "[parameters('ip')]",
205 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
206 | "privateIPAllocationMethod": "Static",
207 | "publicIpAllocationMethod": "Dynamic"
208 | },
209 | "spSettings": {
210 | "sqlAlias": "SQLAlias",
211 | "spSuperUserName": "spSuperUser",
212 | "spSuperReaderName": "spSuperReader",
213 | "sqlSvcUserName": "sqlsvc",
214 | "sqlSvcPassword": "[parameters('adminPassword')]",
215 | "spSetupUserName": "spsetup",
216 | "spSetupPassword": "[parameters('adminPassword')]",
217 | "spFarmUserName": "spfarm",
218 | "spFarmPassword": "[parameters('adminPassword')]",
219 | "spSvcUserName": "spsvc",
220 | "spSvcPassword": "[parameters('adminPassword')]",
221 | "spAppPoolUserName": "spapppool",
222 | "spAppPoolPassword": "[parameters('adminPassword')]",
223 | "spPassphrase": "[parameters('adminPassword')]"
224 | },
225 | //"securityGroupRule": {
226 | // "name": "default-allow-rdp",
227 | // "priority": 1000,
228 | // "sourceAddressPrefix": "*",
229 | // "protocol": "Tcp",
230 | // "destinationPortRange": "3389",
231 | // "access": "Allow",
232 | // "direction": "Inbound",
233 | // "sourcePortRange": "*",
234 | // "destinationAddressPrefix": "*"
235 | //},
236 | "vmrole": "[parameters('role')]",
237 | "vmname": "[parameters('servername')]",
238 | "vmDiskType": "[parameters('vmDisk')]",
239 | "vmSize": "[parameters('vmsize')]",
240 |
241 | "imageReference": {
242 | "[parameters('role')]": {
243 | "publisher": "[parameters('publisher')]",
244 | "offer": "[parameters('offer')]",
245 | "sku": "[parameters('sku')]",
246 | "version": "latest"
247 | }
248 | }
249 | },
250 | "resources": [
251 | {
252 | "type": "Microsoft.Network/virtualNetworks",
253 | "apiVersion": "2020-05-01",
254 | "name": "[variables('virtualNetworkName')]",
255 | "location": "[parameters('location')]",
256 | "properties": {
257 | "addressSpace": {
258 | "addressPrefixes": [
259 | "[variables('networkSettings').subnetAddressPrefix]"
260 | ]
261 | },
262 | //"dhcpOptions": {
263 | // "dnsServers": [
264 | // "[parameters('DCip')]",
265 | // "8.8.8.8",
266 | // "1.1.1.1",
267 | // "8.8.4.4"
268 | // ]
269 | //},
270 | "subnets": [
271 | {
272 | "name": "[parameters('subnetname')]",
273 | "properties": {
274 | "addressPrefix": "[variables('networkSettings').subnetAddressPrefix]"
275 | }
276 | }
277 | ]
278 | }
279 | },
280 | {
281 | "type": "Microsoft.Network/networkSecurityGroups",
282 | "apiVersion": "2020-05-01",
283 | "name": "[parameters('NSG')]",
284 | "location": "[parameters('location')]",
285 | "properties": {
286 | //"securityRules": [
287 | // {
288 | // "name": "[variables('securityGroupRule').name]",
289 | // "properties": {
290 | // "priority": "[variables('securityGroupRule').priority]",
291 | // "sourceAddressPrefix": "[variables('securityGroupRule').sourceAddressPrefix]",
292 | // "protocol": "[variables('securityGroupRule').protocol]",
293 | // "destinationPortRange": "[variables('securityGroupRule').destinationPortRange]",
294 | // "access": "[variables('securityGroupRule').access]",
295 | // "direction": "[variables('securityGroupRule').direction]",
296 | // "sourcePortRange": "[variables('securityGroupRule').sourcePortRange]",
297 | // "destinationAddressPrefix": "[variables('securityGroupRule').destinationAddressPrefix]"
298 | // }
299 | // }
300 | //]
301 | }
302 | }
303 |
304 | ],
305 | "outputs": {
306 |
307 | }
308 | }
309 |
--------------------------------------------------------------------------------
/Templates/SACA/1T_SACA_NetworkBuild.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "VNetName": {
6 | "defaultValue": "SCCA_VNet",
7 | "type": "String"
8 | },
9 | "DNSLabel": {
10 | "type": "String"
11 | },
12 | "Location": {
13 | "type": "String"
14 | },
15 | "Subnet_Management_Name": {
16 | "type": "String"
17 | },
18 | "Subnet_Management": {
19 | "type": "String"
20 | },
21 | "Subnet_External_Name": {
22 | "type": "String"
23 | },
24 | "Subnet_External": {
25 | "type": "String"
26 | },
27 | "Subnet_InternalS_Name": {
28 | "type": "String"
29 | },
30 | "Subnet_InternalS": {
31 | "type": "String"
32 | },
33 | "Subnet_VDMS_Name": {
34 | "type": "String"
35 | },
36 | "Subnet_VDMS": {
37 | "type": "String"
38 | },
39 | "SB_LB_IP": {
40 | "defaultValue": "SB-LB",
41 | "type": "String"
42 | },
43 | "publicIPAddresses_AzureBastionSubnet_ip_name": {
44 | "defaultValue": "AzureBastionSubnet-ip",
45 | "type": "String"
46 | }
47 | },
48 | "variables": {
49 | "publicIPAddresses_ext_pip0_name": "[concat(parameters('DNSlabel'), '-ext-pip0')]",
50 | "networkSecurityGroups_ext_nsg_name": "[concat(parameters('DNSlabel'), '-ext-nsg')]"
51 | },
52 | "resources": [
53 | {
54 | "type": "Microsoft.Network/networkSecurityGroups",
55 | "apiVersion": "2020-05-01",
56 | "name": "[variables('networkSecurityGroups_ext_nsg_name')]",
57 | "location": "[parameters('Location')]",
58 | "tags": {
59 | "application": "APP",
60 | "cost": "COST",
61 | "environment": "ENV",
62 | "group": "GROUP",
63 | "owner": "OWNER"
64 | },
65 | "properties": {
66 | "securityRules": [
67 | {
68 | "name": "ext_allow_https",
69 | "properties": {
70 | "protocol": "Tcp",
71 | "sourcePortRange": "*",
72 | "destinationPortRange": "443",
73 | "sourceAddressPrefix": "*",
74 | "destinationAddressPrefix": "*",
75 | "access": "Allow",
76 | "priority": 101,
77 | "direction": "Inbound",
78 | "sourcePortRanges": [],
79 | "destinationPortRanges": [],
80 | "sourceAddressPrefixes": [],
81 | "destinationAddressPrefixes": []
82 | }
83 | },
84 | {
85 | "name": "ssh_allow_22",
86 | "properties": {
87 | "protocol": "Tcp",
88 | "sourcePortRange": "*",
89 | "destinationPortRange": "22",
90 | "sourceAddressPrefix": "*",
91 | "destinationAddressPrefix": "*",
92 | "access": "Allow",
93 | "priority": 102,
94 | "direction": "Inbound",
95 | "sourcePortRanges": [],
96 | "destinationPortRanges": [],
97 | "sourceAddressPrefixes": [],
98 | "destinationAddressPrefixes": []
99 | }
100 | },
101 | {
102 | "name": "rdp_allow_3389",
103 | "properties": {
104 | "protocol": "Tcp",
105 | "sourcePortRange": "*",
106 | "destinationPortRange": "3389",
107 | "sourceAddressPrefix": "*",
108 | "destinationAddressPrefix": "*",
109 | "access": "Allow",
110 | "priority": 103,
111 | "direction": "Inbound",
112 | "sourcePortRanges": [],
113 | "destinationPortRanges": [],
114 | "sourceAddressPrefixes": [],
115 | "destinationAddressPrefixes": []
116 | }
117 | }
118 | ]
119 | }
120 | },
121 | {
122 | "type": "Microsoft.Network/publicIPAddresses",
123 | "apiVersion": "2020-05-01",
124 | "name": "[variables('publicIPAddresses_ext_pip0_name')]",
125 | "location": "[parameters('Location')]",
126 | "tags": {
127 | "application": "APP",
128 | "cost": "COST",
129 | "environment": "ENV",
130 | "group": "GROUP",
131 | "owner": "OWNER"
132 | },
133 | "sku": {
134 | "name": "Standard"
135 | },
136 | "properties": {
137 | //"ipAddress": "52.181.32.36",
138 | "publicIPAddressVersion": "IPv4",
139 | "publicIPAllocationMethod": "Static",
140 | "idleTimeoutInMinutes": 30,
141 | "dnsSettings": {
142 | "domainNameLabel": "[concat(parameters('DNSLabel'), '-pip0')]"
143 | //"fqdn": "f5dnst3-0.usdodeast.cloudapp.usgovcloudapi.net"
144 | },
145 | "ipTags": []
146 | }
147 | },
148 | {
149 | "type": "Microsoft.Network/virtualNetworks",
150 | "apiVersion": "2020-05-01",
151 | "name": "[parameters('VNetName')]",
152 | "location": "[parameters('Location')]",
153 | "dependsOn": [ "[resourceId('Microsoft.Network/routeTables', 'BasicUDR')]" ],
154 | "tags": {
155 | "application": "APP",
156 | "cost": "COST",
157 | "environment": "ENV",
158 | "group": "GROUP",
159 | "owner": "OWNER"
160 | },
161 | "properties": {
162 | "addressSpace": {
163 | "addressPrefixes": [
164 | "[parameters('Subnet_External')]",
165 | "[parameters('Subnet_Management')]",
166 | "[parameters('Subnet_InternalS')]",
167 | "[parameters('Subnet_VDMS')]"
168 | ]
169 | },
170 | "subnets": [
171 | {
172 | "name": "[parameters('Subnet_Management_Name')]",
173 | "properties": {
174 | "addressPrefix": "[parameters('Subnet_Management')]",
175 | "delegations": [],
176 | "privateEndpointNetworkPolicies": "Enabled",
177 | "privateLinkServiceNetworkPolicies": "Enabled"
178 | }
179 | },
180 | {
181 | "name": "[parameters('Subnet_External_Name')]",
182 | "properties": {
183 | "addressPrefix": "[parameters('Subnet_External')]",
184 | "delegations": [],
185 | "privateEndpointNetworkPolicies": "Enabled",
186 | "privateLinkServiceNetworkPolicies": "Enabled"
187 | }
188 | },
189 | {
190 | "name": "[parameters('Subnet_InternalS_Name')]",
191 | "properties": {
192 | "addressPrefix": "[parameters('Subnet_InternalS')]",
193 | "delegations": [],
194 | "privateEndpointNetworkPolicies": "Enabled",
195 | "privateLinkServiceNetworkPolicies": "Enabled"
196 | }
197 | },
198 | {
199 | "name": "[parameters('Subnet_VDMS_Name')]",
200 | "properties": {
201 | "routeTable": {
202 | "id": "[resourceId('Microsoft.Network/routeTables', 'BasicUDR')]"
203 | },
204 | "addressPrefix": "[parameters('Subnet_VDMS')]",
205 | "delegations": [],
206 | "privateEndpointNetworkPolicies": "Enabled",
207 | "privateLinkServiceNetworkPolicies": "Enabled"
208 | }
209 | }
210 | ],
211 | "virtualNetworkPeerings": [],
212 | "enableDdosProtection": false,
213 | "enableVmProtection": false
214 | }
215 | },
216 | {
217 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
218 | "apiVersion": "2020-05-01",
219 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/ext_allow_https')]",
220 | "dependsOn": [
221 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
222 | ],
223 | "properties": {
224 | "protocol": "Tcp",
225 | "sourcePortRange": "*",
226 | "destinationPortRange": "443",
227 | "sourceAddressPrefix": "*",
228 | "destinationAddressPrefix": "*",
229 | "access": "Allow",
230 | "priority": 101,
231 | "direction": "Inbound",
232 | "sourcePortRanges": [],
233 | "destinationPortRanges": [],
234 | "sourceAddressPrefixes": [],
235 | "destinationAddressPrefixes": []
236 | }
237 | },
238 | {
239 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
240 | "apiVersion": "2020-05-01",
241 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/rdp_allow_3389')]",
242 | "dependsOn": [
243 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
244 | ],
245 | "properties": {
246 | "protocol": "Tcp",
247 | "sourcePortRange": "*",
248 | "destinationPortRange": "3389",
249 | "sourceAddressPrefix": "*",
250 | "destinationAddressPrefix": "*",
251 | "access": "Allow",
252 | "priority": 103,
253 | "direction": "Inbound",
254 | "sourcePortRanges": [],
255 | "destinationPortRanges": [],
256 | "sourceAddressPrefixes": [],
257 | "destinationAddressPrefixes": []
258 | }
259 | },
260 | {
261 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
262 | "apiVersion": "2020-05-01",
263 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/ssh_allow_22')]",
264 | "dependsOn": [
265 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
266 | ],
267 | "properties": {
268 | "protocol": "Tcp",
269 | "sourcePortRange": "*",
270 | "destinationPortRange": "22",
271 | "sourceAddressPrefix": "*",
272 | "destinationAddressPrefix": "*",
273 | "access": "Allow",
274 | "priority": 102,
275 | "direction": "Inbound",
276 | "sourcePortRanges": [],
277 | "destinationPortRanges": [],
278 | "sourceAddressPrefixes": [],
279 | "destinationAddressPrefixes": []
280 | }
281 | },
282 | {
283 | "type": "Microsoft.Network/routeTables",
284 | "apiVersion": "2020-05-01",
285 | "name": "BasicUDR",
286 | "location": "[parameters('Location')]",
287 | "properties": {
288 | "disableBgpRoutePropagation": false,
289 | "routes": [
290 | {
291 | "name": "Default",
292 | "properties": {
293 | "addressPrefix": "0.0.0.0/0",
294 | "nextHopType": "VirtualAppliance",
295 | "nextHopIpAddress": "[parameters('SB_LB_IP')]"
296 | }
297 | }
298 | ]
299 | }
300 | },
301 | {
302 | "type": "Microsoft.Network/routeTables/routes",
303 | "apiVersion": "2020-05-01",
304 | "name": "[concat('BasicUDR', '/Default')]",
305 | "dependsOn": [
306 | "[resourceId('Microsoft.Network/routeTables', 'BasicUDR')]"
307 | ],
308 | "properties": {
309 | "addressPrefix": "0.0.0.0/0",
310 | "nextHopType": "VirtualAppliance",
311 | "nextHopIpAddress": "[parameters('SB_LB_IP')]"
312 | }
313 | }
314 | ]
315 | }
--------------------------------------------------------------------------------
/Templates/SACA/3T_SACA_IPSDeploy.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "StorageAccountName": {
6 | "type": "String"
7 | },
8 | "adminUsername": {
9 | "defaultValue": "xadmin",
10 | "metadata": {
11 | "description": "User name for the Virtual Machine."
12 | },
13 | "type": "string"
14 | },
15 | "adminPassword": {
16 | "metadata": {
17 | "description": "Password or SSH public key to login to the Virtual Machine. Note: There are a number of special characters that you should avoid using for F5 product user accounts. See [K2873](https://support.f5.com/csp/article/K2873) for details. Note: If using key-based authentication, this should be the public key as a string, typically starting with **---- BEGIN SSH2 PUBLIC KEY ----** and ending with **---- END SSH2 PUBLIC KEY ----**."
18 | },
19 | "type": "securestring"
20 | },
21 | "VNetName": {
22 | "defaultValue": "SCCA_VNet",
23 | "type": "String"
24 | },
25 | "DNSLabel": {
26 | "type": "String"
27 | },
28 | "Location": {
29 | "type": "String"
30 | },
31 | "Subnet_Management_Name": {
32 | "type": "String"
33 | },
34 | "Subnet_External_Name": {
35 | "type": "String"
36 | },
37 | "Subnet_External2_Name": {
38 | "type": "String"
39 | },
40 | "Subnet_InternalN_Name": {
41 | "type": "String"
42 | },
43 | "Subnet_InternalS_Name": {
44 | "type": "String"
45 | },
46 | "Subnet_IPSInt_Name": {
47 | "type": "String"
48 | },
49 | "Subnet_IPSExt_Name": {
50 | "type": "String"
51 | },
52 | "Subnet_VDMS_Name": {
53 | "type": "String"
54 | },
55 | "IPS1ExtPri_IP": {
56 | "type": "String"
57 | },
58 | "IPS1ExtSec_IP": {
59 | "type": "String"
60 | },
61 | "IPS2ExtPri_IP": {
62 | "type": "String"
63 | },
64 | "IPS2ExtSec_IP": {
65 | "type": "String"
66 | },
67 | "IPSLB_IP": {
68 | "type": "String"
69 | },
70 | "IPS1IntPri_IP": {
71 | "type": "String"
72 | },
73 | "IPS1IntSec_IP": {
74 | "type": "String"
75 | },
76 | "IPS2IntPri_IP": {
77 | "type": "String"
78 | },
79 | "IPS2IntSec_IP": {
80 | "type": "String"
81 | },
82 | "IPS1MGMT_IP": {
83 | "type": "String"
84 | },
85 | "IPS2MGMT_IP": {
86 | "type": "String"
87 | },
88 | "availabilitySet2_Name": {
89 | "defaultValue": "FW-avset2",
90 | "type": "String"
91 | },
92 | "IPS_FW0_Name": {
93 | "defaultValue": "f5dnst3-ips-fw0",
94 | "type": "String"
95 | },
96 | "IPS_FW1_Name": {
97 | "defaultValue": "f5dnst3-ips-fw1",
98 | "type": "String"
99 | },
100 | "IPS_FW0_Size": {
101 | "type": "String"
102 | },
103 | "IPS_FW1_Size": {
104 | "type": "String"
105 | },
106 | "IPS_LB_Name": {
107 | "defaultValue": "f5dnst3-ips-fw0",
108 | "type": "String"
109 | }
110 | },
111 | "variables": {
112 | // Device Names
113 | "availabilitySetName0": "[concat(parameters('dnsLabel'), '-avset0')]",
114 | "availabilitySetName1": "[concat(parameters('dnsLabel'), '-avset1')]",
115 | "availabilitySetName2": "IPS-avset2",
116 | "availabilitySetId2": {
117 | "id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName2'))]"
118 | },
119 | "availabilitySetName3": "[concat(parameters('dnsLabel'), '-avset3')]",
120 | "extNicName": "[concat(parameters('dnsLabel'), '-ext')]",
121 | "NorthboundLoadBalancerName": "[concat(parameters('dnsLabel'),'-nb-alb')]",
122 | "mgmtLoadBalancerName": "[concat(parameters('dnsLabel'),'-mgmt-alb')]",
123 | "extpublicIPAddressNamePrefix": "[concat(parameters('dnsLabel'), '-ext-pip')]",
124 | "mgmtPublicIPAddressName": "[concat(parameters('dnsLabel'), '-mgmt-pip')]",
125 | "intNicName": "[concat(parameters('dnsLabel'), '-int')]",
126 | "IPSBackEndAddressPool": {
127 | "id": "[concat(variables('IPSILBid'), '/backendAddressPools/', 'loadBalancerBackEnd')]"
128 | },
129 | "IPSILBid": "[resourceId('Microsoft.Network/loadBalancers',parameters('IPS_LB_Name'))]"
130 |
131 | },
132 | "resources": [
133 | {
134 | "type": "Microsoft.Network/loadBalancers",
135 | "apiVersion": "2020-05-01",
136 | "name": "[parameters('IPS_LB_Name')]",
137 | "location": "[parameters('Location')]",
138 | "dependsOn": [
139 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]",
140 | //"[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_External')]",
141 | //"[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_External')]"
142 | ],
143 | "tags": {
144 | "application": "APP",
145 | "cost": "COST",
146 | "environment": "ENV",
147 | "group": "GROUP",
148 | "owner": "OWNER"
149 | },
150 | "sku": {
151 | "name": "Standard"
152 | },
153 | "properties": {
154 | "frontendIPConfigurations": [
155 | {
156 | "name": "loadBalancerFrontEnd",
157 | "properties": {
158 | "privateIPAddress": "[parameters('IPSLB_IP')]",
159 | "privateIPAllocationMethod": "Static",
160 | "subnet": {
161 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]"
162 | },
163 | "privateIPAddressVersion": "IPv4"
164 | }
165 | }
166 | ],
167 | "backendAddressPools": [
168 | {
169 | "name": "loadBalancerBackEnd",
170 | "properties": {
171 | "loadBalancerBackendAddresses": [
172 | {
173 | "name": "IPS1-Ext-ipconfig-secondary",
174 | "properties": {}
175 | },
176 | {
177 | "name": "IPS2-Ext-ipconfig-secondary",
178 | "properties": {}
179 | }
180 | ]
181 | }
182 | }
183 | ],
184 | "loadBalancingRules": [
185 | {
186 | "name": "rdp_vs",
187 | "properties": {
188 | "frontendIPConfiguration": {
189 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name')), '/frontendIPConfigurations/loadBalancerFrontEnd')]"
190 | },
191 | "frontendPort": 3389,
192 | "backendPort": 3389,
193 | "enableFloatingIP": false,
194 | "idleTimeoutInMinutes": 4,
195 | "protocol": "Tcp",
196 | "enableTcpReset": false,
197 | "loadDistribution": "Default",
198 | "disableOutboundSnat": false,
199 | "backendAddressPool": {
200 | "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('IPS_LB_Name'), 'loadBalancerBackEnd')]"
201 | },
202 | "probe": {
203 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name')), '/probes/rdp_alive')]"
204 | }
205 | }
206 | },
207 | {
208 | "name": "ssh_vs",
209 | "properties": {
210 | "frontendIPConfiguration": {
211 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name')), '/frontendIPConfigurations/loadBalancerFrontEnd')]"
212 | },
213 | "frontendPort": 22,
214 | "backendPort": 22,
215 | "enableFloatingIP": false,
216 | "idleTimeoutInMinutes": 4,
217 | "protocol": "Tcp",
218 | "enableTcpReset": false,
219 | "loadDistribution": "Default",
220 | "disableOutboundSnat": false,
221 | "backendAddressPool": {
222 | "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('IPS_LB_Name'), 'loadBalancerBackEnd')]"
223 | },
224 | "probe": {
225 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name')), '/probes/ssh_alive')]"
226 | }
227 | }
228 | }
229 | ],
230 | "probes": [
231 | {
232 | "name": "ssh_alive",
233 | "properties": {
234 | "protocol": "Tcp",
235 | "port": 22,
236 | "intervalInSeconds": 15,
237 | "numberOfProbes": 2
238 | }
239 | },
240 | {
241 | "name": "rdp_alive",
242 | "properties": {
243 | "protocol": "Tcp",
244 | "port": 3389,
245 | "intervalInSeconds": 15,
246 | "numberOfProbes": 2
247 | }
248 | },
249 | {
250 | "name": "http_alive",
251 | "properties": {
252 | "protocol": "Http",
253 | "port": 80,
254 | "requestPath": "/",
255 | "intervalInSeconds": 15,
256 | "numberOfProbes": 2
257 | }
258 | },
259 | {
260 | "name": "https_alive",
261 | "properties": {
262 | "protocol": "Tcp",
263 | "port": 443,
264 | "intervalInSeconds": 15,
265 | "numberOfProbes": 3
266 | }
267 | }
268 | ],
269 | "inboundNatRules": [],
270 | "outboundRules": [],
271 | "inboundNatPools": []
272 | }
273 | },
274 | {
275 | "type": "Microsoft.Network/networkInterfaces",
276 | "apiVersion": "2020-05-01",
277 | "name": "IPS1_External",
278 | "location": "[parameters('Location')]",
279 | "dependsOn": [
280 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]",
281 | "[resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name'))]"
282 | ],
283 | "tags": {
284 | "application": "APP",
285 | "cost": "COST",
286 | "environment": "ENV",
287 | "group": "GROUP",
288 | "owner": "OWNER"
289 | },
290 | "properties": {
291 | "ipConfigurations": [
292 | {
293 | "name": "IPS1-ext-ipconfig-Primary",
294 | "properties": {
295 | "privateIPAddress": "[parameters('IPS1ExtPri_IP')]",
296 | "privateIPAllocationMethod": "Static",
297 | "subnet": {
298 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]"
299 | },
300 | "primary": true,
301 | "privateIPAddressVersion": "IPv4"
302 | }
303 | },
304 | {
305 | "name": "IPS1-Ext-ipconfig-secondary",
306 | "properties": {
307 | "privateIPAddress": "[parameters('IPS1ExtSec_IP')]",
308 | "privateIPAllocationMethod": "Static",
309 | "subnet": {
310 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]"
311 | },
312 | "primary": false,
313 | "privateIPAddressVersion": "IPv4",
314 | "loadBalancerBackendAddressPools": [
315 | "[variables('IPSBackEndAddressPool')]"
316 | ]
317 | }
318 | }
319 | ],
320 | "dnsSettings": {
321 | "dnsServers": []
322 | },
323 | "enableAcceleratedNetworking": true,
324 | "enableIPForwarding": true
325 | }
326 | },
327 | {
328 | "type": "Microsoft.Network/networkInterfaces",
329 | "apiVersion": "2020-05-01",
330 | "name": "IPS2_External",
331 | "location": "[parameters('Location')]",
332 | "dependsOn": [
333 | "[resourceId('Microsoft.Network/loadBalancers', parameters('IPS_LB_Name'))]"
334 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]",
335 | //"[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('IPS_LB_Name'), 'loadBalancerBackEnd')]"
336 | ],
337 | "tags": {
338 | "application": "APP",
339 | "cost": "COST",
340 | "environment": "ENV",
341 | "group": "GROUP",
342 | "owner": "OWNER"
343 | },
344 | "properties": {
345 | "ipConfigurations": [
346 | {
347 | "name": "IPS2-ext-ipconfig-Primary",
348 | "properties": {
349 | "privateIPAddress": "[parameters('IPS2ExtPri_IP')]",
350 | "privateIPAllocationMethod": "Static",
351 | "subnet": {
352 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]"
353 | },
354 | "primary": true,
355 | "privateIPAddressVersion": "IPv4"
356 | }
357 | },
358 | {
359 | "name": "IPS2-ext-ipconfig-secondary",
360 | "properties": {
361 | "privateIPAddress": "[parameters('IPS2ExtSec_IP')]",
362 | "privateIPAllocationMethod": "Static",
363 | "subnet": {
364 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSExt_Name'))]"
365 | },
366 | "primary": false,
367 | "privateIPAddressVersion": "IPv4",
368 | "loadBalancerBackendAddressPools": [
369 | "[variables('IPSBackEndAddressPool')]"
370 | ]
371 | }
372 | }
373 | ],
374 | "dnsSettings": {
375 | "dnsServers": []
376 | },
377 | "enableAcceleratedNetworking": true,
378 | "enableIPForwarding": true
379 | }
380 | },
381 | {
382 | "type": "Microsoft.Network/networkInterfaces",
383 | "apiVersion": "2020-05-01",
384 | "name": "IPS1_Internal",
385 | "location": "[parameters('Location')]",
386 | "dependsOn": [
387 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]",
388 | //"[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('IPS_LB_Name'), 'loadBalancerBackEnd')]"
389 | ],
390 | "tags": {
391 | "application": "APP",
392 | "cost": "COST",
393 | "environment": "ENV",
394 | "group": "GROUP",
395 | "owner": "OWNER"
396 | },
397 | "properties": {
398 | "ipConfigurations": [
399 | {
400 | "name": "IPS1-int-ipconfig",
401 | "properties": {
402 | "privateIPAddress": "[parameters('IPS1IntPri_IP')]",
403 | "privateIPAllocationMethod": "Static",
404 | "subnet": {
405 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]"
406 | },
407 | "primary": true,
408 | "privateIPAddressVersion": "IPv4"
409 | }
410 | },
411 | {
412 | "name": "IPS1-int-ipconfig-secondary",
413 | "properties": {
414 | "privateIPAddress": "[parameters('IPS1IntSec_IP')]",
415 | "privateIPAllocationMethod": "Static",
416 | "subnet": {
417 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]"
418 | },
419 | "primary": false,
420 | "privateIPAddressVersion": "IPv4"
421 | }
422 | }
423 | ],
424 | "dnsSettings": {
425 | "dnsServers": []
426 | },
427 | "enableAcceleratedNetworking": true,
428 | "enableIPForwarding": true
429 | }
430 | },
431 | {
432 | "type": "Microsoft.Network/networkInterfaces",
433 | "apiVersion": "2020-05-01",
434 | "name": "IPS2_Internal",
435 | "location": "[parameters('Location')]",
436 | "dependsOn": [
437 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]"
438 | ],
439 | "tags": {
440 | "application": "APP",
441 | "cost": "COST",
442 | "environment": "ENV",
443 | "group": "GROUP",
444 | "owner": "OWNER"
445 | },
446 | "properties": {
447 | "ipConfigurations": [
448 | {
449 | "name": "IPS2-int-ipconfig",
450 | "properties": {
451 | "privateIPAddress": "[parameters('IPS2IntPri_IP')]",
452 | "privateIPAllocationMethod": "Static",
453 | "subnet": {
454 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]"
455 | },
456 | "primary": true,
457 | "privateIPAddressVersion": "IPv4"
458 | }
459 | },
460 | {
461 | "name": "IPS2-int-ipconfig-secondary",
462 | "properties": {
463 | "privateIPAddress": "[parameters('IPS2IntSec_IP')]",
464 | "privateIPAllocationMethod": "Static",
465 | "subnet": {
466 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('Subnet_IPSInt_Name'))]"
467 | },
468 | "primary": false,
469 | "privateIPAddressVersion": "IPv4"
470 | }
471 | }
472 | ],
473 | "dnsSettings": {
474 | "dnsServers": []
475 | },
476 | "enableAcceleratedNetworking": true,
477 | "enableIPForwarding": true
478 | }
479 | },
480 | {
481 | "type": "Microsoft.Network/networkInterfaces",
482 | "apiVersion": "2020-05-01",
483 | "name": "IPS1_mgmt",
484 | "location": "[parameters('Location')]",
485 | "dependsOn": [
486 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), parameters('subnet_management_Name'))]"
487 | ],
488 | "tags": {
489 | "application": "APP",
490 | "cost": "COST",
491 | "environment": "ENV",
492 | "group": "GROUP",
493 | "owner": "OWNER"
494 | },
495 | "properties": {
496 | "ipConfigurations": [
497 | {
498 | "name": "ips01-mgmt-ipconfig",
499 | "properties": {
500 | "privateIPAddress": "[parameters('IPS1MGMT_IP')]",
501 | "privateIPAllocationMethod": "Static",
502 | "subnet": {
503 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), 'management')]"
504 | },
505 | "primary": true,
506 | "privateIPAddressVersion": "IPv4"
507 | }
508 | }
509 | ],
510 | "dnsSettings": {
511 | "dnsServers": []
512 | },
513 | "enableAcceleratedNetworking": false,
514 | "enableIPForwarding": false
515 | }
516 | },
517 | {
518 | "type": "Microsoft.Network/networkInterfaces",
519 | "apiVersion": "2020-05-01",
520 | "name": "IPS2_mgmt",
521 | "location": "[parameters('Location')]",
522 | "dependsOn": [
523 | //"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), 'management')]"
524 | ],
525 | "tags": {
526 | "application": "APP",
527 | "cost": "COST",
528 | "environment": "ENV",
529 | "group": "GROUP",
530 | "owner": "OWNER"
531 | },
532 | "properties": {
533 | "ipConfigurations": [
534 | {
535 | "name": "IPS2-mgmt-ipconfig",
536 | "properties": {
537 | "privateIPAddress": "[parameters('IPS2MGMT_IP')]",
538 | "privateIPAllocationMethod": "Static",
539 | "subnet": {
540 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('VNetName'), 'management')]"
541 | },
542 | "primary": true,
543 | "privateIPAddressVersion": "IPv4"
544 | }
545 | }
546 | ],
547 | "dnsSettings": {
548 | "dnsServers": []
549 | },
550 | "enableAcceleratedNetworking": false,
551 | "enableIPForwarding": false
552 | }
553 | },
554 | {
555 | "type": "Microsoft.Compute/virtualMachines",
556 | "apiVersion": "2019-07-01",
557 | "name": "[parameters('IPS_FW0_Name')]",
558 | "location": "[parameters('Location')]",
559 | "dependsOn": [
560 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_MGMT')]",
561 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_External')]",
562 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_Internal')]",
563 | "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName2'))]"
564 | ],
565 | "properties": {
566 | "availabilitySet": {
567 | "id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName2'))]"
568 | },
569 | "hardwareProfile": {
570 | "vmSize": "[parameters('IPS_FW0_Size')]"
571 | },
572 | "storageProfile": {
573 | "imageReference": {
574 | "publisher": "Canonical",
575 | "offer": "UbuntuServer",
576 | "sku": "18.04-LTS",
577 | "version": "latest"
578 | },
579 | "osDisk": {
580 | "osType": "Linux",
581 | "name": "[concat(parameters('IPS_FW0_Name'), '_OsDisk_1_96f798637f1a4c089f1cb0cfcaccd088')]",
582 | "createOption": "FromImage",
583 | "caching": "ReadWrite",
584 | "managedDisk": {
585 | "storageAccountType": "Premium_LRS"
586 | },
587 | "diskSizeGB": 30
588 | },
589 | "dataDisks": [
590 | {
591 | "lun": 0,
592 | "name": "[concat(parameters('IPS_FW0_Name'), '_disk2_de8effeae7534f498faddbb26746b150')]",
593 | "createOption": "Empty",
594 | "caching": "None",
595 | "managedDisk": {
596 | "storageAccountType": "Premium_LRS"
597 | },
598 | "diskSizeGB": 1023,
599 | "toBeDetached": false
600 | }
601 | ]
602 | },
603 | "osProfile": {
604 | "computerName": "[parameters('IPS_FW0_Name')]",
605 | "adminUsername": "[parameters('AdminUserName')]",
606 | "adminPassword": "[parameters('adminPassword')]",
607 | "linuxConfiguration": {
608 | "disablePasswordAuthentication": false,
609 | "provisionVMAgent": true
610 | },
611 | "secrets": [],
612 | "allowExtensionOperations": true
613 | //"requireGuestProvisionSignal": true
614 | },
615 | "networkProfile": {
616 | "networkInterfaces": [
617 | {
618 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_MGMT')]",
619 | "properties": {
620 | "primary": true
621 | }
622 | },
623 | {
624 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_External')]",
625 | "properties": {
626 | "primary": false
627 | }
628 | },
629 | {
630 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS1_Internal')]",
631 | "properties": {
632 | "primary": false
633 | }
634 | }
635 | ]
636 | },
637 | "diagnosticsProfile": {
638 | "bootDiagnostics": {
639 | "enabled": true,
640 | "storageUri": "[concat('https://', parameters('StorageAccountName'), '.blob.core.usgovcloudapi.net/')]"
641 | }
642 | }
643 | }
644 | },
645 | {
646 | "type": "Microsoft.Compute/virtualMachines",
647 | "apiVersion": "2019-07-01",
648 | "name": "[parameters('IPS_FW1_Name')]",
649 | "location": "[parameters('Location')]",
650 | "dependsOn": [
651 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_MGMT')]",
652 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_External')]",
653 | "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_Internal')]",
654 | "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName2'))]"
655 | ],
656 | "properties": {
657 | "availabilitySet": {
658 | "id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName2'))]"
659 | },
660 | "hardwareProfile": {
661 | "vmSize": "[parameters('IPS_FW1_Size')]"
662 | },
663 | "storageProfile": {
664 | "imageReference": {
665 | "publisher": "Canonical",
666 | "offer": "UbuntuServer",
667 | "sku": "18.04-LTS",
668 | "version": "latest"
669 | },
670 | "osDisk": {
671 | "osType": "Linux",
672 | "name": "[concat(parameters('IPS_FW1_Name'), '_OsDisk_1_43a8a2a56c37497587c13013fc113520')]",
673 | "createOption": "FromImage",
674 | "caching": "ReadWrite",
675 | "managedDisk": {
676 | "storageAccountType": "Premium_LRS"
677 | },
678 | "diskSizeGB": 30
679 | },
680 | "dataDisks": [
681 | {
682 | "lun": 0,
683 | "name": "[concat(parameters('IPS_FW1_Name'), '_disk2_0e956a39289f46c0b1ca32caeee6c191')]",
684 | "createOption": "Empty",
685 | "caching": "None",
686 | "managedDisk": {
687 | "storageAccountType": "Premium_LRS"
688 | },
689 | "diskSizeGB": 1023,
690 | "toBeDetached": false
691 | }
692 | ]
693 | },
694 | "osProfile": {
695 | "computerName": "[parameters('IPS_FW1_Name')]",
696 | "adminUsername": "[parameters('AdminUserName')]",
697 | "adminPassword": "[parameters('adminPassword')]",
698 | "linuxConfiguration": {
699 | "disablePasswordAuthentication": false,
700 | "provisionVMAgent": true
701 | },
702 | "secrets": [],
703 | "allowExtensionOperations": true
704 | //"requireGuestProvisionSignal": true
705 | },
706 | "networkProfile": {
707 | "networkInterfaces": [
708 | {
709 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_MGMT')]",
710 | "properties": {
711 | "primary": true
712 | }
713 | },
714 | {
715 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_External')]",
716 | "properties": {
717 | "primary": false
718 | }
719 | },
720 | {
721 | "id": "[resourceId('Microsoft.Network/networkInterfaces', 'IPS2_Internal')]",
722 | "properties": {
723 | "primary": false
724 | }
725 | }
726 | ]
727 | },
728 | "diagnosticsProfile": {
729 | "bootDiagnostics": {
730 | "enabled": true,
731 | "storageUri": "[concat('https://', parameters('StorageAccountName'), '.blob.core.usgovcloudapi.net/')]"
732 | }
733 | }
734 | }
735 | },
736 | {
737 | "type": "Microsoft.Compute/availabilitySets",
738 | "apiVersion": "2019-07-01",
739 | "name": "[variables('availabilitySetName2')]",
740 | "location": "[parameters('Location')]",
741 | "dependsOn": [],
742 | "tags": {
743 | "application": "APP",
744 | "cost": "COST",
745 | "environment": "ENV",
746 | "group": "GROUP",
747 | "owner": "OWNER"
748 | },
749 | "sku": {
750 | "name": "Aligned"
751 | },
752 | "properties": {
753 | "platformUpdateDomainCount": 2,
754 | "platformFaultDomainCount": 2
755 | }
756 | }
757 | ]
758 | }
--------------------------------------------------------------------------------
/Templates/SACA/3T_SACA_NetworkBuild.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "VNetName": {
6 | "defaultValue": "SCCA_VNet",
7 | "type": "String"
8 | },
9 | "DNSLabel": {
10 | "type": "String"
11 | },
12 | "Location": {
13 | "type": "String"
14 | },
15 | "Subnet_Management_Name": {
16 | "type": "String"
17 | },
18 | "Subnet_Management": {
19 | "type": "String"
20 | },
21 | "Subnet_External_Name": {
22 | "type": "String"
23 | },
24 | "Subnet_External": {
25 | "type": "String"
26 | },
27 | "Subnet_External2_Name": {
28 | "type": "String"
29 | },
30 | "Subnet_External2": {
31 | "type": "String"
32 | },
33 | "Subnet_InternalN_Name": {
34 | "type": "String"
35 | },
36 | "Subnet_InternalN": {
37 | "type": "String"
38 | },
39 | "Subnet_InternalS_Name": {
40 | "type": "String"
41 | },
42 | "Subnet_InternalS": {
43 | "type": "String"
44 | },
45 | "Subnet_IPSInt_Name": {
46 | "type": "String"
47 | },
48 | "Subnet_IPSInt": {
49 | "type": "String"
50 | },
51 | "Subnet_IPSExt_Name": {
52 | "type": "String"
53 | },
54 | "Subnet_IPSExt": {
55 | "type": "String"
56 | },
57 | "Subnet_VDMS_Name": {
58 | "type": "String"
59 | },
60 | "Subnet_VDMS": {
61 | "type": "String"
62 | },
63 | "publicIPAddresses_AzureBastionSubnet_ip_name": {
64 | "defaultValue": "AzureBastionSubnet-ip",
65 | "type": "String"
66 | }
67 | },
68 | "variables": {
69 | "publicIPAddresses_ext_pip0_name": "[concat(parameters('DNSlabel'), '-ext-pip0')]",
70 | "networkSecurityGroups_ext_nsg_name": "[concat(parameters('DNSlabel'), '-ext-nsg')]"
71 | },
72 | "resources": [
73 | {
74 | "type": "Microsoft.Network/networkSecurityGroups",
75 | "apiVersion": "2020-05-01",
76 | "name": "[variables('networkSecurityGroups_ext_nsg_name')]",
77 | "location": "[parameters('Location')]",
78 | "tags": {
79 | "application": "APP",
80 | "cost": "COST",
81 | "environment": "ENV",
82 | "group": "GROUP",
83 | "owner": "OWNER"
84 | },
85 | "properties": {
86 | "securityRules": [
87 | {
88 | "name": "ext_allow_https",
89 | "properties": {
90 | "protocol": "Tcp",
91 | "sourcePortRange": "*",
92 | "destinationPortRange": "443",
93 | "sourceAddressPrefix": "*",
94 | "destinationAddressPrefix": "*",
95 | "access": "Allow",
96 | "priority": 101,
97 | "direction": "Inbound",
98 | "sourcePortRanges": [],
99 | "destinationPortRanges": [],
100 | "sourceAddressPrefixes": [],
101 | "destinationAddressPrefixes": []
102 | }
103 | },
104 | {
105 | "name": "ssh_allow_22",
106 | "properties": {
107 | "protocol": "Tcp",
108 | "sourcePortRange": "*",
109 | "destinationPortRange": "22",
110 | "sourceAddressPrefix": "*",
111 | "destinationAddressPrefix": "*",
112 | "access": "Allow",
113 | "priority": 102,
114 | "direction": "Inbound",
115 | "sourcePortRanges": [],
116 | "destinationPortRanges": [],
117 | "sourceAddressPrefixes": [],
118 | "destinationAddressPrefixes": []
119 | }
120 | },
121 | {
122 | "name": "rdp_allow_3389",
123 | "properties": {
124 | "protocol": "Tcp",
125 | "sourcePortRange": "*",
126 | "destinationPortRange": "3389",
127 | "sourceAddressPrefix": "*",
128 | "destinationAddressPrefix": "*",
129 | "access": "Allow",
130 | "priority": 103,
131 | "direction": "Inbound",
132 | "sourcePortRanges": [],
133 | "destinationPortRanges": [],
134 | "sourceAddressPrefixes": [],
135 | "destinationAddressPrefixes": []
136 | }
137 | }
138 | ]
139 | }
140 | },
141 | {
142 | "type": "Microsoft.Network/publicIPAddresses",
143 | "apiVersion": "2020-05-01",
144 | "name": "[variables('publicIPAddresses_ext_pip0_name')]",
145 | "location": "[parameters('Location')]",
146 | "tags": {
147 | "application": "APP",
148 | "cost": "COST",
149 | "environment": "ENV",
150 | "group": "GROUP",
151 | "owner": "OWNER"
152 | },
153 | "sku": {
154 | "name": "Standard"
155 | },
156 | "properties": {
157 | //"ipAddress": "52.181.32.36",
158 | "publicIPAddressVersion": "IPv4",
159 | "publicIPAllocationMethod": "Static",
160 | "idleTimeoutInMinutes": 30,
161 | "dnsSettings": {
162 | "domainNameLabel": "[concat(parameters('DNSLabel'), '-pip0')]"
163 | //"fqdn": "f5dnst3-0.usdodeast.cloudapp.usgovcloudapi.net"
164 | },
165 | "ipTags": []
166 | }
167 | },
168 | {
169 | "type": "Microsoft.Network/virtualNetworks",
170 | "apiVersion": "2020-05-01",
171 | "name": "[parameters('VNetName')]",
172 | "location": "[parameters('Location')]",
173 | "tags": {
174 | "application": "APP",
175 | "cost": "COST",
176 | "environment": "ENV",
177 | "group": "GROUP",
178 | "owner": "OWNER"
179 | },
180 | "properties": {
181 | "addressSpace": {
182 | "addressPrefixes": [
183 | "[parameters('Subnet_External')]",
184 | "[parameters('Subnet_InternalN')]",
185 | "[parameters('Subnet_Management')]",
186 | "[parameters('Subnet_External2')]",
187 | "[parameters('Subnet_InternalS')]",
188 | "[parameters('Subnet_IPSExt')]",
189 | "[parameters('Subnet_IPSInt')]",
190 | "[parameters('Subnet_VDMS')]"
191 | ]
192 | },
193 | "subnets": [
194 | {
195 | "name": "[parameters('Subnet_Management_Name')]",
196 | "properties": {
197 | "addressPrefix": "[parameters('Subnet_Management')]",
198 | "delegations": [],
199 | "privateEndpointNetworkPolicies": "Enabled",
200 | "privateLinkServiceNetworkPolicies": "Enabled"
201 | }
202 | },
203 | {
204 | "name": "[parameters('Subnet_External_Name')]",
205 | "properties": {
206 | "addressPrefix": "[parameters('Subnet_External')]",
207 | "delegations": [],
208 | "privateEndpointNetworkPolicies": "Enabled",
209 | "privateLinkServiceNetworkPolicies": "Enabled"
210 | }
211 | },
212 | {
213 | "name": "[parameters('Subnet_External2_Name')]",
214 | "properties": {
215 | "addressPrefix": "[parameters('Subnet_External2')]",
216 | "delegations": [],
217 | "privateEndpointNetworkPolicies": "Enabled",
218 | "privateLinkServiceNetworkPolicies": "Enabled"
219 | }
220 | },
221 | {
222 | "name": "[parameters('Subnet_InternalN_Name')]",
223 | "properties": {
224 | "addressPrefix": "[parameters('Subnet_InternalN')]",
225 | "delegations": [],
226 | "privateEndpointNetworkPolicies": "Enabled",
227 | "privateLinkServiceNetworkPolicies": "Enabled"
228 | }
229 | },
230 | {
231 | "name": "[parameters('Subnet_InternalS_Name')]",
232 | "properties": {
233 | "addressPrefix": "[parameters('Subnet_InternalS')]",
234 | "delegations": [],
235 | "privateEndpointNetworkPolicies": "Enabled",
236 | "privateLinkServiceNetworkPolicies": "Enabled"
237 | }
238 | },
239 | {
240 | "name": "[parameters('Subnet_IPSExt_Name')]",
241 | "properties": {
242 | "addressPrefix": "[parameters('Subnet_IPSExt')]",
243 | "delegations": [],
244 | "privateEndpointNetworkPolicies": "Enabled",
245 | "privateLinkServiceNetworkPolicies": "Enabled"
246 | }
247 | },
248 | {
249 | "name": "[parameters('Subnet_IPSInt_Name')]",
250 | "properties": {
251 | "addressPrefix": "[parameters('Subnet_IPSInt')]",
252 | "delegations": [],
253 | "privateEndpointNetworkPolicies": "Enabled",
254 | "privateLinkServiceNetworkPolicies": "Enabled"
255 | }
256 | },
257 | {
258 | "name": "[parameters('Subnet_VDMS_Name')]",
259 | "properties": {
260 | "addressPrefix": "[parameters('Subnet_VDMS')]",
261 | "delegations": [],
262 | "privateEndpointNetworkPolicies": "Enabled",
263 | "privateLinkServiceNetworkPolicies": "Enabled"
264 | }
265 | }
266 | ],
267 | "virtualNetworkPeerings": [],
268 | "enableDdosProtection": false,
269 | "enableVmProtection": false
270 | }
271 | },
272 | {
273 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
274 | "apiVersion": "2020-05-01",
275 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/ext_allow_https')]",
276 | "dependsOn": [
277 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
278 | ],
279 | "properties": {
280 | "protocol": "Tcp",
281 | "sourcePortRange": "*",
282 | "destinationPortRange": "443",
283 | "sourceAddressPrefix": "*",
284 | "destinationAddressPrefix": "*",
285 | "access": "Allow",
286 | "priority": 101,
287 | "direction": "Inbound",
288 | "sourcePortRanges": [],
289 | "destinationPortRanges": [],
290 | "sourceAddressPrefixes": [],
291 | "destinationAddressPrefixes": []
292 | }
293 | },
294 | {
295 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
296 | "apiVersion": "2020-05-01",
297 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/rdp_allow_3389')]",
298 | "dependsOn": [
299 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
300 | ],
301 | "properties": {
302 | "protocol": "Tcp",
303 | "sourcePortRange": "*",
304 | "destinationPortRange": "3389",
305 | "sourceAddressPrefix": "*",
306 | "destinationAddressPrefix": "*",
307 | "access": "Allow",
308 | "priority": 103,
309 | "direction": "Inbound",
310 | "sourcePortRanges": [],
311 | "destinationPortRanges": [],
312 | "sourceAddressPrefixes": [],
313 | "destinationAddressPrefixes": []
314 | }
315 | },
316 | {
317 | "type": "Microsoft.Network/networkSecurityGroups/securityRules",
318 | "apiVersion": "2020-05-01",
319 | "name": "[concat(variables('networkSecurityGroups_ext_nsg_name'), '/ssh_allow_22')]",
320 | "dependsOn": [
321 | "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroups_ext_nsg_name'))]"
322 | ],
323 | "properties": {
324 | "protocol": "Tcp",
325 | "sourcePortRange": "*",
326 | "destinationPortRange": "22",
327 | "sourceAddressPrefix": "*",
328 | "destinationAddressPrefix": "*",
329 | "access": "Allow",
330 | "priority": 102,
331 | "direction": "Inbound",
332 | "sourcePortRanges": [],
333 | "destinationPortRanges": [],
334 | "sourceAddressPrefixes": [],
335 | "destinationAddressPrefixes": []
336 | }
337 | }
338 | ]
339 | }
--------------------------------------------------------------------------------
/Templates/SACA/Baseline/byolscca.json:
--------------------------------------------------------------------------------
1 | {
2 | "class": "AS3",
3 | "action": "deploy",
4 | "persist": true,
5 | "declaration": {
6 | "class": "ADC",
7 | "schemaVersion": "3.5.0",
8 | "id": "urn:uuid:b92236ad-a677-4574-8bce-7d1487aeb62f",
9 | "label": "Management",
10 | "remark": "Management VIPs",
11 | "Common": {
12 | "class": "Tenant",
13 | "Shared": {
14 | "class": "Application",
15 | "template": "shared",
16 | "ip_reputation_drop": {
17 | "class": "iRule",
18 | "iRule": "when CLIENT_ACCEPTED {\nif {[llength [IP::reputation [IP::client_addr]]] != 0}{\nlog local0. \"IP Intelligence for IP address [IP::client_addr]:[IP::reputation [IP::client_addr]]\"\ndrop\n}\n}\n"
19 | }
20 | }
21 | },
22 | "mgmt": {
23 | "class": "Tenant",
24 | "mgmt_rdp": {
25 | "class": "Application",
26 | "template": "generic",
27 | "mgmt_rdp": {
28 | "class": "Service_TCP",
29 | "iRules": ["/Common/Shared/ip_reputation_drop"],
30 | "virtualAddresses": [
31 | "0.0.0.0"
32 | ],
33 | "virtualPort": 3389,
34 | "pool": "rdp_pool",
35 | "securityLogProfiles": [
36 | {
37 | "bigip": "/Common/local-afm-log"
38 | }
39 | ],
40 | "policyFirewallEnforced": {
41 | "bigip": "/Common/log_all_afm"
42 | }
43 | },
44 | "rdp_pool": {
45 | "class": "Pool",
46 | "monitors": [
47 | "tcp-half-open"
48 | ],
49 | "members": [
50 | {
51 | "servicePort": 3389,
52 | "serverAddresses": [
53 | "192.168.1.55"
54 | ]
55 | }
56 | ]
57 | }
58 | },
59 | "mgmt_ssh": {
60 | "class": "Application",
61 | "template": "generic",
62 | "mgmt_ssh": {
63 | "class": "Service_TCP",
64 | "iRules": ["/Common/Shared/ip_reputation_drop"],
65 | "virtualAddresses": [
66 | "0.0.0.0"
67 | ],
68 | "virtualPort": 22,
69 | "pool": "ssh_pool",
70 | "securityLogProfiles": [
71 | {
72 | "bigip": "/Common/local-afm-log"
73 | }
74 | ],
75 | "policyFirewallEnforced": {
76 | "bigip": "/Common/log_all_afm"
77 | }
78 | },
79 | "ssh_pool": {
80 | "class": "Pool",
81 | "monitors": [
82 | "tcp-half-open"
83 | ],
84 | "members": [
85 | {
86 | "servicePort": 22,
87 | "serverAddresses": [
88 | "192.168.1.54"
89 | ]
90 | }
91 | ]
92 | }
93 | },
94 | "mgmt_http": {
95 | "class": "Application",
96 | "template": "generic",
97 | "mgmt_http": {
98 | "class": "Service_HTTP",
99 | "iRules": ["health_irule"],
100 | "virtualAddresses": [
101 | "0.0.0.0"
102 | ],
103 | "virtualPort": 80,
104 | "securityLogProfiles": [
105 | {
106 | "bigip": "/Common/local-afm-log"
107 | }
108 | ],
109 | "policyFirewallEnforced": {
110 | "bigip": "/Common/log_all_afm"
111 | }
112 | },
113 | "health_irule": {
114 | "class": "iRule",
115 | "iRule": "when HTTP_REQUEST {\n HTTP::respond 200 content {\n \n \n Health Check\n \n \n System is online.\n \n \n }\n}"
116 | }
117 | }
118 | }
119 | }
120 | }
--------------------------------------------------------------------------------
/Templates/mainTemplate.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "aadJoin": {
6 | "type": "bool",
7 | "defaultValue": true
8 | },
9 | "_artifactsLocation": {
10 | "type": "string",
11 | "metadata": {
12 | "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
13 | },
14 | "defaultValue": "[split(deployment().properties.templateLink.uri, 'mainTemplate.json')[0]]"
15 | },
16 | "_artifactsLocationSasToken": {
17 | "type": "securestring",
18 | "metadata": {
19 | "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated."
20 | },
21 | "defaultValue": ""
22 | },
23 | "location": {
24 | "type": "string",
25 | "defaultValue": "[resourceGroup().location]",
26 | "metadata": {
27 | "description": "Location where the resources will be deployed."
28 | }
29 | },
30 | "administratorAccountUsername": {
31 | "type": "string",
32 | "metadata": {
33 | "description": "A username in the domain that has privileges to join the session hosts to the domain. For example, 'vmjoiner@contoso.com'."
34 | },
35 | "defaultValue": ""
36 | },
37 | "administratorAccountPassword": {
38 | "type": "securestring",
39 | "metadata": {
40 | "description": "The password that corresponds to the existing domain username."
41 | },
42 | "defaultValue": ""
43 | },
44 | "azureADAdminUsername": {
45 | "type": "string",
46 | "metadata": {
47 | "description": "The Username that has permissions to Azure Active Directory."
48 | },
49 | "defaultValue": ""
50 | },
51 | "azureADAdminPassword": {
52 | "type": "securestring",
53 | "metadata": {
54 | "description": "The password for the Azure Admin username."
55 | },
56 | "defaultValue": ""
57 | },
58 | "vmAdministratorAccountUsername": {
59 | "type": "string",
60 | "metadata": {
61 | "description": "A username to be used as the virtual machine administrator account. The vmAdministratorAccountUsername and vmAdministratorAccountPassword parameters must both be provided. Otherwise, domain administrator credentials provided by administratorAccountUsername and administratorAccountPassword will be used."
62 | },
63 | "defaultValue": "xadmin"
64 | },
65 | "vmAdministratorAccountPassword": {
66 | "type": "securestring",
67 | "metadata": {
68 | "description": "The password associated with the virtual machine administrator account. The vmAdministratorAccountUsername and vmAdministratorAccountPassword parameters must both be provided. Otherwise, domain administrator credentials provided by administratorAccountUsername and administratorAccountPassword will be used."
69 | }
70 | },
71 | "vmSize": {
72 | "type": "string",
73 | "metadata": {
74 | "description": "The size of the session host VMs."
75 | },
76 | "defaultValue": "Standard_DS2_v2"
77 | },
78 | "vmNumberOfInstances": {
79 | "type": "int",
80 | "minValue": 1,
81 | "maxValue": 800,
82 | "defaultValue": 1,
83 | "metadata": {
84 | "description": "Optional. If no explicit values were provided in the vmNames parameter, this parameter will be used to generate VM names, using the vmNamePrefix and the vmInitialNumber values."
85 | }
86 | },
87 | "virtualNetworkNewOrExisting": {
88 | "type": "string",
89 | "defaultValue": "new",
90 | "allowedValues": [
91 | "new",
92 | "existing"
93 | ],
94 | "metadata": {
95 | "description": "Determines whether or not a new virtual network should be provisioned."
96 | }
97 | },
98 | "virtualNetworkResourceGroupName": {
99 | "type": "string",
100 | "metadata": {
101 | "description": "The resource group containing the existing virtual network."
102 | },
103 | "defaultValue": ""
104 | },
105 | "subnetname": {
106 | "type": "string",
107 | "defaultValue": "avdsubnet",
108 | "metadata": {
109 | "description": "AVD Subnet Name"
110 | }
111 | },
112 | "addressprefix": {
113 | "type": "string",
114 | "defaultValue": "10.1.0.0/16",
115 | "metadata": {
116 | "description": "AVD Subnet Address Prefix"
117 | }
118 | },
119 | "addresssubnet": {
120 | "type": "string",
121 | "defaultValue": "10.1.1.0/24",
122 | "metadata": {
123 | "description": "AVD Subnet Address"
124 | }
125 | },
126 | "onPremDomain": {
127 | "type": "string",
128 | "defaultValue": "",
129 | "metadata": {
130 | "description": "Domain Name of ADDS"
131 | }
132 | },
133 | "azureDomain": {
134 | "type": "string",
135 | "defaultValue": "",
136 | "metadata": {
137 | "description": "Domain Name of Azure AD"
138 | }
139 | },
140 | "VirtualNetworkName": {
141 | "type": "string",
142 | "defaultValue": "",
143 | "metadata": {
144 | "description": "Name of the Virtual Network"
145 | }
146 | },
147 | "hostpoolName": {
148 | "type": "string",
149 | "defaultValue": "hp-avd",
150 | "metadata": {
151 | "description": "Name of HostPool"
152 | }
153 | },
154 | "workSpaceName": {
155 | "type": "string",
156 | "defaultValue": "wkspace01",
157 | "metadata": {
158 | "description": "Name of HostPool"
159 | }
160 | },
161 | "hostpoolType": {
162 | "type": "string",
163 | "defaultValue": "Pooled",
164 | "metadata": {
165 | "description": "Type of HostPool, Personal or Pooled"
166 | }
167 | },
168 | "addToWorkspace": {
169 | "type": "bool",
170 | "defaultValue": true,
171 | "metadata": {
172 | "description": "Add to Workspace"
173 | }
174 | },
175 | "vmGalleryImageOffer": {
176 | "type": "string",
177 | "metadata": {
178 | "description": "(Required when vmImageType = Gallery) Gallery image Offer."
179 | },
180 | "defaultValue": "Windows-10"
181 | },
182 | "vmGalleryImagePublisher": {
183 | "type": "string",
184 | "metadata": {
185 | "description": "(Required when vmImageType = Gallery) Gallery image Publisher."
186 | },
187 | "defaultValue": "MicrosoftWindowsDesktop"
188 | },
189 | "NSG": {
190 | "type": "string",
191 | "defaultValue": "nsg-avd",
192 | "metadata": {
193 | "description": "NSG Name"
194 | }
195 | },
196 | "sasTokenValidityLength": {
197 | "defaultValue": "PT8H",
198 | "type": "string",
199 | "metadata": {
200 | "description": "Optional. SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours."
201 | }
202 | },
203 | "baseTime": {
204 | "type": "string",
205 | "defaultValue": "[utcNow('u')]",
206 | "metadata": {
207 | "description": "Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules."
208 | }
209 | },
210 | "projectName": {
211 | "type": "string",
212 | "defaultValue": "[substring(uniqueString(resourceGroup().name), 0, 5)]",
213 | "metadata": {
214 | "description": "Used for the prefix and workspace."
215 | }
216 | },
217 | "enableStigs": {
218 | "type": "bool",
219 | "defaultValue": false,
220 | "metadata": {
221 | "description": "Apply Stigs to image."
222 | }
223 | },
224 | "vmInitialNumber": {
225 | "type": "int",
226 | "metadata": {
227 | "description": "VM name prefix initial number."
228 | },
229 | "defaultValue": 1
230 | },
231 | "workLoadType": {
232 | "type": "string",
233 | "defaultValue": "light",
234 | "metadata": {
235 | "description": "The expected user workload type for the host pools."
236 | }
237 | },
238 | "accountsCsvUri": {
239 | "type": "string",
240 | "metadata": {
241 | "description": "Specifies the URI for the CSV file containing the user accounts information for creation."
242 | },
243 | "defaultValue": ""
244 | },
245 | "usernameList": {
246 | "type": "array",
247 | "metadata": {
248 | "description": "Array of usernames that will be created in AAD with random passwords stored in Key Vault."
249 | },
250 | "defaultValue": []
251 | },
252 | "addAllUsers": {
253 | "type": "bool",
254 | "defaultValue": false,
255 | "metadata": {
256 | "description": "Add all AAD users to the AVD Application Group."
257 | }
258 | },
259 | "vmImageVhdUri": {
260 | "type": "string",
261 | "metadata": {
262 | "description": "URI of the sysprepped image vhd file to be used to create the session host VMs."
263 | },
264 | "defaultValue": ""
265 | },
266 | "vmCustomImageSourceId": {
267 | "type": "string",
268 | "metadata": {
269 | "description": "Resource ID of the image."
270 | },
271 | "defaultValue": ""
272 | }
273 | },
274 | "variables": {
275 | // VMNames can only be 15 characters long
276 | "vmNamePrefix": "[concat('avd-', take(parameters('projectName'),8))]",
277 | "Domain": "[if(parameters('aadJoin'), parameters('azureDomain'), parameters('onPremDomain'))]",
278 | "artifactPath": "[split(parameters('_artifactsLocation'), 'applicationResourceTemplate.json')[0]]",
279 | "nestedTemplateFolder": "nestedtemplates",
280 | "customRdpProperty": "[if(equals(parameters('aadJoin'),bool('true')), 'targetisaadjoined:i:1', '')]",
281 | // SAS token validity calculation - DO NOT CHANGE THESE VALUES !
282 | "accountSasProperties": {
283 | "signedServices": "b", //Blob (b), Queue (q), Table (t), File (f).
284 | "signedPermission": "r", //Read (r), Write (w), Delete (d), List (l), Add (a), Create (c), Update (u) and Process (p)
285 | "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]", //format: 2017-05-24T10:42:03Z
286 | "signedResourceTypes": "o", //Service (s): Access to service-level APIs; Container (c): Access to container-level APIs; Object (o): Access to object-level APIs for blobs, queue messages, table entities, and files.
287 | "signedProtocol": "https"
288 | },
289 | "projectWorkspaceName": "[concat(parameters('projectName'), '-', parameters('workSpaceName'))]",
290 | "virtualNetworkResourceGroupName": "[if(empty(parameters('virtualNetworkResourceGroupName')), resourceGroup().name, parameters('virtualNetworkResourceGroupName'))]",
291 | "resourcegroup": "[resourceGroup().name]",
292 | "keyVaultName": "[take(concat('kv-', parameters('projectName'),'-', uniqueString(resourceGroup().id)), 24)]",
293 | "vmGalleryImageSKU": "[concat(if(equals(parameters('vmGalleryImageOffer'), 'Windows-10'), '21h1-evd-g2', ''), if(equals(parameters('vmGalleryImageOffer'), 'office-365'), '21h1-evd-o365pp-g2', ''))]",
294 | "copy": [
295 | {
296 | "name": "usernameCollection",
297 | "count": "[length(parameters('usernameList'))]",
298 | "input": "[parameters('usernameList')[copyIndex('usernameCollection')].colUser]"
299 | }
300 | ],
301 | "VirtualNetworkName": "[if(empty(parameters('VirtualNetworkName')), concat('vn-avd-', parameters('projectName')), parameters('VirtualNetworkName'))]",
302 | "calculateHostPoolSizingResourceName": "[concat('CalculateHostPoolSizing-', parameters('projectName'))]",
303 | "networkingResourceName": "[concat('Networking-', parameters('projectName'))]",
304 | "keyVaultResourceName": "[concat('Keyvault-', parameters('projectName'))]",
305 | "avdAndHostPoolResourceName": "[concat('AVDandHostPool-', parameters('projectName'))]",
306 | "vmImageType": "[if(empty(parameters('vmImageVhdUri')), if(empty(parameters('vmCustomImageSourceId')), 'Gallery', 'CustomImage'), 'CustomVHD')]"
307 | },
308 | "resources": [
309 | // https://docs.microsoft.com/en-us/azure/marketplace/azure-partner-customer-usage-attribution
310 | {
311 | "apiVersion": "2020-06-01",
312 | "name": "pid-e4e8cec6-cbf7-46e9-bd42-e77391de4a40-partnercenter",
313 | "type": "Microsoft.Resources/deployments",
314 | "properties": {
315 | "mode": "Incremental",
316 | "template": {
317 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
318 | "contentVersion": "1.0.0.0",
319 | "resources": []
320 | }
321 | }
322 | },
323 | // Run calculate host pool size deploymentScript
324 | {
325 | "apiVersion": "2021-04-01",
326 | "name": "[variables('calculateHostPoolSizingResourceName')]",
327 | "type": "Microsoft.Resources/deployments",
328 | "condition": "[equals(parameters('hostpoolType'), 'Pooled')]",
329 | "properties": {
330 | "mode": "Incremental",
331 | "templateLink": {
332 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/hostPoolSizing.json', parameters('_artifactsLocationSasToken')))]",
333 | "contentVersion": "1.0.0.0"
334 | },
335 | "parameters": {
336 | "_artifactsLocation": {
337 | "value": "[variables('artifactPath')]"
338 | },
339 | "_artifactsLocationSasToken": {
340 | "value": "[parameters('_artifactsLocationSasToken')]"
341 | },
342 | "azureADAdminUsername": {
343 | "value": "[parameters('azureADAdminUsername')]"
344 | },
345 | "azureADAdminPassword": {
346 | "value": "[parameters('azureADAdminPassword')]"
347 | },
348 | "location": {
349 | "value": "[parameters('location')]"
350 | },
351 | "WorkloadType": {
352 | "value": "[parameters('WorkloadType')]"
353 | },
354 | "numberOfUsers": {
355 | "value": "[parameters('vmNumberOfInstances')]"
356 | },
357 | "projectName": {
358 | "value": "[parameters('projectName')]"
359 | }
360 | }
361 | }
362 | },
363 | ///////////////////
364 | // Networking Setup
365 | ///////////////////
366 | {
367 | "apiVersion": "2021-01-01",
368 | "name": "[variables('networkingResourceName')]",
369 | "type": "Microsoft.Resources/deployments",
370 | "resourceGroup": "[variables('virtualNetworkResourceGroupName')]",
371 | "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
372 | "properties": {
373 | "mode": "Incremental",
374 | "templateLink": {
375 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/networking.json', parameters('_artifactsLocationSasToken')))]",
376 | "contentVersion": "1.0.0.0"
377 | },
378 | "parameters": {
379 | "subnetname": {
380 | "value": "[parameters('subnetname')]"
381 | },
382 | "addressprefix": {
383 | "value": "[parameters('addressprefix')]"
384 | },
385 | "addresssubnet": {
386 | "value": "[parameters('addresssubnet')]"
387 | },
388 | "location": {
389 | "value": "[parameters('location')]"
390 | },
391 | "VirtualNetworkName": {
392 | "value": "[variables('VirtualNetworkName')]"
393 | },
394 | "NSG": {
395 | "value": "[concat(parameters('NSG'), '-', parameters('projectName'))]"
396 | }
397 | }
398 | }
399 | },
400 | /////////////////
401 | // Keyvault Setup
402 | /////////////////
403 | {
404 | "apiVersion": "2021-01-01",
405 | "name": "[variables('keyVaultResourceName')]",
406 | "type": "Microsoft.Resources/deployments",
407 | "condition": "[not(empty(variables('usernameCollection')))]",
408 | "properties": {
409 | "mode": "Incremental",
410 | "templateLink": {
411 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/keyvault.json', parameters('_artifactsLocationSasToken')))]",
412 | "contentVersion": "1.0.0.0"
413 | },
414 | "parameters": {
415 | "vaultName": {
416 | "value": "[variables('keyVaultName')]"
417 | },
418 | "location": {
419 | "value": "[parameters('location')]"
420 | }
421 | }
422 | }
423 | },
424 | ///////////////////////////
425 | // VM's and Hostpool Setup
426 | ///////////////////////////
427 | {
428 | "apiVersion": "2021-01-01",
429 | "name": "[variables('avdAndHostPoolResourceName')]",
430 | "type": "Microsoft.Resources/deployments",
431 | "resourceGroup": "[variables('resourcegroup')]",
432 | "dependsOn": [
433 | "[variables('networkingResourceName')]",
434 | "[variables('calculateHostPoolSizingResourceName')]"
435 | ],
436 | "properties": {
437 | "mode": "Incremental",
438 | "templateLink": {
439 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/AVDandHostPool.json', parameters('_artifactsLocationSasToken')))]",
440 | "contentVersion": "1.0.0.0"
441 | },
442 | "parameters": {
443 | "domain": {
444 | "value": "[variables('domain')]"
445 | },
446 | "location": {
447 | "value": "[parameters('location')]"
448 | },
449 | "aadjoin": {
450 | "value": "[parameters('aadjoin')]"
451 | },
452 | "vmlocation": {
453 | "value": "[parameters('location')]"
454 | },
455 | "existingSubnetName": {
456 | "value": "[parameters('subnetname')]"
457 | },
458 | "existingVnetName": {
459 | "value": "[variables('VirtualNetworkName')]"
460 | },
461 | "vmResourceGroup": {
462 | "value": "[variables('resourcegroup')]"
463 | },
464 | "storageAccountResourceGroupName": {
465 | "value": "[variables('resourcegroup')]"
466 | },
467 | "virtualNetworkResourceGroupName": {
468 | "value": "[variables('virtualNetworkResourceGroupName')]"
469 | },
470 | "hostpoolName": {
471 | "value": "[concat(parameters('hostpoolName'), '-', parameters('projectName'))]"
472 | },
473 | "hostpoolType": {
474 | "value": "[parameters('hostpoolType')]"
475 | },
476 | "vmNamePrefix": {
477 | "value": "[variables('vmNamePrefix')]"
478 | },
479 | "vmSize": {
480 | "value": "[if(equals(parameters('hostpoolType'), 'Pooled'), reference(variables('calculateHostPoolSizingResourceName')).outputs.vmSize.value, parameters('vmSize'))]"
481 | },
482 | "vmGalleryImageOffer": {
483 | "value": "[parameters('vmGalleryImageOffer')]"
484 | },
485 | "vmGalleryImagePublisher": {
486 | "value": "[parameters('vmGalleryImagePublisher')]"
487 | },
488 | "vmGalleryImageSKU": {
489 | "value": "[variables('vmGalleryImageSKU')]"
490 | },
491 | "vmImageType": {
492 | "value": "[variables('vmImageType')]"
493 | },
494 | "vmImageVhdUri": {
495 | "value": "[parameters('vmImageVhdUri')]"
496 | },
497 | "vmCustomImageSourceId": {
498 | "value": "[parameters('vmCustomImageSourceId')]"
499 | },
500 | "workSpaceName": {
501 | "value": "[variables('projectWorkspaceName')]"
502 | },
503 | "addToWorkspace": {
504 | "value": "[parameters('addToWorkspace')]"
505 | },
506 | "administratorAccountUsername": {
507 | "value": "[if(empty(parameters('administratorAccountUsername')), parameters('azureADAdminUsername'), parameters('administratorAccountUsername'))]"
508 | },
509 | "administratorAccountPassword": {
510 | "value": "[if(empty(parameters('administratorAccountPassword')), parameters('azureADAdminPassword'), parameters('administratorAccountPassword'))]"
511 | },
512 | "vmAdministratorAccountUsername": {
513 | "value": "[parameters('vmAdministratorAccountUsername')]"
514 | },
515 | "vmAdministratorAccountPassword": {
516 | "value": "[parameters('vmAdministratorAccountPassword')]"
517 | },
518 | "vmNumberOfInstances": {
519 | "value": "[if(equals(parameters('hostpoolType'), 'Pooled'), reference(variables('calculateHostPoolSizingResourceName')).outputs.vmCount.value, parameters('vmNumberOfInstances'))]"
520 | },
521 | "tokenExpirationTime": {
522 | "value": "[variables('accountSasProperties').signedExpiry]"
523 | },
524 | "customRdpProperty": {
525 | "value": "[variables('customRdpProperty')]"
526 | },
527 | "vmInitialNumber": {
528 | "value": "[parameters('vmInitialNumber')]"
529 | },
530 | "deploymentId": {
531 | "value": "[parameters('projectName')]"
532 | }
533 | }
534 | }
535 | },
536 | // Apply STIGs
537 | {
538 | "apiVersion": "2021-01-01",
539 | "name": "[concat('ApplyStigs-', parameters('projectName'))]",
540 | "type": "Microsoft.Resources/deployments",
541 | "dependsOn": [
542 | "[variables('avdAndHostPoolResourceName')]"
543 | ],
544 | "condition": "[parameters('enableStigs')]",
545 | "properties": {
546 | "mode": "Incremental",
547 | "templateLink": {
548 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/vmExtensions.json', parameters('_artifactsLocationSasToken')))]",
549 | "contentVersion": "1.0.0.0"
550 | },
551 | "parameters": {
552 | "_artifactsLocation": {
553 | "value": "[variables('artifactPath')]"
554 | },
555 | "_artifactsLocationSasToken": {
556 | "value": "[parameters('_artifactsLocationSasToken')]"
557 | },
558 | "location": {
559 | "value": "[parameters('location')]"
560 | },
561 | "vmNumberOfInstances": {
562 | "value": "[if(equals(parameters('hostpoolType'), 'Pooled'), reference(variables('calculateHostPoolSizingResourceName')).outputs.vmCount.value, parameters('vmNumberOfInstances'))]"
563 | },
564 | "prefix": {
565 | "value": "[variables('vmNamePrefix')]"
566 | },
567 | "vmInitialNumber": {
568 | "value": "[parameters('vmInitialNumber')]"
569 | },
570 | "vmGalleryImageSKU": {
571 | "value": "[variables('vmGalleryImageSKU')]"
572 | }
573 | }
574 | }
575 | },
576 | // Run deploymentScript
577 | {
578 | "apiVersion": "2021-04-01",
579 | "name": "[concat('directoryManagementScript-', parameters('projectName'))]",
580 | "type": "Microsoft.Resources/deployments",
581 | "dependsOn": [
582 | "[variables('avdAndHostPoolResourceName')]",
583 | "[variables('keyVaultResourceName')]"
584 | ],
585 | "properties": {
586 | "mode": "Incremental",
587 | "templateLink": {
588 | "uri": "[uri(variables('artifactPath'), concat(variables('nestedTemplateFolder'), '/directoryManagementScript.json', parameters('_artifactsLocationSasToken')))]",
589 | "contentVersion": "1.0.0.0"
590 | },
591 | "parameters": {
592 | "_artifactsLocation": {
593 | "value": "[variables('artifactPath')]"
594 | },
595 | "_artifactsLocationSasToken": {
596 | "value": "[parameters('_artifactsLocationSasToken')]"
597 | },
598 | "azureADAdminUsername": {
599 | "value": "[parameters('azureADAdminUsername')]"
600 | },
601 | "azureADAdminPassword": {
602 | "value": "[parameters('azureADAdminPassword')]"
603 | },
604 | "location": {
605 | "value": "[parameters('location')]"
606 | },
607 | "projectName": {
608 | "value": "[parameters('projectName')]"
609 | },
610 | "resourceGroupName": {
611 | "value": "[variables('resourcegroup')]"
612 | },
613 | "keyVaultName": {
614 | "value": "[variables('keyVaultName')]"
615 | },
616 | "accountsCsvUri": {
617 | "value": "[parameters('accountsCsvUri')]"
618 | },
619 | "usernameCollection": {
620 | "value": "[variables('usernameCollection')]"
621 | },
622 | "addAllUsers": {
623 | "value": "[parameters('addAllUsers')]"
624 | },
625 | "applicationGroupName": {
626 | "value": "[reference(variables('avdAndHostPoolResourceName')).outputs.applicationGroupName.value]"
627 | },
628 | "azureDomainName": {
629 | "value": "[parameters('azureDomain')]"
630 | }
631 | }
632 | }
633 | }
634 | ],
635 | "outputs": {}
636 | }
--------------------------------------------------------------------------------
/nested/README.md:
--------------------------------------------------------------------------------
1 | Testing Files
2 |
--------------------------------------------------------------------------------
/nested/azureadds.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "apiVersion": {
6 | "type": "string"
7 | },
8 | "sku": {
9 | "type": "string"
10 | },
11 | "domainConfigurationType": {
12 | "type": "string"
13 | },
14 | "domain": {
15 | "type": "string"
16 | },
17 | "filteredSync": {
18 | "type": "string"
19 | },
20 | "location": {
21 | "type": "string"
22 | },
23 | "notificationSettings": {
24 | "type": "object"
25 | },
26 | "subnetName": {
27 | "type": "string"
28 | },
29 | "tags": {
30 | "type": "object"
31 | },
32 | "vnetName": {
33 | "type": "string"
34 | },
35 | "tlsV1": {
36 | "type": "string"
37 | },
38 | "ntlmV1": {
39 | "type": "string"
40 | },
41 | "syncNtlmPasswords": {
42 | "type": "string"
43 | },
44 | "syncOnPremPasswords": {
45 | "type": "string"
46 | },
47 | "kerberosRc4Encryption": {
48 | "type": "string"
49 | },
50 | "kerberosArmoring": {
51 | "type": "string"
52 | },
53 | "vnetAddressPrefixes": {
54 | "type": "array"
55 | },
56 | "subnetAddressPrefix": {
57 | "type": "string"
58 | },
59 | "nsgName": {
60 | "type": "string"
61 | }
62 | },
63 | "resources": [
64 | {
65 | "apiVersion": "2021-05-01",
66 | "type": "Microsoft.AAD/DomainServices",
67 | "name": "[parameters('domain')]",
68 | "location": "[parameters('location')]",
69 | "tags": "[parameters('tags')]",
70 | "dependsOn": [
71 | "[concat('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]"
72 | ],
73 | "properties": {
74 | "domain": "[parameters('domain')]",
75 | "filteredSync": "[parameters('filteredSync')]",
76 | "domainConfigurationType": "[parameters('domainConfigurationType')]",
77 | "notificationSettings": "[parameters('notificationSettings')]",
78 | "replicaSets": [
79 | {
80 | "subnetId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', parameters('vnetName'), '/subnets/', parameters('subnetName'))]",
81 | "location": "[parameters('location')]"
82 | }
83 | ],
84 | "domainSecuritySettings": {
85 | "tlsV1": "[parameters('tlsV1')]",
86 | "ntlmV1": "[parameters('ntlmV1')]",
87 | "syncNtlmPasswords": "[parameters('syncNtlmPasswords')]",
88 | "syncOnPremPasswords": "[parameters('syncOnPremPasswords')]",
89 | "kerberosRc4Encryption": "[parameters('kerberosRc4Encryption')]",
90 | "kerberosArmoring": "[parameters('kerberosArmoring')]"
91 | },
92 | "sku": "[parameters('sku')]"
93 | }
94 | },
95 | {
96 | "type": "Microsoft.Network/NetworkSecurityGroups",
97 | "name": "[parameters('nsgName')]",
98 | "location": "[parameters('location')]",
99 | "properties": {
100 | "securityRules": [
101 | {
102 | "name": "AllowPSRemoting",
103 | "properties": {
104 | "access": "Allow",
105 | "priority": 301,
106 | "direction": "Inbound",
107 | "protocol": "Tcp",
108 | "sourceAddressPrefix": "AzureActiveDirectoryDomainServices",
109 | "sourcePortRange": "*",
110 | "destinationAddressPrefix": "*",
111 | "destinationPortRange": "5986"
112 | }
113 | },
114 | {
115 | "name": "AllowRD",
116 | "properties": {
117 | "access": "Allow",
118 | "priority": 201,
119 | "direction": "Inbound",
120 | "protocol": "Tcp",
121 | "sourceAddressPrefix": "CorpNetSaw",
122 | "sourcePortRange": "*",
123 | "destinationAddressPrefix": "*",
124 | "destinationPortRange": "3389"
125 | }
126 | }
127 | ]
128 | },
129 | "apiVersion": "2021-05-01"
130 | },
131 | {
132 | "type": "Microsoft.Network/virtualNetworks",
133 | "name": "[parameters('vnetName')]",
134 | "location": "[parameters('location')]",
135 | "apiVersion": "2021-05-01",
136 | "dependsOn": [
137 | "[concat('Microsoft.Network/NetworkSecurityGroups/', parameters('nsgName'))]"
138 | ],
139 | "properties": {
140 | "addressSpace": {
141 | "addressPrefixes": "[parameters('vnetAddressPrefixes')]"
142 | },
143 | "subnets": [
144 | {
145 | "name": "[parameters('subnetName')]",
146 | "properties": {
147 | "addressPrefix": "[parameters('subnetAddressPrefix')]",
148 | "networkSecurityGroup": {
149 | "id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/NetworkSecurityGroups/', parameters('nsgName'))]"
150 | }
151 | }
152 | }
153 | ]
154 | }
155 | }
156 | ],
157 | "outputs": {}
158 | }
--------------------------------------------------------------------------------
/nested/bastion.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "VirtualNetworkName": {
6 | "type": "string",
7 | "metadata": {
8 | "description": "Name of Virtual Network. "
9 | }
10 | },
11 | "addressprefix": {
12 | "type": "string",
13 | "metadata": {
14 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
15 | }
16 | },
17 | "bastionsubnet": {
18 | "type": "string",
19 | "metadata": {
20 | "description": "Subnet for Bastion Connections. "
21 | }
22 | },
23 | "location": {
24 | "type": "string",
25 | "defaultValue": "[resourceGroup().location]",
26 | "metadata": {
27 | "description": "Location for all resources."
28 | }
29 | }
30 | },
31 | "variables": {
32 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
33 | "vnetId": "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
34 | "BastionSubnetId": "[concat(variables('vnetId'), '/subnets/', 'AzureBastionSubnet')]"
35 | },
36 | "resources": [
37 | {
38 | "apiVersion": "2020-05-01",
39 | "type": "Microsoft.Network/publicIpAddresses",
40 | "name": "AzureBastionSubnet-ip",
41 | "location": "[parameters('location')]",
42 | "sku": {
43 | "name": "Standard"
44 | },
45 | "properties": {
46 | "publicIPAllocationMethod": "Static"
47 | },
48 | "tags": {}
49 | },
50 | {
51 | "apiVersion": "2020-05-01",
52 | "type": "Microsoft.Network/bastionHosts",
53 | "name": "Bastion",
54 | "location": "[parameters('location')]",
55 | "dependsOn": [
56 | "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', 'AzureBastionSubnet-ip')]",
57 | "[variables('BastionSubnetId')]"
58 | ],
59 | "properties": {
60 | "ipConfigurations": [
61 | {
62 | "name": "IpConf",
63 | "properties": {
64 | "subnet": {
65 | "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets',variables('virtualNetworkName'),'AzureBastionSubnet')]"
66 | },
67 | "publicIPAddress": {
68 | "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', 'AzureBastionSubnet-ip')]"
69 | }
70 | }
71 | }
72 | ]
73 | },
74 | "tags": {}
75 | },
76 | {
77 | "apiVersion": "2019-06-01",
78 | "type": "Microsoft.Network/virtualNetworks/subnets",
79 | "name": "[concat(parameters('VirtualNetworkName'), '/', 'AzureBastionSubnet')]",
80 | "location": "[parameters('location')]",
81 | "properties": {
82 | "addressPrefix": "[parameters('BastionSubnet')]"
83 | }
84 | }
85 | ],
86 | "outputs": {
87 |
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/nested/keyvault.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "name": {
6 | "type": "string"
7 | },
8 | "location": {
9 | "type": "string"
10 | },
11 | "sku": {
12 | "type": "string"
13 | },
14 | "accessPolicies": {
15 | "type": "array"
16 | },
17 | "tenant": {
18 | "type": "string"
19 | },
20 | "enabledForDeployment": {
21 | "type": "bool"
22 | },
23 | "enabledForTemplateDeployment": {
24 | "type": "bool"
25 | },
26 | "enabledForDiskEncryption": {
27 | "type": "bool"
28 | },
29 | "enableRbacAuthorization": {
30 | "type": "bool"
31 | },
32 | "enableSoftDelete": {
33 | "type": "bool"
34 | },
35 | "softDeleteRetentionInDays": {
36 | "type": "int"
37 | },
38 | "networkAcls": {
39 | "type": "object"
40 | }
41 | },
42 | "variables": {},
43 | "resources": [
44 | {
45 | "apiVersion": "2021-06-01-preview",
46 | "name": "[parameters('name')]",
47 | "location": "[parameters('location')]",
48 | "type": "Microsoft.KeyVault/vaults",
49 | "properties": {
50 | "enabledForDeployment": "[parameters('enabledForDeployment')]",
51 | "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
52 | "enabledForDiskEncryption": "[parameters('enabledForDiskEncryption')]",
53 | "enableRbacAuthorization": "[parameters('enableRbacAuthorization')]",
54 | "accessPolicies": "[parameters('accessPolicies')]",
55 | "tenantId": "[parameters('tenant')]",
56 | "sku": {
57 | "name": "[parameters('sku')]",
58 | "family": "A"
59 | },
60 | "enableSoftDelete": "[parameters('enableSoftDelete')]",
61 | "softDeleteRetentionInDays": "[parameters('softDeleteRetentionInDays')]",
62 | "networkAcls": "[parameters('networkAcls')]"
63 | },
64 | "tags": {},
65 | "dependsOn": []
66 | },
67 | {
68 | "type": "Microsoft.KeyVault/vaults/secrets",
69 | "apiVersion": "2021-04-01-preview",
70 | "name": "[concat(parameters('vaults_tst2_kv_msss_management_name'), '/DomainJoinAccount-Password')]",
71 | "location": "[parameters('location')]",
72 | "dependsOn": [
73 | "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
74 | ],
75 | "properties": {
76 | "attributes": {
77 | "enabled": true
78 | }
79 | }
80 | },
81 | {
82 | "type": "Microsoft.KeyVault/vaults/secrets",
83 | "apiVersion": "2021-04-01-preview",
84 | "name": "[concat(parameters('vaults_tst2_kv_msss_management_name'), '/localAdmin-Password')]",
85 | "location": "[parameters('location')]",
86 | "dependsOn": [
87 | "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
88 | ],
89 | "properties": {
90 | "attributes": {
91 | "enabled": true
92 | }
93 | }
94 | },
95 | {
96 | "type": "Microsoft.KeyVault/vaults/secrets",
97 | "apiVersion": "2021-04-01-preview",
98 | "name": "[concat(parameters('vaults_tst2_kv_msss_management_name'), '/msss-RunAsSelfSignedCertSecretName')]",
99 | "location": "[parameters('location')]",
100 | "dependsOn": [
101 | "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
102 | ],
103 | "properties": {
104 | "attributes": {
105 | "enabled": true
106 | }
107 | }
108 | },
109 | {
110 | "type": "Microsoft.KeyVault/vaults/secrets",
111 | "apiVersion": "2021-04-01-preview",
112 | "name": "[concat(parameters('vaults_tst2_kv_msss_management_name'), '/msss-ScalingWebhookName-Uri')]",
113 | "location": "[parameters('location')]",
114 | "dependsOn": [
115 | "[resourceId('Microsoft.KeyVault/vaults', parameters('name'))]"
116 | ],
117 | "properties": {
118 | "attributes": {
119 | "enabled": true
120 | }
121 | }
122 | }
123 | ],
124 | "outputs": {}
125 | }
--------------------------------------------------------------------------------
/nested/networking.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "VirtualNetworkName": {
6 | "type": "string",
7 | "metadata": {
8 | "description": "Name of Virtual Network. "
9 | }
10 | },
11 | "NSG": {
12 | "type": "string",
13 | "metadata": {
14 | "description": "Name of Network Security Group. "
15 | }
16 | },
17 | "subnetname": {
18 | "type": "string",
19 | "metadata": {
20 | "description": "Name of Subnet. "
21 | }
22 | },
23 | "addressprefix": {
24 | "type": "string",
25 | "metadata": {
26 | "description": "Subnet subnet prefix ex: 10.1.0.0/16"
27 | }
28 | },
29 | "addresssubnet": {
30 | "type": "string",
31 | "metadata": {
32 | "description": "Subnet for servers"
33 | }
34 | },
35 | "location": {
36 | "type": "string",
37 | "metadata": {
38 | "description": "Location for all resources."
39 | }
40 | }
41 | },
42 | "variables": {
43 | "dscScript": "dsc/Configuration.zip",
44 | "VirtualNetworkName": "[parameters('VirtualNetworkName')]",
45 | "networkSettings": {
46 | "virtualNetworkAddressPrefix": "[parameters('addressprefix')]",
47 | "subnetAddressPrefix": "[parameters('addresssubnet')]",
48 | "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), parameters('subnetname'))]",
49 | "privateIPAllocationMethod": "Static",
50 | "publicIpAllocationMethod": "Dynamic"
51 | }
52 | },
53 | "resources": [
54 | {
55 | "type": "Microsoft.Network/virtualNetworks",
56 | "apiVersion": "2020-05-01",
57 | "name": "[variables('virtualNetworkName')]",
58 | "location": "[parameters('location')]",
59 | "properties": {
60 | "addressSpace": {
61 | "addressPrefixes": [
62 | "[variables('networkSettings').subnetAddressPrefix]"
63 | ]
64 | },
65 | "subnets": [
66 | {
67 | "name": "[parameters('subnetname')]",
68 | "properties": {
69 | "addressPrefix": "[variables('networkSettings').subnetAddressPrefix]"
70 | }
71 | }
72 | ]
73 | }
74 | },
75 | {
76 | "type": "Microsoft.Network/networkSecurityGroups",
77 | "apiVersion": "2020-05-01",
78 | "name": "[parameters('NSG')]",
79 | "location": "[parameters('location')]",
80 | "properties": {
81 | //"securityRules": [
82 | // {
83 | // "name": "[variables('securityGroupRule').name]",
84 | // "properties": {
85 | // "priority": "[variables('securityGroupRule').priority]",
86 | // "sourceAddressPrefix": "[variables('securityGroupRule').sourceAddressPrefix]",
87 | // "protocol": "[variables('securityGroupRule').protocol]",
88 | // "destinationPortRange": "[variables('securityGroupRule').destinationPortRange]",
89 | // "access": "[variables('securityGroupRule').access]",
90 | // "direction": "[variables('securityGroupRule').direction]",
91 | // "sourcePortRange": "[variables('securityGroupRule').sourcePortRange]",
92 | // "destinationAddressPrefix": "[variables('securityGroupRule').destinationAddressPrefix]"
93 | // }
94 | // }
95 | //]
96 | }
97 | }
98 |
99 | ],
100 | "outputs": {
101 |
102 | }
103 | }
104 |
--------------------------------------------------------------------------------