├── .gitignore
├── Images
├── ANF
│ ├── Picture1.png
│ ├── Picture2.png
│ ├── Picture3.png
│ ├── Picture4.png
│ ├── Picture5.png
│ ├── Picture6.png
│ ├── Picture7.png
│ ├── Picture8.png
│ └── architecture.png
├── AVS
│ ├── AVS_Image1.png
│ ├── AVS_Image2.png
│ └── AVS_Image3.png
├── HCX
│ ├── HCXLayered.png
│ ├── HCXNetworkProfileImage.png
│ ├── HCX_ComputeCluster001.PNG
│ ├── HCX_ComputeCluster002.PNG
│ ├── HCX_Image5.1.png
│ ├── HCX_Image5.2.png
│ ├── HCX_Image5.3.png
│ ├── HCX_image1.png
│ ├── HCX_image10.png
│ ├── HCX_image11.png
│ ├── HCX_image12.png
│ ├── HCX_image13.png
│ ├── HCX_image14.png
│ ├── HCX_image15.png
│ ├── HCX_image16.png
│ ├── HCX_image17.png
│ ├── HCX_image18.png
│ ├── HCX_image19.png
│ ├── HCX_image2.png
│ ├── HCX_image20.png
│ ├── HCX_image21.png
│ ├── HCX_image22.png
│ ├── HCX_image23.png
│ ├── HCX_image24.png
│ ├── HCX_image25.png
│ ├── HCX_image26.png
│ ├── HCX_image27.png
│ ├── HCX_image28.png
│ ├── HCX_image29.png
│ ├── HCX_image3.png
│ ├── HCX_image30.png
│ ├── HCX_image31.png
│ ├── HCX_image32.png
│ ├── HCX_image33.png
│ ├── HCX_image34.png
│ ├── HCX_image35.png
│ ├── HCX_image36.png
│ ├── HCX_image37.png
│ ├── HCX_image38.png
│ ├── HCX_image39.png
│ ├── HCX_image4.png
│ ├── HCX_image40.png
│ ├── HCX_image41.png
│ ├── HCX_image42.png
│ ├── HCX_image43.png
│ ├── HCX_image44.png
│ ├── HCX_image45.png
│ ├── HCX_image46.png
│ ├── HCX_image47.png
│ ├── HCX_image48.png
│ ├── HCX_image49.png
│ ├── HCX_image5.png
│ ├── HCX_image50.png
│ ├── HCX_image6.png
│ ├── HCX_image7.png
│ ├── HCX_image8.png
│ ├── HCX_image9.png
│ ├── NetworkExtension.PNG
│ ├── NetworkProfile.PNG
│ └── ServiceMeshName.PNG
├── NSX
│ ├── DNS1.png
│ ├── DNS2.png
│ ├── DNS3.png
│ ├── DNS4.png
│ ├── DNS5.png
│ ├── DNS6.png
│ ├── DNS7.png
│ ├── NSXSegment002.PNG
│ ├── NSXSegment003.PNG
│ ├── NSXSegment004.PNG
│ ├── NSX_image1.png
│ ├── NSX_image10.png
│ ├── NSX_image11.png
│ ├── NSX_image12.png
│ ├── NSX_image13.png
│ ├── NSX_image14.png
│ ├── NSX_image15.png
│ ├── NSX_image16.png
│ ├── NSX_image17.png
│ ├── NSX_image18.png
│ ├── NSX_image19.png
│ ├── NSX_image2.png
│ ├── NSX_image20.png
│ ├── NSX_image3.png
│ ├── NSX_image4.png
│ ├── NSX_image5.png
│ ├── NSX_image6.png
│ ├── NSX_image7.png
│ ├── NSX_image8.png
│ └── NSX_image9.png
├── Storage Policies
│ ├── run-command-get-storage-policy.png
│ └── run-command-overview-storage-policy.png
├── VNET
│ ├── VNET_image1.png
│ ├── VNET_image2.png
│ ├── VNET_image3.png
│ └── VNET_image4.png
└── schema
│ ├── AVS-Microhack_Workflow.png
│ ├── AVSMicroHackPic.png
│ ├── Whiteboard.png
│ ├── avs-microhack-lab-schema-original.png
│ ├── avs-microhack-lab-schema.png
│ ├── avs-microhack-vpn-bgp-1.png
│ ├── avs-microhack-vpn-bgp-proctor-1.png
│ └── avs-microhack-vpn-connection-1.png
├── README.md
├── VMware Hands On Lab for AVS
└── HOL Details
├── Video
├── _modules
├── bastion.bicep
├── ergw.bicep
├── lng.bicep
├── lng4proctor.bicep
├── loganalytics.bicep
├── nic.bicep
├── routeserver.bicep
├── routetable.bicep
├── storageaccount.bicep
├── vhub.bicep
├── vm.bicep
├── vnet.bicep
├── vpnConnection.bicep
├── vpngw.bicep
├── vwan.bicep
├── vwanergw.bicep
├── vwanvnetconnection.bicep
├── vwanvpngw.bicep
└── vwanvpnsite.bicep
├── docs
├── 1.1 Stepping Stone - Let's get familiar with AVS.md
├── 2.1 Lets explore NSX - DHCP Configuration.md
├── 2.2 Lets explore NSX - How do we add a segment .md
├── 2.3 Lets explore NSX - So we need to add a DNS Forwarder.md
├── 2.4 Lets explore NSX - Stepping stone to Microsegmentation.md
├── 3.1 Prepare the On Prem environment - Configure HCX Appliance.md
├── 3.2 So how do we connect On Prem to AVS - Configure Site Pairing.md
├── 3.3 What Network will be used by Interconnect Appliances - Configure Network Profile.md
├── 3.4 What Compute will be used by Interconnect Appliances - Configure Compute Profile.md
├── 3.5 Deployment of Interconnect Appliances - Create a Service Mesh.md
├── 3.6 Want to retain your VM's IP address - Lets Extend the On Prem Network.md
├── 3.7 YAY - Its Migration Time - Finally!!! copy.md
├── 4.1 (Optional) -Attach ANF Datastores to AVS hosts copy.md
├── 4.2 (Optional) - Enable Managed SNAT for Azure VMware Solution workloads copy.md
├── 4.3 (Optional) - Configure storage policy copy.md
├── 4.4 (Optional) - Create a placement policy in Azure VMware Solution copy.md
├── 4.5 (Optional) - Understand AVS Automation and ESLZ.md
└── Appendix.md
├── proctor
├── 0-main.bicep
└── README.md
├── users
└── 0-main.bicep
└── vars
└── vars.json
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Aa][Rr][Mm]/
27 | [Aa][Rr][Mm]64/
28 | bld/
29 | [Bb]in/
30 | [Oo]bj/
31 | [Ll]og/
32 | [Ll]ogs/
33 |
34 | # Visual Studio 2015/2017 cache/options directory
35 | .vs/
36 | # Uncomment if you have tasks that create the project's static files in wwwroot
37 | #wwwroot/
38 |
39 | # Visual Studio 2017 auto generated files
40 | Generated\ Files/
41 |
42 | # MSTest test Results
43 | [Tt]est[Rr]esult*/
44 | [Bb]uild[Ll]og.*
45 |
46 | # NUnit
47 | *.VisualState.xml
48 | TestResult.xml
49 | nunit-*.xml
50 |
51 | # Build Results of an ATL Project
52 | [Dd]ebugPS/
53 | [Rr]eleasePS/
54 | dlldata.c
55 |
56 | # Benchmark Results
57 | BenchmarkDotNet.Artifacts/
58 |
59 | # .NET Core
60 | project.lock.json
61 | project.fragment.lock.json
62 | artifacts/
63 |
64 | # StyleCop
65 | StyleCopReport.xml
66 |
67 | # Files built by Visual Studio
68 | *_i.c
69 | *_p.c
70 | *_h.h
71 | *.ilk
72 | *.meta
73 | *.obj
74 | *.iobj
75 | *.pch
76 | *.pdb
77 | *.ipdb
78 | *.pgc
79 | *.pgd
80 | *.rsp
81 | *.sbr
82 | *.tlb
83 | *.tli
84 | *.tlh
85 | *.tmp
86 | *.tmp_proj
87 | *_wpftmp.csproj
88 | *.log
89 | *.vspscc
90 | *.vssscc
91 | .builds
92 | *.pidb
93 | *.svclog
94 | *.scc
95 |
96 | # Chutzpah Test files
97 | _Chutzpah*
98 |
99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 |
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 |
116 | # Visual Studio Trace Files
117 | *.e2e
118 |
119 | # TFS 2012 Local Workspace
120 | $tf/
121 |
122 | # Guidance Automation Toolkit
123 | *.gpState
124 |
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 |
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 |
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 |
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 |
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 |
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 |
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 |
153 | # Web workbench (sass)
154 | .sass-cache/
155 |
156 | # Installshield output folder
157 | [Ee]xpress/
158 |
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 |
169 | # Click-Once directory
170 | publish/
171 |
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 |
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 |
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 |
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 |
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 |
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 |
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 |
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 |
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 |
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 |
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 |
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 |
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 |
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 |
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 |
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 |
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 |
278 | # Visual Studio 6 build log
279 | *.plg
280 |
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 |
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 |
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 |
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 |
299 | # FAKE - F# Make
300 | .fake/
301 |
302 | # CodeRush personal settings
303 | .cr/personal
304 |
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 |
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 |
313 | # Tabs Studio
314 | *.tss
315 |
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 |
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 |
325 | # OpenCover UI analysis results
326 | OpenCover/
327 |
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 |
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 |
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 |
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 |
340 | # Local History for Visual Studio
341 | .localhistory/
342 |
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 |
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 |
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 |
--------------------------------------------------------------------------------
/Images/ANF/Picture1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture1.png
--------------------------------------------------------------------------------
/Images/ANF/Picture2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture2.png
--------------------------------------------------------------------------------
/Images/ANF/Picture3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture3.png
--------------------------------------------------------------------------------
/Images/ANF/Picture4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture4.png
--------------------------------------------------------------------------------
/Images/ANF/Picture5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture5.png
--------------------------------------------------------------------------------
/Images/ANF/Picture6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture6.png
--------------------------------------------------------------------------------
/Images/ANF/Picture7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture7.png
--------------------------------------------------------------------------------
/Images/ANF/Picture8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/Picture8.png
--------------------------------------------------------------------------------
/Images/ANF/architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/ANF/architecture.png
--------------------------------------------------------------------------------
/Images/AVS/AVS_Image1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/AVS/AVS_Image1.png
--------------------------------------------------------------------------------
/Images/AVS/AVS_Image2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/AVS/AVS_Image2.png
--------------------------------------------------------------------------------
/Images/AVS/AVS_Image3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/AVS/AVS_Image3.png
--------------------------------------------------------------------------------
/Images/HCX/HCXLayered.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCXLayered.png
--------------------------------------------------------------------------------
/Images/HCX/HCXNetworkProfileImage.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCXNetworkProfileImage.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_ComputeCluster001.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_ComputeCluster001.PNG
--------------------------------------------------------------------------------
/Images/HCX/HCX_ComputeCluster002.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_ComputeCluster002.PNG
--------------------------------------------------------------------------------
/Images/HCX/HCX_Image5.1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_Image5.1.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_Image5.2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_Image5.2.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_Image5.3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_Image5.3.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image1.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image10.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image11.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image12.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image13.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image14.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image15.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image16.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image17.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image18.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image19.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image19.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image2.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image20.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image20.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image21.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image21.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image22.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image22.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image23.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image23.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image24.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image24.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image25.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image26.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image26.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image27.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image27.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image28.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image29.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image29.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image3.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image30.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image30.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image31.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image31.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image32.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image33.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image33.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image34.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image34.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image35.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image35.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image36.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image36.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image37.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image37.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image38.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image38.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image39.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image39.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image4.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image40.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image40.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image41.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image41.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image42.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image42.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image43.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image43.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image44.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image44.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image45.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image45.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image46.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image46.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image47.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image47.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image48.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image49.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image49.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image5.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image50.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image50.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image6.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image7.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image8.png
--------------------------------------------------------------------------------
/Images/HCX/HCX_image9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/HCX_image9.png
--------------------------------------------------------------------------------
/Images/HCX/NetworkExtension.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/NetworkExtension.PNG
--------------------------------------------------------------------------------
/Images/HCX/NetworkProfile.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/NetworkProfile.PNG
--------------------------------------------------------------------------------
/Images/HCX/ServiceMeshName.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/HCX/ServiceMeshName.PNG
--------------------------------------------------------------------------------
/Images/NSX/DNS1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS1.png
--------------------------------------------------------------------------------
/Images/NSX/DNS2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS2.png
--------------------------------------------------------------------------------
/Images/NSX/DNS3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS3.png
--------------------------------------------------------------------------------
/Images/NSX/DNS4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS4.png
--------------------------------------------------------------------------------
/Images/NSX/DNS5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS5.png
--------------------------------------------------------------------------------
/Images/NSX/DNS6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS6.png
--------------------------------------------------------------------------------
/Images/NSX/DNS7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/DNS7.png
--------------------------------------------------------------------------------
/Images/NSX/NSXSegment002.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSXSegment002.PNG
--------------------------------------------------------------------------------
/Images/NSX/NSXSegment003.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSXSegment003.PNG
--------------------------------------------------------------------------------
/Images/NSX/NSXSegment004.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSXSegment004.PNG
--------------------------------------------------------------------------------
/Images/NSX/NSX_image1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image1.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image10.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image11.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image12.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image13.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image14.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image15.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image16.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image17.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image17.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image18.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image18.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image19.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image19.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image2.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image20.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image20.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image3.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image4.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image5.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image6.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image7.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image8.png
--------------------------------------------------------------------------------
/Images/NSX/NSX_image9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/NSX/NSX_image9.png
--------------------------------------------------------------------------------
/Images/Storage Policies/run-command-get-storage-policy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/Storage Policies/run-command-get-storage-policy.png
--------------------------------------------------------------------------------
/Images/Storage Policies/run-command-overview-storage-policy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/Storage Policies/run-command-overview-storage-policy.png
--------------------------------------------------------------------------------
/Images/VNET/VNET_image1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/VNET/VNET_image1.png
--------------------------------------------------------------------------------
/Images/VNET/VNET_image2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/VNET/VNET_image2.png
--------------------------------------------------------------------------------
/Images/VNET/VNET_image3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/VNET/VNET_image3.png
--------------------------------------------------------------------------------
/Images/VNET/VNET_image4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/VNET/VNET_image4.png
--------------------------------------------------------------------------------
/Images/schema/AVS-Microhack_Workflow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/AVS-Microhack_Workflow.png
--------------------------------------------------------------------------------
/Images/schema/AVSMicroHackPic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/AVSMicroHackPic.png
--------------------------------------------------------------------------------
/Images/schema/Whiteboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/Whiteboard.png
--------------------------------------------------------------------------------
/Images/schema/avs-microhack-lab-schema-original.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/avs-microhack-lab-schema-original.png
--------------------------------------------------------------------------------
/Images/schema/avs-microhack-lab-schema.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/avs-microhack-lab-schema.png
--------------------------------------------------------------------------------
/Images/schema/avs-microhack-vpn-bgp-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/avs-microhack-vpn-bgp-1.png
--------------------------------------------------------------------------------
/Images/schema/avs-microhack-vpn-bgp-proctor-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/avs-microhack-vpn-bgp-proctor-1.png
--------------------------------------------------------------------------------
/Images/schema/avs-microhack-vpn-connection-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Images/schema/avs-microhack-vpn-connection-1.png
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 | # Handling Azure vMware Solution (AVS) network connectivity and migration scenario from on-premises to Azure
4 |
5 | ## [Scenario](#scenario)
6 |
7 | ## [Prerequisites](#prerequisites)
8 |
9 | ## Scenario
10 |
11 | In this Microhack, you will :
12 |
13 | - be given an overview of the AVS architecture,
14 | - configure HCX and use it to migrate workloads.
15 |
16 | This lab is built of :
17 |
18 | - 3 vMware vSphere Clusters hosted on-premises along with 3 vCenters,
19 | - 3 AVS solution hosted in Azure regions aligned with nested On Prem vCenters instances,
20 | - A jumpbox per user deployed in Azure to control AVS and On Prem instances.
21 |
22 | 
23 |
24 | Each pair of AVS + on-premises cluster is assigned a unique IP range for the jumpbox. [IP ranges info](docs/Appendix.md)
25 |
26 | ## AVS Design Concepts Video
27 |
28 | [](https://youtu.be/BGw5Nv_Kpiw "Azure VMware Solution MicroHack design video")
--------------------------------------------------------------------------------
/VMware Hands On Lab for AVS/HOL Details:
--------------------------------------------------------------------------------
1 |
2 | [Azure VMware Solution - Hands-on Labs](https://web.hol.vmware.com/landingPages/index.aspx?id=PN5RRQA9)
3 |
4 | Note - myvmware account is required for this
5 |
6 | To configure myvmware account visit [myvmware account](https://customerconnect.vmware.com/login?bmctx=4C976C546DE4E8BA7BD58B8EEADF25A5B418821E70E4480C483939EC36F11A86&contextType=external&username=string&OverrideRetryLimit=1&action=%2F&password=secure_string&challenge_url=https:%2F%2Fcustomerconnect.vmware.com%2Flogin&creds=username%20password&request_id=1911254634096705022&authn_try_count=0&locale=en_GB&resource_url=https%253A%252F%252Fcustomerconnect.vmware.com%252Fgroup%252Fvmware%252F)
7 |
--------------------------------------------------------------------------------
/Video:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ravi0130/azure-avs-microhack/ebd067d690010291299d85ef7154baedc97ef64a/Video
--------------------------------------------------------------------------------
/_modules/bastion.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param subnetId string
3 | param name string
4 |
5 | resource publicIp 'Microsoft.Network/publicIPAddresses@2020-08-01' = {
6 | name: '${name}-pip'
7 | location: location
8 | sku: {
9 | name:'Standard'
10 | tier:'Regional'
11 | }
12 | properties: {
13 | publicIPAllocationMethod: 'Static'
14 | }
15 | }
16 |
17 | resource bastionHost 'Microsoft.Network/bastionHosts@2021-02-01' = {
18 | name: name
19 | location: location
20 | properties: {
21 | ipConfigurations: [
22 | {
23 | name: 'IpConf'
24 | properties: {
25 | subnet: {
26 | id: subnetId
27 | }
28 | publicIPAddress: {
29 | id: publicIp.id
30 | }
31 | }
32 | }
33 | ]
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/_modules/ergw.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param gwSubnetId string
3 | param name string
4 |
5 | resource erGateway 'Microsoft.Network/virtualNetworkGateways@2020-11-01' = {
6 | name: name
7 | location: location
8 | properties: {
9 | gatewayType: 'ExpressRoute'
10 | sku: {
11 | name: 'Standard'
12 | tier: 'Standard'
13 | }
14 | ipConfigurations: [
15 | {
16 | name: 'ipconfig1'
17 | properties: {
18 | subnet: {
19 | id: gwSubnetId
20 | }
21 | publicIPAddress: {
22 | id: publicIp.id
23 | }
24 | }
25 | }
26 | ]
27 | }
28 | }
29 |
30 | resource publicIp 'Microsoft.Network/publicIPAddresses@2020-08-01' = {
31 | name: 'ergw-pip'
32 | location: location
33 | sku: {
34 | name:'Basic'
35 | tier:'Regional'
36 | }
37 | properties: {
38 | publicIPAllocationMethod: 'Dynamic'
39 | }
40 | }
41 |
42 | output erGwId string = erGateway.id
43 |
--------------------------------------------------------------------------------
/_modules/lng.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param userId int
4 | param variables object
5 | @allowed([
6 | 1
7 | 2
8 | ])
9 | param tunnelId int
10 |
11 | var userIdIndex = userId - 1
12 |
13 |
14 | resource lng 'Microsoft.Network/localNetworkGateways@2021-02-01' = {
15 | name: name
16 | location: location
17 | properties: {
18 | bgpSettings: {
19 | asn: variables.usersIpRanges[userIdIndex].remoteAsn
20 | bgpPeeringAddress: tunnelId == 1 ? variables.usersIpRanges[userIdIndex].remoteBgpIp : variables.usersIpRanges[userIdIndex].remoteBgpIp2
21 | }
22 | gatewayIpAddress: tunnelId == 1 ? '${variables.usersIpRanges[userIdIndex].remoteVpnGatewayPublicIp}' : '${variables.usersIpRanges[userIdIndex].remoteVpnGatewayPublicIp2}'
23 | localNetworkAddressSpace: {
24 | addressPrefixes: [
25 | tunnelId == 1 ? '${variables.usersIpRanges[userIdIndex].remoteBgpIp}/32' : '${variables.usersIpRanges[userIdIndex].remoteBgpIp2}/32'
26 | ]
27 | }
28 | }
29 | }
30 |
31 | output lngId string = lng.id
32 |
--------------------------------------------------------------------------------
/_modules/lng4proctor.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param usersIpRanges array
4 | param userId int
5 |
6 | var userIdIndex = userId - 1
7 |
8 | // We use a custom domain name as Public IP attached to VPN GWs cannot have a DNS prefix that works ...
9 | var dnsDomain = '${location}.cloudapp.azure.com'
10 |
11 | resource lng 'Microsoft.Network/localNetworkGateways@2021-02-01' = {
12 | name: name
13 | location: location
14 | properties: {
15 | bgpSettings: {
16 | asn: usersIpRanges[userIdIndex].asn
17 | bgpPeeringAddress: usersIpRanges[userIdIndex].ownBgpIp
18 | }
19 | fqdn: '${usersIpRanges[userIdIndex].vpnGatewayDnsPrefix}.${dnsDomain}'
20 |
21 | localNetworkAddressSpace: {
22 | addressPrefixes: [
23 | '${usersIpRanges[userIdIndex].ownBgpIp}/32'
24 | ]
25 | }
26 | }
27 | }
28 |
29 | output lngId string = lng.id
30 |
--------------------------------------------------------------------------------
/_modules/loganalytics.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 |
4 | resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' = {
5 | name: name
6 | location: location
7 | properties: {
8 | sku: {
9 | name: 'PerGB2018'
10 | }
11 | }
12 | }
13 |
14 | output logAnalyticsWsId string = logAnalyticsWorkspace.id
15 |
--------------------------------------------------------------------------------
/_modules/nic.bicep:
--------------------------------------------------------------------------------
1 | param nicName string
2 | param location string
3 | param subnetId string
4 | param enableForwarding bool = false
5 | param createPublicIpNsg bool = false
6 | param vmName string
7 |
8 |
9 | resource nicPip 'Microsoft.Network/networkInterfaces@2020-08-01' = if(createPublicIpNsg) {
10 | name: '${nicName}-public'
11 | location: location
12 | properties: {
13 | enableIPForwarding: enableForwarding
14 | ipConfigurations: [
15 | {
16 | name: 'ipconfig0'
17 | properties: {
18 | primary:true
19 | privateIPAllocationMethod:'Dynamic'
20 | subnet: {
21 | id: subnetId
22 | }
23 | publicIPAddress: {
24 | id: publicIp.id
25 | }
26 | }
27 | }
28 | ]
29 | networkSecurityGroup: {
30 | id: nsg.id
31 | }
32 | }
33 | }
34 |
35 | resource nicNoPip 'Microsoft.Network/networkInterfaces@2020-08-01' = if(!createPublicIpNsg) {
36 | name: nicName
37 | location: location
38 | properties: {
39 | enableIPForwarding: enableForwarding
40 | ipConfigurations: [
41 | {
42 | name: 'ipconfig0'
43 | properties: {
44 | primary:true
45 | privateIPAllocationMethod:'Dynamic'
46 | subnet: {
47 | id: subnetId
48 | }
49 | }
50 | }
51 | ]
52 | }
53 | }
54 |
55 | resource publicIp 'Microsoft.Network/publicIPAddresses@2020-08-01' = if(createPublicIpNsg) {
56 | name: '${nicName}-pip'
57 | location: location
58 | sku: {
59 | name:'Standard'
60 | tier:'Regional'
61 | }
62 | properties: {
63 | publicIPAllocationMethod: 'Static'
64 | }
65 | }
66 |
67 | resource nsg 'Microsoft.Network/networkSecurityGroups@2020-11-01' = if(createPublicIpNsg) {
68 | name: '${vmName}-nsg'
69 | location: location
70 | properties: {
71 | securityRules: [
72 | {
73 | name: 'allow-ssh'
74 | properties: {
75 | access:'Allow'
76 | description:'Allow SSH from outside'
77 | destinationAddressPrefix: '*'
78 | destinationPortRange: '22'
79 | direction:'Inbound'
80 | protocol:'Tcp'
81 | priority: 200
82 | sourceAddressPrefix: '*'
83 | sourcePortRange: '*'
84 | }
85 | }
86 | {
87 | name: 'allow-rdp'
88 | properties: {
89 | access:'Allow'
90 | description:'Allow RDP from outside'
91 | destinationAddressPrefix: '*'
92 | destinationPortRange: '3389'
93 | direction:'Inbound'
94 | protocol:'Tcp'
95 | priority: 210
96 | sourceAddressPrefix: '*'
97 | sourcePortRange: '*'
98 | }
99 | }
100 | ]
101 | }
102 | }
103 |
104 | output nicId string = createPublicIpNsg ? '${nicPip.id}' : '${nicNoPip.id}'
105 | output nicPrivateIp string = createPublicIpNsg ? '${nicPip.properties.ipConfigurations[0].properties.privateIPAddress}' : '${nicNoPip.properties.ipConfigurations[0].properties.privateIPAddress}'
106 |
--------------------------------------------------------------------------------
/_modules/routeserver.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param subnetId string
4 |
5 | resource routeServer 'Microsoft.Network/virtualHubs@2021-02-01' = {
6 | name: name
7 | location: location
8 | properties: {
9 | sku: 'Standard'
10 | allowBranchToBranchTraffic: true
11 | }
12 | }
13 |
14 | resource routeServerIpConfig 'Microsoft.Network/virtualHubs/ipConfigurations@2020-11-01' = {
15 | name: name
16 | parent: routeServer
17 | properties: {
18 | subnet: {
19 | id: subnetId
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/_modules/routetable.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param routes array
4 |
5 | resource rt 'Microsoft.Network/routeTables@2021-03-01' = {
6 | name: name
7 | location: location
8 | properties: {
9 | routes: [ for route in routes: {
10 | name: route.name
11 | properties: {
12 | nextHopType: route.nextHopType
13 | addressPrefix: route.addressPrefix
14 | }
15 | }]
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/_modules/storageaccount.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 |
4 | resource sa 'Microsoft.Storage/storageAccounts@2021-04-01' = {
5 | name: name
6 | location: location
7 | sku: {
8 | name: 'Standard_LRS'
9 | }
10 | kind: 'StorageV2'
11 | }
12 |
13 | output storageAccount object = sa
14 | output id string = sa.id
15 |
--------------------------------------------------------------------------------
/_modules/vhub.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param vwanId string
4 | param addressPrefix string
5 |
6 | resource vHub 'Microsoft.Network/virtualHubs@2021-03-01' = {
7 | name: name
8 | location: location
9 | properties: {
10 | addressPrefix: addressPrefix
11 | sku: 'Standard'
12 | virtualWan: {
13 | id: vwanId
14 | }
15 | }
16 | }
17 |
18 | output vHubName string = vHub.name
19 | output vHubId string = vHub.id
20 |
--------------------------------------------------------------------------------
/_modules/vm.bicep:
--------------------------------------------------------------------------------
1 | // adminPassword intentionally left here as this is for demo and ephemeral purpose, no way to hack the world here :)
2 |
3 | param vmName string
4 | param location string
5 | param subnetId string
6 | param enableForwarding bool = false
7 | param createPublicIpNsg bool = false
8 | @allowed([
9 | 'Enabled'
10 | 'Disabled'
11 | ])
12 | param autoShutdownStatus string = 'Enabled'
13 |
14 | @allowed([
15 | 'desktop'
16 | 'server'
17 | ])
18 | param osType string
19 |
20 | var osServer = {
21 | publisher: 'MicrosoftWindowsServer'
22 | offer: 'WindowsServer'
23 | sku: '2019-Datacenter'
24 | version: 'latest'
25 | }
26 |
27 | var osDesktop = {
28 | publisher: 'MicrosoftWindowsDesktop'
29 | offer: 'Windows-10'
30 | sku: '20h2-ent'
31 | version: 'latest'
32 | }
33 |
34 | module nic 'nic.bicep' = {
35 | name: '${vmName}-nic'
36 | params: {
37 | location: location
38 | nicName: '${vmName}-nic'
39 | subnetId: subnetId
40 | enableForwarding: enableForwarding
41 | createPublicIpNsg: createPublicIpNsg
42 | vmName: vmName
43 | }
44 | }
45 |
46 | resource vm 'Microsoft.Compute/virtualMachines@2020-12-01' = {
47 | name: vmName
48 | location: location
49 | properties: {
50 | osProfile: {
51 | adminUsername: 'admin-avs'
52 | adminPassword: 'MicroHack/123'
53 | computerName: vmName
54 | }
55 | hardwareProfile: {
56 | vmSize: 'Standard_D2s_v3'
57 | }
58 | storageProfile: {
59 | imageReference: osType == 'desktop' ? osDesktop : osServer
60 | osDisk: {
61 | createOption:'FromImage'
62 | caching:'ReadWrite'
63 | managedDisk: {
64 | storageAccountType: 'Premium_LRS'
65 | }
66 | name: '${vmName}-osDisk'
67 | osType: osType == 'desktop' ? 'Windows' : 'Linux'
68 | }
69 | }
70 | networkProfile: {
71 | networkInterfaces: [
72 | {
73 | properties: {
74 | primary:true
75 | }
76 | id: nic.outputs.nicId
77 | }
78 | ]
79 | }
80 | }
81 | }
82 |
83 | resource autoShutdown 'Microsoft.DevTestLab/schedules@2018-09-15' = {
84 | name: 'shutdown-computevm-${vmName}'
85 | location: location
86 | properties: {
87 | status: autoShutdownStatus
88 | dailyRecurrence:{
89 | time: '2100'
90 | }
91 | notificationSettings: {
92 | status:'Disabled'
93 | }
94 | taskType: 'ComputeVmShutdownTask'
95 | targetResourceId: vm.id
96 | timeZoneId: 'GMT Standard Time'
97 | }
98 | }
99 |
100 | output nicPrivateIp string = nic.outputs.nicPrivateIp
101 |
--------------------------------------------------------------------------------
/_modules/vnet.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param userId int
4 | param usersIpRanges array
5 | param dnsServer string = '10.228.17.37'
6 |
7 | var userIdIndex = userId - 1
8 |
9 | var usersSubnets = [
10 | {
11 | name: 'GatewaySubnet'
12 | properties: {
13 | addressPrefix: usersIpRanges[userIdIndex].subnets[0]
14 | }
15 | }
16 | {
17 | name: 'jumpbox'
18 | properties: {
19 | addressPrefix: usersIpRanges[userIdIndex].subnets[1]
20 | }
21 | }
22 | {
23 | name: 'AzureBastionSubnet'
24 | properties: {
25 | addressPrefix: usersIpRanges[userIdIndex].subnets[2]
26 | }
27 | }
28 | ]
29 |
30 | resource adminVnet 'Microsoft.Network/virtualNetworks@2020-11-01' = {
31 | name: name
32 | location: location
33 | properties: {
34 | addressSpace: {
35 | addressPrefixes: [
36 | usersIpRanges[userIdIndex].addressSpace
37 | ]
38 | }
39 | subnets: usersSubnets
40 | dhcpOptions: {
41 | dnsServers: [
42 | dnsServer
43 | ]
44 | }
45 | }
46 | }
47 |
48 | output subnets array = adminVnet.properties.subnets
49 | output vnetId string = adminVnet.id
50 |
--------------------------------------------------------------------------------
/_modules/vpnConnection.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 | param vpnGwId string
4 | param remoteLngId string
5 |
6 | @secure()
7 | param vpnPreSharedKey string
8 |
9 | resource vpnConnection 'Microsoft.Network/connections@2020-11-01' = {
10 | name: name
11 | location: location
12 | properties: {
13 | connectionType: 'IPsec'
14 | connectionProtocol: 'IKEv2'
15 | connectionMode: 'Default'
16 | enableBgp: true
17 | sharedKey: vpnPreSharedKey
18 | virtualNetworkGateway1: {
19 | id: vpnGwId
20 | properties:{
21 |
22 | }
23 | }
24 | localNetworkGateway2: {
25 | id: remoteLngId
26 | properties: {
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/_modules/vpngw.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param gwSubnetId string
3 | param name string
4 | param variables object
5 | param userId int
6 |
7 | var userIdIndex = userId - 1
8 |
9 | resource vpnGateway 'Microsoft.Network/virtualNetworkGateways@2020-11-01' = {
10 | name: name
11 | location: location
12 | properties: {
13 | gatewayType: 'Vpn'
14 | sku: {
15 | name: 'VpnGw1AZ'
16 | tier: 'VpnGw1AZ'
17 | }
18 | ipConfigurations: [
19 | {
20 | name: 'ipconfig1'
21 | properties: {
22 | subnet: {
23 | id: gwSubnetId
24 | }
25 | publicIPAddress: {
26 | id: publicIp.id
27 | }
28 | }
29 | }
30 | ]
31 | bgpSettings: {
32 | asn: variables.usersIpRanges[userIdIndex].asn
33 | }
34 | enableBgp: true
35 | vpnType: 'RouteBased'
36 | vpnGatewayGeneration: 'Generation1'
37 | activeActive: userId == 14 ? true : false
38 | }
39 | }
40 |
41 | resource publicIp 'Microsoft.Network/publicIPAddresses@2020-08-01' = {
42 | name: '${name}-pip-${variables.sessionId}'
43 | location: location
44 | sku: {
45 | name:'Standard'
46 | tier:'Regional'
47 | }
48 | zones: [
49 | '1'
50 | '2'
51 | '3'
52 | ]
53 | properties: {
54 | publicIPAllocationMethod: 'Static'
55 | dnsSettings: {
56 | domainNameLabel: '${variables.usersIpRanges[userIdIndex].vpnGatewayDnsPrefix}-${variables.sessionId}'
57 | }
58 | }
59 | }
60 |
61 | output vpnGwId string = vpnGateway.id
62 | output vpnGwPipFqdn string = publicIp.properties.dnsSettings.fqdn
63 |
--------------------------------------------------------------------------------
/_modules/vwan.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param name string
3 |
4 | resource vWan 'Microsoft.Network/virtualWans@2021-03-01' = {
5 | name: name
6 | location: location
7 | properties: {
8 | }
9 | }
10 |
11 | output vWanId string = vWan.id
12 |
--------------------------------------------------------------------------------
/_modules/vwanergw.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param gwName string
3 | param vHubId string
4 | param vHubName string
5 | param avsCircuitIds array
6 | param connectCircuits bool
7 |
8 | resource vHubErGw 'Microsoft.Network/expressRouteGateways@2021-03-01' = {
9 | name: gwName
10 | location: location
11 | properties: {
12 | virtualHub: {
13 | id: vHubId
14 | }
15 | autoScaleConfiguration: {
16 | bounds: {
17 | min: 1
18 | }
19 | }
20 | }
21 | }
22 |
23 | @batchSize(1)
24 | resource erCircuit 'Microsoft.Network/expressRouteGateways/expressRouteConnections@2021-03-01' = [ for (avsCircuit, index) in avsCircuitIds : if(connectCircuits) {
25 | name: '${gwName}/Connection-${index}'
26 | properties: {
27 | authorizationKey: avsCircuit.authKey
28 | expressRouteCircuitPeering: {
29 | id: avsCircuit.erCircuitId
30 | }
31 | routingConfiguration: {
32 | associatedRouteTable: {
33 | id: resourceId('Microsoft.Network/virtualHubs/hubRouteTables', vHubName, 'defaultRouteTable')
34 | }
35 | propagatedRouteTables: {
36 | ids: [
37 | {
38 | id: resourceId('Microsoft.Network/virtualHubs/hubRouteTables', vHubName, 'defaultRouteTable')
39 | }
40 | ]
41 | }
42 | }
43 | }
44 | }]
45 |
46 | output erGwId string = vHubErGw.id
47 |
--------------------------------------------------------------------------------
/_modules/vwanvnetconnection.bicep:
--------------------------------------------------------------------------------
1 | param vHubName string
2 | param vHubId string
3 | param vNetId string
4 | param connectionName string
5 |
6 | resource vnetConnection 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-03-01' = {
7 | name: '${vHubName}/${connectionName}'
8 | properties: {
9 | remoteVirtualNetwork: {
10 | id: vNetId
11 | }
12 | routingConfiguration: {
13 | associatedRouteTable: {
14 | id: '${vHubId}/hubRouteTables/defaultRouteTable'
15 | }
16 | propagatedRouteTables: {
17 | ids: [
18 | {
19 | id: '${vHubId}/hubRouteTables/defaultRouteTable'
20 | }
21 | ]
22 | }
23 | }
24 | allowHubToRemoteVnetTransit: true
25 | allowRemoteVnetToUseHubVnetGateways: true
26 | enableInternetSecurity: true
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/_modules/vwanvpngw.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param asn int
3 | param gwName string
4 | param vHubId string
5 |
6 | resource vpnGw 'Microsoft.Network/vpnGateways@2021-02-01' = {
7 | name: gwName
8 | location: location
9 | properties: {
10 | bgpSettings: {
11 | asn: asn
12 | }
13 | virtualHub: {
14 | id: vHubId
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/_modules/vwanvpnsite.bicep:
--------------------------------------------------------------------------------
1 | param location string
2 | param userId int
3 | param name string
4 | param asn int
5 | param bgpIp string
6 | param publicIp string
7 | param vWanId string
8 | param vpnGatewayName string
9 |
10 | resource vpnSite 'Microsoft.Network/vpnSites@2021-02-01' = if(userId != 14) {
11 | name: name
12 | location: location
13 | properties: {
14 | vpnSiteLinks: [
15 | {
16 | name: name
17 | properties: {
18 | fqdn: publicIp
19 | bgpProperties: {
20 | asn: asn
21 | bgpPeeringAddress: bgpIp
22 | }
23 | linkProperties: {
24 | linkProviderName: 'MicrosoftVpn'
25 | linkSpeedInMbps: 100
26 | }
27 | }
28 | }
29 | ]
30 | deviceProperties: {
31 | deviceVendor: 'Microsoft'
32 | }
33 | virtualWan: {
34 | id: vWanId
35 | }
36 | }
37 | }
38 |
39 | resource vpnSitesLink 'Microsoft.Network/vpnGateways/vpnConnections@2021-03-01' = if(userId != 14) {
40 | name: '${vpnGatewayName}/Connection-${asn}'
41 | properties: {
42 | vpnLinkConnections: [
43 | {
44 | name: 'Connection-${name}'
45 | properties: {
46 | enableBgp: true
47 | sharedKey: 'MicrosoftMicroHack@1234$'
48 | vpnSiteLink: {
49 | id: vpnSite.properties.vpnSiteLinks[0].id
50 | }
51 | }
52 | }
53 | ]
54 | remoteVpnSite: {
55 | id: vpnSite.id
56 | }
57 | }
58 | }
59 |
60 | output vpnSiteId string = vpnSite.id
61 |
--------------------------------------------------------------------------------
/docs/1.1 Stepping Stone - Let's get familiar with AVS.md:
--------------------------------------------------------------------------------
1 | Challenge 1.1
2 | "Stepping Sone - Let's get Familiar with AVS"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will go through the document below to understand the following concepts:
8 |
9 | 1. Understand the AVS Pre-requisites
10 | 2. Understand AVS Identity & Access Management
11 | 3. Understand AVS Network connectivity requirements
12 | 4. Understand common operation tasks for AVS
13 | 5. Understand AVS Networking
14 |
15 |
16 | ### Note :
17 |
18 | As a part of this challenge you are also expected to log on to the AVS Private cloud assigned to your team and to familiarise yourself with the tabs within it. its important for you to look at tabs like Connectivity, Identity, Clusters, Add-Ons and Workload Networking.
19 |
20 | Feel free to reach out to your facilitator in case you have any questions regarding the tabs within the AVS Private Cloud.
21 |
22 | Please carefully follow the instructions provided by your facilitator.
23 |
24 | Work with the instructor to ensure your AVS environment has the required permissions to access the Private Cloud
25 |
26 | It is recommended to go through the AVS Private Cloud assigned to your team to familiarize yourself to the topics listed below
27 |
28 | ## Challenge
29 |
30 | By the end of this challenge (by reading the document / navigating the AVS Private Cloud's tabs and discussion with your fellow team and coach), you should independantly be able to answer the following questions
31 |
32 | 1. What is an AVS Private Cloud and what benefit does a client get by moving their workloads to AVS?
33 | 2. How is the AVS Private Cloud different from Native Azure and what use case does this fulfil in comparison to native Azure?
34 | 3. What are the basic requirements for setting up the AVS Private Cloud?
35 | 4. What are the connectivity requirements for connecting the AVS Private Cloud to On-Prem and Azure?
36 | 5. How can we protect our virtual machines within the private cloud? Can you list a few scenarios?
37 | 6. What are the common DR scenarios that can be configured for VMs within AVS
38 |
39 |
40 |
41 | ## Pre-Requisites
42 |
43 | Azure VMware Solution delivers VMware-based private clouds in Azure and is available for EA and CSP customers. Customers need to request a quota and register the Microsoft.AVS resource provider prior to deploying:
44 |
45 | [Request host quota for Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/request-host-quota-azure-vmware-solution)
46 |
47 | [Deploy and configure Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/deploy-azure-vmware-solution?tabs=azure-portal)
48 |
49 | As the service isn’t available in all regions yet please check for local coverage in the required regions:
50 |
51 | [Azure Products by Region | Microsoft Azure](https://azure.microsoft.com/en-us/global-infrastructure/services/?regions=all&products=azure-vmware)
52 |
53 | Each private cloud will have a minimum of one vSAN cluster that consists of three hosts. Additional hosts, clusters or even private clouds can be added to your Azure subscription depending on your requirements and available host quotas.
54 |
55 | There is also the option of a trial cluster, these are limited to three hosts and one month duration. After the trial period those hosts will be converted to regular AVS hosts.
56 |
57 | [Concepts - Private clouds and clusters - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/concepts-private-clouds-clusters)
58 |
59 |
60 | ## Identity and access management
61 |
62 | Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
63 |
64 | Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. For that purpose Azure VMware Solution offers several operations to natively integrate into your RBAC strategy.
65 |
66 | Azure VMware Solution private clouds are provisioned with a vCenter Server and NSX-T Manager. You use vCenter to manage virtual machine (VM) workloads and NSX-T Manager to manage and extend the private cloud. Access and identity management use the CloudAdmin role for vCenter and restricted administrator rights for NSX-T Manager.
67 |
68 | Permissions are not inherited from Azure RBAC, for granular management you can create new roles inside vCenter based on the described privileges:
69 |
70 | [Concepts - Identity and access - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/concepts-identity)
71 |
72 | ## Network connectivity
73 | Azure VMware Solution offers a private cloud environment accessible from on-premises and Azure-based resources. Services such as Azure ExpressRoute, VPN connections or Azure Virtual WAN deliver the connectivity.
74 |
75 | [Concepts - Network interconnectivity - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/concepts-networking)
76 |
77 |
78 | ## Connect AVS to on-premises and Azure VNET
79 | To ensure connectivity between on-premises environments and the AVS private cloud most customers will utilize an ExpressRoute. To ensure connectivity between the ExpressRoute circuits of the existing on-premises connection and the AVS Private Cloud the Global Reach add-on is required. This add-on is provided for the circuit of the Azure VMware Solution as part of the offering but needs to be enabled for your existing on-premises ExpressRoute circuit and may incur additional costs.
80 |
81 | 
82 |
83 | First you create an authorization key from your ExpressRoute circuits blade, this will be used to create the on-prem cloud connection in the Connectivity blade of the AVS Private Cloud.
84 |
85 | [Peer on-premises environments to Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-expressroute-global-reach-private-cloud)
86 |
87 |
88 | For PoC and smaller environments there is also the option of a VPN-based connectivity with Azure Virtual WAN available.
89 |
90 | [Configure a site-to-site VPN in vWAN for Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/configure-site-to-site-vpn-gateway)
91 |
92 | ## Connect AVS to Azure VNET
93 | Connectivity between Azure virtual networks and your private cloud will be enabled by virtual network gateways that connect to the ExpressRoute circuit of your private cloud. After creating the virtual network gateway you will create an authorization key from the AVS Private Cloud blade and connect both.
94 |
95 | 
96 |
97 | [Tutorial - Configure networking for your VMware private cloud in Azure - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-configure-networking)
98 |
99 | ## Securely manage your AVS private cloud
100 | Most of the administrative tasks in an AVS private cloud will be orchestrated using the Azure VMware Solution vCenter and NSX-T Manager. As both systems are not publicly accessible we will need to create a jumpbox and optionally deploy Azure Bastion to enable secure access from non-private locations.
101 | The required URLs, credentials and certificate thumbprints for accessing vCenter and NSX-T Manager can be obtained using the Identity blade of your AVS private cloud.
102 |
103 | [Tutorial: Create an Azure Bastion host: Windows VM: portal | Microsoft Docs](https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal)
104 |
105 | [Tutorial - Access your private cloud - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-access-private-cloud)
106 |
107 | ## Other common operational tasks
108 | ### Scaling your AVS private cloud
109 |
110 | You can scale the clusters and hosts in a private cloud as required for your application workload. Please ensure that you have remaining quota available for the planned scaling and have a quick check on the scalability limits of your private cloud:
111 | • Up to 12 clusters per private cloud
112 | • Between 3 to 16 hosts per cluster
113 | • Up to 96 hosts per private cloud
114 |
115 | [Concepts - Private clouds and clusters - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/concepts-private-clouds-clusters#clusters)
116 |
117 | [Tutorial - Expand or shrink clusters in a private cloud - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-scale-private-cloud)
118 |
119 | ## Deploy Add-Ons for AVS private cloud
120 |
121 | Azure VMware Solution offers extensibility through additional add-ons that can be deployed using the Azure portal. Depending on the add-on used additional licensing may be required as not all add-ons are included in the Azure VMware Solution pricing itself.
122 |
123 | Currently we offer add-ons for disaster recovery (VMware SRM) and workload mobility (VMware HCX) with more to come.
124 |
125 | If the deployed add-on isn’t fully managed via VMware vCenter plugins you can retrieve the management URLs through the Private Cloud add-ons blade. Depending on the add-on there may also be further options available in the add-ons blade like scaling the VMware Site Recovery Manager add-on or creating activation keys to connect HCX to your on-premises environment.
126 |
127 | [Deploy disaster recovery with VMware Site Recovery Manager - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/disaster-recovery-using-vmware-site-recovery-manager)
128 |
129 | [Deploy and configure VMware HCX - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-deploy-vmware-hcx)
130 |
131 |
132 | ## Workload networking
133 |
134 | Workload networking relates to several individual tasks that come up during the lifetime of an Azure VMware solution, e.g. configuring DHCP and DNS as well as creating new network segments. The following diagram provides a quick overview of the networking topology with the relevant components for this common tasks.
135 |
136 | 
137 |
138 | Your Azure VMware solution should be configured to host a DHCP server as DHCP requests won’t traverse to your on-premises environment by default. We recommend utilizing NSX-T to host the DHCP server instead of having a virtual machine created for this. Therefore we will create a DHCP server instance defined by name and IP address.
139 |
140 | The individual DHCP ranges are configured within the network segment when you specify the subnets of the network segment. Please ensure that non-overlapping subnets and DHCP ranges must be used to ensure connectivity.
141 |
142 | DNS resolution is done via the DNS service in each Tier-1 gateway and can be customized to include custom DNS resolution for up to 5 internal zones while keeping regular DNS traffic inside AVS. For this create one or more additional DNS zones of the type “FQDN Zone” for those domains that are not externally resolvable and specify the appropriate DNS server IPs. After creating the DNS zones ensure that those are also added to the DNS service.
143 |
144 | The default deployment already contains a network segment but when deploying workloads to the Private Cloud additional network segments may be required for separation of workloads. When creating new network segments you need to specify the gateway IP and optionally associated DHCP ranges if not only static IP-assignment is planned.
145 |
146 | Any creation/modification of network segments not bound to the default Tier-1 gateway needs to be done via NSX-T manager as the Azure Portal will only show the resources associated the default Tier-1 gateway created during initial deployment.
147 |
148 | [Configure DHCP for Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/configure-dhcp-azure-vmware-solution)
149 |
150 | [Configure DNS forwarder for Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution)
151 |
152 | [Tutorial - Add a network segment in Azure VMware Solution - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/tutorial-nsx-t-network-segment)
153 |
154 | ## Running commands for privileged tasks
155 |
156 | Certain tasks require more privileges that the default cloudadmin role permits, therefore we have included an additional blade in the Azure portal titled “Run command” to support this tasks.
157 | Currently two groups of commands are supported:
158 |
159 | ### JSDR.Configuration
160 |
161 | Commands needed to install the JetStream DR software
162 |
163 | [Disaster Recovery for Azure VMware Solution (AVS) using JetStream DR (jetstreamsoft.com)](https://www.jetstreamsoft.com/solutions/disaster-recovery-for-azure-vmware-solution/)
164 |
165 | Microsoft.AVS.Management
166 | Commands to manage external identity sources for your private cloud and assign groups to the cloudadmin role
167 |
168 | ## Raising a support case
169 | Support requests should be raised via the Azure Portal, e.g. via the “New Support Request” blade. As the service type please check if “Azure VMware Solution” has been selected as “Azure VMware Solution by CloudSimple” refers to the previous version of our VMware offering. The resource field should refer to the private cloud where you’re experiencing issues.
170 |
171 | [Support for Azure VMware Solution deployment or provisioning failure - Azure VMware Solution | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-vmware/fix-deployment-failures)
172 |
173 |
174 |
175 | This concludes the AVS familiarisation for AVS!!
--------------------------------------------------------------------------------
/docs/2.1 Lets explore NSX - DHCP Configuration.md:
--------------------------------------------------------------------------------
1 | Challenge 2.1
2 | "Lets explore NSX - DHCP Configuration"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Use NSX-T DHCP server
10 |
11 | As a part of this challenge you are expected to log on to the AVS Private cloud within Azure Portal assigned to your team and to deploy a DHCP server, such that we can provide dynamic IPs to VMs when they need.
12 |
13 | ## Use Case Tip
14 |
15 | VMs within the AVS environment will recieve IP from various sources
16 |
17 | 1. Some VMs may be migrated and they will retain their IPs from On-Prem to AVS if they are on an extended L2 stretch
18 | 2. Some VMs may be migrated and they will need new IP from AVS if they are on a non-extended VLAN. in such cases the VM will get a new IP (DHCP based) or static IP
19 | 3. Some VMs may be created locally within AVS and thats then they will either be provided static or dynamic IP
20 |
21 | Feel free to reach out to your facilitator in case you have any questions regarding the tabs within the AVS Private Cloud.
22 |
23 | Please carefully follow the instructions provided by your facilitator.
24 |
25 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server and the NSX Manager.
26 |
27 | Applications and workloads running in an Azure VMware Solution private cloud environment require name resolution and DHCP services (optionally) for lookup and IP address assignments. A proper DHCP and DNS infrastructure are required to provide these services. You can configure a virtual machine to provide these services in your private cloud environment.
28 |
29 |
30 |
31 | ## Use NSX-T DHCP server
32 | Here you will be using NSX-T to host your DHCP server and you will create a DHCP. Then you'll add a network segment and specify the DHCP IP address range.
33 | ### Create a DHCP server
34 | 1. In the Azure VMware Solution portal, go to Workload Networking > DHCP and then select Add.
35 |
36 | 
37 |
38 | 1. Select DHCP for the Server Type, provide the server name and IP address CIDR, and then select OK.
39 |
40 | 
41 |
42 | 2. Once done, the DHCP server will be listed in the DHCP tab
43 |
44 | 
45 |
46 | ### Note
47 | This DHCP server automatically gets connected to the default Tier 1 Gateway
48 |
49 | 3. You can now log on to NSX Manager in AVS and verify that the DHCP server is attached to the Tier1 Gateway
50 |
51 |
52 |
53 | This concludes the DHCP Configuration for AVS!!
--------------------------------------------------------------------------------
/docs/2.2 Lets explore NSX - How do we add a segment .md:
--------------------------------------------------------------------------------
1 | Challenge 2.2
2 | "Lets explore NSX - How do we add a segment? "
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Add a Network Segment
10 | 2. Attach a Virtual Machine to the Network Segment
11 |
12 | As a part of this challenge you are also expected to log on to the jump server assigned to your user and create a network segment from NSX and then a DHCP range will be defined within that segment. When a virtual machine will be connected to that segment they VM will automatically obtain the IP from the DHCP range.
13 |
14 | ### Note
15 |
16 | An AVS segment can be created both in the NSX portal and AVS portal
17 |
18 | ## Use Case Tip
19 |
20 | VMs within the AVS environment can be easily segmented into multiple subnets etc. without the need for physical routers and switches
21 |
22 | Customers can easily achieve data center segmentation with a few simple steps without changing any of the underlying physical network configurations with VMware NSX and vSphere
23 |
24 | Please carefully follow the instructions provided by your facilitator.
25 |
26 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server and the NSX Manager.
27 |
28 |
29 |
30 | ## Add a Network Segment
31 | 1. In NSX-T Manager, select Networking > Segments, and then select Add Segment.
32 |
33 | 
34 |
35 | 2. Enter a name for the segment.
36 |
37 | 3. Select the Tier-1 Gateway (TNTxx-T1) as the Connected Gateway
38 |
39 | 4. Select the pre-configured overlay Transport Zone (TNTxx-OVERLAY-TZ) and then select Set Subnets in gateway/prefix length format.
40 |
41 | 
42 |
43 | 5. Add DHCP range to your segment such that the VM's attached to this segment can recieve IP address dynamically
44 |
45 | 
46 |
47 | 6. Select Apply and then Save.
48 |
49 | ### Note
50 | The IP address needs to be on a non-overlapping RFC1918 address block, which ensures connection to the VMs on the new segment.
51 |
52 | 7. Once the segment is created refer to the “Credentials&IP” document to attach the respective virtual machine listed there to the new segment that has been created and verify that the virtual machine is getting an IP from the DHCP
53 |
54 | ### Hint
55 |
56 | The segment needs to attach to the virtual machine by right clicking the VM > Edit Settings > Network Adaptor 1
57 |
58 |
59 |
60 | This concludes the NSX segment configuration for AVS!!
61 |
62 |
--------------------------------------------------------------------------------
/docs/2.3 Lets explore NSX - So we need to add a DNS Forwarder.md:
--------------------------------------------------------------------------------
1 | Challenge 2.3
2 | "Lets explore NSX - So we need to add a DNS Forwarder"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Configure a DNS forwarder within NSX such that the On Prem FQDN can be resolved from AVS itself
10 |
11 | Since the default DNS is preconfigured with AVS, to test DNS we are using a feature where we need name resolution
12 |
13 | As a part of this challenge you are also expected to log on to the AVS Private cloud assigned to your team and create a DNS forwarder within NSX such that the On Prem FQDN can be resolved from AVS itself. You can use this to also import images from On Prem to AVS using a content library which is configured On Prem
14 |
15 | ## Use Case Tip
16 |
17 | By default, Azure VMware Solution management components such as vCenter can only resolve name records available through Public DNS. However, certain hybrid use cases require Azure VMware Solution management components to resolve name records from privately hosted DNS to properly function, including customer-managed systems such as vCenter and Active Directory.
18 |
19 | Private DNS for Azure VMware Solution management components lets you define conditional forwarding rules for the desired domain name to a selected set of private DNS servers through the NSX-T DNS Service.
20 |
21 | This capability uses the DNS Forwarder Service in NSX-T. A DNS service and default DNS zone are provided as part of your private cloud. To enable Azure VMware Solution management components to resolve records from your private DNS systems, you must define an FQDN zone and apply it to the NSX-T DNS Service. The DNS Service conditionally forwards DNS queries for each zone based on the external DNS servers defined in that zone.
22 |
23 | Please carefully follow the instructions provided by your facilitator.
24 |
25 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server and the NSX Manager.
26 |
27 | ## Challenge
28 |
29 | By the end of this challenge you should independantly be able to answer the following questions
30 |
31 | 1. What benefits does DNS forwarder get here?
32 | 2. How can you resolve AVS On-Prem FQDN on AVS?
33 | 3. How will you go about configuring LDAP integration for NSX?
34 |
35 |
36 |
37 | ## Configure a DNS forwarder
38 |
39 | 1. In your Azure VMware Solution private cloud, under Workload Networking, select DNS > DNS zones. Then select Add.
40 |
41 | 
42 |
43 | 2. Add the On-Prem FQDN zone by inputting details regarding the DNS Zone Name, Domain Name and DNS Seever IP from the Credentials&IP document and press save
44 |
45 | 
46 |
47 | 3. Attach the configured DNS Zone name to Default DNS Zone and press save
48 |
49 | 
50 |
51 | 4. Now create a content library within the On Prem vCenter Server by providing the relavant details on the content library
52 |
53 | 
54 |
55 | 5. For the new content library, select local content library and enable publishing
56 |
57 | 
58 |
59 | 6. In order to obtain the link of the content library, right click the newly created content library and copy link
60 |
61 | 
62 |
63 | 5. Now proceed to the AVS side and create a new content library and select subscribed content library and paste the content library link from On-Prem side.
64 |
65 | 
66 |
67 | It important to note if AVS didnt have the ON-Prem FQDN configured within the DNS zones of AVS, you wouldnt add the content library from On-Prem to AVS.
68 |
69 | ### Note :
70 |
71 | These DNS zones are a prerequisite for LDAP configuration for NSX.
72 |
73 |
74 | This concludes the NSX DNS Forwarder for AVS!!
75 |
76 |
--------------------------------------------------------------------------------
/docs/2.4 Lets explore NSX - Stepping stone to Microsegmentation.md:
--------------------------------------------------------------------------------
1 | Challenge 2.4
2 | "Lets explore NSX - Stepping stone to Microsegmentation"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Configure a Distributed Firewall using NSX-T
10 |
11 | As a part of this challenge you are also expected to log on to the AVS Private cloud assigned to your team achieve a phased approach enabling yourself to quickly implement zone-based segmentation – for example between Application1 and Application2 – and then gradually you can deepen your security with application isolation and micro-segmentation over time.
12 |
13 | ## Use Case Tip
14 |
15 | Using the NSX Service-defined firewall, customers can gain visibility into traffic and easily create network segmentation by defining them entirely in software — no need to change your network or hairpin traffic by deploying discrete appliances.
16 |
17 | Please carefully follow the instructions provided by your facilitator.
18 |
19 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server and the NSX Manager.
20 |
21 | Applications and workloads running in an Azure VMware Solution private cloud environment require name resolution and DHCP services (optionally) for lookup and IP address assignments. A proper DHCP and DNS infrastructure are required to provide these services. You can configure a virtual machine to provide these services in your private cloud environment.
22 |
23 |
24 |
25 | ## Create a Distributed firewall
26 |
27 | Ensure the following predeployed VMs are already deployed within the AVS vCenter server
28 |
29 | mhack-win11-DFW1
30 | &
31 | mhack-win11-DFW2
32 |
33 | 1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
34 |
35 | 2. Go to Inventory > Groups > Add Group
36 |
37 | 3. Add a group name as Application1 and then press Set Members
38 |
39 | 
40 |
41 | 4. Add the IP of mhack-win11-DFW1 VM IP to this group and the press apply
42 |
43 | 
44 |
45 | 5. Then press save button
46 |
47 | 
48 |
49 | 6. Now create a second Application group and click set members
50 |
51 | 
52 |
53 | 7. Click the IP addresses and then provide the IP address of the AVS mhack-win11-DFW2 VM and then press apply
54 |
55 | 
56 |
57 | 8. Select Security > Distributed Firewall from the navigation panel.
58 |
59 | 9. Click Add Policy
60 |
61 | 
62 |
63 | 10. Enter a Name for the new policy section.
64 |
65 | 
66 |
67 | 11. Click Add Rule
68 |
69 | 
70 |
71 | 12. Set source for the rule by selecting the first Application group and then press apply
72 |
73 | 
74 |
75 | 13. Set destination for the rule by selecting the first Application group and then press apply
76 |
77 | 
78 |
79 | 14. Keep the action as Allow and then press publish
80 |
81 | 
82 |
83 | 15. One you firewall rule has been published, ping the mhack-win11-DFW2 VM from mhack-win11-DFW1 VM. We should notice that the ping is going through
84 |
85 | 16. Now come back to the distributed firewall and set the action to reject
86 |
87 | 17. Now ping the mhack-win11-DFW2 VM from mhack-win11-DFW1 VM. We should notice that the ping is blocked
88 |
89 | This proves the distributed firewall rule between the 2 application groups
90 |
91 |
92 |
93 | This concludes the Microsegmentation stepping stone for AVS!!
94 |
95 |
--------------------------------------------------------------------------------
/docs/3.1 Prepare the On Prem environment - Configure HCX Appliance.md:
--------------------------------------------------------------------------------
1 | Challenge 3.1
2 | "Prepare the On Prem environment - Configure HCX Appliance"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Configure HCX Manager Appliance On-Prem
10 |
11 | As a part of this challenge you are also expected to log on to the On Prem and AVS vCenter servers from the jumpbox assigned to your user. You will also be expected to log on to the AVS portal to retrieve the HCX activation key for On-Prem HCX appliance.
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 | ### Note
18 |
19 | The HCX Manager VM within the On Prem vCenter server was deployed through an OVA (appliance) that we downloaded from AVS HCX. This step was done during the environment preparation to save time.
20 |
21 | You can ask your coach to show you how this step was done
22 |
23 | ## Use Cases for HCX
24 |
25 | 1. Customer migration is often driven by a need to move a known set of existing applications to a new infrastructure. The most common use case for HCX is migration from On-Prem to Azure VMware Service (AVS).
26 | 2. Customer wants to realize value faster for new AVS environments while driving down operational costs.
27 | 3. Due to time constraint choosing HCX proves to be beneficial as parallel migration scenarions like bulk migrations as well as live non-disruptive migrations to and from On-Prem to AVS.
28 |
29 | ## HCX Deployment view
30 |
31 | 
32 |
33 |
34 |
35 | ## Configure HCX Manager Appliance On-Prem
36 |
37 | 1. Log in to the On Prem SDDC by login to your Azure jumpbox and by navigating to portal.azure.com. Log on to the jumpbox using the Bastian host and key in the username and password provided within the AVS "Credentials&IP" document identified for your team
38 |
39 | 2. Log on to your On-Prem vCenter using the "Credentials&IP" document
40 |
41 | 
42 |
43 | 3. Confirm that the vCenter server has hcx-manager deployed and powered on.
44 |
45 | 
46 |
47 | 4. Log on to the AVS private Cloud for your team in Azure Portal from where you will need to get a activation key for the HCX manager On-Prem
48 |
49 | 
50 |
51 | 5. In the Azure VMware Solution portal, go to Manage > Add-ons > Migration using HCX > Connect with on-premise using HCX keys > Add > , specify the HCX Key Name (example as shown in the screenshot), and then select Add.
52 |
53 | 
54 |
55 | 6. Use the admin credentials to sign in to the on-premises VMware HCX Manager at https://HCXManagerIP:9443. Use the "Credentials&IP" doc for this
56 |
57 | ### TIP
58 | The admin user password is set during the VMware HCX Manager OVA file deployment.
59 |
60 | 7. In Licensing, enter your key for HCX Advanced Key and select Activate.
61 |
62 | 
63 |
64 | ### Important TIP
65 | VMware HCX Manager must have open internet access or a proxy configured.
66 |
67 | 8. In Datacentre Location, specify Chicago, Unted States of America and press continue
68 |
69 | 
70 |
71 | 9. In System Name, modify the name or accept the default and select Continue.
72 |
73 | 
74 |
75 | 10. Select Yes, Continue.
76 |
77 | 
78 |
79 | 11. In Connect your vCenter, provide the FQDN or IP address of your vCenter server and the appropriate credentials, and then select Continue. Use the "Credentials&IP" document for this
80 |
81 | 
82 |
83 | 12. In Configure SSO/PSC, provide the FQDN or IP address of your Platform Services Controller (PSC), and then select Continue. In this case the the PSC is the same as the On-Prem vCenter server. Use the "Credentials&IP" document for the same
84 |
85 | 
86 |
87 | 13. Verify that the information entered is correct and select Restart.
88 |
89 | 
90 |
91 | ### Note
92 | You'll experience a delay after restarting before being prompted for the next step.
93 |
94 | After the services restart, you'll see vCenter showing as green on the screen that appears. Both vCenter and SSO must have the appropriate configuration parameters, which should be the same as the previous screen.
95 |
96 | 14. Once HCX Appliance is restarted, log on to the HCX Manager UI – https://hcxmanagerIP:9443
97 |
98 | 15. Go to Configuration -> vSphere Role Mapping -> replace System Administrator and Enterprise Administrator user groups with the following custom domain (instead of vsphere.local).
99 |
100 | Replace the domain name according to the group you have been assigned- microhack-one.zpod.io, Microhack-two.zpod.io or Microhack-three.zpod.io
101 |
102 | 
103 |
104 |
105 |
106 | This concludes the HCX Appliance configuration for AVS!!
107 |
108 |
109 |
--------------------------------------------------------------------------------
/docs/3.2 So how do we connect On Prem to AVS - Configure Site Pairing.md:
--------------------------------------------------------------------------------
1 | Challenge 3.2
2 | "So how do we connect On Prem to AVS? - Configure Site Pairing"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Configure Site Pair
10 |
11 | As a part of this challenge you are expected to log on to the On Prem and AVS vCenter servers. You will also be expected to log on to HCX manager and configure HCX from On Prem and connect it with AVS and deploy the interconnect and network extension appliances such that migration and network extension related activities can be achieved
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 | ## Configure Site Pairing
18 |
19 | Now you're ready to add a site pairing, create a network and compute profile, and enable services such as migration and network extension.
20 |
21 |
22 |
23 | ## Add a site pairing
24 | You can connect or pair the VMware HCX Cloud Manager in AVS with the VMware HCX Connector in your On-Prem datacenter.
25 |
26 | 1. Sign in to your on-premises vCenter, and under Home, select HCX.
27 |
28 | 2. Under Infrastructure, select Site Pairing, and then select the Connect To Remote Site option (in the middle of the screen).
29 |
30 | 
31 |
32 | 3. Enter the Azure VMware Solution HCX Cloud Manager URL or IP address, username and password to intiate the site pairing. Use the "Credentials&IP" doc for the same
33 |
34 | 
35 |
36 | ### Note
37 |
38 | To successfully establish a site pair:
39 | Your VMware HCX Connector must be able to route to your HCX Cloud Manager IP over port 443.
40 |
41 | You'll see a screen showing that your VMware HCX Cloud Manager in Azure VMware Solution and your on-premises VMware HCX Connector are connected (paired).
42 |
43 | 
44 |
45 |
46 |
47 | This concludes the HCX Site Pair Configuration for AVS!!
48 |
--------------------------------------------------------------------------------
/docs/3.3 What Network will be used by Interconnect Appliances - Configure Network Profile.md:
--------------------------------------------------------------------------------
1 | Challenge 3.3
2 | "What Network will be used by Interconnect Appliances? - Configure Network Profile"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Create Network Profile
10 |
11 | As a part of this challenge you are also expected to log on to the On Prem vCenter server and go to HCX Manager plugin on the vCenter to configure the Network Profile
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 | ## Introduction to Network Profiles
18 |
19 | 1. Network Profiles can be pre-created in the Network Profile tab or they can be created during the Compute Profile configuration. A Network Profile contains:
20 |
21 | 2. One underlying vSphere Port Group (VSS or VDS) or NSX-based network.
22 |
23 | 3. IP address information: The gateway IP, the network prefix and MTU, and DNS.
24 |
25 | 4. A pool of IP addresses reserved for HCX to use during Service Mesh deployments.
26 |
27 | ## Characteristics of Network Profiles
28 |
29 | 1. Network Profile configurations are only used during Service Mesh deployments (IP addresses assigned to the IX and NE, and OSAM appliances).
30 |
31 | 2. The HCX Manager only uses a Management interface, it does not use other Network Profile networks.
32 |
33 | 3. A Compute Profile will always include one or more Network Profile.
34 |
35 | 4. When Service Mesh is deployed, every Network Profile that is included in the Compute Profile configuration is used.
36 |
37 | 5. When a Network Profile network is used in a Service Mesh, the HCX appliance will consume a single IP address out of the configured IP pool.
38 |
39 | 6. When a Network Profile is assigned to a specific HCX traffic type (the traffic types are explained in the next section), a single IP address is used. For example, if the same Network Profile is assigned for HCX Management and HCX Uplink, one IP address is used, not two.
40 |
41 | 7. A Network Profile can be used with multiple Compute Profiles.
42 |
43 | ### Example network profile in a customer environment
44 |
45 | 
46 |
47 |
48 |
49 | ## Create Network Profile
50 |
51 | VMware HCX Connector deploys a subset of virtual appliances (automated) that require multiple IP segments. When you create your network profiles, you use the IP segments that have been identified during the VMware HCX Network Segments pre-deployment preparation and planning stage.
52 |
53 | ### Note
54 |
55 | Generally in a customer scenario we create multiple network profiles for the networks below
56 |
57 | #### Management
58 | #### vMotion
59 | #### Replication
60 | #### Uplink
61 |
62 |
63 | For this MicroHack, we will be using the same network profile for all the four networks
64 |
65 | 1. Under Infrastructure, select Interconnect > Multi-Site Service Mesh > Network Profiles > Create Network Profile.
66 |
67 | 
68 |
69 | 2. For each network profile, select the network and port group, provide a name, and create the segment's IP pool. Then select Create. Please refer to the Credentials&IP document for the details for the IP addresses to be used
70 |
71 | 
72 |
73 | 3. Once done, the network profile created by you will be available to be used by the Interconnect and Network Extension appliances within the Service Mesh
74 |
75 |
76 |
77 | This concludes the HCX Network profile creation for AVS!!
78 |
79 |
80 |
--------------------------------------------------------------------------------
/docs/3.4 What Compute will be used by Interconnect Appliances - Configure Compute Profile.md:
--------------------------------------------------------------------------------
1 | Challenge 3.4
2 | "What Compute will be used by Interconnect Appliances? - Configure Compute Profile"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Create Compute Profile
10 |
11 | As a part of this challenge you are also expected to log on to the On Prem vCenter server and HCX Manager plugin in the On-Prem vCenter to configure the Compute Profile
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 | ## Introduction to Compute Profiles
18 |
19 | A Compute Profile configuration required for Service Mesh deployments. It defines deployment parameters of interconnect and network extension appliances within On Prem
20 |
21 | ## Characteristics of Compute Profiles
22 |
23 | 1. An HCX Manager system must have one Compute Profile.
24 |
25 | 2. Compute Profile references clusters and inventory within the vCenter Server that is registered in HCX Manager (other vCenter Servers require their own HCX Manager).
26 |
27 | 3. Creating a Compute Profile does not deploy the HCX appliances (Compute Profiles can be created and not used).
28 |
29 | 4. Creating a Service Mesh deploys appliances using the settings defined in the source and destination Compute Profiles.
30 |
31 | 5. A Compute Profile is considered "in use" when it is used in a Service Mesh configuration.
32 |
33 | 6. Changes to a Compute Profile profile are not effected in the Service Mesh until a Service Mesh a Re-Sync action is triggered.
34 |
35 |
36 |
37 | ## Create a Compute Profle
38 |
39 | 1. Under Infrastructure, select Interconnect > Compute Profiles > Create Compute Profile.
40 |
41 | 
42 |
43 | 5. Enter a name for the profile and select Continue.
44 |
45 | 
46 |
47 | 6. Select the services to enable, such as migration, network extension, or disaster recovery, and uncheck the WAN Optimization, SRM and OS Assisted Migration and then select Continue.
48 |
49 | 
50 |
51 | ### Note
52 | Generally the type of services greyed out will depend on the type of HCX licensing type used.
53 |
54 | 7. When you see the clusters in your on-premises datacenter, select Continue.
55 |
56 | 8. From Select Datastore, select the datastore storage resource for deploying the VMware HCX Interconnect appliances. Then select Continue.
57 |
58 | 
59 |
60 | 9. From Select Management Network Profile, select the management network profile that you created in previous steps. Then select Continue.
61 |
62 | 
63 |
64 | 10. From Select Uplink Network Profile, select the uplink network profile you created in the previous procedure. Then select Continue.
65 |
66 | 
67 |
68 | 11. From Select vMotion Network Profile, select the vMotion network profile that you created in prior steps. Then select Continue.
69 |
70 | 
71 |
72 | 12. From Select vSphere Replication Network Profile, select the replication network profile that you created in prior steps. Then select Continue.
73 |
74 | 
75 |
76 | 13. From Select Distributed Switches for Network Extensions, select the switches that contain the virtual machines to be migrated to Azure VMware Solution on a layer-2 extended network. Then select Continue.
77 |
78 | 
79 |
80 | 14. Review the connection rules and select Continue.
81 |
82 | 
83 |
84 | 15. Select Finish to create the compute profile.
85 |
86 | 
87 |
88 | 16. One the On Prem Compute profile has been created the Compute profile will be listed as below
89 |
90 | 
91 |
92 |
93 |
94 | This concludes the HCX Compute Profile creation for AVS!!
95 |
96 |
97 |
--------------------------------------------------------------------------------
/docs/3.5 Deployment of Interconnect Appliances - Create a Service Mesh.md:
--------------------------------------------------------------------------------
1 | Challenge 3.5
2 | "Deployment of Interconnect Appliances? Create a Service Mesh"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Deploy a Service Mesh
10 |
11 | As a part of this challenge you are also expected to log on to the On Prem vCenter server and HCX Manager plugin in the On-Prem vCenter to deploy the interconnect and network extension appliances as a part of Service Mesh
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 | ## What is a Service Mesh?
18 |
19 | When HCX Migration, Disaster recovery, Network Extension, and WAN Optimization services are activated, HCX deploys Virtual Appliances in the source site and corresponding "peer" virtual appliances on the destination site. The Multi-Site Service Mesh activates the configuration, deployment, and serviceability of these Interconnect virtual appliance pairs.
20 |
21 |
22 |
23 | ## Create a Service Mesh
24 |
25 | Now it's time to configure a service mesh between on-premises and Azure VMware Solution private cloud.
26 |
27 | ### Note
28 | To successfully establish a service mesh with Azure VMware Solution:
29 | Ports UDP 500/4500 are open between your on-premises VMware HCX Connector 'uplink' network profile addresses and the Azure VMware Solution HCX Cloud 'uplink' network profile addresses.
30 | Be sure to review the VMware HCX required ports.
31 |
32 | 1. Under Infrastructure, select Interconnect > Service Mesh > Create Service Mesh.
33 |
34 | 
35 |
36 | 2. Review the sites that are pre-populated, and then select Continue.
37 |
38 | 
39 |
40 | ### Note
41 | If this is your first service mesh configuration, you won't need to modify this screen
42 |
43 | 3. Select the source and remote compute profiles from the drop-down lists, and then select Continue.
44 |
45 | The selections define the resources where VMs can consume VMware HCX services.
46 |
47 | 
48 |
49 | 4. Review services that will be enabled, and then select Continue.
50 |
51 | 
52 |
53 | 5. In Advanced Configuration - Override Uplink Network profiles, select Continue.
54 |
55 | 
56 |
57 | ### Note
58 | Uplink network profiles connect to the network through which the remote site's interconnect appliances can be reached
59 |
60 | 6. In Advanced Configuration - Network Extension Appliance Scale Out, review and select Continue.
61 |
62 | 
63 |
64 | ### Note
65 | You can have up to eight VLANs per appliance, but you can deploy another appliance to add another eight VLANs. You must also have IP space to account for the more appliances, and it's one IP per appliance. For more information, see VMware HCX Configuration Limits.
66 |
67 | 7. In Advanced Configuration - Traffic Engineering, do not select the Application Path Resiliency and Traffic Flow Conditioning, and then select Continue.
68 |
69 | 
70 |
71 | 8. Review the topology preview and select Continue.
72 |
73 | 
74 |
75 | 9. Enter the name for this HCX-Microhack-ServiceMesh and select Finish to complete.
76 |
77 | 
78 |
79 | 10. Select View Tasks to monitor the deployment.
80 |
81 | When the service mesh deployment finishes successfully, you'll see the services as green.
82 |
83 | 11. Verify the service mesh's health by checking the appliance status.
84 |
85 | 
86 |
87 | 12. Select Interconnect > Appliances.
88 |
89 | 
90 |
91 |
92 |
93 | This concludes the HCX Service Mesh creation for AVS!!
94 |
95 |
96 |
--------------------------------------------------------------------------------
/docs/3.6 Want to retain your VM's IP address - Lets Extend the On Prem Network.md:
--------------------------------------------------------------------------------
1 | Challenge 3.6
2 | "Want to retain your VM's IP address? - Lets Extend the On-Prem Network"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 1. Extend Network
10 |
11 | As a part of this challenge you are also expected to log on to the On Prem vCenter server and HCX Manager plugin in the On-Prem vCenter to extend an On-Prem Network to AVS
12 |
13 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
14 |
15 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
16 |
17 |
18 |
19 | ## Extend Network
20 | In this step you will extend any the on-premises environment to Azure VMware Solution.
21 |
22 | 1. Under Services, select Network Extension > Create a Network Extension.
23 |
24 | 2. Select each of the networks you want to extend to Azure VMware Solution, and then select Next
25 |
26 | 3. Enter the on-premises gateway IP for each of the networks you're extending, and then select Submit.
27 |
28 | 
29 |
30 | The IP address to be used and extended is defined in the IP address / Login document
31 |
32 | It takes a few minutes for the network extension to finish. When it does, you see the status change to Extension complete.
33 |
34 | ## Next steps
35 | If the HCX interconnect tunnel status is UP and green, you can migrate and protect Azure VMware Solution VMs by using VMware HCX. Azure VMware Solution supports workload migrations (with or without a network extension). You can still migrate workloads in your vSphere environment, along with on-premises creation of networks and deployment of VMs onto those networks.
36 |
37 |
38 |
39 | This concludes the HCX network extension for AVS!!
40 |
--------------------------------------------------------------------------------
/docs/3.7 YAY - Its Migration Time - Finally!!! copy.md:
--------------------------------------------------------------------------------
1 | Challenge 3.7
2 | "YAY - Its Migration Time - Finally!!!"
3 | ---
4 |
5 | # Introduction
6 |
7 | In this challenge, you will perform the following tasks:
8 |
9 | 7. Perform Migration of a VM on an extended network
10 |
11 | Please carefully follow the instructions provided by your facilitator. Incorrectly deploying the HCX may result in multiple forthcoming steps not operating as expected.
12 |
13 | Work with the instructor to ensure your VMware environment has the required permissions to access your AVS vCenter Server.
14 |
15 |
16 |
17 | ## Migrate a VM
18 |
19 | 1. To migrate a virtual machine from and On Prem Environment to AVS, sign in to your on-premises vCenter, and under Home, select HCX.
20 |
21 | 2. Under Services, select Migration, and then select the Migrate
22 |
23 | 
24 |
25 | 3. Once the Workload Mobility window is opened, ensure your site pairing is available from On Prem to AVS.
26 |
27 | 4. Select workload-xx-1 as a VM that will be migrated from On-Prem to AVS and press Add
28 |
29 | 
30 |
31 | 5. Once the virtual machine is added, select the transfer and placement parameters for the virtual machine post migration to AVS and then press validate
32 |
33 | 
34 |
35 | 6. Once the transfer and placement validation of the virtual machine has gone through, press go for the migration of the virtual machine
36 |
37 |
38 | 
39 |
40 | 7. Once the VM is migrated into AVS, check the IP address of the VM.
41 |
42 | Note :
43 |
44 | As the VM that was migrated was on a extended network, the IP address of the VM has not changed; however if the VM that was migrated was not on an extended network, then the IP address of the VM would have changed.
45 |
46 |
47 |
48 | This concludes the VM Migration into AVS!!
49 |
50 |
51 |
--------------------------------------------------------------------------------
/docs/4.1 (Optional) -Attach ANF Datastores to AVS hosts copy.md:
--------------------------------------------------------------------------------
1 | 4.1 (Optional) - "Attach ANF Datastores to AVS hosts copy"
2 | ---
3 |
4 | # Introduction
5 |
6 | Azure NetApp Files is an enterprise-class, high-performance, metered file storage service. The service supports the most demanding enterprise file-workloads in the cloud: databases, SAP, and high-performance computing applications, with no code changes. For more information on Azure NetApp Files, see Azure NetApp Files documentation.
7 |
8 | Azure VMware Solution supports attaching Network File System (NFS) datastores as a persistent storage option. You can create NFS datastores with Azure NetApp Files volumes and attach them to clusters of your choice. You can also create virtual machines (VMs) for optimal cost and performance.
9 |
10 | By using NFS datastores backed by Azure NetApp Files, you can expand your storage instead of scaling the clusters. You can also use Azure NetApp Files volumes to replicate data from on-premises or primary VMware environments for the secondary site.
11 |
12 | Create your Azure VMware Solution and create Azure NetApp Files NFS volumes in the virtual network connected to it using an ExpressRoute. Ensure there's connectivity from the private cloud to the NFS volumes created. Use those volumes to create NFS datastores and attach the datastores to clusters of your choice in a private cloud. As a native integration, no other permissions configured via vSphere are needed.
13 |
14 | The following diagram demonstrates a typical architecture of Azure NetApp Files backed NFS datastores attached to an Azure VMware Solution private cloud via ExpressRoute.
15 |
16 | 
17 |
18 |
19 |
20 | ## Register the Microsoft.NetApp Resource Provider with your Azure subscription. (Already Done)
21 |
22 | Enable specific Azure region within your Azure subscription for being able to create NetApp Account by raising a specific type of support incident as below. (Already Done)
23 |
24 | Issue Type: Service and subscription limits (quotas)
25 |
26 | Quota Type: Storage: Azure NetApp Files limits
27 |
28 | Request Details
29 |
30 | Quota Type: Region Access
31 |
32 | Region Requested:
33 |
34 | Identify the VNet which hosts the ER Gateway used for terminating AVS D-MSEE circuit from Workshop Pre-requisites section (Mhack00X-vnet). Create a delegated subnet in this VNet. This subnet should be delegated to service Microsoft.Netapp/volumes. (Already Done)
35 |
36 | ## Verify ANF Delegated Subnet (Already Done)
37 |
38 | Identify the VNet assigned to your AVS SDDC. This is available from Workshop Pre-requisites section.
39 |
40 | Navigate to the subnets under that VNet and ensure that ANFSubnet exists.
41 |
42 | 
43 |
44 | Ensure that ANFSubnet has subnet delegation configured for Microsoft.Netapp/volumes.
45 |
46 | This step should already be done, If it is not configured, configure subnet delegation for Microsoft.Netapp/volumes as shown below
47 |
48 | 
49 |
50 | ## Verify ANF Account (Already Done)
51 |
52 | Identify the ANF Account that has already been provisioned, you should see a resource group called MhackANF, with an ANF Account called MhackANF
53 |
54 | 
55 |
56 | ## Verify ANF Capacity Pool (Already Done)
57 |
58 | Navigate to ANF Account identified/created in Step 3.
59 |
60 | Select "Capacity pools" from the left hand side menu.
61 |
62 | Ensure that LEVELUP-ANF-CP is listed as capacity pool. It should have "Premium" as service level, 4TB as Size and QoS type of Auto.
63 |
64 | 
65 |
66 | ## Create ANF Volume (Already Done)
67 |
68 | Creation of first volume takes around 5 minutes. Subsequent creation of volumes is quicker (< 1 mins)
69 |
70 | Select the Capacity Pool identified in Step 4.
71 |
72 | Select "Volumes" option from left hand side menu.
73 |
74 | On the right hand side pane, click "Add volume" button.
75 |
76 | On the "Basics" tab, provide -
77 |
78 | Name your volume
79 |
80 | Select the VNet assigned to your group
81 |
82 | Select the delegated subnet called ANFSubnet
83 |
84 | Select "Standard" as networking features
85 |
86 | 
87 |
88 | On the "Protocol" tab, provide –
89 |
90 | File path: Name of the volume.
91 |
92 | Azure VMware Solution Datastore: Checked
93 |
94 | Keep default options for rest of the fields.
95 |
96 | 
97 |
98 | Click "Review + create" button
99 |
100 | ## Connect AVS with ANF Volume
101 |
102 | Navigate to AVS SDDC assigned to your group. This is documented at Workshop Pre-requisites section.
103 |
104 | Click "Storage (preview)" option from the left-hand menu.
105 |
106 | Click "Connect Azure NetApp Files Volume"
107 |
108 | 
109 |
110 | On the flyout menu that appears, provide -
111 |
112 | Azure subscription, ANF Account, Capacity Pool and Volume you created in Step 5.
113 |
114 | AVS SDDC cluster
115 |
116 | Datastore name which is recommended to be same as volume name.
117 |
118 | 
119 |
120 | Click "Connect"
121 |
122 | ## Verify the ANF volume as a datastore in AVS
123 |
124 | Connect to AVS SDDC vCenter assigned to your group via jumpbox. This is documented at Workshop Pre-requisites section.
125 |
126 | Click on "Storage" menu on the vCenter portal. ANF Volume should appear as part of the datastores under SDDC.
127 |
128 | Verify the size of volume set up appears correctly on AVS SDDC vCenter.
129 |
130 | This concludes the attachment of Azure NetApp Files volume into AVS!!
--------------------------------------------------------------------------------
/docs/4.2 (Optional) - Enable Managed SNAT for Azure VMware Solution workloads copy.md:
--------------------------------------------------------------------------------
1 | 4.2 (Optional) - "Enable Managed SNAT for Azure VMware Solution workloads"
2 | ---
3 |
4 | # Introduction
5 |
6 | There are three primary patterns for creating outbound access to the Internet from Azure VMware Solution and to enable inbound Internet access to resources on your Azure VMware Solution private cloud.
7 |
8 | 1. Internet Service hosted in Azure
9 | 2. Azure VMware Solution Managed SNAT
10 | 3. Azure Public IPv4 address to NSX-T Data Center Edge
11 |
12 | Your requirements for security controls, visibility, capacity, and operations drive the selection of the appropriate method for delivery of Internet access to the Azure VMware Solution private cloud.
13 |
14 |
15 |
16 | # Internet Service hosted in Azure
17 |
18 | There are multiple ways to generate a default route in Azure and send it towards your Azure VMware Solution private cloud or on-premises. The options are as follows:
19 |
20 | 1. An Azure firewall in a Virtual WAN Hub.
21 | 2. A third-party Network Virtual Appliance in a Virtual WAN Hub Spoke Virtual Network.
22 | 3. A third-party Network Virtual Appliance in a Native Azure Virtual Network using Azure Route Server.
23 | 4. A default route from on-premises transferred to Azure VMware Solution over Global Reach.
24 |
25 | Use any of these patterns to provide an outbound SNAT service with the ability to control what sources are allowed out, to view the connection logs, and for some services, do further traffic inspection.
26 |
27 | The same service can also consume an Azure Public IP and create an inbound DNAT from the Internet towards targets in Azure VMware Solution.
28 |
29 | An environment can also be built that utilizes multiple paths for Internet traffic. One for outbound SNAT (for example, a third-party security NVA), and another for inbound DNAT (like a third party Load balancer NVA using SNAT pools for return traffic).
30 |
31 | ## Azure VMware Solution Managed SNAT
32 | A Managed SNAT service provides a simple method for outbound internet access from an Azure VMware Solution private cloud. Features of this service include the following.
33 |
34 | Easily enabled – select the radio button on the Internet Connectivity tab and all workload networks will have immediate outbound access to the Internet through a SNAT gateway.
35 | No control over SNAT rules, all sources that reach the SNAT service are allowed.
36 | No visibility into connection logs.
37 | Two Public IPs are used and rotated to support up to 128k simultaneous outbound connections.
38 | No inbound DNAT capability is available with the Azure VMware Solution Managed SNAT.
39 |
40 | ## Azure Public IPv4 address to NSX-T Data Center Edge
41 | This option brings an allocated Azure Public IPv4 address directly to the NSX-T Data Center Edge for consumption. It allows the Azure VMware Solution private cloud to directly consume and apply public network addresses in NSX-T Data Center as required. These addresses are used for the following types of connections:
42 |
43 | 1. Outbound SNAT
44 | 2. Inbound DNAT
45 | 3. Load balancing using VMware NSX Advanced Load Balancer and other third-party Network Virtual Appliances
46 | 4. Applications directly connected to a workload VM interface.
47 |
48 | This option also lets you configure the public address on a third-party Network Virtual Appliance to create a DMZ within the Azure VMware Solution private cloud.
49 |
50 | ## Features include:
51 |
52 | Scale – the soft limit of 64 Azure Public IPv4 addresses can be increased by request to 1,000s of Azure Public IPs allocated if required by an application.
53 | Flexibility – An Azure Public IPv4 address can be applied anywhere in the NSX-T Data Center ecosystem. It can be used to provide SNAT or DNAT, on load balancers like VMware’s NSX Advanced Load Balancer, or third-party Network Virtual Appliances. It can also be used on third-party Network Virtual Security Appliances on VMware segments or directly on VMs.
54 | Regionality – the Azure Public IPv4 address to the NSX-T Data Center Edge is unique to the local SDDC. For “multi private cloud in distributed regions,” with local exit to Internet intentions, it’s much easier to direct traffic locally versus trying to control default route propagation for a security or SNAT service hosted in Azure. If you've two or more Azure VMware Solution private clouds connected with a Public IP configured, they can both have a local exit.
55 |
56 | ## Considerations for selecting an option
57 | The option that you select depends on the following factors:
58 |
59 | 1. To add an Azure VMware private cloud to a security inspection point provisioned in Azure native that inspects all Internet traffic from Azure native endpoints, use an Azure native construct and leak a default route from Azure to your Azure VMware Solution private cloud.
60 | 2. If you need to run a third-party Network Virtual Appliance to conform to existing standards for security inspection or streamlined opex, you have two options. You can run your Azure Public IPv4 address in Azure native with the default route method or run it in Azure VMware Solution using Azure Public IPv4 address to NSX-T Data Center Edge.
61 | 3. There are scale limits on how many Azure Public IPv4 addresses can be allocated to a Network Virtual Appliance running in native Azure or provisioned on Azure Firewall. The Azure Public IPv4 address to NSX-T Data Center Edge option allows for much higher allocations (1,000s versus 100s).
62 | 4. Use an Azure Public IPv4 address to the NSX-T Data Center Edge for a localized exit to the internet from each private cloud in its local region. Using multiple Azure VMware Solution private clouds in several Azure regions that need to communicate with each other and the internet, it can be challenging to match an Azure VMware Solution private cloud with a security service in Azure. The difficulty is due to the way a default route from Azure works.
63 |
64 | This concludes the enablement of internet connectivity for workloads in AVS!!
65 |
66 |
67 |
--------------------------------------------------------------------------------
/docs/4.3 (Optional) - Configure storage policy copy.md:
--------------------------------------------------------------------------------
1 | 4.3 (Optional) - "Configure storage policy"
2 | ---
3 |
4 | # Introduction
5 |
6 | VMware vSAN storage policies define storage requirements for your virtual machines (VMs). These policies guarantee the required level of service for your VMs because they determine how storage is allocated to the VM. Each VM deployed to a vSAN datastore is assigned at least one VM storage policy.
7 |
8 | You can assign a VM storage policy in an initial deployment of a VM or when you do other VM operations, such as cloning or migrating. Post-deployment cloudadmin users or equivalent roles can't change the default storage policy for a VM. However, VM storage policy per disk changes is permitted.
9 |
10 | The Run command lets authorized users change the default or existing VM storage policy to an available policy for a VM post-deployment. There are no changes made on the disk-level VM storage policy. You can always change the disk level VM storage policy as per your requirements.
11 |
12 |
13 |
14 | ## List storage policies
15 | You'll run the Get-StoragePolicy cmdlet to list the vSAN based storage policies available to set on a VM.
16 |
17 | Sign in to the Azure portal.
18 |
19 | Select Run command > Packages > Get-StoragePolicies.
20 |
21 | 
22 |
23 | Provide the required values or change the default values, and then select Run.
24 |
25 | 
26 |
27 | Check Notifications to see the progress.
28 |
29 | ## Set storage policy on VM
30 |
31 | You'll run the Set-VMStoragePolicy cmdlet to modify vSAN-based storage policies on a default cluster, individual VM, or group of VMs sharing a similar VM name. For example, if you have three VMs named "MyVM1", "MyVM2", and "MyVM3", supplying "MyVM*" to the VMName parameter would change the StoragePolicy on all three VMs.
32 |
33 | Select Run command > Packages > Set-VMStoragePolicy.
34 |
35 | Provide the required values or change the default values, and then select Run.
36 |
37 | Check Notifications to see the progress.
38 |
39 | ## Set storage policy on all VMs in a location
40 |
41 | You'll run the Set-LocationStoragePolicy cmdlet to Modify vSAN based storage policies on all VMs in a location where a location is the name of a cluster, resource pool, or folder. For example, if you have 3 VMs in Cluster-3, supplying "Cluster-3" would change the storage policy on all 3 VMs.
42 |
43 | Select Run command > Packages > Set-LocationStoragePolicy.
44 |
45 | Provide the required values or change the default values, and then select Run.
46 |
47 | Check Notifications to see the progress.
48 |
49 | ## Specify storage policy for a cluster
50 |
51 | You'll run the Set-ClusterDefaultStoragePolicy cmdlet to specify default storage policy for a cluster,
52 |
53 | Select Run command > Packages > Set-ClusterDefaultStoragePolicy.
54 |
55 | Provide the required values or change the default values, and then select Run.
56 |
57 | Check Notifications to see the progress.
--------------------------------------------------------------------------------
/docs/4.4 (Optional) - Create a placement policy in Azure VMware Solution copy.md:
--------------------------------------------------------------------------------
1 | 4.4 (Optional) - "Create a placement policy in Azure VMware Solution copy"
2 | ---
3 |
4 | # Introduction
5 |
6 | In Azure VMware Solution, clusters in a private cloud are a managed resource. As a result, the CloudAdmin role can't make certain changes to the cluster from the vSphere Client, including the management of Distributed Resource Scheduler (DRS) rules.
7 |
8 | The placement policy feature is available in all Azure VMware Solution regions. Placement policies let you control the placement of virtual machines (VMs) on hosts within a cluster through the Azure portal. When you create a placement policy, it includes a DRS rule in the specified vSphere cluster. It also includes additional logic for interoperability with Azure VMware Solution operations.
9 |
10 | A placement policy has at least five required components:
11 |
12 | Name - Defines the name of the policy and is subject to the naming constraints of Azure Resources.
13 |
14 | Type - Defines the type of control you want to apply to the resources contained in the policy.
15 |
16 | Cluster - Defines the cluster for the policy. The scope of a placement policy is a vSphere cluster, so only resources from the same cluster may be part of the same placement policy.
17 |
18 | State - Defines if the policy is enabled or disabled. In certain scenarios, a policy might be disabled automatically when a conflicting rule gets created. For more information, see Considerations below.
19 |
20 | Virtual machine - Defines the VMs and hosts for the policy. Depending on the type of rule you create, your policy may require you to specify some number of VMs and hosts. For more information, see Placement policy types below.
21 |
22 | Prerequisite
23 | You must have Contributor level access to the private cloud to manage placement policies.
24 |
25 | Placement policy types
26 | VM-VM policies
27 | VM-VM policies specify if selected VMs should run on the same host or must be kept on separate hosts. In addition to choosing a name and cluster for the policy, VM-VM policies require that you select at least two VMs to assign. The assignment of hosts isn't required or permitted for this policy type.
28 |
29 | VM-VM Affinity policies instruct DRS to try to keeping the specified VMs together on the same host. It's useful for performance reasons, for example.
30 |
31 | VM-VM Anti-Affinity policies instruct DRS to try keeping the specified VMs apart from each other on separate hosts. It's useful in availability scenarios where a problem with one host doesn't affect multiple VMs within the same policy.
32 |
33 | VM-Host policies
34 | VM-Host policies specify if selected VMs can run on selected hosts. To avoid interference with platform-managed operations such as host maintenance mode and host replacement, VM-Host policies in Azure VMware Solution are always preferential (also known as "should" rules). Accordingly, VM-Host policies may not be honored in certain scenarios. For more information, see Monitor the operation of a policy below.
35 |
36 | Certain platform operations dynamically update the list of hosts defined in VM-Host policies. For example, when you delete a host that is a member of a placement policy, the host is removed if more than one host is part of that policy. Also, if a host is part of a policy and needs to be replaced as part of a platform-managed operation, the policy is updated dynamically with the new host.
37 |
38 | In addition to choosing a name and cluster for the policy, a VM-Host policy requires that you select at least one VM and one host to assign to the policy.
39 |
40 | VM-Host Affinity policies instruct DRS to try running the specified VMs on the hosts defined.
41 |
42 | VM-Host Anti-Affinity policies instruct DRS to try running the specified VMs on hosts other than those defined.
43 |
44 |
45 |
46 | ## Create a placement policy
47 | There is no defined limit to the number of policies that you create. However, the more placement constraints you create, the more challenging it is for vSphere DRS to effectively move virtual machines within the cluster and provide the resources needed by the workloads.
48 |
49 | Make sure to review the requirements for the policy type.
50 |
51 | In your Azure VMware Solution private cloud, under Manage, select Placement policies > + Create.
52 |
53 | ### Tip
54 |
55 | You may also select the Cluster from the Placement Policy overview pane and then select Create.
56 |
57 | Provide a descriptive name, select the policy type, and select the cluster where the policy is created. Then select Enabled.
58 |
59 | ### Warning
60 |
61 | If you disable the policy, then the policy and the underlying DRS rule are created, but the policy actions are ignored until you enable the policy.
62 |
63 | If you selected VM-Host affinity or VM-Host anti-affinity as the type, select + Add hosts and the hosts to include in the policy. You can select multiple hosts.
64 |
65 | ### Note
66 |
67 | The select hosts pane shows how many VM-Host policies are associated with the host and the total number of VMs contained in those associated policies.
68 |
69 | Select + Add virtual machine and the VMs to include in the policy. You can select multiple VMs.
70 |
71 | ### Note
72 |
73 | The select hosts pane shows how many VM-Host policies are associated with the host and the total number of VMs contained in those associated policies.
74 |
75 | Once you've finished adding the VMs you want, select Add virtual machines.
76 |
77 | Select Next: Review and create to review your policy.
78 |
79 | Select Create policy. If you want to make changes, select Back: Basics.
80 |
81 | After the placement policy gets created, select Refresh to see it in the list.
82 |
83 | Screenshot showing the placement policy as Enabled after it's created.
84 |
85 | Edit a placement policy
86 | You can change the state of a policy, add a new resource, or unassign an existing resource.
87 |
88 | Change the policy state
89 | You can change the state of a policy to Enabled or Disabled.
90 |
91 | In your Azure VMware Solution private cloud, under Manage, select Placement policies.
92 |
93 | For the policy you want to edit, select More (...) and then select Edit.
94 |
95 | ### Tip
96 |
97 | You can disable a policy from the Placement policy overview by selecting Disable from the Settings drop-down. You can't enable a policy from the Settings drop-down.
98 |
99 | If the policy is enabled but you want to disable it, select Disabled and then select Disabled on the confirmation message. Otherwise, if the policy is disabled and you want to enable it, select Enable.
100 |
101 | Select Review + update.
102 |
103 | Review the changes and select Update policy. If you want to make changes, select Back: Basics.
104 |
105 | Update the resources in a policy
--------------------------------------------------------------------------------
/docs/4.5 (Optional) - Understand AVS Automation and ESLZ.md:
--------------------------------------------------------------------------------
1 | 4.5 (Optional) - "Understand AVS Automation and ESLZ"
2 | ---
3 |
4 | # Reference Architecture:�https://aka.ms/avsaccelerator
5 |
6 |
7 | # Reference Implementation:�https://aka.ms/avsenterprisescalerepo
8 |
--------------------------------------------------------------------------------
/docs/Appendix.md:
--------------------------------------------------------------------------------
1 | # Appendix
2 |
3 | [return to readme](../README.md)
4 |
5 | ## Users' IP Ranges per number
6 |
7 | - on-premises/AVS pair #1 : 10.228.16.0/24
8 | - user #1
9 | - GatewaySubnet : 10.228.16.0/28
10 | - Jumpbox subnet : 10.228.16.16/28
11 | - AzureBastionSubnet : 10.228.16.32/27
12 | - user #2
13 | - GatewaySubnet : 10.228.16.64/28
14 | - Jumpbox subnet : 10.228.16.80/28
15 | - AzureBastionSubnet : 10.228.16.96/27
16 | - user #3
17 | - GatewaySubnet : 10.228.16.128/2
18 | - Jumpbox subnet : 10.228.16.144/28
19 | - AzureBastionSubnet : 10.228.16.160/27
20 | - user #4
21 | - GatewaySubnet : 10.228.16.192/28
22 | - Jumpbox subnet : 10.228.16.208/28
23 | - AzureBastionSubnet : 10.228.16.224/27
24 |
25 | - on-premises/AVS pair #2 : 10.228.20.0/24
26 | - user #5
27 | - GatewaySubnet : 10.228.20.0/28
28 | - Jumpbox subnet : 10.228.20.16/28
29 | - AzureBastionSubnet : 10.228.20.32/27
30 | - user #6
31 | - GatewaySubnet : 10.228.20.64/28
32 | - Jumpbox subnet : 10.228.20.80/28
33 | - AzureBastionSubnet : 10.228.20.96/27
34 | - user #7
35 | - GatewaySubnet : 10.228.20.128/28
36 | - Jumpbox subnet : 10.228.20.144/28
37 | - AzureBastionSubnet : 10.228.20.160/27
38 | - user #8
39 | - GatewaySubnet : 10.228.20.192/28
40 | - Jumpbox subnet : 10.228.20.208/28
41 | - AzureBastionSubnet : 10.228.20.224/27
42 |
43 | - on-premises/AVS pair #3 : 10.228.24.0/24
44 | - user #9
45 | - GatewaySubnet : 10.228.24.0/28
46 | - Jumpbox subnet : 10.228.24.16/28
47 | - AzureBastionSubnet : 10.228.24.32/27
48 | - user #10
49 | - GatewaySubnet : 10.228.24.64/28
50 | - Jumpbox subnet : 10.228.24.80/28
51 | - AzureBastionSubnet : 10.228.24.96/27
52 | - user #11
53 | - GatewaySubnet : 10.228.24.128/2
54 | - Jumpbox subnet : 10.228.24.144/28
55 | - AzureBastionSubnet : 10.228.24.160/27
56 | - user #12
57 | - GatewaySubnet : 10.228.24.192/28
58 | - Jumpbox subnet : 10.228.24.208/28
59 | - AzureBastionSubnet : 10.228.24.224/2
60 |
--------------------------------------------------------------------------------
/proctor/0-main.bicep:
--------------------------------------------------------------------------------
1 | param location string = 'canadacentral'
2 |
3 | // If you want to deploy the Express Route (ER) gateway : true. Otherwise : false
4 | param deployErGateway bool = false
5 | // Connect circuits to ER GW
6 | param connectCircuits bool = false
7 |
8 | // If you want to deploy the VPN gateway : true. Otherwise : false
9 | param deployVpnGateway bool = true
10 |
11 | // Parameter to connects the AVS circuits
12 | param avsCircuitIds array = []
13 |
14 | // Proctor number. Always use 1 instead you have to deploy a test proctor instance as all proctor instances uses sames IPs
15 | @allowed([
16 | 1
17 | 2
18 | 3
19 | 4
20 | ])
21 | param proctorId int = 1
22 |
23 | // Change the scope to be able to create the resource group before resources
24 | // then we specify scope at resourceGroup level for all others resources
25 | targetScope = 'subscription'
26 |
27 | resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
28 | name: 'azure-avs-microhack-proctor-${proctorId}-rg'
29 | location: location
30 | }
31 |
32 | // Create a storage account for diags
33 | module storageAccount '../_modules/storageaccount.bicep' = {
34 | scope: rg
35 | name: 'proctor${proctorId}sa'
36 | params: {
37 | location: location
38 | name: 'proctor${proctorId}sa'
39 | }
40 | }
41 |
42 | // Load main variable file
43 | var variables = json(loadTextContent('../vars/vars.json'))
44 |
45 | // Create base virtual network to host the Jumpbox and the Express Route gateway
46 | module adminVnet '../_modules/vnet.bicep' = {
47 | name: 'adminVnet'
48 | scope: rg
49 | params: {
50 | location: location
51 | name: 'adminVnet'
52 | userId: 14
53 | dnsServer: variables.proctorDnsServer
54 | usersIpRanges: variables.usersIpRanges
55 | }
56 | }
57 |
58 | // Define the vWan object
59 | module vWan '../_modules/vwan.bicep' = {
60 | scope: rg
61 | name: 'avs-vwan'
62 | params: {
63 | location: location
64 | name: 'avs-vwan'
65 | }
66 | }
67 |
68 | // Define a single hub for interco with students and AVS
69 | module vHub1 '../_modules/vhub.bicep' = {
70 | scope: rg
71 | name: 'h-${location}'
72 | params: {
73 | addressPrefix: variables.vWanAddressSpace
74 | location: location
75 | name: 'h-${location}'
76 | vwanId: vWan.outputs.vWanId
77 | }
78 | }
79 |
80 | // Add the ER Gateway
81 | module erGw '../_modules/vwanergw.bicep' = if(deployErGateway) {
82 | scope: rg
83 | name: 'erGw-${location}'
84 | params: {
85 | avsCircuitIds: avsCircuitIds
86 | gwName: 'erGw-${location}'
87 | location: location
88 | vHubId: vHub1.outputs.vHubId
89 | vHubName: vHub1.outputs.vHubName
90 | connectCircuits: connectCircuits
91 | }
92 | }
93 |
94 | // Add the VPN Gateway and sites
95 | module hubVpnGw '../_modules/vwanvpngw.bicep' = if(deployVpnGateway) {
96 | scope: rg
97 | name: 'proctorVpnGw-${location}'
98 | params: {
99 | asn: 65515
100 | gwName: 'proctorVpnGw-${location}'
101 | location: location
102 | vHubId: vHub1.outputs.vHubId
103 | }
104 | }
105 |
106 | // Connect server vNet
107 | module adminVnetConnection '../_modules/vwanvnetconnection.bicep' = {
108 | scope: rg
109 | name: '${adminVnet.name}_connection'
110 | params: {
111 | connectionName: '${adminVnet.name}_connection'
112 | vHubName: vHub1.outputs.vHubName
113 | vHubId: vHub1.outputs.vHubId
114 | vNetId: adminVnet.outputs.vnetId
115 | }
116 | }
117 |
118 | // Add studient sites
119 |
120 | @batchSize(1)
121 | module vpnSites '../_modules/vwanvpnsite.bicep' = [ for user in variables.usersIpRanges: if(deployVpnGateway) {
122 | scope: rg
123 | name: 'user-${user.asn}'
124 | params: {
125 | asn: user.asn
126 | userId: user.user
127 | bgpIp: user.ownBgpIp
128 | location: location
129 | name: 'user-${user.asn}'
130 | publicIp: '${user.vpnGatewayDnsPrefix}-${variables.sessionId}.${variables.dnsDomain}'
131 | vWanId: vWan.outputs.vWanId
132 | vpnGatewayName: hubVpnGw.name
133 | }
134 | }]
135 |
136 | // Create the jumpbox VM
137 |
138 | module jumpboxVm '../_modules/vm.bicep' = {
139 | name: 'jumpbox'
140 | scope: rg
141 | params: {
142 | location: location
143 | subnetId: adminVnet.outputs.subnets[1].id
144 | vmName: 'jumpbox'
145 | osType: 'desktop'
146 | }
147 | }
148 |
149 | // Create extra jumpbox VM
150 | module extraJumpboxVm '../_modules/vm.bicep' = [for index in range(1, 3):{
151 | name: 'jumpbox${index}'
152 | scope: rg
153 | params: {
154 | location: location
155 | subnetId: adminVnet.outputs.subnets[1].id
156 | vmName: 'jumpbox${index}'
157 | osType: 'desktop'
158 | }
159 | }]
160 |
161 | // Create the server for DNS
162 |
163 | module serverVm '../_modules/vm.bicep' = {
164 | name: 'server'
165 | scope: rg
166 | params: {
167 | location: location
168 | subnetId: adminVnet.outputs.subnets[1].id
169 | vmName: 'server'
170 | osType: 'server'
171 | autoShutdownStatus: 'Disabled'
172 | }
173 | }
174 |
175 | // Azure Bastion to admin the jumpbox if required
176 |
177 | module bastionHost '../_modules/bastion.bicep' = {
178 | name: 'bastion'
179 | scope: rg
180 | params: {
181 | location: location
182 | name: 'bastion'
183 | subnetId: adminVnet.outputs.subnets[2].id
184 | }
185 | }
186 |
--------------------------------------------------------------------------------
/proctor/README.md:
--------------------------------------------------------------------------------
1 | ## Proctor deployment
2 |
3 | This is only deployed per the proctor once per MicroHack
4 |
5 | ### Task 1: deploy
6 |
7 | This must be deployed **only once** per MicroHack and can survive for following MicroHacks.
8 | It must be deployed in a **proctor subscription**.
9 |
10 | **By default, gateways are not deployed. Change the 0-main.bicep file "DeployGateway" variable to true to deploy them.**
11 | Once ER circuit are manually connected to the ER Gateway, you should revert the variable back to **false** to avoid ER circuit newly connected to be disconnected as they are not part of the deployment script.
12 |
13 | Steps:
14 |
15 | - Log in to Azure Cloud Shell at [https://shell.azure.com/](https://shell.azure.com/) and select Bash
16 |
17 | - Check if the current subscription is the one you want to deploy resources to :
18 |
19 | `az account show`
20 |
21 | - If necessary select your target subscription:
22 |
23 | `az account set --subscription `
24 |
25 | - Clone the GitHub repository:
26 |
27 | `git clone https://github.com/alexandreweiss/azure-avs-microhack`
28 |
29 | - Change directory:
30 |
31 | `cd ./azure-avs-microhack/proctor`
32 |
33 | - Now start the deployment:
34 |
35 | `az deployment sub create -n rg-deploy-proctor -l canadacentral --template-file 0-main.bicep`
36 |
37 | ### Task 2 : Configure the Windows DNS Server on server VM
38 |
39 | - Using Bastion, login to the Windows Server VM called "server"
40 | - Add the DNS Role and Remote Management Tools
41 | - Configure the conditional forwarders for the 3 environments :
42 | - microhack-**one**.zpod.io forwards to 10.96.96.2
43 | - microhack-**two**.zpod.io forwards to 10.96.93.2
44 | - microhack-**three**.zpod.io forwards to 10.96.53.2
45 |
46 | ### Task 3 : update the proctor vnet DNS configuration
47 |
48 | `az deployment sub create -n rg-deploy-user -l canadacentral --template-file 1-update-dns.bicep`
49 |
50 | Once done, you should issue an "ipconfig /renew" on each the jumpbox and the server VM to retreive the new DNS server configuration.
51 |
52 | You can confirm by running "ipconfig /all" to see the DNS Server transitionned from 168.63.129.16 to the new 10.228.x.x IP.
53 |
54 | ### Task 4 : Explore and verify
55 |
56 | After the BICEP deployment concludes successfully, the following has been deployed into your subscription:
57 |
58 | - A resource group named **azure-avs-microhack-proctor-1-rg** containing :
59 | - A VNET with a Gateway subnet, a Jumpbox subnet and an Azure Bastion subnet.
60 | - In each of those subnets :
61 | - A VPN gateway connected to users VPN gateways,
62 | - An ER gateway,
63 | - An Azure Route Server to route branch to branch traffic,
64 | - A Windows Server Jumbox,
65 | - A bastion host.
66 |
67 | - **The VM will have an auto-shutdown scheduled at night to save cost in your subscription. REMEMBER TO POWER IT ON THE D DAY !**
68 |
69 | Verify these resources are present in the portal.
70 |
71 | Credentials are identical for all VMs, as follows:
72 |
73 | - Username: admin-avs
74 | - Password: MicroHack/123
75 |
76 | You may log on to the jumpbox VM through Bastion to test access is successfull.
77 |
78 | You may check BGP is up:
79 |
80 | - between your proctor VPN Gateway (ASN 65013) and all users VPN Gateway (Sample here with user 2, ANS 65002 and 4, ASN 65004)
81 |
82 | - betwenn your proctor VPN Gateway (ASN 65013) and the Route Server (ASN 65515)
83 |
84 | 
85 |
86 | Route Server is in Public Preview and is accessible only via https://aka.ms/routeserver
--------------------------------------------------------------------------------
/users/0-main.bicep:
--------------------------------------------------------------------------------
1 | // Sample deployment command :
2 | // az deployment group create -n Deploy -g azure-avs-microhack-rg --template-file 1-main.bicep
3 | // with "--parameter .\param\main.param.json" if parameters are used
4 |
5 | // VPN Shared key intentionaly left in clear text. This is just an ephemeral lab
6 |
7 | // Location to deploy the below resources
8 | param location string = 'canadacentral'
9 |
10 | // If you want to deploy the Express Route (ER) gateway : true. Otherwise : false
11 | param deployGateway bool = true
12 |
13 | // User number to pick the correct IP ranges
14 | @allowed([
15 | 1
16 | 2
17 | 3
18 | 4
19 | 5
20 | 6
21 | 7
22 | 8
23 | 9
24 | 10
25 | 11
26 | 12
27 | 13
28 | ])
29 | param userId int
30 |
31 | // Change the scope to be able to create the resource group before resources
32 | // then we specify scope at resourceGroup level for all others resources
33 | targetScope = 'subscription'
34 |
35 | resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
36 | name: 'azure-avs-microhack-user-${userId}-rg'
37 | location: location
38 | }
39 |
40 | // Load main variable file
41 | var variables = json(loadTextContent('../vars/vars.json'))
42 |
43 | // Create base virtual network to host the Jumpbox and the Express Route gateway
44 | module adminVnet '../_modules/vnet.bicep' = {
45 | name: 'adminVnet'
46 | scope: rg
47 | params: {
48 | location: location
49 | name: 'adminVnet'
50 | userId: userId
51 | usersIpRanges: variables.usersIpRanges
52 | }
53 | }
54 |
55 | // Create the VPN gateway in the base virtual network
56 | module vpnGw '../_modules/vpngw.bicep' = if(deployGateway) {
57 | name: 'vpn-gw'
58 | scope: rg
59 | params: {
60 | gwSubnetId: adminVnet.outputs.subnets[0].id
61 | location: location
62 | name: 'vpn-gw'
63 | userId: userId
64 | variables: variables
65 | }
66 | }
67 |
68 | // LNG to Hub instance 0
69 | module lngToHub '../_modules/lng.bicep' = {
70 | scope: rg
71 | name: 'lngToHub'
72 | params: {
73 | location: location
74 | name: 'lngToHub'
75 | userId: userId
76 | variables: variables
77 | tunnelId: 1
78 | }
79 | }
80 |
81 | // LNG to Hub instance 1
82 | module lngToHub2 '../_modules/lng.bicep' = {
83 | scope: rg
84 | name: 'lngToHub2'
85 | params: {
86 | location: location
87 | name: 'lngToHub2'
88 | userId: userId
89 | variables: variables
90 | tunnelId: 2
91 | }
92 | }
93 |
94 | // connection to instance 0
95 | module vpnToHubConnection '../_modules/vpnConnection.bicep' = {
96 | scope: rg
97 | name: 'connectionToHub'
98 | params: {
99 | location: location
100 | name: 'connectionToHub'
101 | remoteLngId: lngToHub.outputs.lngId
102 | vpnGwId: vpnGw.outputs.vpnGwId
103 | vpnPreSharedKey: 'MicrosoftMicroHack@1234$'
104 | }
105 | }
106 |
107 | // connection to instance 1
108 | module vpnToHubConnection2 '../_modules/vpnConnection.bicep' = {
109 | scope: rg
110 | name: 'connectionToHub2'
111 | params: {
112 | location: location
113 | name: 'connectionToHub2'
114 | remoteLngId: lngToHub2.outputs.lngId
115 | vpnGwId: vpnGw.outputs.vpnGwId
116 | vpnPreSharedKey: 'MicrosoftMicroHack@1234$'
117 | }
118 | }
119 |
120 |
121 | // Create the jumpbox VM
122 |
123 | module jumpboxVm '../_modules/vm.bicep' = {
124 | name: 'jumpbox'
125 | dependsOn: [
126 | vpnToHubConnection
127 | ]
128 | scope: rg
129 | params: {
130 | location: location
131 | subnetId: adminVnet.outputs.subnets[1].id
132 | vmName: 'jumpbox'
133 | osType: 'desktop'
134 | }
135 | }
136 |
137 | // Azure Bastion to admin the jumpbox if required
138 |
139 | module bastionHost '../_modules/bastion.bicep' = {
140 | name: 'bastion'
141 | scope: rg
142 | params: {
143 | location: location
144 | name: 'bastion'
145 | subnetId: adminVnet.outputs.subnets[2].id
146 | }
147 | }
148 |
--------------------------------------------------------------------------------
/vars/vars.json:
--------------------------------------------------------------------------------
1 | {
2 | "proctorDnsServer" : "10.228.17.37",
3 | "vWanAddressSpace" : "10.228.27.0/24",
4 | "sessionId" : 26,
5 | "dnsDomain" : "canadacentral.cloudapp.azure.com",
6 | "usersIpRanges" : [
7 | {
8 | "user" : 1,
9 | "addressSpace" : "10.228.16.0/25",
10 | "subnets" : [
11 | "10.228.16.0/27",
12 | "10.228.16.32/27",
13 | "10.228.16.64/27",
14 | "NA"
15 | ],
16 | "asn" : 65001,
17 | "remoteAsn" : 65515,
18 | "ownBgpIp" : "10.228.16.30",
19 | "remoteBgpIp" : "10.228.27.14",
20 | "remoteBgpIp2" : "10.228.27.15",
21 | "vpnGatewayDnsPrefix" : "user-1-vpn-gw-pip",
22 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
23 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
24 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
25 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
26 | "dnsServer" : "10.228.17.37"
27 | },
28 | {
29 | "user" : 2,
30 | "addressSpace" : "10.228.16.128/25",
31 | "subnets" : [
32 | "10.228.16.128/27",
33 | "10.228.16.160/27",
34 | "10.228.16.192/27",
35 | "NA"
36 | ],
37 | "asn" : 65002,
38 | "remoteAsn" : 65515,
39 | "ownBgpIp" : "10.228.16.158",
40 | "remoteBgpIp" : "10.228.27.14",
41 | "remoteBgpIp2" : "10.228.27.15",
42 | "vpnGatewayDnsPrefix" : "user-2-vpn-gw-pip",
43 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
44 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
45 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
46 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
47 | "dnsServer" : "10.228.17.37"
48 | },
49 | {
50 | "user" : 3,
51 | "addressSpace" : "10.228.17.128/25",
52 | "subnets" : [
53 | "10.228.17.128/27",
54 | "10.228.17.160/27",
55 | "10.228.17.192/27",
56 | "NA"
57 | ],
58 | "asn" : 65003,
59 | "remoteAsn" : 65515,
60 | "ownBgpIp" : "10.228.27.158",
61 | "remoteBgpIp" : "10.228.27.14",
62 | "remoteBgpIp2" : "10.228.27.15",
63 | "vpnGatewayDnsPrefix" : "user-3-vpn-gw-pip",
64 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
65 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
66 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
67 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
68 | "dnsServer" : "10.228.17.37"
69 | },
70 | {
71 | "user" : 4,
72 | "addressSpace" : "10.228.18.0/25",
73 | "subnets" : [
74 | "10.228.18.0/27",
75 | "10.228.18.32/27",
76 | "10.228.18.64/27",
77 | "NA"
78 | ],
79 | "asn" : 65004,
80 | "remoteAsn" : 65515,
81 | "ownBgpIp" : "10.228.18.30",
82 | "remoteBgpIp" : "10.228.27.14",
83 | "remoteBgpIp2" : "10.228.27.15",
84 | "vpnGatewayDnsPrefix" : "user-4-vpn-gw-pip",
85 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
86 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
87 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
88 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
89 | "dnsServer" : "10.228.17.37"
90 | },
91 | {
92 | "user" : 5,
93 | "addressSpace" : "10.228.20.0/25",
94 | "subnets" : [
95 | "10.228.20.0/27",
96 | "10.228.20.32/27",
97 | "10.228.20.64/27",
98 | "NA"
99 | ],
100 | "asn" : 65005,
101 | "remoteAsn" : 65515,
102 | "ownBgpIp" : "10.228.20.30",
103 | "remoteBgpIp" : "10.228.27.14",
104 | "remoteBgpIp2" : "10.228.27.15",
105 | "vpnGatewayDnsPrefix" : "user-5-vpn-gw-pip",
106 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
107 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
108 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
109 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
110 | "dnsServer" : "10.228.17.37"
111 | },
112 | {
113 | "user" : 6,
114 | "addressSpace" : "10.228.20.128/25",
115 | "subnets" : [
116 | "10.228.20.128/27",
117 | "10.228.20.160/27",
118 | "10.228.20.192/27",
119 | "NA"
120 | ],
121 | "asn" : 65006,
122 | "remoteAsn" : 65515,
123 | "ownBgpIp" : "10.228.20.158",
124 | "remoteBgpIp" : "10.228.27.14",
125 | "remoteBgpIp2" : "10.228.27.15",
126 | "vpnGatewayDnsPrefix" : "user-6-vpn-gw-pip",
127 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
128 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
129 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
130 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
131 | "dnsServer" : "10.228.17.37"
132 | },
133 | {
134 | "user" : 7,
135 | "addressSpace" : "10.228.21.0/25",
136 | "subnets" : [
137 | "10.228.21.0/27",
138 | "10.228.21.32/27",
139 | "10.228.21.64/27",
140 | "NA"
141 | ],
142 | "asn" : 65007,
143 | "remoteAsn" : 65515,
144 | "ownBgpIp" : "10.228.21.30",
145 | "remoteBgpIp" : "10.228.27.14",
146 | "remoteBgpIp2" : "10.228.27.15",
147 | "vpnGatewayDnsPrefix" : "user-7-vpn-gw-pip",
148 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
149 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
150 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
151 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
152 | "dnsServer" : "10.228.17.37"
153 | },
154 | {
155 | "user" : 8,
156 | "addressSpace" : "10.228.21.128/25",
157 | "subnets" : [
158 | "10.228.21.128/27",
159 | "10.228.21.160/27",
160 | "10.228.21.192/27",
161 | "NA"
162 | ],
163 | "asn" : 65008,
164 | "remoteAsn" : 65515,
165 | "ownBgpIp" : "10.228.21.158",
166 | "remoteBgpIp" : "10.228.27.14",
167 | "remoteBgpIp2" : "10.228.27.15",
168 | "vpnGatewayDnsPrefix" : "user-8-vpn-gw-pip",
169 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
170 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
171 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
172 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
173 | "dnsServer" : "10.228.17.37"
174 | },
175 | {
176 | "user" : 9,
177 | "addressSpace" : "10.228.24.0/25",
178 | "subnets" : [
179 | "10.228.24.0/27",
180 | "10.228.24.32/27",
181 | "10.228.24.64/27",
182 | "NA"
183 | ],
184 | "asn" : 65009,
185 | "remoteAsn" : 65515,
186 | "ownBgpIp" : "10.228.24.30",
187 | "remoteBgpIp" : "10.228.27.14",
188 | "remoteBgpIp2" : "10.228.27.15",
189 | "vpnGatewayDnsPrefix" : "user-9-vpn-gw-pip",
190 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
191 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
192 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
193 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
194 | "dnsServer" : "10.228.17.37"
195 | },
196 | {
197 | "user" : 10,
198 | "addressSpace" : "10.228.24.128/25",
199 | "subnets" : [
200 | "10.228.24.128/27",
201 | "10.228.24.160/27",
202 | "10.228.24.192/27",
203 | "NA"
204 | ],
205 | "asn" : 65010,
206 | "remoteAsn" : 65515,
207 | "ownBgpIp" : "10.228.24.158",
208 | "remoteBgpIp" : "10.228.27.14",
209 | "remoteBgpIp2" : "10.228.27.15",
210 | "vpnGatewayDnsPrefix" : "user-10-vpn-gw-pip",
211 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
212 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
213 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
214 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
215 | "dnsServer" : "10.228.17.37"
216 | },
217 | {
218 | "user" : 11,
219 | "addressSpace" : "10.228.25.0/25",
220 | "subnets" : [
221 | "10.228.25.0/27",
222 | "10.228.25.32/27",
223 | "10.228.25.64/27",
224 | "NA"
225 | ],
226 | "asn" : 65011,
227 | "remoteAsn" : 65515,
228 | "ownBgpIp" : "10.228.25.30",
229 | "remoteBgpIp" : "10.228.27.14",
230 | "remoteBgpIp2" : "10.228.27.15",
231 | "vpnGatewayDnsPrefix" : "user-11-vpn-gw-pip",
232 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
233 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
234 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
235 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
236 | "dnsServer" : "10.228.17.37"
237 | },
238 | {
239 | "user" : 12,
240 | "addressSpace" : "10.228.25.128/25",
241 | "subnets" : [
242 | "10.228.25.128/27",
243 | "10.228.25.160/27",
244 | "10.228.25.192/27",
245 | "NA"
246 | ],
247 | "asn" : 65012,
248 | "remoteAsn" : 65515,
249 | "ownBgpIp" : "10.228.25.158",
250 | "remoteBgpIp" : "10.228.27.14",
251 | "remoteBgpIp2" : "10.228.27.15",
252 | "vpnGatewayDnsPrefix" : "user-12-vpn-gw-pip",
253 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
254 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
255 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
256 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
257 | "dnsServer" : "10.228.17.37"
258 | },
259 | {
260 | "user" : 13,
261 | "addressSpace" : "10.228.26.0/25",
262 | "subnets" : [
263 | "10.228.26.0/27",
264 | "10.228.26.32/27",
265 | "10.228.26.64/27",
266 | "NA"
267 | ],
268 | "asn" : 65013,
269 | "remoteAsn" : 65515,
270 | "ownBgpIp" : "10.228.26.30",
271 | "remoteBgpIp" : "10.228.27.14",
272 | "remoteBgpIp2" : "10.228.27.15",
273 | "vpnGatewayDnsPrefix" : "user-13-vpn-gw-pip",
274 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
275 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
276 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
277 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
278 | "dnsServer" : "10.228.17.37"
279 | },
280 | {
281 | "user" : 14,
282 | "addressSpace" : "10.228.17.0/25",
283 | "subnets" : [
284 | "10.228.17.0/27",
285 | "10.228.17.32/27",
286 | "10.228.17.64/27",
287 | "10.228.17.96/27"
288 | ],
289 | "asn" : 65515,
290 | "ownBgpIp" : "10.228.27.14",
291 | "ownBgpIp2" : "10.228.27.15",
292 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
293 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
294 | "vpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
295 | "vpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
296 | "dnsServer" : "10.228.17.37"
297 | }
298 | ],
299 | "usersIpRangesTest" : [
300 | {
301 | "user" : 14,
302 | "addressSpace" : "10.228.26.0/25",
303 | "subnets" : [
304 | "10.228.26.0/27",
305 | "10.228.26.32/27",
306 | "10.228.26.64/27",
307 | "NA"
308 | ],
309 | "asn" : 65014,
310 | "remoteAsn" : 65515,
311 | "ownBgpIp" : "10.228.26.30",
312 | "remoteBgpIp" : "10.228.27.14",
313 | "remoteBgpIp2" : "10.228.27.15",
314 | "vpnGatewayDnsPrefix" : "user-14-vpn-gw-pip",
315 | "remoteVpnGatewayPublicIp" : "20.151.41.204",
316 | "remoteVpnGatewayPublicIp2" : "20.151.41.208",
317 | "remotevpnGatewayDnsPrefix" : "proctor-1-vpn-gw-pip",
318 | "remoteVpnGatewayDnsPrefix2" : "proctor-1-vpn-gw-pip-2",
319 | "dnsServer" : "10.228.17.37"
320 | }
321 | ]
322 | }
--------------------------------------------------------------------------------