Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Virtual Network Manager #223

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
+280 −5
Draft

Added Virtual Network Manager #223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f1da85b
Added Virtual Network Manager
marvinbuss Nov 1, 2021
b263e4c
Merge branch 'main' into marvinbuss/avnm
marvinbuss Nov 2, 2021
811e256
fixed azure cli version
marvinbuss Nov 2, 2021
275a1ac
updated network manager template
marvinbuss Nov 2, 2021
f4a6ea3
added network groups and config
marvinbuss Nov 2, 2021
04ddc14
Merge branch 'main' into marvinbuss/avnm
marvinbuss Nov 3, 2021
d9fa736
Merge branch 'main' of https://github.com/Azure/data-management-zone …
marvinbuss Nov 17, 2021
6a1d145
Merge branch 'main' of https://github.com/Azure/data-management-zone …
marvinbuss Nov 17, 2021
047de0f
Merge branch 'main' of https://github.com/Azure/data-management-zone …
marvinbuss Dec 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/EnterpriseScaleAnalytics-AzureDevOpsDeployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
| `firewallPrivateIp` | Specifies the private IP address of the central firewall. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `10.0.0.4` |
| `dnsServerAdresses` | Specifies the private IP addresses of the dns servers. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | [ `10.0.0.4` ] |
| `firewallPolicyId` | Specifies the resource ID of the Azure Firewall Policy. Optional parameter allows you to deploy Firewall rules to an existing Firewall Policy if `enableDnsAndFirewallDeployment` is set to `false`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/firewallPolicies/{firewallpolicy-name}` |
| `virtualNetworkManagerManagementGroupScopes` | Specifies the management group scopes for the Azure Virtual Network Manager. | [`{management-group-id-1}`, `{management-group-id-2}`] |
| `virtualNetworkManagerSubscriptionScopes` | Specifies the subscription scopes for the Azure Virtual Network Manager. | [`/subscriptions/{subscription-id-1}`, `/subscriptions/{subscription-id-2}`] |
| `privateDnsZoneIdContainerRegistry` | Specifies the resource ID of the private DNS zone for Container Registry. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io` |
| `privateDnsZoneIdKeyVault` | Specifies the resource ID of the private DNS zone for Key Vault. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
| `privateDnsZoneIdNamespace` | Specifies the resource ID of the private DNS zone for EventHub namespaces. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net` |
Expand Down
2 changes: 2 additions & 0 deletions docs/EnterpriseScaleAnalytics-GitHubActionsDeployment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ To begin, please open the [infra/params.dev.json](/infra/params.dev.json). In th
| `firewallPrivateIp` | Specifies the private IP address of the central firewall. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `10.0.0.4` |
| `dnsServerAdresses` | Specifies the private IP addresses of the dns servers. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | [ `10.0.0.4` ] |
| `firewallPolicyId` | Specifies the resource ID of the Azure Firewall Policy. Optional parameter allows you to deploy Firewall rules to an existing Firewall Policy if `enableDnsAndFirewallDeployment` is set to `false`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/firewallPolicies/{firewallpolicy-name}` |
| `virtualNetworkManagerManagementGroupScopes` | Specifies the management group scopes for the Azure Virtual Network Manager. | [`{management-group-id-1}`, `{management-group-id-2}`] |
| `virtualNetworkManagerSubscriptionScopes` | Specifies the subscription scopes for the Azure Virtual Network Manager. | [`/subscriptions/{subscription-id-1}`, `/subscriptions/{subscription-id-2}`] |
| `privateDnsZoneIdContainerRegistry` | Specifies the resource ID of the private DNS zone for Container Registry. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.azurecr.io` |
| `privateDnsZoneIdKeyVault` | Specifies the resource ID of the private DNS zone for Key Vault. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net` |
| `privateDnsZoneIdNamespace` | Specifies the resource ID of the private DNS zone for EventHub namespaces. Optional if `enableDnsAndFirewallDeployment` is set to `true`. | `/subscriptions/{subscription-id}/resourceGroups/{rg-name}/providers/Microsoft.Network/privateDnsZones/privatelink.servicebus.windows.net` |
Expand Down
12 changes: 10 additions & 2 deletions docs/reference/enterpriseScaleAnalytics.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ targetScope = 'subscription'
@description('Specifies the environment.')
param environment string = 'dev'
@description('Specifies the tags that you want to apply to all resources.')
param tags object
param tags object = {}

// Data Management Parameters
@description('Specifies the subscription ID where your Data Management Zone will be deployed.')
Expand All @@ -21,6 +21,8 @@ param dataManagementZoneSubscriptionId string
param dataManagementZonePrefix string
@description('Specifies the location of your Data Management Zone.')
param dataManagementZoneLocation string
@description('Specifies the management group scopes for the Azure Virtual Network Manager.')
param virtualNetworkManagerManagementGroupScopes array = []

// Data Landing Zone Parameters
@description('Specifies the administrator username of the Synapse workspace and the virtual machine scale sets.')
Expand All @@ -32,7 +34,7 @@ param dataLandingZoneDetails array
@description('Specifies the prefix of Data Landing Zones.')
param dataLandingZonePrefix string
@description('Specifies whether Azure Bastion will be deployed in the first Data Landing Zone.')
param enableBastionHostDeployment bool
param enableBastionHostDeployment bool = false
@allowed([
'Windows11'
'WindowsServer2022'
Expand Down Expand Up @@ -94,6 +96,12 @@ resource dataManagementZoneDeployment 'Microsoft.Resources/deployments@2021-04-0
firewallPolicyId: {
value: ''
}
virtualNetworkManagerManagementGroupScopes: {
value: virtualNetworkManagerManagementGroupScopes
}
virtualNetworkManagerSubscriptionScopes: {
value: [for dataLandingZoneDetail in dataLandingZoneDetails: '/subscriptions/${dataLandingZoneDetail.subscription}']
}
privateDnsZoneIdBlob: {
value: ''
}
Expand Down
23 changes: 22 additions & 1 deletion docs/reference/enterpriseScaleAnalytics.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
"templateHash": "7920090618025606816"
"templateHash": "7094337474074200395"
}
},
"parameters": {
Expand All @@ -23,6 +23,7 @@
},
"tags": {
"type": "object",
"defaultValue": {},
"metadata": {
"description": "Specifies the tags that you want to apply to all resources."
}
Expand All @@ -45,6 +46,13 @@
"description": "Specifies the location of your Data Management Zone."
}
},
"virtualNetworkManagerManagementGroupScopes": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies the management group scopes for the Azure Virtual Network Manager."
}
},
"administratorUsername": {
"type": "string",
"defaultValue": "SuperMainUser",
Expand Down Expand Up @@ -72,6 +80,7 @@
},
"enableBastionHostDeployment": {
"type": "bool",
"defaultValue": false,
"metadata": {
"description": "Specifies whether Azure Bastion will be deployed in the first Data Landing Zone."
}
Expand Down Expand Up @@ -145,6 +154,18 @@
"firewallPolicyId": {
"value": ""
},
"virtualNetworkManagerManagementGroupScopes": {
"value": "[parameters('virtualNetworkManagerManagementGroupScopes')]"
},
"virtualNetworkManagerSubscriptionScopes": {
"copy": [
{
"name": "value",
"count": "[length(parameters('dataLandingZoneDetails'))]",
"input": "[format('/subscriptions/{0}', parameters('dataLandingZoneDetails')[copyIndex('value')].subscription)]"
}
]
},
"privateDnsZoneIdBlob": {
"value": ""
},
Expand Down
6 changes: 6 additions & 0 deletions infra/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ param dnsServerAdresses array = [
]
@description('Specifies the resource ID of the Azure Firewall Policy. Optional parameter allows you to deploy Firewall rules to an existing Firewall Policy if `enableDnsAndFirewallDeployment` is set to `false`.')
param firewallPolicyId string = ''
@description('Specifies the management group scopes for the Azure Virtual Network Manager.')
param virtualNetworkManagerManagementGroupScopes array = []
@description('Specifies the subscription scopes for the Azure Virtual Network Manager.')
param virtualNetworkManagerSubscriptionScopes array = []

// Private DNS Zone parameters
@description('Specifies the resource ID of the private DNS zone for Key Vault. Optional if `enableDnsAndFirewallDeployment` is set to `true`.')
Expand Down Expand Up @@ -93,6 +97,8 @@ module networkServices 'modules/network.bicep' = {
enableDnsAndFirewallDeployment: enableDnsAndFirewallDeployment
firewallPrivateIp: firewallPrivateIp
firewallPolicyId: firewallPolicyId
virtualNetworkManagerManagementGroupScopes: virtualNetworkManagerManagementGroupScopes
virtualNetworkManagerSubscriptionScopes: virtualNetworkManagerSubscriptionScopes
}
}

Expand Down
134 changes: 132 additions & 2 deletions infra/main.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
"templateHash": "16584189192184544370"
"templateHash": "18257694432751193303"
}
},
"parameters": {
Expand Down Expand Up @@ -100,6 +100,20 @@
"description": "Specifies the resource ID of the Azure Firewall Policy. Optional parameter allows you to deploy Firewall rules to an existing Firewall Policy if `enableDnsAndFirewallDeployment` is set to `false`."
}
},
"virtualNetworkManagerManagementGroupScopes": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies the management group scopes for the Azure Virtual Network Manager."
}
},
"virtualNetworkManagerSubscriptionScopes": {
"type": "array",
"defaultValue": [],
"metadata": {
"description": "Specifies the subscription scopes for the Azure Virtual Network Manager."
}
},
"privateDnsZoneIdKeyVault": {
"type": "string",
"defaultValue": "",
Expand Down Expand Up @@ -266,6 +280,12 @@
},
"firewallPolicyId": {
"value": "[parameters('firewallPolicyId')]"
},
"virtualNetworkManagerManagementGroupScopes": {
"value": "[parameters('virtualNetworkManagerManagementGroupScopes')]"
},
"virtualNetworkManagerSubscriptionScopes": {
"value": "[parameters('virtualNetworkManagerSubscriptionScopes')]"
}
},
"template": {
Expand All @@ -275,7 +295,7 @@
"_generator": {
"name": "bicep",
"version": "0.4.1008.15138",
"templateHash": "10662562629090602323"
"templateHash": "2364844395026092218"
}
},
"parameters": {
Expand Down Expand Up @@ -317,12 +337,21 @@
"firewallPolicyId": {
"type": "string",
"defaultValue": ""
},
"virtualNetworkManagerManagementGroupScopes": {
"type": "array",
"defaultValue": []
},
"virtualNetworkManagerSubscriptionScopes": {
"type": "array",
"defaultValue": []
}
},
"functions": [],
"variables": {
"azureFirewallSubnetName": "AzureFirewallSubnet",
"servicesSubnetName": "ServicesSubnet",
"virtualNetworkManagerName": "[format('{0}-vnm', parameters('prefix'))]",
"firewallPolicySubscriptionId": "[if(greaterOrEquals(length(split(parameters('firewallPolicyId'), '/')), 9), split(parameters('firewallPolicyId'), '/')[2], subscription().subscriptionId)]",
"firewallPolicyResourceGroupName": "[if(greaterOrEquals(length(split(parameters('firewallPolicyId'), '/')), 9), split(parameters('firewallPolicyId'), '/')[4], resourceGroup().name)]",
"firewallPolicyName": "[if(greaterOrEquals(length(split(parameters('firewallPolicyId'), '/')), 9), last(split(parameters('firewallPolicyId'), '/')), 'incorrectSegmentLength')]"
Expand Down Expand Up @@ -528,6 +557,107 @@
"[resourceId('Microsoft.Network/virtualNetworks', format('{0}-vnet', parameters('prefix')))]"
]
},
{
"type": "Microsoft.Network/networkManagers",
"apiVersion": "2021-02-01-preview",
"name": "[variables('virtualNetworkManagerName')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {
"description": "Network Manager for ESA Mesh Network Architecture",
"displayName": "[variables('virtualNetworkManagerName')]",
"networkManagerScopeAccesses": [
"Connectivity",
"SecurityAdmin",
"SecurityUser"
],
"networkManagerScopes": {
"managementGroups": "[union(array(null()), parameters('virtualNetworkManagerManagementGroupScopes'))]",
"subscriptions": "[union(array(subscription().id), parameters('virtualNetworkManagerSubscriptionScopes'))]"
}
}
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
"apiVersion": "2021-02-01-preview",
"name": "[format('{0}/{1}', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsDevNetworkGroup')]",
"properties": {
"description": "Development Group for Enterprise-Scale Analytics",
"displayName": "Enterprise-Scale Analytics Dev Network Group",
"conditionalMembership": "{ \"allOf\": [ { \"field\": \"tags['Environment']\", \"equals\": \"dev\" }, { \"value\": \"[resourceGroup().Name]\", \"contains\": \"-network\" } ] }",
"groupMembers": [],
"memberType": ""
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', variables('virtualNetworkManagerName'))]"
]
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
"apiVersion": "2021-02-01-preview",
"name": "[format('{0}/{1}', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsTestNetworkGroup')]",
"properties": {
"description": "Test Group for Enterprise-Scale Analytics",
"displayName": "Enterprise-Scale Analytics Test Network Group",
"conditionalMembership": "{ \"allOf\": [ { \"field\": \"tags['Environment']\", \"equals\": \"tst\" }, { \"value\": \"[resourceGroup().Name]\", \"contains\": \"-network\" } ] }",
"groupMembers": [],
"memberType": ""
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', variables('virtualNetworkManagerName'))]"
]
},
{
"type": "Microsoft.Network/networkManagers/networkGroups",
"apiVersion": "2021-02-01-preview",
"name": "[format('{0}/{1}', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsProdNetworkGroup')]",
"properties": {
"description": "Production Group for Enterprise-Scale Analytics",
"displayName": "Enterprise-Scale Analytics Prod Network Group",
"conditionalMembership": "{ \"allOf\": [ { \"field\": \"tags['Environment']\", \"equals\": \"prd\" }, { \"value\": \"[resourceGroup().Name]\", \"contains\": \"-network\" } ] }",
"groupMembers": [],
"memberType": ""
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', variables('virtualNetworkManagerName'))]"
]
},
{
"type": "Microsoft.Network/networkManagers/connectivityConfigurations",
"apiVersion": "2021-02-01-preview",
"name": "[format('{0}/{1}', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsConnectivityConfig')]",
"properties": {
"connectivityTopology": "Mesh",
"appliesToGroups": [
{
"groupConnectivity": "DirectlyConnected",
"isGlobal": "False",
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsDevNetworkGroup')]"
},
{
"groupConnectivity": "DirectlyConnected",
"isGlobal": "False",
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsTestNetworkGroup')]"
},
{
"groupConnectivity": "DirectlyConnected",
"isGlobal": "False",
"networkGroupId": "[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsProdNetworkGroup')]"
}
],
"deleteExistingPeering": "True",
"description": "Enterprise-Scale Analytics Mesh Network Topology",
"displayName": "Enterprise-Scale Analytics Connectivity Config",
"hubs": [],
"isGlobal": "False"
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkManagers', variables('virtualNetworkManagerName'))]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsDevNetworkGroup')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsProdNetworkGroup')]",
"[resourceId('Microsoft.Network/networkManagers/networkGroups', variables('virtualNetworkManagerName'), 'EnterpriseScaleAnalyticsTestNetworkGroup')]"
]
},
{
"condition": "[parameters('enableDnsAndFirewallDeployment')]",
"type": "Microsoft.Resources/deployments",
Expand Down
Loading