Skip to content

Commit

Permalink
Merge branch 'Azure:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@jfaurskov
jfaurskov authored Oct 4, 2023
2 parents 9919034 + 947d508 commit a58fbe7
Show file tree
Hide file tree
Showing 13 changed files with 363 additions and 5 deletions.
86 changes: 85 additions & 1 deletion docs/reference/treyresearch/armTemplates/auxiliary/hubspoke-connectivity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": ""
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -147,10 +151,12 @@
"azFwPolicyName": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-', parameters('location'))]",
"hubName": "[concat(parameters('topLevelManagementGroupPrefix'), '-hub-', parameters('location'))]",
"azVpnGwIpName": "[concat(variables('vpngwname'), '-pip')]",
"azVpnGwAAIpName": "[concat(variables('vpngwname'), '-pip-002')]",
"azVpnGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azFwName": "[concat(parameters('topLevelManagementGroupPrefix'), '-fw-', parameters('location'))]",
"azErGwIpName": "[concat(variables('erGwName'), '-pip')]",
"azVpnGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"azVpnGwAAPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"azFwIpName": "[concat(variables('azFwName'), '-pip')]",
"azErGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azErGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azErGwIpName'))]",
Expand Down Expand Up @@ -347,7 +353,20 @@
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"type": "Microsoft.Network/publicIpAddresses",
"location": "[parameters('location')]",
"name": "[variables('azVpnGwAAIpName')]",
"sku": {
"name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]"
},
"properties": {
"publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]"
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'No'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
Expand All @@ -357,6 +376,7 @@
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": false,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
Expand Down Expand Up @@ -396,6 +416,70 @@
}
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": true,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
"ipConfigurations": [
{
"name": "default",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwPipId')]"
}
}
},
{
"name": "activeactive",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwAAPipId')]"
}
}
}
],
"sku": {
"name": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]",
"tier": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]"
}
}
},
{
"condition": "[and(equals(parameters('enableErGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
Expand Down
11 changes: 11 additions & 0 deletions docs/reference/treyresearch/armTemplates/es-lite.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,14 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -825,6 +833,9 @@
"gwRegionalOrAz": {
"value": "[parameters('gwRegionalOrAz')]"
},
"enableVpnActiveActive": {
"value": "[parameters('enableVpnActiveActive')]"
},
"gwAzSku": {
"value": "[parameters('gwAzSku')]"
},
Expand Down
21 changes: 21 additions & 0 deletions docs/reference/treyresearch/armTemplates/es-portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,26 @@
]
}
},
{
"name": "enableVpnActiveActive",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy VPN Gateway in Active/Active mode",
"defaultValue": "No",
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
"toolTip": "Deploy the VPN gateway in Active/Active mode",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "esGwNoAzSku",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -1254,6 +1274,7 @@
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",
Expand Down
21 changes: 21 additions & 0 deletions docs/reference/treyresearch/armTemplates/portal-es-lite.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,26 @@
]
}
},
{
"name": "enableVpnActiveActive",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy VPN Gateway in Active/Active mode",
"defaultValue": "No",
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
"toolTip": "Deploy the VPN gateway in Active/Active mode",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "esGwNoAzSku",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -1243,6 +1263,7 @@
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",
Expand Down
4 changes: 3 additions & 1 deletion docs/wiki/Deploying-ALZ-BasicSetup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,14 +160,16 @@ On the *Network topology and connectivity* blade you will configure your core ne

Set **Deploy VPN Gateway** to **Yes**:

![networkTab-topology](./media/clip_image036b-2-singlesubscription.png)
![networkTab-topology](./media/ActiveActive.png)

- **Deploy zone redundant or regional VPN Gateway** and **Deploy zone redundant or regional ExpressRoute Gateway**: Zone-redundant gateways are recommended and enabled by default (as per the capabilities of the Region you are deploying your hub virtual network) as they provide higher resiliency and availability. You might opt for a regional deployment depending on your availability requirements and budget. In this tutorial you will deploy a zone-redundant VPN Gateway:

Select **Zone redundant (recommended)**.

![networkTab-gwDeploy](./media/clip_image036b-3-singlesubscription.png)

- **Deploy VPN Gateway in Active/Active mode**: You can create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device. In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. See [Active-active VPN gateways](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#active-active-vpn-gateways).

- **Select the VPN Gateway SKU** and **Select the ExpressRoute Gateway VPN**: choose the right SKU based on your requirements (capabilities, throughput and availability). See [VPN Gateway SKUs](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku) and [ExpressRoute Gateway SKUs](https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsku) for further details on the virtual gateway's SKUs you have available in Azure. In this tutorial you will deploy a VpnGw2AZ which provides an aggregated throughput of up to 1 Gbps:

![networkTab-gwSku](./media/clip_image036b-4-singlesubscription.png)
Expand Down
6 changes: 5 additions & 1 deletion docs/wiki/Whats-new.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,13 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
- Deploy-VM-Monitoring (Management Group: Intermediate Root)
- Deploy-VMSS-Monitoring (Management Group: Intermediate Root)

#### Tooling

- Enhanced the ALZ Portal Accelerator to provide the ability to deploy the Azure VPN Gateway in Active/Active mode as per feedback from [#655](https://github.com/Azure/Enterprise-Scale/issues/655).

#### Other

- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023))
- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023)

### August 2023

Expand Down
Binary file added docs/wiki/media/ActiveActive.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
21 changes: 21 additions & 0 deletions eslzArm/eslz-portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1186,6 +1186,26 @@
]
}
},
{
"name": "enableVpnActiveActive",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy VPN Gateway in Active/Active mode",
"defaultValue": "No",
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
"toolTip": "Deploy the VPN gateway in Active/Active mode",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "esGwNoAzSku",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -2958,6 +2978,7 @@
"enablePrivateDnsZones": "[steps('connectivity').enablePrivateDnsZones]",
"enableVpnGw": "[steps('connectivity').enableVpnGw]",
"gwRegionalOrAz": "[steps('connectivity').gwRegionalOrAz]",
"enableVpnActiveActive": "[steps('connectivity').enableVpnActiveActive]",
"gwRegionalSku": "[coalesce(steps('connectivity').gwRegionalSku, steps('connectivity').esGwNoAzSku)]",
"gwAzSku": "[steps('connectivity').gwAzSku]",
"vpnGateWayScaleUnit": "[steps('connectivity').vpnGateWayScaleUnit]",
Expand Down
Loading

0 comments on commit a58fbe7

Please sign in to comment.