Skip to content

Commit

Permalink
Merge branch 'main' into Azure_Networking1
Browse files Browse the repository at this point in the history
  • Loading branch information
@Springstone
Springstone authored Oct 4, 2023
2 parents 15fefcf + 947d508 commit dc73887
Show file tree
Hide file tree
Showing 13 changed files with 366 additions and 9 deletions.
86 changes: 85 additions & 1 deletion docs/reference/treyresearch/armTemplates/auxiliary/hubspoke-connectivity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": ""
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -147,10 +151,12 @@
"azFwPolicyName": "[concat(parameters('topLevelManagementGroupPrefix'), '-azfwpolicy-', parameters('location'))]",
"hubName": "[concat(parameters('topLevelManagementGroupPrefix'), '-hub-', parameters('location'))]",
"azVpnGwIpName": "[concat(variables('vpngwname'), '-pip')]",
"azVpnGwAAIpName": "[concat(variables('vpngwname'), '-pip-002')]",
"azVpnGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azFwName": "[concat(parameters('topLevelManagementGroupPrefix'), '-fw-', parameters('location'))]",
"azErGwIpName": "[concat(variables('erGwName'), '-pip')]",
"azVpnGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"azVpnGwAAPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"azFwIpName": "[concat(variables('azFwName'), '-pip')]",
"azErGwSubnetId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'),'/providers/Microsoft.Network/virtualNetworks/', variables('hubname'), '/subnets/GatewaySubnet')]",
"azErGwPipId": "[concat('/subscriptions/', parameters('connectivitySubscriptionId'), '/resourceGroups/', variables('rgName'), '/providers/Microsoft.Network/publicIPAddresses/', variables('azErGwIpName'))]",
Expand Down Expand Up @@ -347,7 +353,20 @@
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"type": "Microsoft.Network/publicIpAddresses",
"location": "[parameters('location')]",
"name": "[variables('azVpnGwAAIpName')]",
"sku": {
"name": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Standard', 'Basic')]"
},
"properties": {
"publicIPAllocationMethod": "[if(equals(parameters('gwRegionalOrAz'), 'Zone'), 'Static', 'Dynamic')]"
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'No'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
Expand All @@ -357,6 +376,7 @@
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": false,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
Expand Down Expand Up @@ -396,6 +416,70 @@
}
}
},
{
"condition": "[and(equals(parameters('enableVpnGw'), 'Yes'), equals(parameters('enableVpnActiveActive'),'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
"name": "[variables('vpngwname')]",
"type": "Microsoft.Network/virtualNetworkGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwIpName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('azVpnGwAAIpName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
],
"properties": {
"activeActive": true,
"gatewayType": "Vpn",
"vpnGatewayGeneration": "Generation2",
"vpnType": "[parameters('vpnGwType')]",
"ipConfigurations": [
{
"name": "default",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwPipId')]"
}
}
},
{
"name": "activeactive",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('azVpnGwSubnetId')]"
},
"publicIpAddress": {
"id": "[variables('azVpnGwAAPipId')]"
}
}
}
],
"sku": {
"name": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]",
"tier": "[if(
and(
or(
empty(parameters('gwRegionalSku')),
empty(parameters('gwAzSku'))),
not(
empty(parameters('gwRegionalSku')))),
parameters('gwRegionalSku'),
parameters('gwAzSku'))]"
}
}
},
{
"condition": "[and(equals(parameters('enableErGw'), 'Yes'), not(empty(parameters('subnetMaskForGw'))))]",
"apiVersion": "2020-05-01",
Expand Down
11 changes: 11 additions & 0 deletions docs/reference/treyresearch/armTemplates/es-lite.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,14 @@
"type": "string",
"defaultValue": ""
},
"enableVpnActiveActive": {
"type": "string",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
]
},
"gwAzSku": {
"type": "string",
"defaultValue": ""
Expand Down Expand Up @@ -825,6 +833,9 @@
"gwRegionalOrAz": {
"value": "[parameters('gwRegionalOrAz')]"
},
"enableVpnActiveActive": {
"value": "[parameters('enableVpnActiveActive')]"
},
"gwAzSku": {
"value": "[parameters('gwAzSku')]"
},
Expand Down
21 changes: 21 additions & 0 deletions docs/reference/treyresearch/armTemplates/es-portal.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,26 @@
]
}
},
{
"name": "enableVpnActiveActive",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy VPN Gateway in Active/Active mode",
"defaultValue": "No",
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
"toolTip": "Deploy the VPN gateway in Active/Active mode",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "esGwNoAzSku",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -1254,6 +1274,7 @@
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",
Expand Down
21 changes: 21 additions & 0 deletions docs/reference/treyresearch/armTemplates/portal-es-lite.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,26 @@
]
}
},
{
"name": "enableVpnActiveActive",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy VPN Gateway in Active/Active mode",
"defaultValue": "No",
"visible": "[and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan')), equals(steps('connectivity').enableVpnGw,'Yes'))]",
"toolTip": "Deploy the VPN gateway in Active/Active mode",
"constraints": {
"allowedValues": [
{
"label": "Yes",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
}
},
{
"name": "esGwNoAzSku",
"type": "Microsoft.Common.DropDown",
Expand Down Expand Up @@ -1243,6 +1263,7 @@
"vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
"gwRegionalOrAz": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
"enableVpnActiveActive": "[steps('esConnectivityGoalState').enableVpnActiveActive]",
"gwAzSku": "[steps('esConnectivityGoalState').esGwAzSku]",
"gwRegionalSku": "[if(empty(steps('esConnectivityGoalState').esGwRegionalSku), steps('esConnectivityGoalState').esGwNoAzSku, steps('esConnectivityGoalState').esGwRegionalSku)]",
"erRegionalOrAz": "[steps('esConnectivityGoalState').esErRegionalOrAz]",
Expand Down
4 changes: 3 additions & 1 deletion docs/wiki/Deploying-ALZ-BasicSetup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,14 +160,16 @@ On the *Network topology and connectivity* blade you will configure your core ne

Set **Deploy VPN Gateway** to **Yes**:

![networkTab-topology](./media/clip_image036b-2-singlesubscription.png)
![networkTab-topology](./media/ActiveActive.png)

- **Deploy zone redundant or regional VPN Gateway** and **Deploy zone redundant or regional ExpressRoute Gateway**: Zone-redundant gateways are recommended and enabled by default (as per the capabilities of the Region you are deploying your hub virtual network) as they provide higher resiliency and availability. You might opt for a regional deployment depending on your availability requirements and budget. In this tutorial you will deploy a zone-redundant VPN Gateway:

Select **Zone redundant (recommended)**.

![networkTab-gwDeploy](./media/clip_image036b-3-singlesubscription.png)

- **Deploy VPN Gateway in Active/Active mode**: You can create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs establish S2S VPN tunnels to your on-premises VPN device. In this configuration, each Azure gateway instance has a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. See [Active-active VPN gateways](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable#active-active-vpn-gateways).

- **Select the VPN Gateway SKU** and **Select the ExpressRoute Gateway VPN**: choose the right SKU based on your requirements (capabilities, throughput and availability). See [VPN Gateway SKUs](https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku) and [ExpressRoute Gateway SKUs](https://learn.microsoft.com/en-us/azure/expressroute/expressroute-about-virtual-network-gateways#gwsku) for further details on the virtual gateway's SKUs you have available in Azure. In this tutorial you will deploy a VpnGw2AZ which provides an aggregated throughput of up to 1 Gbps:

![networkTab-gwSku](./media/clip_image036b-4-singlesubscription.png)
Expand Down
13 changes: 8 additions & 5 deletions docs/wiki/Whats-new.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## In this Section

- [Updates](#updates)
- [October 2023](#october-2023)
- [September 2023](#september-2023)
- [August 2023](#august-2023)
- [July 2023](#july-2023)
Expand Down Expand Up @@ -38,6 +39,12 @@ This article will be updated as and when changes are made to the above and anyth

Here's what's changed in Enterprise Scale/Azure Landing Zones:

### October 2023

#### Tooling
- Added vWAN Hub Routing Intent support to Portal Accelerator for scenarios that include Azure Firewall deployment
- Enhanced the ALZ Portal Accelerator to provide the ability to deploy the Azure VPN Gateway in Active/Active mode as per feedback from [#655](https://github.com/Azure/Enterprise-Scale/issues/655).

### September 2023

#### Policy
Expand All @@ -64,13 +71,9 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
- Deploy-VM-Monitoring (Management Group: Intermediate Root)
- Deploy-VMSS-Monitoring (Management Group: Intermediate Root)

#### Tooling

- Added vWAN Hub Routing Intent support to Portal Accelerator for scenarios that include Azure Firewall deployment

#### Other

- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023))
- [Azure Landing Zone External Community Call - September 2023 - Hosted & Published](https://github.com/Azure/Enterprise-Scale/wiki/Community-Calls#25th-september-2023-25092023)

### August 2023

Expand Down
Binary file added docs/wiki/media/ActiveActive.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit dc73887

Please sign in to comment.