Azure: Barracuda NG template ARM

This template will create two or more loadbalanced barracuda NG's in a specified subnet. 
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "adminUsername": {
      "type": "string",
      "minLength": 1,
      "metadata": {
        "description": "Admin username"
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Admin password"
      }
    },
    "storageAccountName": {
      "type": "string",
      "metadata": {
        "description": "Please type the name of the existing Storage Account!"
      }
    },
    "vNetResourceGroupNameStorage": {
      "type": "string",
      "metadata": {
        "description": "Please type the name of the resourcegroup for the existing! Storage Account."
      }
    },
    "vNetName": {
      "type": "string",
      "metadata": {
        "description": "Please type the name of the existing Virtual Network!"
      }
    },
    "vNetResourceGroupNameNetwork": {
      "type": "string",
      "metadata": {
        "description": "Please type the name of the resourcegroup for the existing! virtual network."
      }
    },
    "vmSize": {
      "type": "string",
      "minLength": 1,
      "defaultValue": "Standard_A2",
      "allowedValues": [
        "Standard_A0",
        "Standard_A1",
        "Standard_A2",
        "Standard_A3"
      ],
      "metadata": {
        "description": "Size of the NG Firewall machine, remember to scale according to license"
      }
    },
    "numberOfInstances": {
      "type": "int",
      "minValue": 1,
      "defaultValue": 2,
      "metadata": {
        "description": "Number of VM instances to be created behind internal load balancer control"
      }
    }
  },
  "variables": {
    "location": "westeurope",
    "vmNamePrefix": "NG",
    "imagePublisher": "barracudanetworks",
    "imageOffer": "barracuda-ng-firewall",
    "imageSKU": "byol",
    "availabilitySetName": "AvSet-Barracuda-NG",
    "vhdStorageAccountName":"[parameters('storageAccountName')]",
    "vhdStorageType": "Standard_LRS",
    "vhdStorageID": "[resourceId(parameters('vNetResourceGroupNameStorage'), 'Microsoft.Network/Storage', parameters('storageAccountName'))]",
    "vnetID": "[resourceId(parameters('vNetResourceGroupNameNetwork'), 'Microsoft.Network/virtualNetworks', parameters('vNetName'))]",
    "virtualNetworkSubnetName": "type your subnet name here!",
    "subnetRef": "[concat(variables('vnetID'), '/subnets/', variables('virtualNetworkSubnetName'))]",
    "networkInterfaceNamePrefix": "BackendVMNic",
    "loadBalancerName": "BackendLB",
    "lbId": "[resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName'))]"
  },
  "resources": [
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Compute/availabilitySets",
      "name": "[variables('availabilitySetName')]",
      "location": "[resourceGroup().location]",
      "tags": {
        "displayName": "AvailabilitySet"
      },
      "properties": {
      }
    },
    {
      "apiVersion": "2015-05-01-preview",
      "type": "Microsoft.Network/networkInterfaces",
      "name": "[concat(variables('networkInterfaceNamePrefix'), copyindex())]",
      "location": "[resourceGroup().location]",
      "tags": {
        "displayName": "NetworkInterface"
      },
      "copy": {
        "name": "nicLoop",
        "count": "[parameters('numberOfInstances')]"
      },
      "dependsOn": [
        "[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
      ],
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig1",
            "properties": {
              "privateIPAllocationMethod": "Dynamic",
              "subnet": {
                "id": "[variables('subnetRef')]"
              },
              "loadBalancerBackendAddressPools": [
                {
                  "id": "[concat(variables('lbId'), '/backendAddressPools/BackendPool1')]"
                }
              ]
            }
          }
        ]
      }
    },
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Network/loadBalancers",
      "name": "[variables('loadBalancerName')]",
      "location": "[resourceGroup().location]",
      "tags": {
        "displayName": "LoadBalancer"
      },
      "dependsOn": [
       
      ],
      "properties": {
        "frontendIPConfigurations": [
          {
            "properties": {
              "subnet": {
                "id": "[variables('subnetRef')]"
              },
              "privateIPAddress": "172.16.1.6",
              "privateIPAllocationMethod": "Static"
            },
            "name": "LoadBalancerFrontend"
          }
        ],
        "backendAddressPools": [
          {
            "name": "BackendPool1"
          }
        ],
        "loadBalancingRules": [
          {
            "properties": {
              "frontendIPConfiguration": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/frontendIPConfigurations/LoadBalancerFrontend')]"
              },
              "backendAddressPool": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/backendAddressPools/BackendPool1')]"
              },
              "probe": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/probes/lbprobe')]"
              },
              "protocol": "Tcp",
              "frontendPort": 80,
              "backendPort": 80,
              "idleTimeoutInMinutes": 15
            },
            "name": "lbrule"
          }
        ],
        "probes": [
          {
            "properties": {
              "protocol": "Tcp",
              "port": 80,
              "intervalInSeconds": 15,
              "numberOfProbes": 2
            },
            "name": "lbprobe"
          }
        ]
      }
    },
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Compute/virtualMachines",
      "name": "[concat(variables('vmNamePrefix'), copyindex())]",
      "copy": {
        "name": "virtualMachineLoop",
        "count": "[parameters('numberOfInstances')]"
      },
      "plan": {
        "name": "byol",
        "product": "barracuda-ng-firewall",
        "Publisher": "barracudanetworks"

      },
      "location": "[resourceGroup().location]",
      "tags": {
        "displayName": "VirtualMachines"
      },
      "dependsOn": [
       "[concat('Microsoft.Compute/availabilitySets/', variables('availabilitySetName'))]"
      ],
      "properties": {
        "availabilitySet": {
          "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]"
        },
        "hardwareProfile": {
          "vmSize": "[parameters('vmSize')]"
        },
        "osProfile": {
          "computerName": "[concat(variables('vmNamePrefix'), copyIndex())]",
          "adminUsername": "[parameters('adminUsername')]",
          "adminPassword": "[parameters('adminPassword')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "[variables('imagePublisher')]",
            "offer": "[variables('imageOffer')]",
            "sku": "[variables('imageSKU')]",
            "version": "6.1.107500"
          },
          "osDisk": {
            "name": "osdiskforNG",
            "vhd": {
              "uri": "[concat('http://', variables('vhdStorageAccountName'), '.blob.core.windows.net/vhds/', 'osdiskforNG', copyindex(), '.vhd')]"
            },
            "caching": "ReadWrite",
            "createOption": "FromImage"
          }
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('networkInterfaceNamePrefix'), copyindex()))]"
            }
          ]
        },
        "diagnosticsProfile": {
          "bootDiagnostics": {
            "enabled": true,
            "storageUri": "[concat('http://', variables('vhdStorageAccountName'), '.blob.core.windows.net')]"
          }
        }
      },
      "resources": [
       
      ]
    }
  ],
  "outputs": {
    "exampleOutput": {
      "value": "[subscription()]",
      "type": "object"
    }
  }
}


Reacties

Een reactie posten

Populaire posts van deze blog

One ADFS to serve them all (Part I)!

Afbeelding
One ADFS to serve them all (part I)! The goal is to use a vanity URL host names that your site is using and to also use that same host name to resolve ADFS, without having you redirected back to the ADFS original service name (hostname + URL). Because for the end users this shouldn't look like anything else but the vanity domain they are already connected to. Thus how do we solve this? Follow this basic lab entry to get a feeling for the end solution. (I will post more about this subject in greater detail) The ADFS Limitation. The limitation I'm speaking of, in this case is the endpoint for SAML 2.0 / WS-Federation: "/adfs/ls"  (but as you can imagine it's pretty much every endpoint listed in ADFS) We connect with the 1 possible value set during installation for the federation service name: "your.host.name"  Which results in all endpoints only being accessibly under that federation service name.    Figure A: Federation service
Meer lezen

Microsoft Hub NVA configuration example.

Afbeelding
Microsoft Hub NVA configuration example. So in my previous post i gave a short description of implementing Microsoft Hub-Spoke model in IaaS. And i promised to publish some sample code you could use in CICD. Of course the main goal should be to get in to containers and such technologies but seeing as how slow large enterprises are willing to adopt and move to such technologies I'm guessing IaaS will be a standard for some time yet. So I'm going to give you a sketch of a private data center connection via express route (or a S2S VPN instead of the express route) to your azure subscription. And slowly start to explain a few basic configurations. The first overview:      So in this simple drawing you can see I've implemented a express route. I've not drawn a full blown resource drawing so you're bound to miss certain things like a circuit for instance but lets keep it simple. The green line is a express route configuration over whi
Meer lezen

RDS: Remote Desktop Gateway with NPS and Cross domain identities.

This post is about configuring a Remote Desktop Gateway in Resource Domain A while consuming the identities from Identity domain B. Setup: - NPS in Domain A  - RDG in domain A - MFA in Domain A Requirements a "TWO-WAY trust" with selective authentication (or wide if you have no security risks) It won't be possible to authenticate users from domain B in Domain A via the RDG until the computer account has gotten the permission "Allow to authenticate" on the domain controllers in Domain B. The simplest way to achieve this is by going to properties on the "Domain Controllers" OU in users and computers in domain B (RSAT tools) and going to the security Tab. (if you don't see the security tab in users and computers then make sure you've enabled "advanced features" under the view selection.) Then when you're in the security tab click the bottom advanced button. This will open the "Advanced Security Settings for Domain
Meer lezen