ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-04-02 10:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity

Azure SQL Hybrid Cloud Toolkit Notebooks Extension Command (#13286)

Browse Source 
* added extension folder incomplete

* WIP extension progress

* notebook finally opens in side panel

* notebook now opens via notebook extension

* html file spaces restored

* package json fixed

* fixed vscode import issue

* more cleanup

* remove git stuff

* placeholder icon logos added

* fixed gulpfile

* cleanup changes

* vscode import fixed

* fixed main and yarn.lock

* added provided notebooks view

* formatting for package.json

* removed first command as its not necessary

* fixed notebook typo

* readded spaces
This commit is contained in:
Alex Ma
2020-11-11 13:50:36 -08:00
committed by GitHub
parent b32e5f8f25
commit fa608f9f80
87 changed files with 8661 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
extensions/azurehybridtoolkit/notebooks/hybridbook/content/networking/download-VpnClient.ipynb Normal file
View File

@@ -0,0 +1,168 @@
{
"metadata": {
"kernelspec": {
"name": "powershell",
"display_name": "PowerShell"
},
"language_info": {
"name": "powershell",
"codemirror_mode": "shell",
"mimetype": "text/x-sh",
"file_extension": ".ps1"
}
},
"nbformat_minor": 2,
"nbformat": 4,
"cells": [
{
"cell_type": "markdown",
"source": [
"## Create and install VPN client configuration\r\n",
"Point-to-Site connections use certificates to authenticate. This article shows how to create a self-signed root certificate and generate client certificates using PowerShell on Windows 10 or Windows Server 2016. If needs are for different certificate instructions, see [Certificates - Linux or Certificates - MakeCert](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux).\r\n",
"\r\n",
"The steps performed in this article are on a computer running Windows 10 or Windows Server 2016. The PowerShell cmdlets that used to generate certificates are part of the operating system and do not work on other versions of Windows. The Windows 10 or Windows Server 2016 computer is only needed to generate the certificates. Once the certificates are generated, it can be uploaded or installed on any supported client operating system."
],
"metadata": {
"azdata_cell_guid": "7bf685b8-e375-47ed-93a3-5072c6a27235"
}
},
{
"cell_type": "code",
"source": [
"$RG = \"\" # Name of intended Resource Group\r\n",
"$GWName = \"\" # VPN Gateway name\r\n",
"$P2SRootCertName = \"\" # Name of Root Certificate. For example 'P2SRootCert2.cer'\r\n",
"$filePathForCert = \"\" # Path of the certificate file. For example 'D:\\Downloads\\rootcert2.cer'"
],
"metadata": {
"azdata_cell_guid": "8eab9fb0-1e66-4a34-8e32-cf0644b157d9"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"### **Create a self-signed root certificate**\r\n",
"_New-SelfSignedCertificate_ cmdlet is used to create a self-signed root certificate. For additional parameter information, see [New-SelfSignedCertificate](https://technet.microsoft.com/itpro/powershell/windows/pkiclient/new-selfsignedcertificate).\r\n",
"\r\n",
"Use the following example to create the self-signed root certificate. The following example creates a self-signed root certificate named 'P2SRootCert' that is automatically installed in 'Certificates-Current User\\Personal\\Certificates'. certificate can be viewed by opening certmgr.msc, or Manage User Certificates."
],
"metadata": {
"azdata_cell_guid": "656a1830-ee0b-4a3f-aa54-0eb3435d730a"
}
},
{
"cell_type": "code",
"source": [
"$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `\r\n",
"-Subject \"CN=P2SRootCert\" -KeyExportPolicy Exportable `\r\n",
"-HashAlgorithm sha256 -KeyLength 2048 `\r\n",
"-CertStoreLocation \"Cert:\\CurrentUser\\My\" -KeyUsageProperty Sign -KeyUsage CertSign"
],
"metadata": {
"azdata_cell_guid": "4348e0f6-957b-47f6-99db-8a4d4f6f4d25"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"### **Generate a client certificate**\r\n",
"Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. A client certificate can be generated from the self-signed root certificate, and then it can export and install the client certificate. If the client certificate is not installed, authentication fails.\r\n",
"This example continues from the previous section and uses the declared '$cert' variable.\r\n",
"\r\n",
"Modify and run the example to generate a client certificate. If the following example is executed without modifying it, the result is a client certificate named 'P2SChildCert'. If name of the child certificate needs to be something else,then modify the CN value. Do not change the TextExtension when running this example. The client certificate which is generated is automatically installed in 'Certificates - Current User\\Personal\\Certificates' on computer."
],
"metadata": {
"azdata_cell_guid": "a5a31ec0-2ead-4b41-9817-e81ea70082c0"
}
},
{
"cell_type": "code",
"source": [
"New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature `\r\n",
"-Subject \"CN=P2SChildCert\" -KeyExportPolicy Exportable `\r\n",
"-HashAlgorithm sha256 -KeyLength 2048 `\r\n",
"-CertStoreLocation \"Cert:\\CurrentUser\\My\" `\r\n",
"-Signer $cert -TextExtension @(\"2.5.29.37={text}1.3.6.1.5.5.7.3.2\")"
],
"metadata": {
"azdata_cell_guid": "c993fb71-9c27-4b70-8477-3a0003825db4",
"tags": []
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"### **Replace the file path variable with file path to the exported root certificate, and then run the variable cmdlets:**"
],
"metadata": {
"azdata_cell_guid": "5df2cb79-0fe4-414e-a1f4-9f2270634d54"
}
},
{
"cell_type": "code",
"source": [
"$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)\r\n",
"$CertBase64_3 = [system.convert]::ToBase64String($cert.RawData)\r\n",
"$p2srootcert = New-AzVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $CertBase64_3"
],
"metadata": {
"azdata_cell_guid": "f75c1f83-82ca-4005-903e-935a787c1a5a"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"### **Upload the public key information to Azure**\r\n",
"_New-AzVpnClientRootCertificate_ cmdlet creates a new VPN client root certificate"
],
"metadata": {
"azdata_cell_guid": "8e6f2cba-020a-4fe0-ad1c-95528fbb54b0"
}
},
{
"cell_type": "code",
"source": [
" New-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName `\r\n",
" -VirtualNetworkGatewayName $GWName -ResourceGroupName $RG `\r\n",
" -PublicCertData $CertBase64_3"
],
"metadata": {
"azdata_cell_guid": "2448dc49-ce6e-49f2-8abf-f824461738e6",
"tags": [
"hide_input"
]
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"### **Verify that the root certificate uploaded**\r\n",
"_Get-AzVpnClientRootCertificate_ cmdlet gets information about VPN root certificates"
],
"metadata": {
"azdata_cell_guid": "20c00239-cd9f-4515-9275-c8797890744c"
}
},
{
"cell_type": "code",
"source": [
"Get-AzVpnClientRootCertificate -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName"
],
"metadata": {
"azdata_cell_guid": "9f714fa9-f3ec-4a75-b736-05ec9b8948c0"
},
"outputs": [],
"execution_count": null
}
]
}

225
extensions/azurehybridtoolkit/notebooks/hybridbook/content/networking/p2svnet-creation.ipynb Normal file
View File

@@ -0,0 +1,225 @@
{
"metadata": {
"kernelspec": {
"name": "powershell",
"display_name": "PowerShell"
},
"language_info": {
"name": "powershell",
"codemirror_mode": "shell",
"mimetype": "text/x-sh",
"file_extension": ".ps1"
}
},
"nbformat_minor": 2,
"nbformat": 4,
"cells": [
{
"cell_type": "markdown",
"source": [
"Create Point to Site Virtual Private Network (VPN)\n",
"==================================\n",
"As part of the migration process, if you do not already have an Azure VPN and Gateway setup, this notebook will help you get one created and verify you have the connectivity necessary to securely host your new Azure SQL Server Virtual Machines. \n",
"\n",
"If a S2S connection is needed instead of a P2S, then see [Create and manage S2S VPN connections using PowerShell](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-vpnconnection-powershell) for more information. S2S may be out of scope for a data user and can be attempted by a network administrator.\n",
"\n",
""
],
"metadata": {
"azdata_cell_guid": "6af59d69-ade7-480a-b33e-52a86fe5bfd3"
}
},
{
"cell_type": "markdown",
"source": [
"There are a handful of steps you have to walk through to get your resource group and VPN configured.\r\n",
"\r\n",
"Steps of this procedure include:\r\n",
"1. Connect to Azure subscription\r\n",
"1. Provision resource group for VPN\r\n",
"2. Create VPN\r\n",
"3. Provision IP address for Gateway\r\n",
"4. Create Gateway\r\n",
"\r\n",
"<b>NOTE: Fill all the below variables with names in order to proceed ahead. </b>"
],
"metadata": {
"azdata_cell_guid": "2dfbdfb6-adbd-4b3c-8eeb-76237b8145cb"
}
},
{
"cell_type": "code",
"source": [
"$RG1 = \"\" # Resource group name(It should be of alphabets case insensitive)\r\n",
"$VNet1 = \"\" # VPN name of your choice(It should be of alphabets case insensitive)\r\n",
"$Location1 = \"\" # Specify the valid location such as 'West US 2','EASTUS' etc...\r\n",
"$FESubnet1 = \"\" # Frontend subnet name of your choice(It should be of alphabets case insensitive)\r\n",
"$VNet1Prefix = \"\" # VNet default I.P format would be like this '10.1.0.0/16'\r\n",
"$FEPrefix1 = \"\" # Frontend Gateway default IP format would be '10.1.0.0/24'\r\n",
"$GwPrefix1 = \"\" # Default value for Gateway subnet would be '10.1.255.0/27'\r\n",
"$Gw1 = \"\" # Gateway name of your choice (It should be of alphabets case insensitive)\r\n",
"$GwIP1 = \"\" # Gateway IP name of your choice(It should be of alphabets case insensitive)\r\n",
"$GwIPConf1 = \"\" # Gateway IP Config name of your choice(It would be alphanumeric case insensitive)"
],
"metadata": {
"azdata_cell_guid": "424c911f-fb75-44f9-902d-c06dedf9eaf6"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Connect to Azure Account</b>"
],
"metadata": {
"azdata_cell_guid": "39c51f44-acf4-4142-af82-b5daa4d3b53f"
}
},
{
"cell_type": "code",
"source": [
"Connect-AzAccount"
],
"metadata": {
"azdata_cell_guid": "32849f41-ef18-4f8c-b4c3-4863db3329df"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Get Subscription </b>\r\n",
"Below command will open a Dialouge Box with list of subscriptions.\r\n",
"Selecting one of those will set that subscription for rest of the commands."
],
"metadata": {
"azdata_cell_guid": "1c8c15f8-80af-463a-8113-a71b1a4725ea"
}
},
{
"cell_type": "code",
"source": [
"$subscription = Get-AzSubscription | Out-GridView -PassThru\r\n",
"Set-AzContext -SubscriptionName $subscription"
],
"metadata": {
"azdata_cell_guid": "cf04dfea-4a33-455b-83e8-753d75383f41",
"tags": []
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Create the resource group </b>\r\n",
"Create a resource group with the _New-AzResourceGroup_ command. An Azure resource group is a logical container into which Azure resources are deployed and managed. A resource group must be created first."
],
"metadata": {
"azdata_cell_guid": "200961d3-879b-4325-8db4-e08854a36e4d"
}
},
{
"cell_type": "code",
"source": [
"# Create Azure resource group, if necessary\r\n",
"$RG1 = Get-AzResourceGroup -Name $RG1\r\n",
"\r\n",
"if (!$RG1)\r\n",
"{\r\n",
" # Need to create a new resource group\r\n",
" Write-Output \"Resource Group $RG1 does not exist. Creating...\"\r\n",
" $RG1 = New-AzResourceGroup -Name $RG1 -Location $Location1\r\n",
"}"
],
"metadata": {
"azdata_cell_guid": "dabfb7d5-aa62-48a6-bc81-a82814befec7"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Create a VPN</b>\r\n",
"Azure gateway provides cross-premises connectivity and P2S VPN server functionality for your VPN. Add a gateway to an existing VPN or create a new VPN and the gateway. Notice that the example specifies the name of the gateway subnet specifically. You must always specify the name of the gateway subnet as \"GatewaySubnet\" in order for it to function properly. This example creates a new VPN with two subnets: Frontend and GatewaySubnet using New-AzVirtualNetworkSubnetConfig and New-AzVirtualNetwork:"
],
"metadata": {
"azdata_cell_guid": "629badb8-5338-4418-bdac-6e91af6c732b"
}
},
{
"cell_type": "code",
"source": [
"$fesub1 = New-AzVirtualNetworkSubnetConfig -Name $FESubnet1 -AddressPrefix $FEPrefix1\r\n",
"$gwsub1 = New-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix $GwPrefix1\r\n",
"$vnet = New-AzVirtualNetwork `\r\n",
" -Name $VNet1 `\r\n",
" -ResourceGroupName $RG1 `\r\n",
" -Location $Location1 `\r\n",
" -AddressPrefix $VNet1Prefix `\r\n",
" -Subnet $fesub1,$gwsub1"
],
"metadata": {
"azdata_cell_guid": "86ad1860-0e92-47b3-b198-1eac6187efe2"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Request a public IP address for the gateway</b>\r\n",
"Azure VPN gateways communicate with your on-premises VPN devices over the Internet to performs IKE (Internet Key Exchange) negotiation and establish IPsec tunnels. Create and assign a public IP address to your gateway as shown in the example below with New-AzPublicIpAddress and New-AzVirtualNetworkGatewayIpConfig:\r\n",
"\r\n",
" #### Important :\r\n",
" Currently, you can only use a Dynamic public IP address for the gateway. Static IP address is not supported on Azure VPN gateways."
],
"metadata": {
"azdata_cell_guid": "e68e487a-9fe1-43e1-9201-ad6c2abcf81f"
}
},
{
"cell_type": "code",
"source": [
"$gwpip = New-AzPublicIpAddress -Name $GwIP1 -ResourceGroupName $RG1 `\r\n",
" -Location $Location1 -AllocationMethod Dynamic\r\n",
"$subnet = Get-AzVirtualNetworkSubnetConfig -Name 'GatewaySubnet' `\r\n",
" -VirtualNetwork $vnet\r\n",
"$gwipconf = New-AzVirtualNetworkGatewayIpConfig -Name $GwIPConf1 `\r\n",
" -Subnet $subnet -PublicIpAddress $gwpip"
],
"metadata": {
"azdata_cell_guid": "96800b54-48a8-463b-886c-3d0e96f29765"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## <b>Create a gateway </b>\r\n",
"\r\n",
"A gateway can take 45 minutes or more to create. Once the gateway creation has completed, you can create a connection between your VPN and another VNet. Or create a connection between your VPN and an on-premises location. Create a gateway using the New-AzVirtualNetworkGateway cmdlet."
],
"metadata": {
"azdata_cell_guid": "6b4924b6-35b4-49c1-a2c8-fc45349ff09d"
}
},
{
"cell_type": "code",
"source": [
"New-AzVirtualNetworkGateway -Name $Gw1 -ResourceGroupName $RG1 `\r\n",
" -Location $Location1 -IpConfigurations $gwipconf -GatewayType Vpn `\r\n",
" -VpnType RouteBased -GatewaySku VpnGw1"
],
"metadata": {
"azdata_cell_guid": "e046ac0a-39fc-48e8-a7f8-26adb3a188e1"
},
"outputs": [],
"execution_count": null
}
]
}

12
extensions/azurehybridtoolkit/notebooks/hybridbook/content/networking/readme.md Normal file
View File

@@ -0,0 +1,12 @@
# Networking
[Home](../readme.md)
## Notebooks in this Chapter
- [Download VPN Client Certificate](download-VpnClient.ipynb) - Used to install certificates that encrypt communication between on-site and Azure services
- [Create Point-to-Site VPN](p2svnet-creation.ipynb) - Enables secure **Point-to-Site** (P2S) communication between a virtual private network in Azure and local resources. P2S is used by individuals and small groups for remote connectivity. A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your VPN from an individual client computer. A P2S connection is established by starting it from the client computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a virtual network.
- [Create Site-to-Site VPN](s2svnet-creation.ipynb) - **Site-to-site** (S2S) is normally used by organizations that want greater control between on-premise and cloud resources using a VPN gateway. A S2S VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. For more information about VPN gateways, see [About VPN gateway](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) and [Create and manage S2S VPN connections using PowerShell](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-vpnconnection-powershell "https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-vpnconnection-powershell"). **NOTE:** *May require the help of a Network Administrator or similar role to setup a secure Gateway*.
This chapter contains notebooks to configure and make a secure network connection in an Azure hybrid cloud environment.
<img width="50%" src="https://docs.microsoft.com/en-us/azure/vpn-gateway/media/point-to-site-about/p2s.png">

372
extensions/azurehybridtoolkit/notebooks/hybridbook/content/networking/s2svnet-creation.ipynb Normal file
View File

@@ -0,0 +1,372 @@
{
"metadata": {
"kernelspec": {
"name": "powershell",
"display_name": "PowerShell"
},
"language_info": {
"name": "powershell",
"codemirror_mode": "shell",
"mimetype": "text/x-sh",
"file_extension": ".ps1"
}
},
"nbformat_minor": 2,
"nbformat": 4,
"cells": [
{
"cell_type": "markdown",
"source": [
"## Create a Site-to-Site Virtual Private Network in Azure\n",
"\n",
"* * *\n",
"\n",
"This notebook uses [PowerShell Az.Network cmdlets](https://docs.microsoft.com/en-us/powershell/module/az.network/ \"https://docs.microsoft.com/en-us/powershell/module/az.network/\") to create a S2S VPN gateway connection from an on-premises network to an Azure Virtual Network (VPN).\n",
"\n",
"![](https://docs.microsoft.com/en-us/azure/vpn-gateway/media/vpn-gateway-tutorial-vpnconnection-powershell/site-to-site-diagram.png)\n",
"\n",
"Use these parameters to create the environment or to better understand the examples in this notebook.\n",
"\n",
"| Line # | Name | Example | Description |\n",
"| --- | --- | --- | --- |\n",
"| 1 | **Subscription** | \"\" | Name or ID (guid) of Azure Subscription to setup S2S VPN in. |\n",
"| 2 | **ResourceGroup** | \"TestRG1\" | Name of new or existing resource group (RG). An Azure Resource Group is a collection of Azure resources that share the same permissions, policies, etc. In this case, the Resource Group for the virtual network is specified.  |\n",
"| 3 | **VnetName** | \"VNet1\" | Alphanumeric value represents the name of the Azure resource to create. |\n",
"| 4 | **Location** | \"East US\" | Value representing the region or location of the RG. See [Azure Geographies](https://azure.microsoft.com/en-us/global-infrastructure/geographies/ \"https://azure.microsoft.com/en-us/global-infrastructure/geographies/\") for more information. |\n",
"| 5 | **AddressSpace** | \"10.1.0.0/16\" | Defines a range of IP prefixes in the remote subnet. |\n",
"| 6 | **SubnetName** | \"Frontend\" | |\n",
"| 7 | **Subnet** | \"10.1.0.0/24\" | |\n",
"| 8 | **GatewaySubnet** | \"10.1.255.0/27\" | Specify the number of IP addresses that the subnet contains. The number of IP addresses needed depends on the VPN gateway configuration created. Some configurations require more IP addresses than others. It is recommended to create a gateway subnet that uses a /27 or /28. |\n",
"| 9 | **LocalNetworkGatewayName** | \"Site1\" | |\n",
"| 10 | **LNGPublicIP** | \"192.168.29.46\" | |\n",
"| 11 | **LocalAddressPrefix** | \"10.101.0.0/24, 10.101.1.0/24\" | |\n",
"| 12 | **GatewayName** | \"GatewaySubnet\" | |\n",
"| 13 | **PublicIP** | \"VNet1GWPIP\" | |\n",
"| 14 | **GatewayIPConfig** | \"gwipconfig1\" | |\n",
"| 15 | **VPNType** | \"RouteBased\" | |\n",
"| 16 | **GatewayType** | \"Vpn\" | |\n",
"| 17 | **ConnectionName** | \"VNet1toSite1\" | |"
],
"metadata": {
"azdata_cell_guid": "130ad787-0d85-4edb-9cab-62824de6993f"
}
},
{
"cell_type": "code",
"source": [
"$Subscription = \"\"\r\n",
"$ResourceGroup = \"\"\r\n",
"$VnetName = \"\"\r\n",
"$Location = \"\"\r\n",
"$AddressSpace = \"\"\r\n",
"$SubnetName = \"\"\r\n",
"$Subnet = \"\"\r\n",
"$GatewaySubnet = \"\"\r\n",
"$LocalNetworkGatewayName = \"\"\r\n",
"$LNGPublicIP = \"\"\r\n",
"$LocalAddressPrefixes = \"\"\r\n",
"$GatewayName = \"\"\r\n",
"$PublicIP = \"\"\r\n",
"$GatewayIPConfig = \"\"\r\n",
"$VPNType = \"\"\r\n",
"$GatewayType = \"\"\r\n",
"$ConnectionName = \"\""
],
"metadata": {
"azdata_cell_guid": "f883288a-fc6a-4b0f-9215-6b771dc72b8d"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"There are a handful of steps to setup a resource group and configure the VPN:\n",
"\n",
"1. Create or specify a resource group\n",
"2. Create a virtual network\n",
"3. Create a subnet configuration\n",
"4. Set the subnet configuration for the virtual network\n",
"5. Add a gateway subnet\n",
"6. Set the subnet configuration for the virtual network\n",
"7. Request a public IP address\n",
"8. Create the gateway IP address configuration\n",
"9. Create the VPN gateway\n",
"10. Create the local network gateway\n",
"11. Create the VPN connection"
],
"metadata": {
"azdata_cell_guid": "a84bd796-4838-480a-83c5-48305870d2f0"
}
},
{
"cell_type": "markdown",
"source": [
"## Create a resource group"
],
"metadata": {
"azdata_cell_guid": "009ae97a-8d89-45bb-9f0f-63ab3943f151"
}
},
{
"cell_type": "code",
"source": [
"New-AzResourceGroup -Name $ResourceGroup -Location $Location"
],
"metadata": {
"azdata_cell_guid": "0e792bfb-5775-437c-b084-47593e5ce314"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create a virtual network\n",
"\n",
"This example creates a virtual network and a gateway subnet. If the virtual network is already present then gateway subnet is needed, see [To add a gateway subnet to a virtual network which is already created](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell#gatewaysubnet \"https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell#gatewaysubnet\"). When creating a virtual network, make sure that the address spaces don't overlap any of the address spaces that are in on-premises network."
],
"metadata": {
"azdata_cell_guid": "53145be6-8eb0-4857-9029-888b55a12e85"
}
},
{
"cell_type": "code",
"source": [
"$virtualNetwork = New-AzVirtualNetwork `\r\n",
" -ResourceGroupName $ResourceGroup `\r\n",
" -Location $Location `\r\n",
" -Name $VnetName `\r\n",
" -AddressPrefix $AddressSpace"
],
"metadata": {
"azdata_cell_guid": "f473191d-5bdd-4678-925d-bd26cf0fe53d"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create a subnet configuration"
],
"metadata": {
"azdata_cell_guid": "eaa39a66-f89d-4669-bcce-6e205c3ef5a1"
}
},
{
"cell_type": "code",
"source": [
"$subnetConfig = Add-AzVirtualNetworkSubnetConfig `\r\n",
" -Name $SubnetName `\r\n",
" -AddressPrefix $Subnet `\r\n",
" -VirtualNetwork $virtualNetwork"
],
"metadata": {
"azdata_cell_guid": "cfbee82d-5950-426a-8887-06cc023b8dfd"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Set the subnet configuration for the virtual network"
],
"metadata": {
"azdata_cell_guid": "d271f4fd-045e-4920-a384-9894c226e666"
}
},
{
"cell_type": "code",
"source": [
"$virtualNetwork | Set-AzVirtualNetwork"
],
"metadata": {
"azdata_cell_guid": "6bee9590-7149-4233-954e-25a897800aaa"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Add a gateway subnet\r\n",
"The virtual network gateway uses specific subnet called the gateway subnet. The gateway subnet is part of the virtual network IP address range that you specify when configuring your virtual network. It contains the IP addresses that the virtual network gateway resources and services use. The subnet must be named 'GatewaySubnet' in order for Azure to deploy the gateway resources. You can't specify a different subnet to deploy the gateway resources to. If you don't have a subnet named 'GatewaySubnet', when you create your VPN gateway, it will fail."
],
"metadata": {
"azdata_cell_guid": "27e2625c-ebef-4355-8667-c817c52dbf3a"
}
},
{
"cell_type": "code",
"source": [
"$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroup -Name $VnetName\r\n",
"Add-AzVirtualNetworkSubnetConfig -Name $GatewayName -AddressPrefix $GatewaySubnet -VirtualNetwork $vnet"
],
"metadata": {
"azdata_cell_guid": "4f13a28f-e6be-424a-942f-a8562c104787"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Set the subnet configuration for the virtual network"
],
"metadata": {
"azdata_cell_guid": "25aed948-7fcd-440f-bb37-bb677cae5c79"
}
},
{
"cell_type": "code",
"source": [
"$vnet | Set-AzVirtualNetwork"
],
"metadata": {
"azdata_cell_guid": "2b0cbaff-5aea-4029-9603-5eb7c75688b3"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Request a public IP address\r\n",
"A VPN gateway must have a Public IP address. It first requests the IP address resource, and then refer to it when creating virtual network gateway. The IP address is dynamically assigned to the resource when the VPN gateway is created.\r\n",
"\r\n",
"VPN Gateway currently only supports Dynamic Public IP address allocation. It cannot request a Static Public IP address assignment. However, this does not mean that the IP address will change after it has been assigned to created VPN gateway. The only time the Public IP address changes is when the gateway is deleted and re-created. It doesn't change across resizing, resetting, or other internal maintenance/upgrades of created VPN gateway."
],
"metadata": {
"azdata_cell_guid": "c664e2c9-d9fc-4913-aaf8-8e3b3d40d7a8"
}
},
{
"cell_type": "code",
"source": [
"$gwpip= New-AzPublicIpAddress -Name $PublicIP -ResourceGroupName $ResourceGroup -Location $Location `\r\n",
" -AllocationMethod Dynamic"
],
"metadata": {
"azdata_cell_guid": "1d8eef52-b085-4eb3-8130-0c16232d89b1"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create the gateway IP address configuration\r\n",
"The gateway configuration defines the subnet (the 'GatewaySubnet') and the public IP address to use. Use the following example to create gateway configuration:"
],
"metadata": {
"azdata_cell_guid": "a351a10f-54a6-4a78-be15-38c96d94bae0"
}
},
{
"cell_type": "code",
"source": [
"$vnet = Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $ResourceGroup\r\n",
"$subnet = Get-AzVirtualNetworkSubnetConfig -Name $GatewayName -VirtualNetwork $vnet\r\n",
"$gwipconfig = New-AzVirtualNetworkGatewayIpConfig -Name $GatewayIPConfig -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id"
],
"metadata": {
"azdata_cell_guid": "b1f1662a-21a0-48b6-b5b6-5f9a15e1d662"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create a gateway\r\n",
"A gateway can take 45 minutes or more to create. Once the gateway creation has completed, you can create a connection between your VPN and another VNet. Or create a connection between your VPN and an on-premises location. Create a gateway using the _New-AzVirtualNetworkGateway_ cmdlet."
],
"metadata": {
"azdata_cell_guid": "b9adcd02-bb2a-4c57-b831-68f74f1d2fdc"
}
},
{
"cell_type": "code",
"source": [
"New-AzVirtualNetworkGateway -Name $GatewayName -ResourceGroupName $ResourceGroup `\r\n",
" -Location $Location -IpConfigurations $gwipconfig -GatewayType $GatewayType `\r\n",
" -VpnType $VPNType -GatewaySku VpnGw1"
],
"metadata": {
"azdata_cell_guid": "9235b9b3-7cbe-4a4d-bc5e-f82e3e34bd4b"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create the local network gateway\r\n",
"The local network gateway (LNG) typically refers to on-premises location. It is not the same as a virtual network gateway. Give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to the connection to be created. Also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes specified are the prefixes located on on-premises network. If on-premises network changes, it can easily update the prefixes."
],
"metadata": {
"azdata_cell_guid": "5452ac24-2bcf-475d-8284-8ea2cfce8ac3"
}
},
{
"cell_type": "code",
"source": [
"New-AzLocalNetworkGateway -Name $LocalNetworkGatewayName -ResourceGroupName $ResourceGroup `\r\n",
" -Location $Location -GatewayIpAddress '192.168.29.46' -AddressPrefix @('10.101.0.0/24','10.101.1.0/24')"
],
"metadata": {
"azdata_cell_guid": "0e212918-89aa-474e-ad6d-73e8cefc3b25"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Create the VPN connection\r\n",
"Create the Site-to-Site VPN connection between virtual network gateway and VPN device. Be sure to replace the values. The shared key must match the value used for VPN device configuration. Notice that the '-ConnectionType' for Site-to-Site is IPsec."
],
"metadata": {
"azdata_cell_guid": "08ffbbd7-deba-4472-950f-b92c83a0dbc2"
}
},
{
"cell_type": "code",
"source": [
"$gateway1 = Get-AzVirtualNetworkGateway -Name $GatewayName -ResourceGroupName $ResourceGroup\r\n",
"$local = Get-AzLocalNetworkGateway -Name $LocalNetworkGatewayName -ResourceGroupName $ResourceGroup\r\n",
"New-AzVirtualNetworkGatewayConnection -Name $ConnectionName -ResourceGroupName $ResourceGroup `\r\n",
" -Location $Location -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local `\r\n",
" -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'"
],
"metadata": {
"azdata_cell_guid": "c7d2e8dc-97ee-4764-8a39-704dfd1cd815"
},
"outputs": [],
"execution_count": null
},
{
"cell_type": "markdown",
"source": [
"## Verify the VPN connection\r\n",
"Connection can be verified if it is succeeded by using the _Get-AzVirtualNetworkGatewayConnection_ cmdlet, with or without '-Debug'."
],
"metadata": {
"azdata_cell_guid": "2dd64b80-488d-4ada-9805-ef7fe59d4058"
}
},
{
"cell_type": "code",
"source": [
"Get-AzVirtualNetworkGatewayConnection -Name $ConnectionName -ResourceGroupName $ResourceGroup"
],
"metadata": {
"azdata_cell_guid": "03acce02-74fb-48eb-a38d-f2dde1a2e85e"
},
"outputs": [],
"execution_count": null
}
]
}