This post is part 3 of a small series and stems from this post https://marckean.com/2016/05/17/azure-resource-groups-networks/
This post focuses on creating a single virtual machine into the DMZ subnet of the target example architecture diagram below. This VM will have an NSG attached to its NIC. Remember, that the subnet based NSG rule/s will be applied first, so if there’s a match then the NIC based NSG will effectively be ignored.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Log into both old and new Azure | |
| Login–AzureRmAccount | |
| #Choose subscription 'new' Azure | |
| $subscription = (Get-AzureRmSubscription | Out-GridView –Title "Select the Azure subscription that you want to use …" –PassThru).SubscriptionName | |
| Select-AzureRmSubscription –SubscriptionName $subscription | |
| $RGName = "Show-DMZ_VM" | |
| $location = "australiaeast" | |
| ####################### | Create the Resource Group | ####################### | @marckean | |
| cls | |
| Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)…" –ForegroundColor Cyan | |
| #region | |
| if(!(Get-AzureRmResourceGroup –Name $RGName –Location $location –ErrorAction SilentlyContinue)){ | |
| New-AzureRmResourceGroup –Name $RGName –Location $location –Force} | |
| ####################### | Variable Settings | ####################### | @marckean | |
| $date = "20160517" | |
| $random = Get-Random –Minimum 10 –Maximum 999 | |
| $publisher = "MicrosoftWindowsServer" | |
| $offer = "WindowsServer" | |
| $sku = "2012-R2-Datacenter" | |
| $version = "latest" | |
| #Storage | |
| $StorageAccountName = $date + "stg" + $random # Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only | |
| $StorageType = "Standard_LRS" | |
| #Virtual Machine | |
| $VMName = "Demo-VM" | |
| $VMSize = "Standard_A2" | |
| $DiskName = "$RGName-os.vhd" | |
| $cred = Get-Credential –Message "Type the name and password for the local administrator account." | |
| #Virtual Network | |
| $vNetName = "Demo-vNet" | |
| $vNetRGName = "Show-vNet" | |
| $subnetName = "DMZ" | |
| #PIP | |
| $PIPName = "Demo-PIP" | |
| $PublicPIPName = "demopip" + $random # Name must conform to the following regular expression: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$ | |
| #NIC | |
| $NICName = "Demo-NIC" | |
| $NICPrivateIP = "10.123.250.10" | |
| #NSG | |
| $NSGname = "Demo-NSG" | |
| ### Create Storage Account | |
| New-AzureRmStorageAccount –ResourceGroupName $RGName –Name $StorageAccountName –Location $location –Type $StorageType | |
| ### Create security rule allowing access from the Internet to port 3389 | |
| $RDPrule = New-AzureRmNetworkSecurityRuleConfig ` | |
| –Name rdp–rule ` | |
| –Description "Allow RDP" ` | |
| –Access Allow ` | |
| –Protocol Tcp ` | |
| –Direction Inbound ` | |
| –Priority 100 ` | |
| –SourceAddressPrefix Internet ` | |
| –SourcePortRange * ` | |
| –DestinationAddressPrefix * ` | |
| –DestinationPortRange 65234 | |
| ### Add the rules to a new NSG | |
| $nsg = New-AzureRmNetworkSecurityGroup –ResourceGroupName $RGName –Location $location –Name $NSGname –SecurityRules $RDPrule | |
| ### Create Public IP Address | |
| $pip = New-AzureRmPublicIpAddress –ResourceGroupName $RGName –Name $PIPName –Location $location –AllocationMethod Dynamic –DomainNameLabel $PublicPIPName | |
| ### Create NIC | |
| $vnet = Get-AzureRmVirtualNetwork –ResourceGroupName $vNetRGName –Name $vNetName | |
| $subnet = Get-AzureRmVirtualNetworkSubnetConfig –Name $subnetName –VirtualNetwork $vnet | |
| $nic = New-AzureRmNetworkInterface –ResourceGroupName $RGName –Name $NICName ` | |
| –Subnet $subnet –Location $location –PublicIpAddress $pip –PrivateIpAddress $NICPrivateIP –NetworkSecurityGroup $nsg | |
| ### Virtual Machine Configuration | |
| $vmConfig = New-AzureRmVMConfig –VMName $VMName –VMSize $VMSize | | |
| Set-AzureRmVMOperatingSystem –Windows –ComputerName $VMName ` | |
| –Credential $cred –ProvisionVMAgent –EnableAutoUpdate | | |
| Set-AzureRmVMSourceImage –PublisherName $publisher –Offer $offer –Skus $sku ` | |
| –Version $version | | |
| Set-AzureRmVMOSDisk –Name $VMName –VhdUri "https://$StorageAccountName.blob.core.windows.net/vhds/$DiskName" ` | |
| –Caching ReadWrite –CreateOption fromImage | | |
| Add-AzureRmVMNetworkInterface –Id $nic.Id | |
| ### Create the Virtual Machine | |
| New-AzureRmVM –ResourceGroupName $RGName –Location $location –VM $vmConfig |
Marc Kean 