Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <#
- .SYNOPSIS
- Version 1.0
- This script provisions a new Azure Site to Site VPN. This process will also provision a new Virtual Network, Local Network, Dynamic Routing Azure Gateway, and create the Connection object.
- This script requires the Azure Automation Account to have all AzureRM assets/cmdlets added (https://www.powershellgallery.com/packages/AzureRM/1.5.0)
- .PARAMETER SubscriptionName
- The name of the Azure Subscription you wish to deploy these resources to.
- Example: Test Subscription
- .PARAMETER CompanyPrefix
- A Prefix used prepend all resources created by this script. Example CompanyPrefix 'ABC' would be used to create ABC-Vnet.
- Example: ABC
- .PARAMETER ResourceGroupName
- The name of the resource group you wish to deploy all objects of this script to. If the resource group is not in the subscription, this script will create one.
- Example: ABC-RG
- .Parameter Location
- The Azure Datacenter location you wish to deploy to.
- If Resource group specified has already been created, use the location of the resource group.
- To see a list of current Azure Datacenter locations that support virtual networks: (get-azurelocation | where {$_.name -eq 'Microsoft.Network/virtualNetworks'}).locations
- Example: Central US
- .Parameter LocalGatewayIPAddress
- The IP Address of your local VPN Gateway. This is usually your firewall or router's WAN IP address.
- Example: 8.10.44.240
- .Parameter LocalNetworkAddressSpace
- The Address range of your local network. This must match your local network as this is used for configuring Azure Gateway Routing rules.
- Example: 10.10.10.0/24
- .Parameter VNetAddressSpace
- The overall subnet definition that you wish to use in prefix notation. All subnets must fit within this larger address prefix.
- This address space must be private and it is suggested to use a /16 or /8 Address Space to ensure room for growth.
- Example: 172.30.0.0/16
- .Parameter VNetSubnet
- The subnet virtual machines will connect to. This subnet must be within the Address Space provided to the Virtual Network
- Example: 172.30.100.0/24
- .Parameter VNetGatewaySubnet
- The subnet used for the Azure Gateway. It is suggested to use a /28 subnet that is seperate of your VNetSubnet.
- Example: 172.30.255.0/28
- .Parameter PSKLength
- The length that Get-RandomPassword will use when creating a randomized string for the Site-to-Site PSK.
- Suggested value should be larger than 30 characters to ensure greater resistance to brute force attacks.
- Value can be manually changed anytime in the Site to Site connections blade.
- .NOTES
- Do not use quotes in the parameter text boxes.
- Virtual network address space cannot overlap with local network address space. Use a different private address space for Azure.
- The Azure Gateway may take up to 45 minutes to be fully provisioned.
- Requires AzureRM CMDLets in Automation Account, get them here: https://www.powershellgallery.com/packages/AzureRM/1.5.0
- #>
- param (
- [Parameter(Mandatory=$true)]$SubscriptionName,
- [Parameter(Mandatory=$true)]$CompanyPrefix,
- [Parameter(Mandatory=$true)]$ResourceGroupName,
- [Parameter(Mandatory=$false)]$Location = 'Central US',
- [Parameter(Mandatory=$true)]$LocalGatewayIPAddress,
- [Parameter(Mandatory=$true)]$LocalNetworkAddressSpace,
- [Parameter(Mandatory=$false)]$VNetAddressSpace = '172.10.0.0/16',
- [Parameter(Mandatory=$false)]$VNetSubnet = '172.10.10.0/24',
- [Parameter(Mandatory=$false)]$VNetGatewaySubnet = '172.10.255.0/28',
- [parameter(Mandatory=$false)][int]$PSKLength = 30
- )
- # This function will generate a password that will be used for the Site-to-Site VPN connection. This will use numbers, letters, uppercase, and special characters to meet any security needs.
- # Password length can be denoted in the fuction with the -lenth parameter
- function Get-RandomPassword {
- param(
- $length = 10,
- $characters =
- 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
- )
- # select random characters
- $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
- # output random pwd
- $private:ofs=""
- [String]$characters[$random]
- }
- # Setting and Formatting Credentials to allow Login-AzureRMAccount to work Properly.
- # Using Azure Automation Variables to ensure passwords and username are not in clear text.
- Write-Output "Setting and Formatting Azure variables to be used to authenticate..."
- $AzureRMUsername = Get-AutomationVariable -Name 'AzureRMUsername'
- $AzureRMPassword = Get-AutomationVariable -Name 'AzureRMPassword'
- $AzureRMSecurePassword = ConvertTo-SecureString $AzureRMPassword -AsPlainText -Force
- # Formatting Username and Password into a PSCredential Object so Login-AzureRMAccount can take data
- $psCred = New-Object System.Management.Automation.PSCredential($AzureRMUsername, $AzureRMSecurePassword)
- # Running the Login-AzureRMAccount function to Authenicate into Azure and setting subscription name.
- Login-AzureRmAccount -Credential $psCred -SubscriptionName $SubscriptionName
- # Setting Resource Group Variable used to test if it has already been created.
- $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
- if ($AzureRMResourceGroupName -eq $null)
- {
- New-AzureRMResourceGroup -Name $ResourceGroupName -Location $Location
- Write-Output 'Could not find Specified Resource Group, One has now been created'
- $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
- }
- # Testing to ensure resource group is full provisioned before moving on with script.
- if (!($AzureRMResourceGroupName.ProvisioningState -eq 'Succeeded')) {
- do {
- Write-host "Waiting for" $AzureRMResourceGroupName " to have a 'Succeeded' status ...."
- Start-Sleep -s 5 #Wait 5 seconds
- #Checking the ProvisioningState
- $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
- $rsgStatus = $AzureRMResourceGroupName.ProvisioningState
- }until($rsgStatus -eq "Succeeded")
- }
- # Creating the Azure Virtal Network
- Write-Output "Creating the Azure Virtual Network..."
- $VnetName = $CompanyPrefix + '-VNet'
- New-AzureRmVirtualNetwork -Name $VnetName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -AddressPrefix $VNetAddressSpace
- # Adding the Gateway and Default Subnets into the Virtual Network
- Write-Output "Adding a New Subnet to an Existing ARM based Virtual Network..."
- $AzureVirtualNetwork = Get-AzureRMVirtualNetwork -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $VnetName
- $AzureVirtualNetwork | Add-AzureRMVirtualNetworkSubnetConfig -Name 'DefaultSubnet' -AddressPrefix $VNetSubnet | Set-AzureRMVirtualNetwork
- $AzureVirtualNetwork | Add-AzureRMVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix $VNetGatewaySubnet | Set-AzureRMVirtualNetwork
- # Creating a the Local Network in Azure
- Write-Output "Creating the Local Network in Azure..."
- $LocalNetworkName = $CompanyPrefix + '-LocalSite'
- New-AzureRmLocalNetworkGateway -Name $LocalNetworkName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -GatewayIpAddress $LocalGatewayIPAddress -AddressPrefix $LocalNetworkAddressSpace
- # Creating a variable for the Public IP Address configuration for the Azure Gateway
- Write-Output "Setting Public IP variable to be used in Gateway creation..."
- $GWPublicIPName = $CompanyPrefix + '-GWPublicIP'
- $GWPublicIP = New-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -AllocationMethod Dynamic
- # Creating Configuration Variables for use in the creation of the Gateway below
- Write-Output "Creating Configuration Variables for use in the creation of the Gateway..."
- $AzureGatewayConfigName = $CompanyPrefix + '-GWIPConfig'
- $AzureVirtualNetwork = Get-AzureRMVirtualNetwork -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $VnetName
- $AzureVirtualNetworkGatewaySubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $AzureVirtualNetwork
- $AzureGatewayIPConfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $AzureGatewayConfigName -SubnetId $AzureVirtualNetworkGatewaySubnet.Id -PublicIpAddressId $GWPublicIP.Id
- # Creating the Azure Gateway (VPN, Standard SKU, Route Based)
- $AzureGWName = $CompanyPrefix + '-VNetGW'
- New-AzureRmVirtualNetworkGateway -Name $AzureGWName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -IpConfigurations $AzureGatewayIPConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku Standard
- $AzureGatewayPublicIPAddress = Get-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
- # Creating a random Azure Site-to-Site VPN PSK.
- $Site2SiteVPNPSK = Get-RandomPassword –length $PSKLength
- $Site2SiteVPNName = $CompanyPrefix + '-S2SVPNConnection'
- # Creating the Site-to-Site VPN between the LocalNetwork and AzureNetwork
- $AzureNetworkGateway = Get-AzureRmVirtualNetworkGateway -Name $AzureGWName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
- $LocalNetworkGateway = Get-AzureRmLocalNetworkGateway -Name $LocalNetworkName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
- New-AzureRmVirtualNetworkGatewayConnection -Name $Site2SiteVPNName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -VirtualNetworkGateway1 $AzureNetworkGateway -LocalNetworkGateway2 $LocalNetworkGateway -ConnectionType IPsec -RoutingWeight 10 -SharedKey $Site2SiteVPNPSK
- # Creating the Geo-Storage required for Azure Site Recovery using Standard GRS and location of the resource group.
- $StorageAccountName = $CompanyPrefix.ToLower() + 'asrstorage'
- New-AzureRmStorageAccount -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $StorageAccountName -Type "Standard_GRS" -Location $AzureRMResourceGroupName.Location
- <#
- Requires Subscription to run
- $ASRVaultName = $CompanyPrefix + '-ASRVault'
- $ASRVault = New-AzureRmRecoveryServicesVault -Name $ASRVaultName -ResouceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location
- Set-AzureRmSiteRecoveryVaultSettings -ARSVault $ASRVault
- #>
- Write-Output "Successfully Executed the Script"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement