API tools faq
paste
Advertisement
mharrison0224

Untitled

mharrison0224
Jun 23rd, 2016
433
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.37 KB | None | 0 0
raw download clone embed print report
  1. <#
  2. .SYNOPSIS
  3. Version 1.0
  4. This script provisions a new Azure Site to Site VPN. This process will also provision a new Virtual Network, Local Network, Dynamic Routing Azure Gateway, and create the Connection object.
  5. This script requires the Azure Automation Account to have all AzureRM assets/cmdlets added (https://www.powershellgallery.com/packages/AzureRM/1.5.0)
  6.  
  7. .PARAMETER SubscriptionName
  8. The name of the Azure Subscription you wish to deploy these resources to.
  9. Example: Test Subscription
  10.  
  11. .PARAMETER CompanyPrefix
  12. A Prefix used prepend all resources created by this script. Example CompanyPrefix 'ABC' would be used to create ABC-Vnet.
  13. Example: ABC
  14.  
  15. .PARAMETER ResourceGroupName
  16. The name of the resource group you wish to deploy all objects of this script to. If the resource group is not in the subscription, this script will create one.
  17. Example: ABC-RG
  18.  
  19. .Parameter Location
  20. The Azure Datacenter location you wish to deploy to.
  21. If Resource group specified has already been created, use the location of the resource group.
  22. To see a list of current Azure Datacenter locations that support virtual networks: (get-azurelocation | where {$_.name -eq 'Microsoft.Network/virtualNetworks'}).locations
  23. Example: Central US
  24.  
  25. .Parameter LocalGatewayIPAddress
  26. The IP Address of your local VPN Gateway. This is usually your firewall or router's WAN IP address.
  27. Example: 8.10.44.240
  28.  
  29. .Parameter LocalNetworkAddressSpace
  30. The Address range of your local network. This must match your local network as this is used for configuring Azure Gateway Routing rules.
  31. Example: 10.10.10.0/24
  32.  
  33. .Parameter VNetAddressSpace
  34. The overall subnet definition that you wish to use in prefix notation. All subnets must fit within this larger address prefix.
  35. This address space must be private and it is suggested to use a /16 or /8 Address Space to ensure room for growth.
  36. Example: 172.30.0.0/16
  37.  
  38. .Parameter VNetSubnet
  39. The subnet virtual machines will connect to. This subnet must be within the Address Space provided to the Virtual Network
  40. Example: 172.30.100.0/24
  41.  
  42. .Parameter VNetGatewaySubnet
  43. The subnet used for the Azure Gateway. It is suggested to use a /28 subnet that is seperate of your VNetSubnet.
  44. Example: 172.30.255.0/28
  45.  
  46. .Parameter PSKLength
  47. The length that Get-RandomPassword will use when creating a randomized string for the Site-to-Site PSK.
  48. Suggested value should be larger than 30 characters to ensure greater resistance to brute force attacks.
  49. Value can be manually changed anytime in the Site to Site connections blade.
  50.  
  51. .NOTES
  52. Do not use quotes in the parameter text boxes.
  53. Virtual network address space cannot overlap with local network address space. Use a different private address space for Azure.
  54. The Azure Gateway may take up to 45 minutes to be fully provisioned.
  55. Requires AzureRM CMDLets in Automation Account, get them here: https://www.powershellgallery.com/packages/AzureRM/1.5.0
  56. #>
  57.  
  58. param (
  59. [Parameter(Mandatory=$true)]$SubscriptionName,
  60. [Parameter(Mandatory=$true)]$CompanyPrefix,
  61. [Parameter(Mandatory=$true)]$ResourceGroupName,
  62. [Parameter(Mandatory=$false)]$Location = 'Central US',
  63. [Parameter(Mandatory=$true)]$LocalGatewayIPAddress,
  64. [Parameter(Mandatory=$true)]$LocalNetworkAddressSpace,
  65. [Parameter(Mandatory=$false)]$VNetAddressSpace = '172.10.0.0/16',
  66. [Parameter(Mandatory=$false)]$VNetSubnet = '172.10.10.0/24',
  67. [Parameter(Mandatory=$false)]$VNetGatewaySubnet = '172.10.255.0/28',
  68. [parameter(Mandatory=$false)][int]$PSKLength = 30
  69. )
  70.  
  71. # This function will generate a password that will be used for the Site-to-Site VPN connection. This will use numbers, letters, uppercase, and special characters to meet any security needs.
  72. # Password length can be denoted in the fuction with the -lenth parameter
  73. function Get-RandomPassword {
  74. param(
  75. $length = 10,
  76. $characters =
  77. 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
  78. )
  79. # select random characters
  80. $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
  81. # output random pwd
  82. $private:ofs=""
  83. [String]$characters[$random]
  84. }
  85.  
  86. # Setting and Formatting Credentials to allow Login-AzureRMAccount to work Properly.
  87. # Using Azure Automation Variables to ensure passwords and username are not in clear text.
  88. Write-Output "Setting and Formatting Azure variables to be used to authenticate..."
  89. $AzureRMUsername = Get-AutomationVariable -Name 'AzureRMUsername'
  90. $AzureRMPassword = Get-AutomationVariable -Name 'AzureRMPassword'
  91. $AzureRMSecurePassword = ConvertTo-SecureString $AzureRMPassword -AsPlainText -Force
  92.  
  93. # Formatting Username and Password into a PSCredential Object so Login-AzureRMAccount can take data
  94. $psCred = New-Object System.Management.Automation.PSCredential($AzureRMUsername, $AzureRMSecurePassword)
  95.  
  96. # Running the Login-AzureRMAccount function to Authenicate into Azure and setting subscription name.
  97. Login-AzureRmAccount -Credential $psCred -SubscriptionName $SubscriptionName
  98.  
  99. # Setting Resource Group Variable used to test if it has already been created.
  100. $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
  101.  
  102. if ($AzureRMResourceGroupName -eq $null)
  103. {
  104. New-AzureRMResourceGroup -Name $ResourceGroupName -Location $Location
  105. Write-Output 'Could not find Specified Resource Group, One has now been created'
  106. $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
  107. }
  108.  
  109. # Testing to ensure resource group is full provisioned before moving on with script.
  110. if (!($AzureRMResourceGroupName.ProvisioningState -eq 'Succeeded')) {
  111. do {
  112. Write-host "Waiting for" $AzureRMResourceGroupName " to have a 'Succeeded' status ...."
  113. Start-Sleep -s 5 #Wait 5 seconds
  114. #Checking the ProvisioningState
  115. $AzureRMResourceGroupName = Get-AzureRMResourceGroup -Name $ResourceGroupName
  116. $rsgStatus = $AzureRMResourceGroupName.ProvisioningState
  117. }until($rsgStatus -eq "Succeeded")
  118. }
  119.  
  120. # Creating the Azure Virtal Network
  121. Write-Output "Creating the Azure Virtual Network..."
  122. $VnetName = $CompanyPrefix + '-VNet'
  123. New-AzureRmVirtualNetwork -Name $VnetName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -AddressPrefix $VNetAddressSpace
  124.  
  125. # Adding the Gateway and Default Subnets into the Virtual Network
  126. Write-Output "Adding a New Subnet to an Existing ARM based Virtual Network..."
  127. $AzureVirtualNetwork = Get-AzureRMVirtualNetwork -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $VnetName
  128. $AzureVirtualNetwork | Add-AzureRMVirtualNetworkSubnetConfig -Name 'DefaultSubnet' -AddressPrefix $VNetSubnet | Set-AzureRMVirtualNetwork
  129. $AzureVirtualNetwork | Add-AzureRMVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix $VNetGatewaySubnet | Set-AzureRMVirtualNetwork
  130.  
  131. # Creating a the Local Network in Azure
  132. Write-Output "Creating the Local Network in Azure..."
  133. $LocalNetworkName = $CompanyPrefix + '-LocalSite'
  134. New-AzureRmLocalNetworkGateway -Name $LocalNetworkName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -GatewayIpAddress $LocalGatewayIPAddress -AddressPrefix $LocalNetworkAddressSpace
  135.  
  136. # Creating a variable for the Public IP Address configuration for the Azure Gateway
  137. Write-Output "Setting Public IP variable to be used in Gateway creation..."
  138. $GWPublicIPName = $CompanyPrefix + '-GWPublicIP'
  139. $GWPublicIP = New-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -AllocationMethod Dynamic
  140.  
  141. # Creating Configuration Variables for use in the creation of the Gateway below
  142. Write-Output "Creating Configuration Variables for use in the creation of the Gateway..."
  143. $AzureGatewayConfigName = $CompanyPrefix + '-GWIPConfig'
  144. $AzureVirtualNetwork = Get-AzureRMVirtualNetwork -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $VnetName
  145. $AzureVirtualNetworkGatewaySubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $AzureVirtualNetwork
  146. $AzureGatewayIPConfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $AzureGatewayConfigName -SubnetId $AzureVirtualNetworkGatewaySubnet.Id -PublicIpAddressId $GWPublicIP.Id
  147.  
  148. # Creating the Azure Gateway (VPN, Standard SKU, Route Based)
  149. $AzureGWName = $CompanyPrefix + '-VNetGW'
  150. New-AzureRmVirtualNetworkGateway -Name $AzureGWName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -IpConfigurations $AzureGatewayIPConfig -GatewayType Vpn -VpnType RouteBased -GatewaySku Standard
  151.  
  152. $AzureGatewayPublicIPAddress = Get-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
  153.  
  154. # Creating a random Azure Site-to-Site VPN PSK.
  155. $Site2SiteVPNPSK = Get-RandomPassword –length $PSKLength
  156. $Site2SiteVPNName = $CompanyPrefix + '-S2SVPNConnection'
  157.  
  158. # Creating the Site-to-Site VPN between the LocalNetwork and AzureNetwork
  159. $AzureNetworkGateway = Get-AzureRmVirtualNetworkGateway -Name $AzureGWName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
  160. $LocalNetworkGateway = Get-AzureRmLocalNetworkGateway -Name $LocalNetworkName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName
  161. New-AzureRmVirtualNetworkGatewayConnection -Name $Site2SiteVPNName -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location -VirtualNetworkGateway1 $AzureNetworkGateway -LocalNetworkGateway2 $LocalNetworkGateway -ConnectionType IPsec -RoutingWeight 10 -SharedKey $Site2SiteVPNPSK
  162.  
  163. # Creating the Geo-Storage required for Azure Site Recovery using Standard GRS and location of the resource group.
  164. $StorageAccountName = $CompanyPrefix.ToLower() + 'asrstorage'
  165. New-AzureRmStorageAccount -ResourceGroupName $AzureRMResourceGroupName.ResourceGroupName -Name $StorageAccountName -Type "Standard_GRS" -Location $AzureRMResourceGroupName.Location
  166.  
  167. <#
  168.  
  169. Requires Subscription to run
  170.  
  171. $ASRVaultName = $CompanyPrefix + '-ASRVault'
  172. $ASRVault = New-AzureRmRecoveryServicesVault -Name $ASRVaultName -ResouceGroupName $AzureRMResourceGroupName.ResourceGroupName -Location $AzureRMResourceGroupName.Location
  173. Set-AzureRmSiteRecoveryVaultSettings -ARSVault $ASRVault
  174. #>
  175.  
  176. Write-Output "Successfully Executed the Script"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!