SHARE
TWEET

CreateNSGforHDInsightCluster

RJSN Jul 13th, 2016 (edited) 75 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Login-AzureRmAccount
  2.  
  3. $vnetName = "MyvNet"
  4. $resourceGroupName = "hdinsightvnet"
  5. $subnetName = "MySubnet"
  6. # Get the Virtual Network object
  7. $vnet = Get-AzureRmVirtualNetwork `
  8.     -Name $vnetName `
  9.     -ResourceGroupName $resourceGroupName
  10. # Get the region the Virtual network is in.
  11. $location = $vnet.Location
  12. # Get the subnet object
  13. $subnet = $vnet.Subnets | Where-Object Name -eq $subnetName
  14. # Create a new Network Security Group.
  15. # And add exemptions for the HDInsight health and management services.
  16. $nsg = New-AzureRmNetworkSecurityGroup `
  17.     -Name "NSG" `
  18.     -ResourceGroupName $resourceGroupName `
  19.     -Location $location `
  20.     | Add-AzureRmNetworkSecurityRuleConfig `
  21.         -name "Rule-002" `
  22.         -Description "HDI health and management address 168.61.49.99" `
  23.         -Protocol "*" `
  24.         -SourcePortRange "*" `
  25.         -DestinationPortRange "443" `
  26.         -SourceAddressPrefix "168.61.49.99" `
  27.         -DestinationAddressPrefix "VirtualNetwork" `
  28.         -Access Allow `
  29.         -Priority 300 `
  30.         -Direction Inbound `
  31.     | Add-AzureRmNetworkSecurityRuleConfig `
  32.         -Name "Rule-003" `
  33.         -Description "HDI health and management 23.99.5.239" `
  34.         -Protocol "*" `
  35.         -SourcePortRange "*" `
  36.         -DestinationPortRange "443" `
  37.         -SourceAddressPrefix "23.99.5.239" `
  38.         -DestinationAddressPrefix "VirtualNetwork" `
  39.         -Access Allow `
  40.         -Priority 301 `
  41.         -Direction Inbound `
  42.     | Add-AzureRmNetworkSecurityRuleConfig `
  43.         -Name "Rule-004" `
  44.         -Description "HDI health and management 168.61.48.131" `
  45.         -Protocol "*" `
  46.         -SourcePortRange "*" `
  47.         -DestinationPortRange "443" `
  48.         -SourceAddressPrefix "168.61.48.131" `
  49.         -DestinationAddressPrefix "VirtualNetwork" `
  50.         -Access Allow `
  51.         -Priority 302 `
  52.         -Direction Inbound `
  53.     | Add-AzureRmNetworkSecurityRuleConfig `
  54.         -Name "Rule-005" `
  55.         -Description "HDI health and management 138.91.141.162" `
  56.         -Protocol "*" `
  57.         -SourcePortRange "*" `
  58.         -DestinationPortRange "443" `
  59.         -SourceAddressPrefix "138.91.141.162" `
  60.         -DestinationAddressPrefix "VirtualNetwork" `
  61.         -Access Allow `
  62.         -Priority 303 `
  63.         -Direction Inbound
  64. # Set the changes to the security group
  65. Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
  66. # Apply the NSG to the subnet
  67. Set-AzureRmVirtualNetworkSubnetConfig `
  68.     -VirtualNetwork $vnet `
  69.     -Name $subnetName `
  70.     -AddressPrefix $subnet.AddressPrefix `
  71.     -NetworkSecurityGroupId $nsg
RAW Paste Data
Top