Skip to content

Commit

Permalink
updated to match main branch
Browse files Browse the repository at this point in the history
  • Loading branch information
@chbragg
chbragg committed Aug 15, 2024
1 parent ad2f3a1 commit 1a8ed34
Show file tree
Hide file tree
Showing 2 changed files with 133 additions and 23 deletions.
10 changes: 6 additions & 4 deletions workload/arm/deploy-baseline.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "10720181413948037093"
"templateHash": "17566583944615665604"
},
"name": "AVD Accelerator - Baseline Deployment",
"description": "AVD Accelerator - Deployment Baseline",
Expand Down Expand Up @@ -4114,7 +4114,7 @@
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "12760066966929112880"
"templateHash": "14586518896585175073"
},
"name": "AVD LZA networking",
"description": "This module deploys vNet, NSG, ASG, UDR, private DNs zones",
Expand Down Expand Up @@ -4319,6 +4319,8 @@
"varExistingAvdVnetName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[8], '')]",
"varExistingAvdVnetResourceId": "[if(not(parameters('createVnet')), format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/virtualNetworks/{2}', variables('varExistingAvdVnetSubId'), variables('varExistingAvdVnetSubRgName'), variables('varExistingAvdVnetName')), '')]",
"varDiagnosticSettings": "[if(not(empty(parameters('alaWorkspaceResourceId'))), createArray(createObject('workspaceResourceId', parameters('alaWorkspaceResourceId'))), createArray())]",
"varWindowsActivationKMSPrefixesNsg": "[if(equals(variables('varAzureCloudName'), 'AzureCloud'), createArray('20.118.99.224', '40.83.235.53', '23.102.135.246'), if(equals(variables('varAzureCloudName'), 'AzureUSGovernment'), createArray('23.97.0.13', '52.126.105.2'), if(equals(variables('varAzureCloudName'), 'AzureChinaCloud'), createArray('159.27.28.100', '163.228.64.161', '42.159.7.249'), createArray())))]",
"varStaticRoutes": "[if(equals(variables('varAzureCloudName'), 'AzureCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '20.118.99.224/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '40.83.235.53/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '23.102.135.246/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureUSGovernment'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '23.97.0.13/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '52.126.105.2/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureChinaCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '159.27.28.100/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '163.228.64.161/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '42.159.7.249/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), createArray())))]",
"privateDnsZoneNames": {
"AutomationAgentService": "[format('privatelink.agentsvc.azure-automation.{0}', variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name])]",
"Automation": "[format('privatelink.azure-automation.{0}', variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name])]",
Expand Down Expand Up @@ -4436,7 +4438,7 @@
"priority": 140,
"access": "Allow",
"description": "Session host traffic to Windows license activation services",
"destinationAddressPrefix": "23.102.135.246",
"destinationAddressPrefixes": "[variables('varWindowsActivationKMSPrefixesNsg')]",
"direction": "Outbound",
"sourcePortRange": "*",
"destinationPortRange": "1688",
Expand Down Expand Up @@ -5707,7 +5709,7 @@
"tags": {
"value": "[parameters('tags')]"
},
"routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]"
"routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', variables('varStaticRoutes')), createObject('value', createArray()))]"
},
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
Expand Down
146 changes: 127 additions & 19 deletions workload/bicep/modules/networking/deploy.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,131 @@ var varVirtualNetworkLinks = createVnet ? [
virtualNetworkResourceId: varExistingAvdVnetResourceId
}
]
// https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/custom-routes-enable-kms-activation#solution
var varWindowsActivationKMSPrefixesNsg = (varAzureCloudName == 'AzureCloud') ? [
'20.118.99.224','40.83.235.53','23.102.135.246'
] : (varAzureCloudName == 'AzureUSGovernment') ? [
'23.97.0.13','52.126.105.2'
]: (varAzureCloudName == 'AzureChinaCloud') ? [
'159.27.28.100','163.228.64.161','42.159.7.249'
]: []
// https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/custom-routes-enable-kms-activation#solution
var varStaticRoutes = (varAzureCloudName == 'AzureCloud') ? [
{
name: 'AVDServiceTraffic'
properties: {
addressPrefix: 'WindowsVirtualDesktop'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'AVDStunTurnTraffic'
properties: {
addressPrefix: '20.202.0.0/16'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS'
properties: {
addressPrefix: '20.118.99.224/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS01'
properties: {
addressPrefix: '40.83.235.53/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS02'
properties: {
addressPrefix: '23.102.135.246/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
] : (varAzureCloudName == 'AzureUSGovernment') ? [
{
name: 'AVDServiceTraffic'
properties: {
addressPrefix: 'WindowsVirtualDesktop'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'AVDStunTurnTraffic'
properties: {
addressPrefix: '20.202.0.0/16'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS'
properties: {
addressPrefix: '23.97.0.13/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS01'
properties: {
addressPrefix: '52.126.105.2/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
]: (varAzureCloudName == 'AzureChinaCloud') ? [
{
name: 'AVDServiceTraffic'
properties: {
addressPrefix: 'WindowsVirtualDesktop'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'AVDStunTurnTraffic'
properties: {
addressPrefix: '20.202.0.0/16'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS'
properties: {
addressPrefix: '159.27.28.100/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS01'
properties: {
addressPrefix: '163.228.64.161/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'DirectRouteToKMS02'
properties: {
addressPrefix: '42.159.7.249/32'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
]: []

// PRIVATE DNS ZONE NAMING
var privateDnsZoneNames = {
Expand Down Expand Up @@ -229,7 +354,7 @@ module networksecurityGroupAvd '../../../../avm/1.0.0/res/network/network-securi
priority: 140
access: 'Allow'
description: 'Session host traffic to Windows license activation services'
destinationAddressPrefix: '23.102.135.246'
destinationAddressPrefixes: varWindowsActivationKMSPrefixesNsg
direction: 'Outbound'
sourcePortRange: '*'
destinationPortRange: '1688'
Expand Down Expand Up @@ -304,24 +429,7 @@ module routeTableAvd '../../../../avm/1.0.0/res/network/route-table/main.bicep'
name: avdRouteTableName
location: sessionHostLocation
tags: tags
routes: varCreateAvdStaicRoute ? [
{
name: 'AVDServiceTraffic'
properties: {
addressPrefix: 'WindowsVirtualDesktop'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
{
name: 'AVDStunTurnTraffic'
properties: {
addressPrefix: '20.202.0.0/16'
hasBgpOverride: true
nextHopType: 'Internet'
}
}
] : []
routes: varCreateAvdStaicRoute ? varStaticRoutes : []
}
dependsOn: []
}
Expand Down

0 comments on commit 1a8ed34

Please sign in to comment.