Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
1685 lines (1685 sloc) 64 KB
/*
* Created By: Brent Stineman
* This template provides an example of creating a service fabric cluster with network level security
* isolation between nodes.
*
* Note: the cluster itself is secured using both certificates and Azure AD. When executing the AD setup, note that this template should reference the
* management endpoint for the call back. This URI is formatted as: https://<clustername>mgmnt.<region>.cloudapp.azure.com:19080/Explorer/index.html
*
* This template should be used as an example only.
*
* for more information on this template, please see
* https://brentdacodemonkey.wordpress.com/2016/08/01/network-isolationsecurity-with-azure-service-fabric/
*
* the content of this template borrows from and was inspired by:
* https://github.com/Azure/azure-quickstart-templates/tree/master/service-fabric-secure-cluster-5-node-1-nodetype-wad
*/
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"type": "string",
"metadata": {
"description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only. Also used as a prefix for many resources."
}
},
"adminUserName": {
"type": "string",
"metadata": {
"description": "Virtual Machine administrative user name"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Remote desktop user password. Must be a strong password"
}
},
"fabricTcpGatewayPort": {
"type": "int",
"defaultValue": 19000,
"metadata": {
"description": "Port for TCP Client Connection end point to perform management operations on this cluster"
}
},
"fabricHttpGatewayPort": {
"type": "int",
"defaultValue": 19080,
"metadata": {
"description": "Port for Http Client Connection end point to perform management operations on this cluster"
}
},
"fabricReverseProxyPort": {
"type": "int",
"defaultValue": 19008,
"metadata": {
"description": "Endpoint for Service Fabric Reverse proxy"
}
},
"frontEndLoadBalancedAppPort1": {
"type": "int",
"defaultValue": 80,
"metadata": {
"description": "Front end, public port 1 to use. Replace it with what your application uses"
}
},
"frontEndLoadBalancedAppPort2": {
"type": "int",
"defaultValue": 443,
"metadata": {
"description": "Front end, public port 2 to use. Replace it with what your application uses"
}
},
"backEndLoadBalancedAppPort1": {
"type": "int",
"defaultValue": 80,
"metadata": {
"description": "Back end, private port 1 to use. Replace it with what your application uses"
}
},
"backEndLoadBalancedAppPort2": {
"type": "int",
"defaultValue": 443,
"metadata": {
"description": "Back end, private port 1 to use. Replace it with what your application uses"
}
},
"storageAccountType": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Premium_LRS",
"Premium_GRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Replication option for the VM image storage account"
}
},
"supportLogStorageAccountType": {
"type": "string",
"allowedValues": [
"Standard_LRS",
"Standard_GRS"
],
"defaultValue": "Standard_LRS",
"metadata": {
"description": "Replication option for the support log storage account"
}
},
"vmssDurabilityLevel": {
"type": "string",
"allowedValues": [
"Bronze",
"Silver",
"Gold",
"Platinum"
],
"defaultValue": "Bronze",
"metadata": {
"description": "Durability level of the VM Scale Sets for all nodes"
}
},
"frontEndVMSize": {
"type": "string",
"defaultValue": "Standard_D2",
"metadata": {
"description": "Size/Sku used for the Front End node type instances"
}
},
"frontEndVMInstanceCnt": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "Number of Front End node type instances"
}
},
"backEndVMSize": {
"type": "string",
"defaultValue": "Standard_D2",
"metadata": {
"description": "Size/Sku used for the Back End node type instances"
}
},
"backEndVMInstanceCnt": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "Number of Back End node type instances"
}
},
"mgmntVMSize": {
"type": "string",
"defaultValue": "Standard_D2",
"metadata": {
"description": "Size/Sku used for the Management node type instances"
}
},
"mgmntVMInstanceCnt": {
"type": "int",
"defaultValue": 3,
"metadata": {
"description": "Number of Management node type instances"
}
},
"rdpVMSize": {
"type": "string",
"defaultValue": "Standard_D2",
"metadata": {
"description": "Size/Sku used for the Management node type instances"
}
},
"clusterDurabilityLevel": {
"type": "string",
"allowedValues": [
"Bronze",
"Silver",
"Gold",
"Platinum"
],
"defaultValue": "Bronze",
"metadata": {
"description": "Durability level of all Service Fabric node types"
}
},
"clusterProtectionLevel": {
"type": "string",
"allowedValues": [
"None",
"Sign",
"EncryptAndSign"
],
"defaultValue": "EncryptAndSign",
"metadata": {
"description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to"
}
},
"clusterReliabilityLevel": {
"type": "string",
"allowedValues": [
"Bronze",
"Silver",
"Gold",
"Platinum"
],
"defaultValue": "Bronze",
"metadata": {
"description": "Reliability level for all Service Fabric node types"
}
},
/* new values for the secure cluster */
"sourceVaultRef": {
"type": "string",
"metadata": {
"description": "The Azure resource reference ID of the Key Vault that contains the certificate that will be used by this cluster for node/client security"
}
},
"clusterCertificateStorevalue": {
"type": "string",
"defaultValue": "My",
"metadata": {
"description": "The certificate store to be used to store the certificate on the node instance"
}
},
"clusterCertificateUrlValue": {
"type": "string",
"metadata": {
"description": "The URL of the certificate in the Key Vault to be used by the Service Fabric extension to secure node communications"
}
},
"clusterCertificateThumbprint": {
"type": "string",
"metadata": {
"description": "The thumbprint of the certification to be used for cluster authentication and the management endpoints (should be thumbprint of cert referred to by URL)"
}
},
"aadTenantId": {
"type": "string",
"metadata": {
"description": "The tenant ID of the Azure Active Directory for management endpoint username/password authentication"
}
},
"aadClusterApplicationId": {
"type": "string",
"metadata": {
"description": "The Cluster Application ID in Azure Active Directory for management endpoint username/password authentication"
}
},
"aadClientApplicationId": {
"type": "string",
"metadata": {
"description": "The Application ID of the Azure Active Directory for management endpoint username/password authentication"
}
}
},
"variables": {
"saSuffix" : "[tolower(concat(parameters('clusterName'), 'sa'))]",
/* storage accounts used by the VM scale set */
"uniqueStringArray": [
"[concat(uniqueString(concat(resourceGroup().id, variables('saSuffix'), '0')))]",
"[concat(uniqueString(concat(resourceGroup().id, variables('saSuffix'), '1')))]",
"[concat(uniqueString(concat(resourceGroup().id, variables('saSuffix'), '2')))]",
"[concat(uniqueString(concat(resourceGroup().id, variables('saSuffix'), '3')))]",
"[concat(uniqueString(concat(resourceGroup().id, variables('saSuffix'), '4')))]"
],
"saCount": "[length(variables('uniqueStringArray'))]",
"vmStorageAccountContainerName": "vhds",
/* cluster node type OS image */
"nodeImageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2012-R2-Datacenter",
"version": "latest"
},
/* virtual network configuration */
"virtualNetworkName": "[concat(parameters('clusterName'), 'Vnet')]",
"addressPrefix": "10.0.0.0/16",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"overProvision": "false",
"supportLogStorageAccountName": "[toLower( concat( uniqueString(resourceGroup().id),'2'))]",
"subnetFrontEnd" : {
"Name": "FrontEnd",
"CIDR": "10.0.1.0/24",
"Ref": "[concat(variables('vnetID'),'/subnets/FrontEnd')]"
},
"subnetBackEnd" : {
"Name": "BackEnd",
"CIDR": "10.0.2.0/24",
"Ref": "[concat(variables('vnetID'),'/subnets/BackEnd')]"
},
"subnetManagement" : {
"Name": "Management",
"CIDR": "10.0.3.0/24",
"Ref": "[concat(variables('vnetID'),'/subnets/Management')]"
},
/* Front End Public IP and Load Balancer settings */
"ipFrontEnd" : {
"Name": "[concat(parameters('clusterName'), '_FrontEndIP')]",
"AddressType": "Dynamic",
"DNS": "[toLower(concat(parameters('clusterName'), 'FrontEnd'))]"
},
"lbidFrontEnd": "[resourceId('Microsoft.Network/loadBalancers','FrontEndLoadBalancer')]",
"lbFrontEnd" : {
"Name": "FrontEndLoadBalancer",
"IPConfig": "[concat(variables('lbidFrontEnd'),'/frontendIPConfigurations/LoadBalancerIPConfig')]",
"PoolID": "[concat(variables('lbidFrontEnd'),'/backendAddressPools/LoadBalancerBEAddressPool')]",
"ProbeID": "[concat(variables('lbidFrontEnd'),'/probes/FabricGatewayProbe')]",
"HttpProbeID": "[concat(variables('lbidFrontEnd'),'/probes/FabricHttpGatewayProbe')]"
},
/* Back End Load Balancer settings, uses a private IP from that subnet */
"lbidBackEnd": "[resourceId('Microsoft.Network/loadBalancers','BackEndLoadBalancer')]",
"lbBackEnd" : {
"Name": "BackEndLoadBalancer",
"lbIPAddress" : "10.0.2.4",
"IPConfig": "[concat(variables('lbidBackEnd'),'/frontendIPConfigurations/LoadBalancerFrontend-internal')]",
"PoolID": "[concat(variables('lbidBackEnd'),'/backendAddressPools/LoadBalancerBEAddressPool')]",
"ProbeID": "[concat(variables('lbidBackEnd'),'/probes/FabricGatewayProbe')]",
"HttpProbeID": "[concat(variables('lbidBackEnd'),'/probes/FabricHttpGatewayProbe')]"
},
/* Management zone Public IP and Load Balancer settings */
"ipMgmnt" : {
"Name": "[concat(parameters('clusterName'), '_MgmntIP')]",
"AddressType": "Dynamic",
"DNS": "[toLower(concat(parameters('clusterName'), 'Mgmnt'))]"
},
"lbidMgmnt": "[resourceId('Microsoft.Network/loadBalancers','MgmntLoadBalancer')]",
"lbMgmnt" : {
"Name": "MgmntLoadBalancer",
"IPConfig": "[concat(variables('lbidMgmnt'),'/frontendIPConfigurations/LoadBalancerIPConfig')]",
"PoolID": "[concat(variables('lbidMgmnt'),'/backendAddressPools/LoadBalancerBEAddressPool')]",
"ProbeID": "[concat(variables('lbidMgmnt'),'/probes/FabricGatewayProbe')]",
"HttpProbeID": "[concat(variables('lbidMgmnt'),'/probes/FabricHttpGatewayProbe')]"
},
/* settings for each node type (vm scale set) */
"nodesFrontEnd" : {
"TypeName": "FrontEnd",
"TypeSize": "[parameters('frontEndVMSize')]",
"Capacity": "[parameters('frontEndVMInstanceCnt')]",
"nicName": "nicFrontEnd"
},
"nodesBackEnd" : {
"TypeName": "BackEnd",
"TypeSize": "[parameters('backEndVMSize')]",
"Capacity": "[parameters('backEndVMInstanceCnt')]",
"nicName": "nicBackEnd"
},
"nodesMgmnt" : {
"TypeName": "Mgmnt",
"TypeSize": "[parameters('mgmntVMSize')]",
"Capacity": "[parameters('mgmntVMInstanceCnt')]",
"nicName": "nicMgmnt"
},
/* fabric cluster port settings */
"svcFabCluster" : {
"tcpGatewayPort": "[parameters('fabricTcpGatewayPort')]",
"httpGatewayPort": "[parameters('fabricHttpGatewayPort')]",
"reverseProxyPort": "[parameters('fabricReverseProxyPort')]",
"clusterPorts" : "1025-1027",
"applicationStartPort": "20000",
"applicationEndPort": "30000",
"ephemeralStartPort": "49152",
"ephemeralEndPort": "65534"
},
/* RDP Jump box settings, uses public IP and a private IP from the management subnet */
"rdpMachine" : {
"Name": "[concat(parameters('clusterName'), '-vmRDP')]",
"nicName": "[concat(parameters('clusterName'), '-nicRDP')]",
"pipName" : "[concat(parameters('clusterName'),'-pipRDP')]",
"AddressType": "Static",
"ipAddr" : "10.0.3.4",
"DNS": "[toLower(concat(parameters('clusterName'), 'RDP'))]",
"TypeSize" : "[parameters('rdpVMSize')]"
}
},
"resources": [
/* Storage accounts used by the solution */
{
"comments" : "loop through and create each of the storage accounts for the VM Scale Sets",
"apiVersion": "2015-06-15",
"type": "Microsoft.Storage/storageAccounts",
"name": "[concat(variables('uniqueStringArray')[copyIndex()], variables('saSuffix'))]",
"location": "[resourceGroup().location]",
"copy": {
"name": "storageLoop",
"count": "[variables('saCount')]"
},
"properties": {
"accountType": "[parameters('storageAccountType')]"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
{
"comments" : "create a single storage account for VM logs/diagnostics and the jump box OS disk",
"apiVersion": "2015-06-15",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('supportLogStorageAccountName')]",
"location": "[resourceGroup().location]",
"properties": {
"accountType": "[parameters('supportLogStorageAccountType')]"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* Network Security Group for the management subnet */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat('nsg', variables('subnetManagement')['Name'])]",
"location": "[resourceGroup().location]",
"properties" : {
"securityRules": [
{
"comments" : "allow port used to access the fabric cluster web portal",
"name": "allowSvcFabPortal",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[variables('svcFabCluster')['httpGatewayPort']]",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3900,
"direction": "Inbound"
}
},
{
"comments" : "allow port used by the fabric client (includes powershell)",
"name": "allowSvcFabClient",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[variables('svcFabCluster')['tcpGatewayPort']]",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3910,
"direction": "Inbound"
}
},
{
"comments" : "allow ports within vnet that are used by the fabric to talk between nodes",
"name": "allowSvcFabCluser",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[variables('svcFabCluster')['clusterPorts']]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3920,
"direction": "Inbound"
}
},
{
"comments" : "allow fabric ephemeral ports within the vnet",
"name": "allowSvcFabEphemeral",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[concat(variables('svcFabCluster')['ephemeralStartPort'], '-', variables('svcFabCluster')['ephemeralEndPort'])]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3930,
"direction": "Inbound"
}
},
{
"comments" : "allow SMB traffic within the net, used by fabric to move packages around",
"name": "allowSvcFabSMB",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "445",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3940,
"direction": "Inbound"
}
},
{
"comments" : "allow RDP within the net",
"name": "allowVNetRDP",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3950,
"direction": "Inbound"
}
},
{
"comments" : "allow RDP into the Jumpbox from the internet",
"name": "allowJumpBoxRDP",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "[variables('rdpMachine')['ipAddr']]",
"access": "Allow",
"priority": 3960,
"direction": "Inbound"
}
},
{
"comments" : "block all traffic except what we've explicitly allowed",
"name": "blockAll",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4000,
"direction": "Inbound"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* Network Security Group for the front end subnet */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat('nsg', variables('subnetFrontEnd')['Name'])]",
"location": "[resourceGroup().location]",
"properties" : {
"securityRules": [
{
"comments" : "allow public application port 1",
"name": "allowAppPort1",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[parameters('frontEndLoadBalancedAppPort1')]",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 2000,
"direction": "Inbound"
}
},
{
"comments" : "allow public application port 2",
"name": "allowAppPort2",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[parameters('frontEndLoadBalancedAppPort2')]",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 2010,
"direction": "Inbound"
}
},
{
"comments" : "allow ports within vnet that are used by the fabric to talk between nodes",
"name": "allowSvcFabCluser",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[variables('svcFabCluster')['clusterPorts']]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3920,
"direction": "Inbound"
}
},
{
"comments" : "allow fabric ephemeral ports within the vnet",
"name": "allowSvcFabEphemeral",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[concat(variables('svcFabCluster')['ephemeralStartPort'], '-', variables('svcFabCluster')['ephemeralEndPort'])]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3930,
"direction": "Inbound"
}
},
{
"comments" : "allow SMB traffic within the net, used by fabric to move packages around",
"name": "allowSvcFabSMB",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "445",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3940,
"direction": "Inbound"
}
},
{
"comments" : "allow RDP within the net",
"name": "allowVNetRDP",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3950,
"direction": "Inbound"
}
},
{
"comments" : "block all traffic except what we've explicitly allowed",
"name": "blockAll",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4000,
"direction": "Inbound"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* Network Security Group for the back end subnet */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[concat('nsg', variables('subnetBackEnd')['Name'])]",
"location": "[resourceGroup().location]",
"properties" : {
"securityRules": [
{
"comments" : "allow private application port 1 within the Vnet",
"name": "allowAppPort1",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[parameters('backEndLoadBalancedAppPort1')]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 2000,
"direction": "Inbound"
}
},
{
"comments" : "allow private application port 2 within the Vnet",
"name": "allowAppPort2",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[parameters('backEndLoadBalancedAppPort2')]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 2010,
"direction": "Inbound"
}
},
{
"comments" : "allow ports within vnet that are used by the fabric to talk between nodes",
"name": "allowSvcFabCluser",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[variables('svcFabCluster')['clusterPorts']]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3920,
"direction": "Inbound"
}
},
{
"comments" : "allow fabric ephemeral ports within the vnet",
"name": "allowSvcFabEphemeral",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[concat(variables('svcFabCluster')['ephemeralStartPort'], '-', variables('svcFabCluster')['ephemeralEndPort'])]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3930,
"direction": "Inbound"
}
},
{
"comments" : "allow SMB traffic within the net, used by fabric to move packages around",
"name": "allowSvcFabSMB",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "445",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3940,
"direction": "Inbound"
}
},
{
"comments" : "allow RDP within the net",
"name": "allowVNetRDP",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3950,
"direction": "Inbound"
}
},
{
"comments" : "allow fabric application ports within the vnet",
"name": "allowSvcFabApplication",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "[concat(variables('svcFabCluster')['applicationStartPort'], '-', variables('svcFabCluster')['applicationEndPort'])]",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 3960,
"direction": "Inbound"
}
},
{
"comments" : "block all traffic except what we've explicitly allowed",
"name": "blockAll",
"properties": {
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4000,
"direction": "Inbound"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* virtual network with 3 subnets for each 'zone' of the cluster */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/networkSecurityGroups/', concat('nsg', variables('subnetManagement')['Name']))]",
"[concat('Microsoft.Network/networkSecurityGroups/', concat('nsg', variables('subnetFrontEnd')['Name']))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('addressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('subnetFrontEnd')['Name']]",
"properties": {
"addressPrefix": "[variables('subnetFrontEnd')['CIDR']]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat('nsg', variables('subnetFrontEnd')['Name']))]"
}
}
},
{
"name": "[variables('subnetBackEnd')['Name']]",
"properties": {
"addressPrefix": "[variables('subnetBackEnd')['CIDR']]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat('nsg', variables('subnetBackEnd')['Name']))]"
}
}
},
{
"name": "[variables('subnetManagement')['Name']]",
"properties": {
"addressPrefix": "[variables('subnetManagement')['CIDR']]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat('nsg', variables('subnetManagement')['Name']))]"
}
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* public IP for the front end application endpoints */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('ipFrontEnd')['Name']]",
"location": "[resourceGroup().location]",
"properties": {
"dnsSettings": {
"domainNameLabel": "[variables('ipFrontEnd')['DNS']]"
},
"publicIPAllocationMethod": "[variables('ipFrontEnd')['AddressType']]"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* public IP for the cluster management endpoints */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('ipMgmnt')['Name']]",
"location": "[resourceGroup().location]",
"properties": {
"dnsSettings": {
"domainNameLabel": "[variables('ipMgmnt')['DNS']]"
},
"publicIPAllocationMethod": "[variables('ipMgmnt')['AddressType']]"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* public front end load balancer */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/loadBalancers",
"name": "[variables('lbFrontEnd')['Name']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/',variables('ipFrontEnd')['Name'])]"
],
"properties": {
"frontendIPConfigurations": [
{
"name": "LoadBalancerIPConfig",
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('ipFrontEnd')['Name'])]"
}
}
}
],
"backendAddressPools": [
{
"name": "LoadBalancerBEAddressPool"
}
],
"loadBalancingRules": [
{
"name": "AppPortLBRule1",
"properties": {
"backendAddressPool": {
"id": "[variables('lbFrontEnd')['PoolID']]"
},
"backendPort": "[parameters('frontEndLoadBalancedAppPort1')]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[variables('lbFrontEnd')['IPConfig']]"
},
"frontendPort": "[parameters('frontEndLoadBalancedAppPort1')]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidFrontEnd'),'/probes/AppPortProbe1')]"
},
"protocol": "Tcp"
}
},
{
"name": "AppPortLBRule2",
"properties": {
"backendAddressPool": {
"id": "[variables('lbFrontEnd')['PoolID']]"
},
"backendPort": "[parameters('frontEndLoadBalancedAppPort2')]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[variables('lbFrontEnd')['IPConfig']]"
},
"frontendPort": "[parameters('frontEndLoadBalancedAppPort2')]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidFrontEnd'),'/probes/AppPortProbe2')]"
},
"protocol": "Tcp"
}
}
],
"probes": [
{
"name": "AppPortProbe1",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[parameters('frontEndLoadBalancedAppPort1')]",
"protocol": "Tcp"
}
},
{
"name": "AppPortProbe2",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[parameters('frontEndLoadBalancedAppPort2')]",
"protocol": "Tcp"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* private/internal back end load balancer with a private IP (internal load balancer) */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/loadBalancers",
"name": "[variables('lbBackEnd')['Name']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"frontendIPConfigurations": [
{
"name": "LoadBalancerFrontend-internal",
"properties": {
"subnet": {
"id": "[variables('subnetBackEnd')['Ref']]"
},
"comments" : "bound to private IP within the back end subnet",
"privateIPAddress": "[variables('lbBackEnd')['lbIPAddress']]",
"privateIPAllocationMethod": "Static"
}
}
],
"backendAddressPools": [
{
"name": "LoadBalancerBEAddressPool"
}
],
"loadBalancingRules": [
{
"name": "AppPortLBRule1",
"properties": {
"backendAddressPool": {
"id": "[variables('lbBackEnd')['PoolID']]"
},
"backendPort": "[parameters('backEndLoadBalancedAppPort1')]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[variables('lbBackEnd')['IPConfig']]"
},
"frontendPort": "[parameters('backEndLoadBalancedAppPort1')]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidBackEnd'),'/probes/AppPortProbe1')]"
},
"protocol": "Tcp"
}
},
{
"name": "AppPortLBRule2",
"properties": {
"backendAddressPool": {
"id": "[variables('lbBackEnd')['PoolID']]"
},
"backendPort": "[parameters('backEndLoadBalancedAppPort2')]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[variables('lbBackEnd')['IPConfig']]"
},
"frontendPort": "[parameters('backEndLoadBalancedAppPort2')]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidBackEnd'),'/probes/AppPortProbe2')]"
},
"protocol": "Tcp"
}
}
],
"probes": [
{
"name": "AppPortProbe1",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[parameters('backEndLoadBalancedAppPort1')]",
"protocol": "Tcp"
}
},
{
"name": "AppPortProbe2",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[parameters('backEndLoadBalancedAppPort2')]",
"protocol": "Tcp"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* cluster management endpoint load balancer */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/loadBalancers",
"name": "[variables('lbMgmnt')['Name']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/',variables('ipMgmnt')['Name'])]"
],
"properties": {
"frontendIPConfigurations": [
{
"name": "LoadBalancerIPConfig",
"properties": {
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('ipMgmnt')['Name'])]"
}
}
}
],
"backendAddressPools": [
{
"name": "LoadBalancerBEAddressPool"
}
],
"loadBalancingRules": [
{
"name": "LBRule",
"properties": {
"backendAddressPool": {
"id": "[variables('lbMgmnt')['PoolID']]"
},
"backendPort": "[variables('svcFabCluster')['tcpGatewayPort']]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[concat(variables('lbidMgmnt'),'/frontendIPConfigurations/LoadBalancerIPConfig')]"
},
"frontendPort": "[variables('svcFabCluster')['tcpGatewayPort']]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidMgmnt'),'/probes/tcpRuleProbe')]"
},
"protocol": "Tcp"
}
},
{
"name": "LBHttpRule",
"properties": {
"backendAddressPool": {
"id": "[variables('lbMgmnt')['PoolID']]"
},
"backendPort": "[variables('svcFabCluster')['httpGatewayPort']]",
"enableFloatingIP": false,
"frontendIPConfiguration": {
"id": "[concat(variables('lbidMgmnt'),'/frontendIPConfigurations/LoadBalancerIPConfig')]"
},
"frontendPort": "[variables('svcFabCluster')['httpGatewayPort']]",
"idleTimeoutInMinutes": 5,
"probe": {
"id": "[concat(variables('lbidMgmnt'),'/probes/httpRuleProbe')]"
},
"protocol": "Tcp"
}
}
],
"probes": [
{
"name": "tcpRuleProbe",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[variables('svcFabCluster')['tcpGatewayPort']]",
"protocol": "Tcp"
}
},
{
"name": "httpRuleProbe",
"properties": {
"intervalInSeconds": 5,
"numberOfProbes": 2,
"port": "[variables('svcFabCluster')['httpGatewayPort']]",
"protocol": "Tcp"
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* VM Scale Set for front end nodes */
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('nodesFrontEnd')['TypeName']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[0], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[1], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[2], variables('saSuffix'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('lbFrontEnd')['Name'])]"
],
"properties": {
"overprovision": "[variables('overProvision')]",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [
{
"name": "[concat('ServiceFabricNodeVmExt',variables('nodesFrontEnd')['TypeName'])]",
"properties": {
"type": "ServiceFabricNode",
"autoUpgradeMinorVersion": false,
"protectedSettings": {
"StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key1]",
"StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key2]"
},
"publisher": "Microsoft.Azure.ServiceFabric",
"settings": {
"clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
"nodeTypeRef": "[variables('nodesFrontEnd')['TypeName']]",
"dataPath": "D:\\\\SvcFab",
"durabilityLevel": "[parameters('vmssDurabilityLevel')]",
"certificate": {
"thumbprint": "[parameters('clusterCertificateThumbprint')]",
"x509StoreName": "[parameters('clusterCertificateStoreValue')]"
}
},
"typeHandlerVersion": "1.0"
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nodesFrontEnd')['nicName']]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('nodesFrontEnd')['nicName'],'-',0)]",
"properties": {
"loadBalancerBackendAddressPools": [
{
"id": "[variables('lbFrontEnd')['PoolID']]"
}
],
"subnet": {
"id": "[variables('subnetFrontEnd')['Ref']]"
}
}
}
],
"primary": true
}
}
]
},
"osProfile": {
"adminPassword": "[parameters('adminPassword')]",
"adminUsername": "[parameters('adminUserName')]",
"computernamePrefix": "[variables('nodesFrontEnd')['TypeName']]",
"secrets": [
{
"sourceVault": {
"id": "[parameters('sourceVaultRef')]"
},
"vaultCertificates": [
{
"certificateUrl": "[parameters('clusterCertificateUrlValue')]",
"certificateStore": "[parameters('clusterCertificateStorevalue')]"
}
]
}
]
},
"storageProfile": {
"imageReference": "[variables('nodeImageReference')]",
"osDisk": {
"vhdContainers": [
"[concat('https://', variables('uniqueStringArray')[0], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[1], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[2], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]"
],
"name": "vmssosdisk",
"caching": "ReadOnly",
"createOption": "FromImage"
}
}
}
},
"sku": {
"name": "[variables('nodesFrontEnd')['TypeSize']]",
"capacity": "[variables('nodesFrontEnd')['Capacity']]",
"tier": "Standard"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* VM Scale Set for back end nodes */
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('nodesBackEnd')['TypeName']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[0], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[1], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[2], variables('saSuffix'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('lbBackEnd')['Name'])]"
],
"properties": {
"overprovision": "[variables('overProvision')]",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [
{
"name": "[concat('ServiceFabricNodeVmExt',variables('nodesBackEnd')['TypeName'])]",
"properties": {
"type": "ServiceFabricNode",
"autoUpgradeMinorVersion": false,
"protectedSettings": {
"StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key1]",
"StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key2]"
},
"publisher": "Microsoft.Azure.ServiceFabric",
"settings": {
"clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
"nodeTypeRef": "[variables('nodesBackEnd')['TypeName']]",
"dataPath": "D:\\\\SvcFab",
"durabilityLevel": "[parameters('vmssDurabilityLevel')]",
"certificate": {
"thumbprint": "[parameters('clusterCertificateThumbprint')]",
"x509StoreName": "[parameters('clusterCertificateStoreValue')]"
}
},
"typeHandlerVersion": "1.0"
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nodesBackEnd')['nicName']]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('nodesBackEnd')['nicName'],'-',0)]",
"properties": {
"loadBalancerBackendAddressPools": [
{
"id": "[variables('lbBackEnd')['PoolID']]"
}
],
"subnet": {
"id": "[variables('subnetBackEnd')['Ref']]"
}
}
}
],
"primary": true
}
}
]
},
"osProfile": {
"adminPassword": "[parameters('adminPassword')]",
"adminUsername": "[parameters('adminUserName')]",
"computernamePrefix": "[variables('nodesBackEnd')['TypeName']]",
"secrets": [
{
"sourceVault": {
"id": "[parameters('sourceVaultRef')]"
},
"vaultCertificates": [
{
"certificateUrl": "[parameters('clusterCertificateUrlValue')]",
"certificateStore": "[parameters('clusterCertificateStorevalue')]"
}
]
}
]
},
"storageProfile": {
"imageReference": "[variables('nodeImageReference')]",
"osDisk": {
"vhdContainers": [
"[concat('https://', variables('uniqueStringArray')[0], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[1], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[2], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]"
],
"name": "vmssosdisk",
"caching": "ReadOnly",
"createOption": "FromImage"
}
}
}
},
"sku": {
"name": "[variables('nodesBackEnd')['TypeSize']]",
"capacity": "[variables('nodesBackEnd')['Capacity']]",
"tier": "Standard"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* VM Scale Set for management nodes */
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"name": "[variables('nodesMgmnt')['TypeName']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[0], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[1], variables('saSuffix'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray')[2], variables('saSuffix'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
"[concat('Microsoft.Network/loadBalancers/', variables('lbMgmnt')['Name'])]"
],
"properties": {
"overprovision": "[variables('overProvision')]",
"upgradePolicy": {
"mode": "Automatic"
},
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [
{
"name": "[concat('ServiceFabricNodeVmExt',variables('nodesMgmnt')['TypeName'])]",
"properties": {
"type": "ServiceFabricNode",
"autoUpgradeMinorVersion": false,
"protectedSettings": {
"StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key1]",
"StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-06-15').key2]"
},
"publisher": "Microsoft.Azure.ServiceFabric",
"settings": {
"clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
"nodeTypeRef": "[variables('nodesMgmnt')['TypeName']]",
"dataPath": "D:\\\\SvcFab",
"durabilityLevel": "[parameters('vmssDurabilityLevel')]",
"certificate": {
"thumbprint": "[parameters('clusterCertificateThumbprint')]",
"x509StoreName": "[parameters('clusterCertificateStoreValue')]"
}
},
"typeHandlerVersion": "1.0"
}
}
]
},
"networkProfile": {
"networkInterfaceConfigurations": [
{
"name": "[variables('nodesMgmnt')['nicName']]",
"properties": {
"ipConfigurations": [
{
"name": "[concat(variables('nodesMgmnt')['nicName'],'-',0)]",
"properties": {
"loadBalancerBackendAddressPools": [
{
"id": "[variables('lbMgmnt')['PoolID']]"
}
],
"subnet": {
"id": "[variables('subnetManagement')['Ref']]"
}
}
}
],
"primary": true
}
}
]
},
"osProfile": {
"adminPassword": "[parameters('adminPassword')]",
"adminUsername": "[parameters('adminUserName')]",
"computernamePrefix": "[variables('nodesMgmnt')['TypeName']]",
"secrets": [
{
"sourceVault": {
"id": "[parameters('sourceVaultRef')]"
},
"vaultCertificates": [
{
"certificateUrl": "[parameters('clusterCertificateUrlValue')]",
"certificateStore": "[parameters('clusterCertificateStorevalue')]"
}
]
}
]
},
"storageProfile": {
"imageReference": "[variables('nodeImageReference')]",
"osDisk": {
"vhdContainers": [
"[concat('https://', variables('uniqueStringArray')[0], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[1], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]",
"[concat('https://', variables('uniqueStringArray')[2], variables('saSuffix'), '.blob.core.windows.net/', variables('vmStorageAccountContainerName'))]"
],
"name": "vmssosdisk",
"caching": "ReadOnly",
"createOption": "FromImage"
}
}
}
},
"sku": {
"name": "[variables('nodesMgmnt')['TypeSize']]",
"capacity": "[variables('nodesMgmnt')['Capacity']]",
"tier": "Standard"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* service fabric cluster definition */
{
"apiVersion": "2016-03-01",
"type": "Microsoft.ServiceFabric/clusters",
"name": "[parameters('clusterName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]"
],
"properties": {
"certificate": {
"thumbprint": "[parameters('clusterCertificateThumbprint')]",
"x509StoreName": "[parameters('clusterCertificateStoreValue')]"
},
"azureActiveDirectory": {
"tenantId": "[parameters('aadTenantId')]",
"clusterApplication": "[parameters('aadClusterApplicationId')]",
"clientApplication": "[parameters('aadClientApplicationId')]"
},
"clientCertificateCommonNames": [ ],
"clientCertificateThumbprints": [ ],
"clusterState": "Default",
"diagnosticsStorageAccountConfig": {
"blobEndpoint": "[concat('https://',variables('supportLogStorageAccountName'),'.blob.core.windows.net/')]",
"protectedAccountKeyName": "StorageAccountKey1",
"queueEndpoint": "[concat('https://',variables('supportLogStorageAccountName'),'.queue.core.windows.net/')]",
"storageAccountName": "[variables('supportLogStorageAccountName')]",
"tableEndpoint": "[concat('https://',variables('supportLogStorageAccountName'),'.table.core.windows.net/')]"
},
"fabricSettings": [
{
"name": "Security",
"parameters": [
{
"name": "ClusterProtectionLevel",
"value": "[parameters('clusterProtectionLevel')]"
}
]
}
],
"managementEndpoint": "[concat('https://',reference(variables('ipMgmnt')['Name']).dnsSettings.fqdn,':',variables('svcFabCluster')['httpGatewayPort'])]",
"nodeTypes": [
{
"name": "[variables('nodesFrontEnd')['TypeName']]",
"applicationPorts": {
"endPort": "[variables('svcFabCluster')['applicationEndPort']]",
"startPort": "[variables('svcFabCluster')['applicationStartPort']]"
},
"clientConnectionEndpointPort": "[variables('svcFabCluster')['tcpGatewayPort']]",
"durabilityLevel": "[parameters('clusterDurabilityLevel')]",
"ephemeralPorts": {
"endPort": "[variables('svcFabCluster')['ephemeralEndPort']]",
"startPort": "[variables('svcFabCluster')['ephemeralStartPort']]"
},
"httpGatewayEndpointPort": "[variables('svcFabCluster')['httpGatewayPort']]",
"reverseProxyEndpointPort": "[variables('svcFabCluster')['reverseProxyPort']]",
"isPrimary": false,
"comments" : "customize the placement properties for this node type",
"placementProperties": {
"isDMZ": "true"
},
"vmInstanceCount": "[variables('nodesFrontEnd')['capacity']]"
},
{
"name": "[variables('nodesBackEnd')['TypeName']]",
"applicationPorts": {
"endPort": "[variables('svcFabCluster')['applicationEndPort']]",
"startPort": "[variables('svcFabCluster')['applicationStartPort']]"
},
"clientConnectionEndpointPort": "[variables('svcFabCluster')['tcpGatewayPort']]",
"durabilityLevel": "[parameters('clusterDurabilityLevel')]",
"ephemeralPorts": {
"endPort": "[variables('svcFabCluster')['ephemeralEndPort']]",
"startPort": "[variables('svcFabCluster')['ephemeralStartPort']]"
},
"httpGatewayEndpointPort": "[variables('svcFabCluster')['httpGatewayPort']]",
"reverseProxyEndpointPort": "[variables('svcFabCluster')['reverseProxyPort']]",
"isPrimary": false,
"placementProperties": {
"isDMZ": "false"
},
"vmInstanceCount": "[variables('nodesBackEnd')['capacity']]"
},
{
"name": "[variables('nodesMgmnt')['TypeName']]",
"applicationPorts": {
"endPort": "[variables('svcFabCluster')['applicationEndPort']]",
"startPort": "[variables('svcFabCluster')['applicationStartPort']]"
},
"clientConnectionEndpointPort": "[variables('svcFabCluster')['tcpGatewayPort']]",
"durabilityLevel": "[parameters('clusterDurabilityLevel')]",
"ephemeralPorts": {
"endPort": "[variables('svcFabCluster')['ephemeralEndPort']]",
"startPort": "[variables('svcFabCluster')['ephemeralStartPort']]"
},
"httpGatewayEndpointPort": "[variables('svcFabCluster')['httpGatewayPort']]",
"reverseProxyEndpointPort": "[variables('svcFabCluster')['reverseProxyPort']]",
"isPrimary": true,
"placementProperties": {
"isDMZ": "false"
},
"vmInstanceCount": "[variables('nodesMgmnt')['capacity']]"
}
],
"provisioningState": "Default",
"reliabilityLevel": "[parameters('clusterReliabilityLevel')]",
"vmImage": "Windows"
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* public ip for RDP jump box */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('rdpMachine')['pipName']]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "[variables('rdpMachine')['AddressType']]",
"dnsSettings": {
"domainNameLabel": "[toLower(variables('rdpMachine')['DNS'])]"
}
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* Network interface for RDP jump box */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('rdpMachine')['nicName']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('rdpMachine')['pipName'])]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"privateIPAddress": "[variables('rdpMachine')['ipAddr']]",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('rdpMachine')['pipName'])]"
},
"subnet": {
"id": "[variables('subnetManagement')['Ref']]"
}
}
}
]
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
},
/* RDP jump box */
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines",
"name": "[variables('rdpMachine')['Name']]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
"[concat('Microsoft.Network/networkInterfaces/', variables('rdpMachine')['nicName'])]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[variables('rdpMachine')['TypeSize']]"
},
"osProfile": {
"computerName": "[variables('rdpMachine')['Name']]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": "[variables('nodeImageReference')]",
"osDisk": {
"name": "osdisk",
"vhd": {
"uri": "[concat('https://',variables('supportLogStorageAccountName'),'.blob.core.windows.net/vhds/', variables('rdpMachine')['Name'], '-osdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('rdpMachine')['nicName'])]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": "true",
"storageUri": "[concat('https://',variables('supportLogStorageAccountName'),'.blob.core.windows.net')]"
}
}
},
"tags": {
"clusterName": "[parameters('clusterName')]"
}
}
],
"outputs": {
"clusterProperties": {
"value": "[reference(parameters('clusterName'))]",
"type": "object"
}
}
}