Skip to content

Commit 6f56a7d

Browse files
Prekshith-MicrosoftPrekshith-Microsoft
authored
fix: Optimize the network module for Researcher (#714)
* optimize the network module * Updated the admincredentials * Updated the alignment
1 parent 3ac803f commit 6f56a7d

File tree

7 files changed

+466
-813
lines changed

7 files changed

+466
-813
lines changed

infra/main.bicep

Lines changed: 109 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -82,13 +82,11 @@ param enableRedundancy bool = false
8282

8383
@description('Optional. Admin username for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')
8484
@secure()
85-
//param vmAdminUsername string = take(newGuid(), 20)
86-
param vmAdminUsername string = ''
85+
param virtualMachineAdminUsername string = ''
8786

8887
@description('Optional. Admin password for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.')
8988
@secure()
90-
//param vmAdminPassword string = newGuid()
91-
param vmAdminPassword string = ''
89+
param virtualMachineAdminPassword string = ''
9290

9391
@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.')
9492
param vmSize string = 'Standard_DS2_v2' // Default VM size
@@ -177,20 +175,106 @@ module roleAssignment 'br/public:avm/res/authorization/role-assignment/rg-scope:
177175
}
178176
}
179177

180-
module network 'modules/network.bicep' = if (enablePrivateNetworking) {
181-
name: take('module.network.${solutionSuffix}', 64)
178+
module virtualNetwork 'modules/virtualNetwork.bicep' = if (enablePrivateNetworking) {
179+
name: take('module.virtualNetwork.${solutionSuffix}', 64)
182180
params: {
183-
resourcesName: solutionSuffix
184-
logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId
185-
vmAdminUsername: empty(vmAdminUsername) ? 'JumpboxAdminUser' : vmAdminUsername
186-
vmAdminPassword: empty(vmAdminPassword) ? 'JumpboxAdminP@ssw0rd1234!' : vmAdminPassword
187-
vmSize: empty(vmSize) ? 'Standard_DS2_v2' : vmSize
181+
name: 'vnet-${solutionSuffix}'
182+
addressPrefixes: ['10.0.0.0/20'] // 4096 addresses (enough for 8 /23 subnets or 16 /24)
188183
location: location
189184
tags: allTags
185+
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
186+
resourceSuffix: solutionSuffix
190187
enableTelemetry: enableTelemetry
191188
}
192189
}
190+
// Azure Bastion Host
191+
var bastionHostName = 'bas-${solutionSuffix}'
192+
module bastionHost 'br/public:avm/res/network/bastion-host:0.6.1' = if (enablePrivateNetworking) {
193+
name: take('avm.res.network.bastion-host.${bastionHostName}', 64)
194+
params: {
195+
name: bastionHostName
196+
skuName: 'Standard'
197+
location: location
198+
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
199+
diagnosticSettings: [
200+
{
201+
name: 'bastionDiagnostics'
202+
workspaceResourceId: logAnalyticsWorkspaceResourceId
203+
logCategoriesAndGroups: [
204+
{
205+
categoryGroup: 'allLogs'
206+
enabled: true
207+
}
208+
]
209+
}
210+
]
211+
tags: tags
212+
enableTelemetry: enableTelemetry
213+
publicIPAddressObject: {
214+
name: 'pip-${bastionHostName}'
215+
zones: []
216+
}
217+
}
218+
}
193219

220+
// Jumpbox Virtual Machine
221+
var jumpboxVmName = take('vm-jumpbox-${solutionSuffix}', 15)
222+
module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.15.0' = if (enablePrivateNetworking) {
223+
name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64)
224+
params: {
225+
name: take(jumpboxVmName, 15) // Shorten VM name to 15 characters to avoid Azure limits
226+
vmSize: vmSize ?? 'Standard_DS2_v2'
227+
location: location
228+
adminUsername: !empty(virtualMachineAdminUsername) ? virtualMachineAdminUsername : 'JumpboxAdminUser'
229+
adminPassword: !empty(virtualMachineAdminPassword) ? virtualMachineAdminPassword : 'JumpboxAdminP@ssw0rd1234!'
230+
tags: tags
231+
zone: 0
232+
imageReference: {
233+
offer: 'WindowsServer'
234+
publisher: 'MicrosoftWindowsServer'
235+
sku: '2019-datacenter'
236+
version: 'latest'
237+
}
238+
osType: 'Windows'
239+
osDisk: {
240+
name: 'osdisk-${jumpboxVmName}'
241+
managedDisk: {
242+
storageAccountType: 'Standard_LRS'
243+
}
244+
}
245+
encryptionAtHost: false // Some Azure subscriptions do not support encryption at host
246+
nicConfigurations: [
247+
{
248+
name: 'nic-${jumpboxVmName}'
249+
ipConfigurations: [
250+
{
251+
name: 'ipconfig1'
252+
subnetResourceId: virtualNetwork!.outputs.jumpboxSubnetResourceId
253+
}
254+
]
255+
diagnosticSettings: [
256+
{
257+
name: 'jumpboxDiagnostics'
258+
workspaceResourceId: logAnalyticsWorkspaceResourceId
259+
logCategoriesAndGroups: [
260+
{
261+
categoryGroup: 'allLogs'
262+
enabled: true
263+
}
264+
]
265+
metricCategories: [
266+
{
267+
category: 'AllMetrics'
268+
enabled: true
269+
}
270+
]
271+
}
272+
]
273+
}
274+
]
275+
enableTelemetry: enableTelemetry
276+
}
277+
}
194278
// ========== Private DNS Zones ========== //
195279
var privateDnsZones = [
196280
'privatelink.cognitiveservices.azure.com'
@@ -233,8 +317,8 @@ module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.7.1' = [
233317
enableTelemetry: enableTelemetry
234318
virtualNetworkLinks: [
235319
{
236-
name: take('vnetlink-${network!.outputs.vnetName}-${split(zone, '.')[1]}', 80)
237-
virtualNetworkResourceId: network!.outputs.vnetResourceId
320+
name: take('vnetlink-${virtualNetwork!.outputs.name}-${split(zone, '.')[1]}', 80)
321+
virtualNetworkResourceId: virtualNetwork!.outputs.resourceId
238322
}
239323
]
240324
}
@@ -270,7 +354,7 @@ module storageAccountModule 'br/public:avm/res/storage/storage-account:0.20.0' =
270354
{
271355
name: 'pep-blob-${solutionSuffix}'
272356
service: 'blob'
273-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
357+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
274358
privateDnsZoneGroup: {
275359
privateDnsZoneGroupConfigs: [
276360
{
@@ -283,7 +367,7 @@ module storageAccountModule 'br/public:avm/res/storage/storage-account:0.20.0' =
283367
{
284368
name: 'pep-queue-${solutionSuffix}'
285369
service: 'queue'
286-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
370+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
287371
privateDnsZoneGroup: {
288372
privateDnsZoneGroupConfigs: [
289373
{
@@ -296,7 +380,7 @@ module storageAccountModule 'br/public:avm/res/storage/storage-account:0.20.0' =
296380
{
297381
name: 'pep-file-${solutionSuffix}'
298382
service: 'file'
299-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
383+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
300384
privateDnsZoneGroup: {
301385
privateDnsZoneGroupConfigs: [
302386
{
@@ -309,7 +393,7 @@ module storageAccountModule 'br/public:avm/res/storage/storage-account:0.20.0' =
309393
{
310394
name: 'pep-dfs-${solutionSuffix}'
311395
service: 'dfs'
312-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
396+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
313397
privateDnsZoneGroup: {
314398
privateDnsZoneGroupConfigs: [
315399
{
@@ -401,7 +485,7 @@ module azSearchService 'br/public:avm/res/search/search-service:0.11.1' = {
401485
]
402486
}
403487
service: 'searchService'
404-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
488+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
405489
}
406490
]
407491
: []
@@ -433,7 +517,7 @@ module uploadFiles 'br/public:avm/res/resources/deployment-script:0.5.1' = {
433517
// ✅ Explicit storage account + subnet for private networking
434518
storageAccountResourceId: storageAccountModule.outputs.resourceId
435519
subnetResourceIds: enablePrivateNetworking ? [
436-
network!.outputs.subnetDeploymentScriptsResourceId
520+
virtualNetwork!.outputs.deploymentScriptsSubnetResourceId
437521
] : null
438522
cleanupPreference: 'OnSuccess'
439523
}
@@ -475,7 +559,7 @@ module keyvault 'br/public:avm/res/key-vault/vault:0.12.1' = {
475559
]
476560
}
477561
service: 'vault'
478-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
562+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
479563
}
480564
]
481565
: []
@@ -649,7 +733,7 @@ module azAIMultiServiceAccount 'br/public:avm/res/cognitive-services/account:0.1
649733
]
650734
}
651735
service: 'account'
652-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
736+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
653737
}
654738
]
655739
: []
@@ -707,7 +791,7 @@ module createIndex 'br/public:avm/res/resources/deployment-script:0.5.1' = {
707791
cleanupPreference: 'OnSuccess'
708792
storageAccountResourceId: storageAccountModule.outputs.resourceId
709793
subnetResourceIds: enablePrivateNetworking ? [
710-
network!.outputs.subnetDeploymentScriptsResourceId
794+
virtualNetwork!.outputs.deploymentScriptsSubnetResourceId
711795
] : null
712796
}
713797
dependsOn: [
@@ -804,7 +888,7 @@ module aihubworkspace 'br/public:avm/res/machine-learning-services/workspace:0.1
804888
]
805889
}
806890
service: 'amlworkspace'
807-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
891+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
808892
}
809893
]
810894
: []
@@ -1028,7 +1112,7 @@ module webSite 'modules/web-sites.bicep' = {
10281112
// WAF aligned configuration for Private Networking
10291113
vnetRouteAllEnabled: enablePrivateNetworking ? true : false
10301114
vnetImagePullEnabled: enablePrivateNetworking ? true : false
1031-
virtualNetworkSubnetId: enablePrivateNetworking ? network!.outputs.subnetWebResourceId : null
1115+
virtualNetworkSubnetId: enablePrivateNetworking ? virtualNetwork!.outputs.webSubnetResourceId : null
10321116
publicNetworkAccess: 'Enabled'
10331117
privateEndpoints: enablePrivateNetworking
10341118
? [
@@ -1041,7 +1125,7 @@ module webSite 'modules/web-sites.bicep' = {
10411125
]
10421126
}
10431127
service: 'sites'
1044-
subnetResourceId: network!.outputs.subnetPrivateEndpointsResourceId
1128+
subnetResourceId: virtualNetwork!.outputs.pepsSubnetResourceId
10451129
}
10461130
]
10471131
: null

0 commit comments

Comments
 (0)