Skip to content

Commit

Permalink
Merge pull request Azure#5195 from srdan-bozovic-msft/srbozovi-msft-s…
Browse files Browse the repository at this point in the history 
…qlmi

Added NSG to SQL MI templates as they are now supported
  • Loading branch information
@bmoore-msft
bmoore-msft authored Sep 11, 2018
2 parents 7be2e32 + 8ed833e commit 9b2d174
Show file tree
Hide file tree
Showing 7 changed files with 433 additions and 20 deletions.
4 changes: 1 addition & 3 deletions 101-sqlmi-new-vnet/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or

## Important

**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription.

During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that along the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes.
During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes.

After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it.

Expand Down
131 changes: 129 additions & 2 deletions 101-sqlmi-new-vnet/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,132 @@
}
},
"variables": {
"networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-NSG')]",
"routeTableName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Route-Table')]"
},
"resources": [
{
"apiVersion": "2017-10-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('networkSecurityGroupName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "allow_management_inbound",
"properties": {
"description": "Allow inbound management traffic",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRanges": ["9000", "9003", "1438", "1440", "1452"],
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "allow_misubnet_inbound",
"properties": {
"description": "Allow inbound traffic inside the subnet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "[parameters('subnetPrefix')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 200,
"direction": "Inbound"
}
},
{
"name": "allow_health_probe_inbound",
"properties": {
"description": "Allow health probe",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
},
{
"name": "allow_tds_inbound",
"properties": {
"description": "Allow access to data",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "1433",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound"
}
},
{
"name": "deny_all_inbound",
"properties": {
"description": "Deny all other inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Inbound"
}
},
{
"name": "allow_management_outbound",
"properties": {
"description": "Allow outbound management traffic",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRanges": ["80", "443", "12000"],
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Outbound"
}
},
{
"name": "allow_misubnet_outbound",
"properties": {
"description": "Allow outbound traffic inside the subnet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "[parameters('subnetPrefix')]",
"access": "Allow",
"priority": 200,
"direction": "Outbound"
}
},
{
"name": "deny_all_outbound",
"properties": {
"description": "Deny all other outbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Outbound"
}
}
]
}
},
{
"type": "Microsoft.Network/routeTables",
"name": "[variables('routeTableName')]",
Expand All @@ -132,7 +255,8 @@
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2018-02-01",
"dependsOn":[
"[variables('routeTableName')]"
"[variables('routeTableName')]",
"[variables('networkSecurityGroupName')]"
],
"location": "[parameters('location')]",
"properties": {
Expand All @@ -148,7 +272,10 @@
"addressPrefix": "[parameters('subnetPrefix')]",
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]"
}
},
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
}
]
Expand Down
3 changes: 1 addition & 2 deletions 201-sqlmi-new-vnet-w-jumpbox/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,8 @@ You can click the "Deploy to Azure" button at the beginning of this document or


## Important
**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription.

During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes.
During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes.

After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it.

Expand Down
139 changes: 133 additions & 6 deletions 201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,15 +135,138 @@
}
},
"variables": {
"networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-NSG')]",
"routeTableName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Route-Table')]",
"virtualMachineName": "[concat(parameters('managedInstanceName'), 'JB')]",
"virtualMachineSize": "Standard_B2s",
"networkInterfaceName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NIC')]",
"publicIpAddressName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-IP')]",
"networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NSG')]",
"jbNetworkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NSG')]",
"scriptFileUri": "[uri(parameters('_artifactsLocation'), concat('installSSMS.ps1', parameters('_artifactsLocationSasToken')))]"
},
"resources": [
{
"apiVersion": "2017-10-01",
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('networkSecurityGroupName')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "allow_management_inbound",
"properties": {
"description": "Allow inbound management traffic",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRanges": ["9000", "9003", "1438", "1440", "1452"],
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Inbound"
}
},
{
"name": "allow_misubnet_inbound",
"properties": {
"description": "Allow inbound traffic inside the subnet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "[parameters('subnetPrefix')]",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 200,
"direction": "Inbound"
}
},
{
"name": "allow_health_probe_inbound",
"properties": {
"description": "Allow health probe",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "AzureLoadBalancer",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
},
{
"name": "allow_tds_inbound",
"properties": {
"description": "Allow access to data",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "1433",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound"
}
},
{
"name": "deny_all_inbound",
"properties": {
"description": "Deny all other inbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Inbound"
}
},
{
"name": "allow_management_outbound",
"properties": {
"description": "Allow outbound management traffic",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRanges": ["80", "443", "12000"],
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 100,
"direction": "Outbound"
}
},
{
"name": "allow_misubnet_outbound",
"properties": {
"description": "Allow outbound traffic inside the subnet",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "[parameters('subnetPrefix')]",
"access": "Allow",
"priority": 200,
"direction": "Outbound"
}
},
{
"name": "deny_all_outbound",
"properties": {
"description": "Deny all other outbound traffic",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Deny",
"priority": 4096,
"direction": "Outbound"
}
}
]
}
},
{
"type": "Microsoft.Network/routeTables",
"name": "[variables('routeTableName')]",
Expand All @@ -167,7 +290,8 @@
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2018-02-01",
"dependsOn":[
"[variables('routeTableName')]"
"[variables('routeTableName')]",
"[variables('networkSecurityGroupName')]"
],
"location": "[parameters('location')]",
"properties": {
Expand All @@ -183,7 +307,10 @@
"addressPrefix": "[parameters('subnetPrefix')]",
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]"
}
},
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
}
}
},
{
Expand Down Expand Up @@ -297,7 +424,7 @@
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIpAddresses/', variables('publicIpAddressName'))]",
"[concat('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]"
"[concat('Microsoft.Network/networkSecurityGroups/', variables('jbNetworkSecurityGroupName'))]"
],
"properties": {
"ipConfigurations": [
Expand All @@ -315,7 +442,7 @@
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]"
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('jbNetworkSecurityGroupName'))]"
}
}
},
Expand All @@ -332,7 +459,7 @@
}
},
{
"name": "[variables('networkSecurityGroupName')]",
"name": "[variables('jbNetworkSecurityGroupName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-01-01",
"location": "[parameters('location')]",
Expand Down
3 changes: 1 addition & 2 deletions 201-sqlmi-new-vnet-w-point-to-site-vpn/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,8 @@ You can click the "Deploy to Azure" button at the beginning of this document or


## Important
**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription.

During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes.
During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes.

After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it.

Expand Down
Loading

0 comments on commit 9b2d174

Please sign in to comment.