From 75d38b541b6cd8c5f267ec14ada957550c8ccffa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:14:46 +0200 Subject: [PATCH 01/10] mod: added nsg to configuration --- 101-sqlmi-new-vnet/README.md | 2 +- 101-sqlmi-new-vnet/azuredeploy.json | 128 +++++++++++++++++++++++++++- 2 files changed, 128 insertions(+), 2 deletions(-) diff --git a/101-sqlmi-new-vnet/README.md b/101-sqlmi-new-vnet/README.md index 507d85d8a8fe..80e872d31bc4 100644 --- a/101-sqlmi-new-vnet/README.md +++ b/101-sqlmi-new-vnet/README.md @@ -36,7 +36,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or **SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. -During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that along the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that along the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. diff --git a/101-sqlmi-new-vnet/azuredeploy.json b/101-sqlmi-new-vnet/azuredeploy.json index 4242ebd7913f..7ebddf35503d 100644 --- a/101-sqlmi-new-vnet/azuredeploy.json +++ b/101-sqlmi-new-vnet/azuredeploy.json @@ -106,9 +106,132 @@ } }, "variables": { + "networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-NSG')]", "routeTableName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Route-Table')]" }, "resources": [ + { + "apiVersion": "2017-10-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "allow_management_inbound", + "properties": { + "description": "Allow inbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["9000", "9003", "1438", "1440", "1452"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "allow_misubnet_inbound", + "properties": { + "description": "Allow inbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "[parameters('subnetPrefix')]", + "access": "Allow", + "priority": 200, + "direction": "Inbound" + } + }, + { + "name": "allow_health_probe_inbound", + "properties": { + "description": "Allow health probe", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "AzureLoadBalancer", + "access": "Allow", + "priority": 300, + "direction": "Inbound" + } + }, + { + "name": "allow_tds_inbound", + "properties": { + "description": "Allow access to data", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "1433", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1000, + "direction": "Inbound" + } + }, + { + "name": "deny_all_inbound", + "properties": { + "description": "Deny all other inbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "allow_management_outbound", + "properties": { + "description": "Allow outbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["80", "443", "12000"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Outbound" + } + }, + { + "name": "allow_misubnet_outbound", + "properties": { + "description": "Allow outbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "[parameters('subnetPrefix')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 200, + "direction": "Outbound" + } + }, + { + "name": "deny_all_outbound", + "properties": { + "description": "Deny all other outbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Outbound" + } + } + ] + } + }, { "type": "Microsoft.Network/routeTables", "name": "[variables('routeTableName')]", @@ -148,7 +271,10 @@ "addressPrefix": "[parameters('subnetPrefix')]", "routeTable": { "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" - } + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } } } ] From 39f64b2bf552a7d7ec60d3c83bf1ec41e0670214 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:23:11 +0200 Subject: [PATCH 02/10] fix: destination --- 101-sqlmi-new-vnet/azuredeploy.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/101-sqlmi-new-vnet/azuredeploy.json b/101-sqlmi-new-vnet/azuredeploy.json index 7ebddf35503d..806197e07f64 100644 --- a/101-sqlmi-new-vnet/azuredeploy.json +++ b/101-sqlmi-new-vnet/azuredeploy.json @@ -138,8 +138,8 @@ "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "[parameters('subnetPrefix')]", + "sourceAddressPrefix": "[parameters('subnetPrefix')]", + "destinationAddressPrefix": "*", "access": "Allow", "priority": 200, "direction": "Inbound" @@ -152,8 +152,8 @@ "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "AzureLoadBalancer", + "sourceAddressPrefix": "AzureLoadBalancer", + "destinationAddressPrefix": "*", "access": "Allow", "priority": 300, "direction": "Inbound" @@ -208,8 +208,8 @@ "protocol": "*", "sourcePortRange": "*", "destinationPortRange": "*", - "sourceAddressPrefix": "[parameters('subnetPrefix')]", - "destinationAddressPrefix": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "[parameters('subnetPrefix')]", "access": "Allow", "priority": 200, "direction": "Outbound" From fd4c39a471c7701fbbd498c7d2a5b82fe6d93562 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:27:27 +0200 Subject: [PATCH 03/10] fix: vnet dependency --- 101-sqlmi-new-vnet/azuredeploy.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/101-sqlmi-new-vnet/azuredeploy.json b/101-sqlmi-new-vnet/azuredeploy.json index 806197e07f64..090315d2d5f9 100644 --- a/101-sqlmi-new-vnet/azuredeploy.json +++ b/101-sqlmi-new-vnet/azuredeploy.json @@ -255,7 +255,8 @@ "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2018-02-01", "dependsOn":[ - "[variables('routeTableName')]" + "[variables('routeTableName')]", + "[variables('networkSecurityGroupName')]" ], "location": "[parameters('location')]", "properties": { From 0b04f0291327ddfcf99f92b96eb876d55c0bb8d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:43:35 +0200 Subject: [PATCH 04/10] mod: add nsg to jumpboxtemplate --- 201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json | 137 +++++++++++++++++- 1 file changed, 132 insertions(+), 5 deletions(-) diff --git a/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json b/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json index e01afff08e18..1fd3f32efc39 100644 --- a/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json +++ b/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json @@ -135,15 +135,138 @@ } }, "variables": { + "networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-NSG')]", "routeTableName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Route-Table')]", "virtualMachineName": "[concat(parameters('managedInstanceName'), 'JB')]", "virtualMachineSize": "Standard_B2s", "networkInterfaceName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NIC')]", "publicIpAddressName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-IP')]", - "networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NSG')]", + "jbNetworkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-JB-NSG')]", "scriptFileUri": "[uri(parameters('_artifactsLocation'), concat('installSSMS.ps1', parameters('_artifactsLocationSasToken')))]" }, "resources": [ + { + "apiVersion": "2017-10-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "allow_management_inbound", + "properties": { + "description": "Allow inbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["9000", "9003", "1438", "1440", "1452"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "allow_misubnet_inbound", + "properties": { + "description": "Allow inbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "[parameters('subnetPrefix')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 200, + "direction": "Inbound" + } + }, + { + "name": "allow_health_probe_inbound", + "properties": { + "description": "Allow health probe", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "AzureLoadBalancer", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 300, + "direction": "Inbound" + } + }, + { + "name": "allow_tds_inbound", + "properties": { + "description": "Allow access to data", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "1433", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1000, + "direction": "Inbound" + } + }, + { + "name": "deny_all_inbound", + "properties": { + "description": "Deny all other inbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "allow_management_outbound", + "properties": { + "description": "Allow outbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["80", "443", "12000"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Outbound" + } + }, + { + "name": "allow_misubnet_outbound", + "properties": { + "description": "Allow outbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "[parameters('subnetPrefix')]", + "access": "Allow", + "priority": 200, + "direction": "Outbound" + } + }, + { + "name": "deny_all_outbound", + "properties": { + "description": "Deny all other outbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Outbound" + } + } + ] + } + }, { "type": "Microsoft.Network/routeTables", "name": "[variables('routeTableName')]", @@ -167,7 +290,8 @@ "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2018-02-01", "dependsOn":[ - "[variables('routeTableName')]" + "[variables('routeTableName')]", + "[variables('networkSecurityGroupName')]" ], "location": "[parameters('location')]", "properties": { @@ -183,7 +307,10 @@ "addressPrefix": "[parameters('subnetPrefix')]", "routeTable": { "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" - } + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } } }, { @@ -297,7 +424,7 @@ "dependsOn": [ "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]", "[concat('Microsoft.Network/publicIpAddresses/', variables('publicIpAddressName'))]", - "[concat('Microsoft.Network/networkSecurityGroups/', variables('networkSecurityGroupName'))]" + "[concat('Microsoft.Network/networkSecurityGroups/', variables('jbNetworkSecurityGroupName'))]" ], "properties": { "ipConfigurations": [ @@ -315,7 +442,7 @@ } ], "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('jbNetworkSecurityGroupName'))]" } } }, From cc60d901855cd093caaa763dca3740f64c8cacf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:47:18 +0200 Subject: [PATCH 05/10] mod: readme file --- 201-sqlmi-new-vnet-w-jumpbox/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/201-sqlmi-new-vnet-w-jumpbox/README.md b/201-sqlmi-new-vnet-w-jumpbox/README.md index e0f03bfe0003..d8a06057eaab 100644 --- a/201-sqlmi-new-vnet-w-jumpbox/README.md +++ b/201-sqlmi-new-vnet-w-jumpbox/README.md @@ -37,7 +37,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important **SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. -During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. From ff45fb411e148ebb6366984d5e54dbb59e6b38dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sat, 8 Sep 2018 23:50:31 +0200 Subject: [PATCH 06/10] add: nsg to p2s template --- .../README.md | 2 +- .../azuredeploy.json | 131 +++++++++++++++++- 2 files changed, 130 insertions(+), 3 deletions(-) diff --git a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md index 02969220326b..2c8cf62261ea 100644 --- a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md +++ b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md @@ -62,7 +62,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important **SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. -During the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. diff --git a/201-sqlmi-new-vnet-w-point-to-site-vpn/azuredeploy.json b/201-sqlmi-new-vnet-w-point-to-site-vpn/azuredeploy.json index a331841bf005..ddf9e0710676 100644 --- a/201-sqlmi-new-vnet-w-point-to-site-vpn/azuredeploy.json +++ b/201-sqlmi-new-vnet-w-point-to-site-vpn/azuredeploy.json @@ -126,6 +126,7 @@ } }, "variables": { + "networkSecurityGroupName": "[concat('SQLMI-', parameters('managedInstanceName'), '-NSG')]", "routeTableName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Route-Table')]", "gatewayPublicIpAddressName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Gateway-IP')]", "gatewayName": "[concat('SQLMI-', parameters('managedInstanceName'), '-Gateway')]", @@ -134,6 +135,128 @@ "clientRootCertName": "RootCert" }, "resources": [ + { + "apiVersion": "2017-10-01", + "type": "Microsoft.Network/networkSecurityGroups", + "name": "[variables('networkSecurityGroupName')]", + "location": "[parameters('location')]", + "properties": { + "securityRules": [ + { + "name": "allow_management_inbound", + "properties": { + "description": "Allow inbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["9000", "9003", "1438", "1440", "1452"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Inbound" + } + }, + { + "name": "allow_misubnet_inbound", + "properties": { + "description": "Allow inbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "[parameters('subnetPrefix')]", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 200, + "direction": "Inbound" + } + }, + { + "name": "allow_health_probe_inbound", + "properties": { + "description": "Allow health probe", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "AzureLoadBalancer", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 300, + "direction": "Inbound" + } + }, + { + "name": "allow_tds_inbound", + "properties": { + "description": "Allow access to data", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRange": "1433", + "sourceAddressPrefix": "VirtualNetwork", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 1000, + "direction": "Inbound" + } + }, + { + "name": "deny_all_inbound", + "properties": { + "description": "Deny all other inbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Inbound" + } + }, + { + "name": "allow_management_outbound", + "properties": { + "description": "Allow outbound management traffic", + "protocol": "Tcp", + "sourcePortRange": "*", + "destinationPortRanges": ["80", "443", "12000"], + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Allow", + "priority": 100, + "direction": "Outbound" + } + }, + { + "name": "allow_misubnet_outbound", + "properties": { + "description": "Allow outbound traffic inside the subnet", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "[parameters('subnetPrefix')]", + "access": "Allow", + "priority": 200, + "direction": "Outbound" + } + }, + { + "name": "deny_all_outbound", + "properties": { + "description": "Deny all other outbound traffic", + "protocol": "*", + "sourcePortRange": "*", + "destinationPortRange": "*", + "sourceAddressPrefix": "*", + "destinationAddressPrefix": "*", + "access": "Deny", + "priority": 4096, + "direction": "Outbound" + } + } + ] + } + }, { "type": "Microsoft.Network/routeTables", "name": "[variables('routeTableName')]", @@ -157,7 +280,8 @@ "type": "Microsoft.Network/virtualNetworks", "apiVersion": "2018-02-01", "dependsOn": [ - "[variables('routeTableName')]" + "[variables('routeTableName')]", + "[variables('networkSecurityGroupName')]" ], "location": "[parameters('location')]", "properties": { @@ -173,7 +297,10 @@ "addressPrefix": "[parameters('subnetPrefix')]", "routeTable": { "id": "[resourceId('Microsoft.Network/routeTables', variables('routeTableName'))]" - } + }, + "networkSecurityGroup": { + "id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroupName'))]" + } } }, { From 0f8f9f22377457508aa972fc947fb19a98e4ed96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sun, 9 Sep 2018 00:05:22 +0200 Subject: [PATCH 07/10] fix: jb nsg name --- 201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json b/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json index 1fd3f32efc39..458a595a73fe 100644 --- a/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json +++ b/201-sqlmi-new-vnet-w-jumpbox/azuredeploy.json @@ -459,7 +459,7 @@ } }, { - "name": "[variables('networkSecurityGroupName')]", + "name": "[variables('jbNetworkSecurityGroupName')]", "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2018-01-01", "location": "[parameters('location')]", From 7e7e21b5ef7719cdd0885a399b4afd4b5f07da29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Sun, 9 Sep 2018 14:14:17 +0200 Subject: [PATCH 08/10] add: verification of PS version and Managed Instance name --- .../scripts/deploy.ps1 | 42 +++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/201-sqlmi-new-vnet-w-point-to-site-vpn/scripts/deploy.ps1 b/201-sqlmi-new-vnet-w-point-to-site-vpn/scripts/deploy.ps1 index 3512367ff0ab..01b32f15de77 100644 --- a/201-sqlmi-new-vnet-w-point-to-site-vpn/scripts/deploy.ps1 +++ b/201-sqlmi-new-vnet-w-point-to-site-vpn/scripts/deploy.ps1 @@ -10,16 +10,52 @@ $parameters.Remove('subscriptionId') $parameters.Remove('resourceGroupName') $parameters.Remove('certificateNamePrefix') -function Ensure-Login () +$managedInstanceName = $parameters['managedInstanceName'] + +function EnsureLogin() { $context = Get-AzureRmContext - If($context.Subscription -eq $null) + If($null -eq $context.Subscription) { Login-AzureRmAccount | Out-null } } -Ensure-Login +function VerifyPSVersion +{ + Write-Host "Verifying PowerShell version, must be 5.0 or higher." + if($PSVersionTable.PSVersion.Major -ge 5) + { + Write-Host "PowerShell version verified." -ForegroundColor Green + } + else + { + Write-Host "You need to install PowerShell version 5.0 or heigher." -ForegroundColor Red + Break; + } +} + +function VerifyManagedInstanceName +{ + param($managedInstanceName) + Write-Host "Verifying Managed Instance name, must be globally unique." + if([string]::IsNullOrEmpty($managedInstanceName)) + { + Write-Host "Managed Instance name is required parameter." -ForegroundColor Red + break; + } + if($null -ne (Resolve-DnsName ($managedInstanceName+'.provisioning.database.windows.net') -ErrorAction SilentlyContinue)) + { + Write-Host "Managed Instance name already in use." -ForegroundColor Red + break; + } + Write-Host "Managed Instance name verified." -ForegroundColor Green +} + +VerifyPSVersion +VerifyManagedInstanceName $managedInstanceName + +EnsureLogin $context = Get-AzureRmContext If($context.Subscription.Id -ne $subscriptionId) From 73d22b4385b4869dc6b17d8ccab09fb439e96ce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Mon, 10 Sep 2018 21:54:44 +0200 Subject: [PATCH 09/10] fix: removed whitelisting text --- 101-sqlmi-new-vnet/README.md | 2 -- 201-sqlmi-new-vnet-w-jumpbox/README.md | 1 - 201-sqlmi-new-vnet-w-point-to-site-vpn/README.md | 1 - 3 files changed, 4 deletions(-) diff --git a/101-sqlmi-new-vnet/README.md b/101-sqlmi-new-vnet/README.md index 80e872d31bc4..0f479622e50c 100644 --- a/101-sqlmi-new-vnet/README.md +++ b/101-sqlmi-new-vnet/README.md @@ -34,8 +34,6 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. - Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that along the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. diff --git a/201-sqlmi-new-vnet-w-jumpbox/README.md b/201-sqlmi-new-vnet-w-jumpbox/README.md index d8a06057eaab..75b571505d60 100644 --- a/201-sqlmi-new-vnet-w-jumpbox/README.md +++ b/201-sqlmi-new-vnet-w-jumpbox/README.md @@ -35,7 +35,6 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. diff --git a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md index 2c8cf62261ea..4b7ae769b30e 100644 --- a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md +++ b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md @@ -60,7 +60,6 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -**SQL MI** is still in gated public preview. Before deploying this template you have to whitelist your subscription as explained here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-create-tutorial-portal#whitelist-your-subscription. Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. From 8ed833ebe29d30b2ef61c2b58f25b186604fcf31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sr=C4=91an=20Bo=C5=BEovi=C4=87?= Date: Mon, 10 Sep 2018 23:06:19 +0200 Subject: [PATCH 10/10] fix: MI provisioning time explanation --- 101-sqlmi-new-vnet/README.md | 2 +- 201-sqlmi-new-vnet-w-jumpbox/README.md | 2 +- 201-sqlmi-new-vnet-w-point-to-site-vpn/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/101-sqlmi-new-vnet/README.md b/101-sqlmi-new-vnet/README.md index 0f479622e50c..2719b057f9a3 100644 --- a/101-sqlmi-new-vnet/README.md +++ b/101-sqlmi-new-vnet/README.md @@ -34,7 +34,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that along the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. diff --git a/201-sqlmi-new-vnet-w-jumpbox/README.md b/201-sqlmi-new-vnet-w-jumpbox/README.md index 75b571505d60..2318e235dbaa 100644 --- a/201-sqlmi-new-vnet-w-jumpbox/README.md +++ b/201-sqlmi-new-vnet-w-jumpbox/README.md @@ -36,7 +36,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it. diff --git a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md index 4b7ae769b30e..67c8fef1ab5a 100644 --- a/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md +++ b/201-sqlmi-new-vnet-w-point-to-site-vpn/README.md @@ -61,7 +61,7 @@ You can click the "Deploy to Azure" button at the beginning of this document or ## Important -Usual deployment time is 3-6h but during the public preview deployment might take up to 48h. The reason why provisioning takes some time is that the Managed Instance virtual cluster that hosts the instance is created. Each subsequent instance creation takes just about a few minutes. +During the public preview deployment might take up to 48h (average time is 3-6h). This is because virtual cluster that hosts the instances needs some time to deploy. Each subsequent instance creation in the same virtual cluster takes just about a few minutes. After the last Managed Instance is deprovisioned, cluster stays a live for up to 24h. This is to avoid waiting for a new cluster to be provisioned in case that customer just wants to recreate the instance. During that period of time Resource Group and virtual network could not be deleted. This is a known issue and Managed Instance team is working on resolving it.