Azure Resource Manager – Single VM with an NSG

This post is part 3 of a small series and stems from this post https://marckean.com/2016/05/17/azure-resource-groups-networks/

This post focuses on creating a single virtual machine into the DMZ subnet of the target example architecture diagram below. This VM will have an NSG attached to its NIC. Remember, that the subnet based NSG rule/s will be applied first, so if there’s a match then the NIC based NSG will effectively be ignored.

ShowNetwork

#Log into both old and new Azure
Login-AzureRmAccount
 
#Choose subscription 'new' Azure
$subscription = (Get-AzureRmSubscription | Out-GridView -Title "Select the Azure subscription that you want to use ..." -PassThru).SubscriptionName
Select-AzureRmSubscription -SubscriptionName $subscription
 
$RGName = "Show-DMZ_VM"
$location = "australiaeast"
 
####################### | Create the Resource Group | ####################### | @marckean
cls
Write-Host "`n`tCreating the target resource group $RGName (if it don't exist already)..." -ForegroundColor Cyan
#region
if(!(Get-AzureRmResourceGroup -Name $RGName -Location $location -ErrorAction SilentlyContinue)){
New-AzureRmResourceGroup -Name $RGName -Location $location -Force}
 
####################### | Variable Settings | ####################### | @marckean
$date = "20160517"
$random = Get-Random -Minimum 10 -Maximum 999
$publisher = "MicrosoftWindowsServer"
$offer = "WindowsServer"
$sku = "2012-R2-Datacenter"
$version = "latest"
#Storage
$StorageAccountName = $date + "stg" + $random # Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only
$StorageType = "Standard_LRS"
#Virtual Machine
$VMName = "Demo-VM"
$VMSize = "Standard_A2"
$DiskName = "$RGName-os.vhd"
$cred = Get-Credential -Message "Type the name and password for the local administrator account."
#Virtual Network
$vNetName = "Demo-vNet"
$vNetRGName = "Show-vNet"
$subnetName = "DMZ"
#PIP
$PIPName = "Demo-PIP"
$PublicPIPName = "demopip" + $random # Name must conform to the following regular expression: ^[a-z][a-z0-9-]{1,61}[a-z0-9]$
#NIC
$NICName = "Demo-NIC"
$NICPrivateIP = "10.123.250.10"
#NSG
$NSGname = "Demo-NSG"
 
### Create Storage Account
New-AzureRmStorageAccount -ResourceGroupName $RGName -Name $StorageAccountName -Location $location -Type $StorageType
 
### Create security rule allowing access from the Internet to port 3389
$RDPrule = New-AzureRmNetworkSecurityRuleConfig `
            -Name rdp-rule `
            -Description "Allow RDP" `
            -Access Allow `
            -Protocol Tcp `
            -Direction Inbound `
            -Priority 100 `
            -SourceAddressPrefix Internet `
            -SourcePortRange * `
            -DestinationAddressPrefix * `
            -DestinationPortRange 65234
 
### Add the rules to a new NSG
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RGName -Location $location -Name $NSGname -SecurityRules $RDPrule
 
### Create Public IP Address
$pip = New-AzureRmPublicIpAddress -ResourceGroupName $RGName -Name $PIPName -Location $location -AllocationMethod Dynamic -DomainNameLabel $PublicPIPName
 
### Create NIC
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $vNetRGName -Name $vNetName
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -VirtualNetwork $vnet
$nic = New-AzureRmNetworkInterface -ResourceGroupName $RGName -Name $NICName `
           -Subnet $subnet -Location $location -PublicIpAddress $pip -PrivateIpAddress $NICPrivateIP -NetworkSecurityGroup $nsg
 
### Virtual Machine Configuration
$vmConfig = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize | 
 
        Set-AzureRmVMOperatingSystem -Windows -ComputerName $VMName `
           -Credential $cred -ProvisionVMAgent -EnableAutoUpdate | 
 
        Set-AzureRmVMSourceImage -PublisherName $publisher -Offer $offer -Skus $sku `
           -Version $version | 
 
        Set-AzureRmVMOSDisk -Name $VMName -VhdUri "https://$StorageAccountName.blob.core.windows.net/vhds/$DiskName" `
           -Caching ReadWrite -CreateOption fromImage | 
 
        Add-AzureRmVMNetworkInterface -Id $nic.Id
 
### Create the Virtual Machine
New-AzureRmVM -ResourceGroupName $RGName -Location $location -VM $vmConfig