Azure IaaS Lab – DMZ Base Build

This post is part of a series, for the series contents see:

For the code listed in this post please see:

This will just repeat through the next iteration that largely uses the same code.  Things left out this time are:

  • NSGs again
  • UDR again
  • The WAF (Web Application Firewall) – I’ll cover this in a separate post)

So what we end up with is:


I’m going to build up the Centos VM with an extra data disk because later on I’ll try to apply disk encryption to it, and it seems like you can’t encrypt the OS disk with Azure Linux VMs.

Here’s this time’s regurgitated PowerShell

#Create the DMZ base build

#Login to Azure and resource manager

#Just in case you have multiple subscriptions check which one you're working in

#If you need to select your test subscription use:
#Set-AzureSubscription -SubscriptionName <name>

#First the resource group
$RGName = "dmz-rg"
$Location = "North Europe"
New-AzureRmResourceGroup -Name $RGName -Location $Location

#Now the DMZ network
New-AzureRmVirtualNetwork -ResourceGroupName $RGName -Name dmz-vnet `
-AddressPrefix -Location $Location

$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RGName -Name dmz-vnet

Add-AzureRmVirtualNetworkSubnetConfig -Name web-subnet `
-VirtualNetwork $vnet -AddressPrefix

Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

#Create the storage account
New-AzureRmStorageAccount -ResourceGroupName $RGName -AccountName "dmzvmstr" -Location $Location -Type "Standard_LRS"

#First setup default credentials to use in provisioning by retrieving and decrypting our Key Vault password
$Username = "adminuser"
$SecurePwd = Get-AzureKeyVaultSecret -VaultName 'lab-vault' -Name 'ProvisionPassword'
$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $SecurePwd.SecretValue

#Setup Centos webserver
$VMName = "web-vm"
$VMSize = "Standard_A1"
$OSDiskName = $VMName + "OSDisk"
$DataDiskName = $VMName + "DataDisk"
$StorageAccount = Get-AzureRmStorageAccount -ResourceGroupName $RGName -Name dmzvmstr

#Webserver VM Network
$vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $RGName -Name dmz-vnet
$NIC1 = New-AzureRmNetworkInterface -Name "web-vm-eth0" -ResourceGroupName $RGName -Location $Location -SubnetId $vnet.Subnets[0].Id -PrivateIpAddress
Set-AzureRmNetworkInterface -NetworkInterface $NIC1

#Setup our webserver VM object
$VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -ComputerName $VMName -Linux -Credential $Credential
$VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName "OpenLogic" -Offer "CentOS" -Skus "7.1" -Version "latest"
$VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $NIC1.Id
$OSDiskUri = $StorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $OSDiskName + ".vhd"
$VirtualMachine = Set-AzureRmVMOSDisk -VM $VirtualMachine -Name $OSDiskName -VhdUri $OSDiskUri -CreateOption FromImage
$DataDiskUri = $StorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $DataDiskName + ".vhd"
$VirtualMachine = Add-AzureRmVMDataDisk -VM $VirtualMachine -Name $DataDiskName -Caching 'ReadOnly' -DiskSizeInGB 10 -Lun 0 -VhdUri $DataDiskUri -CreateOption Empty

#Create the Webserver VM
New-AzureRmVM -ResourceGroupName $RGName -Location $Location -VM $VirtualMachine


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: