As creating a new Virtual Machine in Azure, sure on Resource Manager mode, It allows to configure new/existing plenty of parameters:
Storage account
Virtual Network
Public IP Address
Network security group
Diagnostic Storage Account
and so on ...
But not the Network Interface, creating then a random one with a name like MyVMname666 or any other 3 digits random number
Just: WHY?
Why not allow the user to configure it manually, or chose between existing
I can raise a new environment with all perfect defined resource names, except the Network interface ;-(
You can use PowerShell and\or Cli to achieve that, but this is not the place to raise this question. there's the feedback portal for ideas like that.
As for the PowerShell, here's the way to do that.
Related
Assuming I have an Azure resource ID
Such as:
"/subscriptions/XXXXXXXX/resourceGroups/YYYYYY/providers/Microsoft.ZZZZ/WWWWW/my-resource-name"
How can I find out to which Vnets its connected/sits in using PowerShell commands?
It will be possible ,but you have to write lengthy code for it.(e.g If you have Network interface you need to use if block for it, so that it gets you the network interface subnetid and then again elseiffor any other resource ).
Azure portal provides a feature called connected device from their we can simply check the devices are connected to the V-net.
As shown here:
Using Powershell CMD if you get the virtual network you can determine the associated resources in the subnet :-
I keep encountering an irritating blocker when attempting to create a Host Pool for my project's Windows Virtual Desktop (WVD) in Azure and I'm at my wits end figuring out what could be causing this issue.
My existing resource group contains the following resources (all fully setup and configured):
A VNet
Security Group
Key Vault
All of the above resources can be confirmed via the Portal, Azure Powershell and Az CLI.
However, when attempting to create the Host Pool for the WVD which is the next resource we're seeking to provision manually through the Portal, I get prompted to Add virtual machines and upon selecting the option to add a virtual machine, I'm prompted to complete the Network and security configuration. However, the Virtual network dropdown isn't populated with any list, rather showing as "None available".
The Virtual Network definitely exists and I can't understand why the dropdown list continues to be empty. I've deleted and recreated the entire resource group on a number of occasions but all to no avail. Any advice or suggestions on how to get past this issue would be much appreciated.
Thank you for updating your solution. I face exact same problem and follow your guidance and find that my VNET is in a different region v.s. the host pool.
Originally I can not find the drop down item in the virtual network either, my workaround is to create a VNET in the same region on host pool and now I can select it.
Managed to establish what the issue was. It was the selected "Virtual machine location" value that was not allowing me to see the target VNet in the "Virtual network" dropdown list.
By default, Azure was populating the Virtual machine location field with the name of a region where my VNets didn't exist. Once I'd spotted this and switched it to the correct Region, the Virtual network dropdown list further below was populated as expected.
I'm setting up a Storage Account so I can Dynamically create and use a persistent volume with Azure Files in Azure Kubernetes Service (AKS). Doing this to:
Have a PV and PVC for the database
A place to store the application files
AKS does create a storage account in the MC_<resource-group>_<aks-name>_<region> resource group that is automatically created. However, that storage account is destroyed if the node size/VM is changed (not node count), so it shouldn't be used since you'll lose your files and database if you need a node size/VM with more resources.
This documentation, nor any other I've really come across, says what the best practice is for the Connectivity method:
Public endpoint (all networks)
Public endpoint (selected networks)
Private endpoint
The first option sounds like a bad idea.
The second option allows me to select a virtual network, and there are two choices:
MC_<resource-group>_<aks-name>_<region>... again, doesn't seem like a good idea because if the node size/VM is changed, the connection will be broke.
aks-vnet-<number>... not sure what this is, but looks like it is part of the previous resource group so will also be destroyed in the previously mentioned scenario.
The third option contains a number of options some of which are included the second option.
So how should I securely set this up for AKS to share files with the application and persist database files?
EDIT
Looking at the both the "Firewalls and virtual networks" and "Private endpoint connections" for the storage account that comes with the AKS node, it looks like it is just setup for "All networks"... so maybe having that were my actual PV and PVC will be stored isn't such an issue...? Could use some clarity on the topic.
not sure where the problem lies. all the assets generated by AKS are tied to AKS lifecycle. if you delete AKS it will delete the MC_* resource group (and that it 100% right). Not sure what do you mean about storage account being destroyed, it wouldn't get destroyed unless you remove the pvc and set the delete action to reclaim.
Reading: https://learn.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv
As for the networking part, selected networks with selecting the AKS nodes network should be the way to go. you can figure that network out by looking at the AKS nodes or the AKS agent pool definition(s). I dont think this is configurable only using kubernetes primitives, so that would be a manual\scripted action after storage account is created.
I have one resource group that I set up with the portal and another that I tried to configure the same way using Terraform.
Each group contains
Application Gateway with Web App Firewall
Virtual networks and subnets
VMs and associated storage
Public IPs, NSGs, NIC etc
Is there a way for me to compare the two sets of configurations?
For you, I assume you want to create the same resources with the same configurations in another group through Terraform. On my side, there are not many things you need to care about. Just according to the configuration of the resources to create the terraform script.
each resource region
the public IP and the NIC allocation method
NSG rules
vnet and the subnet address prefix
application gateway properties and the rules
The above points are that I think you need to care about. And the properties of the resources in Terraform also need to according to. I think there is no other way to compare two sets of configurations. If you really want, you can compare the template of each group when you create them. The group template shows below:
No, i dont think there is a reasonable straight forward way of doing this, you can create a powershell script that would get resources in each resource group and then try and compare properties, but its hard to give some sort of estimation how accurate it would be, there is a Compare-Object cmdlet in powershell, which might help you with that.
What are the roles required for the following
Start/Stop the VM
Connect to VM using Remote Desktop.I tried connecting with the IP the owner provided but i cannot connect.I have also tried viewing the Public IP but can't see anything in the Public IP field nor there i can see details under networking tab.
1: You could use the builtin role: VM Contributor, or if you want to scope it down even farther by making a custom role. *
2: There can be multiple reasons: Firewall blocks you, there is no public IP attached to the NIC, or perhaps the permissions are incorrect. So for your permissions you might need to be added as contributor (default role) on the resource group, or it can even be scoped down to just contirbutor on the VM itself.
In custom roles you can add as many resource provider operations as you want. These operations will define your permissions on the resources in Azure: https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
Have a look at for example: Microsoft.Compute/virtualMachines
You will see many operations, including PowerOff/action
usually people tend to use the default roles, but I prefer making custom role templates to prevent possible security concerns.