Past few days I’ve been writing this PowerShell script to set up an Azure lab environment automatically. In the time that I spent writing this script I am sure I could have set up numerous labs by hand, so it’s probably a waste of time! It’s also been a waste of time in the sense that instead of actually doing stuff in this lab I have spent that time scripting. I had to scale back a lot of what I originally set out to do because I realized they are not practical and I was aiming for too much. I have a tendency to jump into what I want to do rather than take a moment to plan out I want, how the interfaces will be etc, so that’s led to more waste of time as I coded something, realized it won’t work, then had to backtrack or split things up etc.
The script is at GitHub. It’s not fully tested as of date as I am still working on it. I don’t think I’ll be making too much changes to it except wrap it up so it works somewhat. I really don’t want to spend too much time down this road. (And if you check out the script be aware it’s not very complex and “neat” either. If I had more time I would have made the interfaces better for one).
Two cool things the script does though:
- You define your network via an XML file. And if this XML file mentions gateways, it will automatically create and turn them on. My use case here was that I wanted to create a bunch of VNets in Azure and hook them up – thanks to this script I could get that done in one step. That’s probably an edge case, so I don’t know how the script will work in real life scenarios involving gateways.
- I wanted to set up a domain easily. For this I do some behind the scenes work like automatically get the Azure VM certificates, add them to the local store, connect via WMI, and install the AD DS role and create a domain. That’s pretty cool! It’s not fully tested yet as initially I was thinking of creating all VMs in one fell swoop, but yesterday I decided to split this up and create per VM. So I have this JSON file now that contains VM definitions (name, IP address, role, etc) and based on this the VM is created and if it has a role I am aware of I can set it up (currently only DC+DNS is supported).
Some links of reference to future me. I had thought of writing blog posts on these topics but these links cover them all much better:
- MSDN article: Configure a Point-to-Site VPN connection to an Azure Virtual Network
- Point-to-Site VPNs are when you create a VPN from your local computer to the Azure VNet. The script above doesn’t support this yet. This is a feature I am interested in, so once I have some free time I hope to add this to the script.
- MSDN blog post: Point-to-Site VPN in Azure Virtual Networks
- A good blog post on the same topic. Lots of pictures and step by step instructions.
I am interested in Point-to-Site VPN because I don’t want to expose my VMs to the Internet. By default I disable Remote Desktop on the VMs I create and have this script which automatically creates an RDP end point and connects to the VM when needed (it doesn’t remove the end point once I disconnect, so don’t forget to do that manually). Once I get a Point-to-Site VPN up and running I can leave RDP on and simply VPN into the VNet when required.
Some more:
- Azure blog post: VNet-to-VNet: Connecting Virtual Networks in Azure across Different Regions
- An excellent blog post on how you can create multiple VNets in Azure and connect them via a Site-to-Site VPN. My script does this automatically if you specify multiple VPNs and gateway connections between them. This blog post was of great help learning how to do that.
- MSDN article: Configure a VNet to VNet Connection
- On the same topic as above. Has more pictures and step-by-step instructions.
- Azure Virtual Network Gateway Improvements
- Since December 2014 you can have Site-to-Site VPNs with no encryption. Don’t do that in a real life scenario, but no harm doing that for Site-to-Site VPNs between VNets in your own subscription. It will greatly improve your performance too.
- Blog post: Static vs Dynamic Routing Gateways in Azure