Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding ARM modules #613

Merged
merged 42 commits into from
Jul 13, 2021
Merged

adding ARM modules #613

merged 42 commits into from
Jul 13, 2021

Conversation

krnese
Copy link
Contributor

@krnese krnese commented Jun 9, 2021
edited
Loading

This PR fixes

  • Re-structuring the ARM templates for all resource deployments
  • eslzArm.json is used to orchestrate the e2e composition of ESLZ, and subsequent resource deployments based on user input from portal experience
  • The composite ARM templates can be sequenced on their own, independently of each other (although strict sequencing is required to ensure the same outcome)
  • Customers can deploy from private repository if they want to sequence at their own pace
  • Converging Contoso, AdventureWorks, and Wingtip into one ESLZ deployment experience via first-party deployment in Azure portal
  • Removing individual policy assignment for Azure Monitor for VMs, and are now using the built-in policy initiative to achieve the same which spans Windows, Linux (VM and VMSS), as well as Azure Arc enabled VMs.
  • Deploy Log Analytics DINE policy has moved to built-in, hence removing the custom policy from ESLZ and use built-in for assignment at the management management group
  • Support N network topologies in same experience (hub and spoke, vwan, hub and spoke with NVA)
  • Optimizing the execution graph
  • Added option for peering virtual network in identity subscription (nva, hub and spoke, and vwan)
  • Added option for peering landing zones to connectivity subscription when hub & spoke is the selected topology (VWAN is excluded due to concurrency issues)
  • Navigate policy assignment for identity, when using single vs dedicated subscriptions for platform purposes
  • Moving several of the diagnostics policies to built-in, and updating the diagnostics initiative (this means there's a new resource name as update of existing one will not be allowed due to removal of parameters)
  • Adding policy initiative for denying public endpoints (using built-ins)
  • Adding policy initiative for enforcing private dns zone association with private link (using built-ins)
  • Updated description and display name for all policy assignments

@krnese krnese linked an issue Jun 9, 2021 that may be closed by this pull request
DIY ARM templates and guidance for ESLZ #578
Closed
krnese and others added 27 commits June 11, 2021 13:12
@krnese
defined contract
d19695e
@krnese
update #3
a7b2e4b
@krnese
Merge branch 'main' of https://github.com/Azure/Enterprise-scale into…
3a499b9 
… arm-modules
@krnese
added enforcementMode param
3aef708
@krnese
adding param
871f336
@krnese
UX and contract changes
7ac8883
@krnese
conditional firewall for hub vs vwan
9be15c3
@krnese
support for single vs N platform subs
beea150
@krnese
Merge branch 'main' of https://github.com/Azure/Enterprise-scale into…
8d3cbdc 
… arm-modules
@krnese
updated UX for single vs dedicated platform subscriptions
f501c3e
@krnese
updating built-in policy
f10511d
@krnese
correcting parameter
388fd57
@krnese
navigating policies for identity
d111829
@krnese
Merge branch 'main' of https://github.com/Azure/Enterprise-scale into…
2a77f81 
… arm-modules
@krnese
adding vwan and nva for networking
be402f9
@krnese
removing peering
3245165
@krnese
adding scaleUnit for vpnGateway and ER for vwan
291ada4
@krnese
fixing parameter
25b89e4
@krnese
adding disclaimer for sub selection
241fc1b
@krnese
adding private dns zones and moving to built-in policies
46fc0a0
@krnese
Merge branch 'main' of https://github.com/Azure/Enterprise-scale into…
96d9792 
… arm-modules
@krnese
adding policySet for DINE Private DNS Zones
f4b6dfb
@daltondhcp
Added policyset for public paas
7a2579b
@daltondhcp
removed custom references
dae280d
@daltondhcp
Update Deny-PublicEndpointsPolicySetDefinition.json
e1175af
@krnese
policy updates
03c0506
@krnese
Merge branch 'arm-modules' of https://github.com/krnese/Enterprise-Scale
2f2154e 
 into arm-modules
This was linked to issues Jul 8, 2021
Enabling third-party NVA support #581
Closed
Enhance "Enterprise-Scale company prefix" tab #554
Closed
@krnese krnese linked an issue Jul 9, 2021 that may be closed by this pull request
VNet Peer Identity Subscription as part of Bootstrap for AdventureWorks (Hub and Spoke) #517
Closed
@krnese krnese marked this pull request as ready for review July 9, 2021 17:25
@krnese krnese added documentation Improvements or additions to documentation enhancement New feature or request policy labels Jul 12, 2021
@krnese krnese linked an issue Jul 13, 2021 that may be closed by this pull request
Example of new connected landing zone without DINE policy #582
Closed
@jtracey93 jtracey93 mentioned this pull request Jul 13, 2021
Merged
daltondhcp
daltondhcp approved these changes Jul 13, 2021
View reviewed changes
Copy link
Contributor

@daltondhcp daltondhcp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic improvements! Looks good to me.

@krnese krnese merged commit e411a85 into Azure:main Jul 13, 2021
@krnese krnese deleted the arm-modules branch July 13, 2021 18:23
@daltondhcp daltondhcp mentioned this pull request Sep 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daltondhcp daltondhcp daltondhcp approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request policy
Projects
None yet
Milestone
No milestone
2 participants
@krnese @daltondhcp