Azure Powershell ile Ağlar Üzerinde Çalışma – Gelen ve Giden VM Ağ Trafiğini Filtreleme

Bu komut dosyası örneği, ön uç ve arka uç alt ağlarıyla sanal bir ağ oluşturur. Arka uç alt ağından gelen Internet trafiğine izin verilmezken, ön uç alt ağa gelen ağ trafiği HTTP ve HTTPS ile sınırlıdır. Komut dosyasını çalıştırdıktan sonra, iki NIC içeren bir sanal makineye sahip olursunuz. Her bir NIC farklı bir alt ağa bağlıdır.

# Variables for common values
$rgName=’MyResourceGroup’
$location=’eastus’

# Create user object
$cred = Get-Credential -Message ‘Enter a username and password for the virtual machine.’

# Create a resource group.
New-AzureRmResourceGroup -Name $rgName -Location $location

# Create a virtual network, a front-end subnet, and a back-end subnet.
$fesubnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet-FrontEnd’ -AddressPrefix ‘10.0.1.0/24’
$besubnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet-BackEnd’ -AddressPrefix ‘10.0.2.0/24’

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name ‘MyVnet’ -AddressPrefix ‘10.0.0.0/16’ `
-Location $location -Subnet $fesubnet, $besubnet

# Create NSG rules to allow HTTP & HTTPS traffic inbound.
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Allow-HTTP-ALL’ -Description ‘Allow HTTP’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 80

$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Allow-HTTPS-All’ -Description ‘Allow HTTPS’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 200 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 443

# Create an NSG rule to allow RDP traffic in from the Internet to the front-end subnet.
$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Allow-RDP-All’ -Description ‘Allow RDP’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 300 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 3389

# Create a network security group (NSG) for the front-end subnet.
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RgName -Location $location `
-Name “MyNsg-FrontEnd” -SecurityRules $rule1,$rule2,$rule3

# Associate the front-end NSG to the front-end subnet.
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name ‘MySubnet-FrontEnd’ `
-AddressPrefix 10.0.1.0/24 -NetworkSecurityGroup $nsg

# Create an NSG rule to block all outbound traffic from the back-end subnet to the Internet (inbound blocked by default).
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Deny-Internet-All’ -Description “Deny all Internet” `
-Access Allow -Protocol Tcp -Direction Outbound -Priority 100 `
-SourceAddressPrefix * -SourcePortRange * `
-DestinationAddressPrefix Internet -DestinationPortRange *

# Create a network security group for the back-end subnet.
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RgName -Location $location `
-Name “MyNsg-BackEnd” -SecurityRules $rule1

# Associate the back-end NSG to the back-end subnet.
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name ‘MySubnet-backEnd’ `
-AddressPrefix 10.0.2.0/24 -NetworkSecurityGroup $nsg

# Create a public IP address for the VM front-end network interface.
$publicipvm = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIp-FrontEnd’ `
-location $location -AllocationMethod Dynamic

# Create a network interface for the VM attached to the front-end subnet.
$nicVMfe = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name MyNic-FrontEnd -PublicIpAddress $publicipvm -Subnet $vnet.Subnets[0]

# Create a network interface for the VM attached to the back-end subnet.
$nicVMbe = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name MyNic-BackEnd -Subnet $vnet.Subnets[1]

# Create the VM with both the FrontEnd and BackEnd NICs.
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM’ -VMSize Standard_DS2 | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName ‘MicrosoftWindowsServer’ -Offer ‘WindowsServer’ `
-Skus ‘2016-Datacenter’ -Version ‘latest’

$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -id $nicVMfe.Id -Primary
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -id $nicVMbe.Id

# Create a virtual machine
$vm = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – 2 Sanal Ağ Arasında Peering

Bu komut Azure ağı vasıtasıyla aynı bölgede iki sanal ağ oluşturur ve bağlar. Komut dosyasını çalıştırdıktan sonra, iki sanal ağ arasında bir peering oluşturabilirsiniz.

# Variables for common values
$rgName=’MyResourceGroup’
$location=’eastus’

# Create a resource group.
New-AzureRmResourceGroup -Name $rgName -Location $location

# Create virtual network 1.
$vnet1 = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name ‘Vnet1’ -AddressPrefix ‘10.0.0.0/16’ -Location $location

# Create virtual network 2.
$vnet2 = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name ‘Vnet2’ -AddressPrefix ‘10.1.0.0/16’ -Location $location

# Peer VNet1 to VNet2.
Add-AzureRmVirtualNetworkPeering -Name ‘LinkVnet1ToVnet2’ -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.Id

# Peer VNet2 to VNet1.
Add-AzureRmVirtualNetworkPeering -Name ‘LinkVnet2ToVnet1’ -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.Id

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – Trafiği Bir Sanal Ağ Cihazıyla Yönlendirme

Bu komut dosyası örneği, ön uç ve arka uç alt ağlarıyla sanal bir ağ oluşturur. Aynı zamanda, iki alt ağ arasında trafiği yönlendirmek için IP iletişimi olan bir VM oluşturur. Senaryoyu çalıştırdıktan sonra, bir güvenlik duvarı uygulaması gibi ağ yazılımlarını VM’ye dağıtabilirsiniz.

# Variables for common values
$rgName=’MyResourceGroup’
$location=’eastus’

# Create user object
$cred = Get-Credential -Message ‘Enter a username and password for the virtual machine.’

# Create a resource group.
New-AzureRmResourceGroup -Name $rgName -Location $location

# Create a virtual network, a front-end subnet, a back-end subnet, and a DMZ subnet.
$fesubnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet-FrontEnd’ -AddressPrefix 10.0.1.0/24
$besubnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet-BackEnd’ -AddressPrefix 10.0.2.0/24
$dmzsubnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet-Dmz’ -AddressPrefix 10.0.0.0/24

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name ‘MyVnet’ -AddressPrefix 10.0.0.0/16 `
-Location $location -Subnet $fesubnet, $besubnet, $dmzsubnet

# Create NSG rules to allow HTTP & HTTPS traffic inbound.
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Allow-HTTP-ALL’ -Description ‘Allow HTTP’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 80

$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name ‘Allow-HTTPS-All’ -Description ‘Allow HTTPS’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 200 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 443

# Create a network security group (NSG) for the front-end subnet.
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RgName -Location $location `
-Name ‘MyNsg-FrontEnd’ -SecurityRules $rule1,$rule2

# Associate the front-end NSG to the front-end subnet.
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name ‘MySubnet-FrontEnd’ `
-AddressPrefix ‘10.0.1.0/24’ -NetworkSecurityGroup $nsg

# Create a public IP address for the firewall VM.
$publicip = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIP-Firewall’ `
-location $location -AllocationMethod Dynamic

# Create a NIC for the firewall VM and enable IP forwarding.
$nicVMFW = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location -Name ‘MyNic-Firewall’ `
-PublicIpAddress $publicip -Subnet $vnet.Subnets[2] -EnableIPForwarding

#Create a firewall VM to accept all traffic between the front and back-end subnets.
$vmConfig = New-AzureRmVMConfig -VMName ‘MyVm-Firewall’ -VMSize Standard_DS2 | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘MyVm-Firewall’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVMFW.Id

$vm = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

# Create a route for traffic from the front-end to the back-end subnet through the firewall VM.
$route = New-AzureRmRouteConfig -Name ‘RouteToBackEnd’ -AddressPrefix 10.0.2.0/24 `
-NextHopType VirtualAppliance -NextHopIpAddress $nicVMFW.IpConfigurations[0].PrivateIpAddress

# Create a route for traffic from the front-end subnet to the Internet through the firewall VM.
$route2 = New-AzureRmRouteConfig -Name ‘RouteToInternet’ -AddressPrefix 0.0.0.0/0 `
-NextHopType VirtualAppliance -NextHopIpAddress $nicVMFW.IpConfigurations[0].PrivateIpAddress

# Create route table for the FrontEnd subnet.
$routeTableFEtoBE = New-AzureRmRouteTable -Name ‘MyRouteTable-FrontEnd’ -ResourceGroupName $rgName `
-location $location -Route $route, $route2

# Associate the route table to the FrontEnd subnet.
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name ‘MySubnet-FrontEnd’ -AddressPrefix 10.0.1.0/24 `
-NetworkSecurityGroup $nsg -RouteTable $routeTableFEtoBE

# Create a route for traffic from the back-end subnet to the front-end subnet through the firewall VM.
$route = New-AzureRmRouteConfig -Name ‘RouteToFrontEnd’ -AddressPrefix ‘10.0.1.0/24’ -NextHopType VirtualAppliance `
-NextHopIpAddress $nicVMFW.IpConfigurations[0].PrivateIPAddress

# Create a route for traffic from the back-end subnet to the Internet through the firewall VM.
$route2 = New-AzureRmRouteConfig -Name ‘RouteToInternet’ -AddressPrefix ‘0.0.0.0/0’ -NextHopType VirtualAppliance `
-NextHopIpAddress $nicVMFW.IpConfigurations[0].PrivateIPAddress

# Create route table for the BackEnd subnet.
$routeTableBE = New-AzureRmRouteTable -Name ‘MyRouteTable-BackEnd’ -ResourceGroupName $rgName `
-location $location -Route $route, $route2

# Associate the route table to the BackEnd subnet.
Set-AzureRmVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name ‘MySubnet-BackEnd’ `
-AddressPrefix ‘10.0.2.0/24’ -RouteTable $routeTableBE

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – Çok Katmanlı Uygulamalar İçin Bir Ağ Oluşturma

Bu komut dosyası örneği, ön uç ve arka uç alt ağlarıyla sanal bir ağ oluşturur. Arka uç alt ağ trafiğinin MySQL, port 3306 ile sınırlı olduğu halde, ön uç alt ağa olan trafik HTTP ve SSH ile sınırlıdır. Komut dosyasını çalıştırdıktan sonra, dağıtabileceğiniz her bir alt ağda biri olmak üzere iki sanal makineniz olacak. Web sunucusu ve MySQL yazılımı.

Gerekirse, Azure PowerShell kılavuzunda bulunan yönergeyi kullanarak Azure PowerShell’i yükleyin ve sonra Azure ile bir bağlantı oluşturmak için Login-AzureRmAccount komutunu çalıştırın.

Devamını Oku

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – Uygulamaların Yüksek Kullanılabilirliği İçin Trafiği Yönlendirme

Bu komut, bir kaynak grubu, iki uygulama servis planı, iki web uygulaması, bir trafik yöneticisi profili ve iki trafik yöneticisi uç noktası oluşturur. Trafik Yöneticisi trafiği birincil bölge olarak bir bölgedeki uygulamaya yönlendirir ve birincil bölgedeki uygulama kullanılamadığında ikincil bölgeye yönlendirir. Komut dosyasını çalıştırmadan önce, MyWebApp, MyWebAppL1 ve MyWebAppL2 değerlerinizi Azure’deki benzersiz değere değiştirmeniz gerekir. Komut dosyasını çalıştırdıktan sonra, birincil bölgedeki uygulamaya mywebapp.trafficmanager.net URL’si ile erişebilirsiniz.

# Variables for common values
$rgName1=”MyResourceGroup1″
$rgName2=”MyResourceGroup2″
$location1=”eastus”
$location2=”westeurope”

# The values of the variables below must be unique (replace with your own names).
$webApp1=”mywebapp$(Get-Random)”
$webApp2=”mywebapp$(Get-Random)”
$webAppL1=”MyWebAppL1″
$webAppL2=”MyWebAppL2″

# Create a resource group in location one.
New-AzureRmResourceGroup -Name $rgName1 -Location $location1

# Create a resource group in location two.
New-AzureRmResourceGroup -Name $rgName2 -Location $location2

# Create a website deployed from GitHub in both regions (replace with your own GitHub URL).
$gitrepo=”https://github.com/Azure-Samples/app-service-web-dotnet-get-started.git”

# Create a hosting plan and website and deploy it in location one (requires Standard 1 minimum SKU).

$appServicePlan = New-AzureRmAppServicePlan -Name $webappl1 -ResourceGroupName $rgName1 `
-Location $location1 -Tier Standard

$web1 = New-AzureRmWebApp -ResourceGroupName $rgname1 -Name $webApp1 -Location $location1 `
-AppServicePlan $webappl1

# Configure GitHub deployment from your GitHub repo and deploy once.
$PropertiesObject = @{
repoUrl = “$gitrepo”;
branch = “master”;
isManualIntegration = “true”;
}

Set-AzureRmResource -PropertyObject $PropertiesObject -ResourceGroupName $rgname1 `
-ResourceType Microsoft.Web/sites/sourcecontrols -ResourceName $webapp1/web `
-ApiVersion 2015-08-01 -Force

# Create a hosting plan and website and deploy it in location two (requires Standard 1 minimum SKU).

$appServicePlan = New-AzureRmAppServicePlan -Name $webappl2 -ResourceGroupName $rgName2 `
-Location $location2 -Tier Standard

$web2 = New-AzureRmWebApp -ResourceGroupName $rgname2 -Name $webApp2 `
-Location $location2 -AppServicePlan $webappl2

$PropertiesObject = @{
repoUrl = “$gitrepo”;
branch = “master”;
isManualIntegration = “true”;
}

Set-AzureRmResource -PropertyObject $PropertiesObject -ResourceGroupName $rgname2 `
-ResourceType Microsoft.Web/sites/sourcecontrols -ResourceName $webapp2/web `
-ApiVersion 2015-08-01 -Force

# Create a Traffic Manager profile.
$tm = New-AzureRmTrafficManagerProfile -Name ‘MyTrafficManagerProfile’ -ResourceGroupName $rgname1 `
-TrafficRoutingMethod Priority -RelativeDnsName $web1.SiteName -Ttl 60 `
-MonitorProtocol HTTP -MonitorPort 80 -MonitorPath /

 

# Create an endpoint for the location one website deployment and set it as the priority target.
$endpoint = New-AzureRmTrafficManagerEndpoint -Name ‘MyEndPoint1’ -ProfileName $tm.Name `
-ResourceGroupName $rgname1 -Type AzureEndpoints -Priority 1 `
-TargetResourceId $web1.Id -EndpointStatus Enabled

# Create an endpoint for the location two website deployment and set it as the secondary target.
$endpoint2 = New-AzureRmTrafficManagerEndpoint -Name ‘MyEndPoint2’ -ProfileName $tm.Name `
-ResourceGroupName $rgname1 -Type AzureEndpoints -Priority 2 `
-TargetResourceId $web2.Id -EndpointStatus Enabled

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – Birden çok Web Sitesini Yük Dengelemek

Bu komut dosyası örneği, bir kullanılabilirlik kümesinin üyesi olan iki sanal makineye (VM) sahip bir sanal ağ oluşturur. Bir yük dengeleyici, iki VM’e iki ayrı IP adresi trafik yönlendirir. Komut dosyasını çalıştırdıktan sonra web sunucusu yazılımını VM’lere dağıtabilir ve her biri kendi IP adresine sahip birden çok web sitesini barındırabilirsiniz.

# Variables for common values
$rgName=’MyResourceGroup’
$location=’eastus’

# Create user object
$cred = Get-Credential -Message “Enter a username and password for the virtual machine.”

# Create a resource group.
New-AzureRmResourceGroup -Name $rgName -Location $location

# Create an availability set for the two VMs that host both websites.
$as = New-AzureRmAvailabilitySet -ResourceGroupName $rgName -Location $location `
-Name MyAvailabilitySet -Sku Aligned -PlatformFaultDomainCount 2 -PlatformUpdateDomainCount 2

# Create a virtual network and a subnet.
$subnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet’ -AddressPrefix 10.0.0.0/24

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name MyVnet `
-AddressPrefix 10.0.0.0/16 -Location $location -Subnet $subnet

# Create three public IP addresses; one for the load balancer and two for the front-end IP configurations.
$publicIpLB = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIp-LoadBalancer’ `
-Location $location -AllocationMethod Dynamic

$publicIpContoso = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIp-Contoso’ `
-Location $location -AllocationMethod Dynamic

$publicIpFabrikam = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIp-Fabrikam’ `
-Location $location -AllocationMethod Dynamic

# Create two front-end IP configurations for both web sites.
$feipcontoso = New-AzureRmLoadBalancerFrontendIpConfig -Name ‘FeContoso’ -PublicIpAddress $publicIpContoso
$feipfabrikam = New-AzureRmLoadBalancerFrontendIpConfig -Name ‘FeFabrikam’ -PublicIpAddress $publicIpFabrikam

# Create the back-end address pools.
$bepoolContoso = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name ‘BeContoso’
$bepoolFabrikam = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name ‘BeFabrikam’

# Create a probe on port 80.
$probe = New-AzureRmLoadBalancerProbeConfig -Name ‘MyProbe’ -Protocol Http -Port 80 `
-RequestPath / -IntervalInSeconds 360 -ProbeCount 5

# Create the load balancing rules.
$contosorule = New-AzureRmLoadBalancerRuleConfig -Name ‘LBRuleContoso’ -Protocol Tcp `
-Probe $probe -FrontendPort 5000 -BackendPort 5000 `
-FrontendIpConfiguration $feipContoso -BackendAddressPool $bePoolContoso

$fabrikamrule = New-AzureRmLoadBalancerRuleConfig -Name ‘LBRuleFabrikam’ -Protocol Tcp `
-Probe $probe -FrontendPort 5000 -BackendPort 5000 `
-FrontendIpConfiguration $feipFabrikam -BackendAddressPool $bePoolfabrikam

# Create a load balancer.
$lb = New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name ‘MyLoadBalancer’ -Location $location `
-FrontendIpConfiguration $feipcontoso,$feipfabrikam -BackendAddressPool $bepoolContoso,$bepoolfabrikam `
-Probe $probe -LoadBalancingRule $contosorule,$fabrikamrule

# ############## VM1 ###############

# Create an Public IP for the first VM.
$publicipvm1 = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name MyPublicIp-Vm1 `
-location $location -AllocationMethod Dynamic

# Create IP configurations for Contoso and Fabrikam.
$ipconfig1 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig1’ `
-Subnet $vnet.subnets[0] -Primary

$ipconfig2 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig2’ `
-Subnet $vnet.Subnets[0] -LoadBalancerBackendAddressPool $bepoolContoso

$ipconfig3 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig3’ `
-Subnet $vnet.Subnets[0] -LoadBalancerBackendAddressPool $bepoolfabrikam

# Create a network interface for VM1.
$nicVM1 = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name ‘MyNic-VM1’ -IpConfiguration $ipconfig1, $ipconfig2, $ipconfig3

# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM1’ -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM1’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName ‘MicrosoftWindowsServer’ -Offer ‘WindowsServer’ `
-Skus ‘2016-Datacenter’ -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVM1.Id

# Create a virtual machine
$vm = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

############### VM2 ###############

# Create an Public IP for the second VM.

$publicipvm1 = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘MyPublicIp-Vm2’ `
-location $location -AllocationMethod Dynamic

# Create IP configurations for Contoso and Fabrikam.
$ipconfig1 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig1’ `
-Subnet $vnet.subnets[0] -Primary

$ipconfig2 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig2’ `
-Subnet $vnet.Subnets[0] -LoadBalancerBackendAddressPool $bepoolContoso

$ipconfig3 = New-AzureRmNetworkInterfaceIpConfig -Name ‘ipconfig3’ `
-Subnet $vnet.Subnets[0] -LoadBalancerBackendAddressPool $bepoolfabrikam

# Create a network interface for VM2.
$nicVM2 = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name ‘MyNic-VM2’ -IpConfiguration $ipconfig1, $ipconfig2, $ipconfig3

# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM2’ -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM2’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName ‘MicrosoftWindowsServer’ -Offer ‘WindowsServer’ `
-Skus ‘2016-Datacenter’ -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVM2.Id

# Create a virtual machine
$vm = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Azure Powershell ile Ağlar Üzerinde Çalışma – Yüksek Erişebilirlik İçin VMlere Yük Dengeleme

Bu komut dosyası örneği, yüksek kullanılabilirlik ve yük dengeli bir yapılandırmada yapılandırılmış birkaç Windows sanal makine çalıştırmak için gereken her şeyi oluşturur. Komut dosyasını çalıştırdıktan sonra, bir Azure Availability Setine katılan ve bir Azure Yük Dengeleyicisi aracılığıyla erişilebilen üç sanal makineniz olacaktır.

# Variables for common values
$rgName=’MyResourceGroup’
$location=’eastus’

# Create user object
$cred = Get-Credential -Message ‘Enter a username and password for the virtual machine.’

# Create a resource group.
New-AzureRmResourceGroup -Name $rgName -Location $location

# Create a virtual network.
$subnet = New-AzureRmVirtualNetworkSubnetConfig -Name ‘MySubnet’ -AddressPrefix 192.168.1.0/24

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $rgName -Name ‘MyVnet’ `
-AddressPrefix 192.168.0.0/16 -Location $location -Subnet $subnet

# Create a public IP address.
$publicIp = New-AzureRmPublicIpAddress -ResourceGroupName $rgName -Name ‘myPublicIP’ `
-Location $location -AllocationMethod Dynamic

# Create a front-end IP configuration for the website.
$feip = New-AzureRmLoadBalancerFrontendIpConfig -Name ‘myFrontEndPool’ -PublicIpAddress $publicIp

# Create the back-end address pool.
$bepool = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name ‘myBackEndPool’

# Creates a load balancer probe on port 80.
$probe = New-AzureRmLoadBalancerProbeConfig -Name ‘myHealthProbe’ -Protocol Http -Port 80 `
-RequestPath / -IntervalInSeconds 360 -ProbeCount 5

# Creates a load balancer rule for port 80.
$rule = New-AzureRmLoadBalancerRuleConfig -Name ‘myLoadBalancerRuleWeb’ -Protocol Tcp `
-Probe $probe -FrontendPort 80 -BackendPort 80 `
-FrontendIpConfiguration $feip -BackendAddressPool $bePool

# Create three NAT rules for port 3389.
$natrule1 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name ‘myLoadBalancerRDP1’ -FrontendIpConfiguration $feip `
-Protocol tcp -FrontendPort 4221 -BackendPort 3389

$natrule2 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name ‘myLoadBalancerRDP2’ -FrontendIpConfiguration $feip `
-Protocol tcp -FrontendPort 4222 -BackendPort 3389

$natrule3 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name ‘myLoadBalancerRDP3’ -FrontendIpConfiguration $feip `
-Protocol tcp -FrontendPort 4223 -BackendPort 3389

# Create a load balancer.
$lb = New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name ‘MyLoadBalancer’ -Location $location `
-FrontendIpConfiguration $feip -BackendAddressPool $bepool `
-Probe $probe -LoadBalancingRule $rule -InboundNatRule $natrule1,$natrule2,$natrule3

# Create a network security group rule for port 3389.
$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name ‘myNetworkSecurityGroupRuleRDP’ -Description ‘Allow RDP’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 1000 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 3389

# Create a network security group rule for port 80.
$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name ‘myNetworkSecurityGroupRuleHTTP’ -Description ‘Allow HTTP’ `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 2000 `
-SourceAddressPrefix Internet -SourcePortRange * `
-DestinationAddressPrefix * -DestinationPortRange 80

# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $RgName -Location $location `
-Name ‘myNetworkSecurityGroup’ -SecurityRules $rule1,$rule2

# Create three virtual network cards and associate with public IP address and NSG.
$nicVM1 = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name ‘MyNic1’ -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
-LoadBalancerInboundNatRule $natrule1 -Subnet $vnet.Subnets[0]

$nicVM2 = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name ‘MyNic2’ -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
-LoadBalancerInboundNatRule $natrule2 -Subnet $vnet.Subnets[0]

$nicVM3 = New-AzureRmNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name ‘MyNic3’ -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg `
-LoadBalancerInboundNatRule $natrule3 -Subnet $vnet.Subnets[0]

# Create an availability set.
$as = New-AzureRmAvailabilitySet -ResourceGroupName $rgName -Location $location `
-Name ‘MyAvailabilitySet’ -Sku Aligned -PlatformFaultDomainCount 3 -PlatformUpdateDomainCount 3

# Create three virtual machines.

# ############## VM1 ###############

# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM1’ -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM1’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVM1.Id

# Create a virtual machine
$vm1 = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

# ############## VM2 ###############

# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM2’ -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM2’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVM2.Id

# Create a virtual machine
$vm2 = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

# ############## VM3 ###############

# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName ‘myVM3’ -VMSize Standard_DS2 -AvailabilitySetId $as.Id | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName ‘myVM3’ -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nicVM3.Id

# Create a virtual machine
$vm3 = New-AzureRmVM -ResourceGroupName $rgName -Location $location -VM $vmConfig

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather