- Deploys the following infrastructure:
- Storage Account
- Virtual Network
- Site-to-Site VPN
- Local Gateway
- Public IP for Azure Gateway
- Azure Gateway
- Gateway Connection
- 3 subnets: AD, Internal, DMZ
- 3 Network Security Groups:
- AD - permits AD traffic, RDP incoming to network; limits DMZ access
- Internal - permissive; restricts traffic to DMZ
- DMZ - restrictive; permits 443 traffic to Internal, RDP from internal, very limited traffic from Internal, no traffic to Internet or Internal
- Public IP Address
- 2 Load Balancers
- Internal - to be used to access AD FS Servers
- External - to be used to access Web Application Proxy servers (via PublicIP)
Note: only one VM Size is specified (at this time)
Note: Network Cards and Availability Sets are provisioned for VMs
- AD VMs - 2 VMs of size specified
- DSC to install ADDS Role
- AD FS VMs - Number to be specified of size specified
- DSC to install ADFS Role
- WAP VMs - Number to be specified (same as AD FS VMs)
- DSC to install Windows Application Proxy Role
- There are no RDP Endpoints created on the VMs. If you cannot access the VPNs using the VPN created with the deployment, you'll have to add a Public IP to one of the ADFS or AD VMs and take it from there.
- Domain Join, ADFS farm join/creation, and WAP farm join are not supported
- I haven't actually tested the VPN capability!
- T-shirt sizing - ability to select from:
- non-redundant (i.e. service only to be utilized if primary on-site server goes down)
- redundant (as-built)
- geo-redundant (deploy twice; load balance with Traffic Manager)
- non-redundant, geo-load balanced
##Known Issues
- DSC to install the WAP is not enabled
====
