ALZ bicep modules multi-region guidance (#804)

* add initial multi-region readme for hub-spoke * chore: Parameterize Route Table Entry Names in hubNetworking module * chore: Update hubNetworking README with example parameters files for multiple regions * chore: Update hubNetworking parameters for eastus and eastus2 regions * chore: Update hubNetworking parameters for eastus and eastus2 regions * chore: Update hubNetworking parameters and README for eastus and eastus2 regions * chore: Update hubNetworking parameters and README for additional regions * add multi-region vwan guidance * updates * Remove duplicate connectivity subscription variable * Update regions to use paired regions * Updated readme to switch to east us and west us paired regions * Removed param file examples * Correct link for png * Update readme to switch to east us and west us paired regions * update output * updated screenshots * Update deployment output image link for westus region --------- Co-authored-by: Zach Trocinski <ztrocinski@outlook.com>
Azure · Jul 17, 2024 · b700ac4 · b700ac4
1 parent bf7a19b
commit b700ac4
Show file tree

Hide file tree

Showing 7 changed files with 255 additions and 6 deletions.
diff --git a/infra-as-code/bicep/modules/hubNetworking/README.md b/infra-as-code/bicep/modules/hubNetworking/README.md
@@ -147,9 +147,6 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
 
 Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
 
-# Set Platform management subscription ID as the the current subscription
-$ManagementSubscriptionId = "[your platform management subscription ID]"
-
 # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
 $TopLevelMGPrefix = "alz"
 
@@ -202,3 +199,206 @@ New-AzResourceGroupDeployment @inputObject
 ## Bicep Visualizer
 
 ![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer")
+
+## Multi-region deployment
+
+To extend your infrastructure to [additional regions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/regions), this module can be deployed multiple times with different parameters files to deploy additional hubs in multiple regions. The [vnetPeering module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vnetPeering) can be leveraged to peer the hub networks together across the different regions.
+
+> For the example below, two hubs will be deployed across *eastus* and *westus* regions.
+
+1. Duplicate the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json) and create a new file for the first hub in the *eastus* region **hubNetworking.parameters.az.all.eastus.json**.
+
+    > **NOTE:**
+    > Some regions do not support availability zones, so the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) without availability zones should be used. East US supports availability zones which is why the `hubNetworking.parameters.az.all.eastus.json` file is used in this example.
+
+1. Edit the new parameters file with the needed configuration for the *eastus* region.
+1. Deploy the `hubNetworking` module to deploy the first hub in the *eastus* region using the new parameters file.
+
+    **Azure CLI (Example: East US Region)**
+
+    ```bash
+    # For Azure global regions
+
+    # Set Platform connectivity subscription ID as the the current subscription
+    ConnectivitySubscriptionId="[your platform connectivity subscription ID]"
+
+    az account set --subscription $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    # Set the region where the hub will be deployed
+    location="eastus"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-HubNetworkingDeploy-${dateYMD}"
+    GROUP="rg-$TopLevelMGPrefix-hub-networking-$location"
+    TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+
+    az group create --location $location \
+      --name $GROUP
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: East US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Set the region where the hub will be deployed
+    $location = "eastus"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-$TopLevelMGPrefix-hub-networking-$location "
+      TemplateFile          = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+    }
+
+    New-AzResourceGroup `
+      -Name $inputObject.ResourceGroupName `
+      -Location $location
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+    Example output in the eastus region:
+
+      ![Example Deployment Output in eastus region](media/exampleDeploymentOutputEastus.png "Example Deployment Output in eastus region")
+
+1. Duplicate the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) and create a new file for the additional hub in the *westus* region **hubNetworking.parameters.az.all.westus.json**.
+
+    > **NOTE:**
+    > West US does not currently support availability zones, so the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) without availability zones is used in this example.
+
+1. Edit the new parameters file with the needed configuration for the *westus* region.
+1. Deploy the `hubNetworking` module to deploy the second hub in the *westus* region using the new parameters file.
+
+    > **NOTE:**
+    > If you have set the parameter `parDdosEnabled` to true and deployed a DDoS Network Protection Plan, make sure to set this parameter to false when deploying additional regions to avoid creating multiple plans. You will have to manually enable this plan for the additional hub networks you deploy.
+
+    **Azure CLI (Example: West US Region)**
+
+    ```bash
+    # For Azure global regions
+
+    # Set Platform connectivity subscription ID as the the current subscription
+    ConnectivitySubscriptionId="[your platform connectivity subscription ID]"
+
+    az account set --subscription $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    # Set the region where the hub will be deployed
+    location="westus"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-HubNetworkingDeploy-${dateYMD}"
+    GROUP="rg-$TopLevelMGPrefix-hub-networking-$location"
+    TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+
+    az group create --location $location \
+      --name $GROUP
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: West US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Set the region where the hub will be deployed
+    $location = "westus"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-$TopLevelMGPrefix-hub-networking-$location "
+      TemplateFile          = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+    }
+
+    New-AzResourceGroup `
+      -Name $inputObject.ResourceGroupName `
+      -Location $location
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+    Example output in the westus region
+
+      ![Example Deployment Output in westus region](media/exampleDeploymentOutputwestus.png "Example Deployment Output in westus region")
+
+1. To peer the newly created hubs, the [vnetPeering module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vnetPeering) will be used.
+
+1. Edit the [parameters file](https://github.com/sebassem/ALZ-Bicep/blob/alz-multiple-regions/infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json) of the *vnetPeering* module to specify the source and destination virtual networks.
+
+    > **NOTE:**
+    > Module will need to be called twice to create the completed peering. Each time with a peering direction.
+
+    **Azure CLI (Example: East US Region to West US Region)**
+
+    ```bash
+    **NOTE: As there is some PowerShell code within the CLI, there is a requirement to execute the deployments in a cross-platform terminal which has PowerShell installed.**
+    ```bash
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    connectivitySubscriptionId="[your connectivity subscription ID]"
+    az account set --subscription $connectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-vnetPeeringDeploy-${dateYMD}"
+    GROUP="rg-alz-hub-networking-eastus" # Specify the name of the resource group of the first hub network.
+    TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json"
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: East US Region to West US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $connectivitySubscriptionId = "[your connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $connectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-vnetPeeringDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-alz-hub-networking-eastus" # Specify the name of the resource group of the first hub network.
+      TemplateFile          = "infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json"
+    }
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+1. Re-deploy the module again after editing the parameters file to peer the other direction.
diff --git a/infra-as-code/bicep/modules/hubNetworking/media/exampleDeploymentOutputEastus.png b/infra-as-code/bicep/modules/hubNetworking/media/exampleDeploymentOutputEastus.png
diff --git a/infra-as-code/bicep/modules/hubNetworking/media/exampleDeploymentOutputwestus.png b/infra-as-code/bicep/modules/hubNetworking/media/exampleDeploymentOutputwestus.png
diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
@@ -106,7 +106,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-eastus"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json
@@ -118,7 +118,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-eastus"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
@@ -106,7 +106,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-chinaeast2"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

diff --git a/infra-as-code/bicep/modules/vwanConnectivity/README.md b/infra-as-code/bicep/modules/vwanConnectivity/README.md
@@ -176,3 +176,52 @@ New-AzResourceGroupDeployment @inputObject
 ## Bicep Visualizer
 
 ![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer")
+
+## Multi-region deployment
+
+To extend your infrastructure to [additional regions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/regions), this module can be used to deploy additional virtual hubs in multiple regions. This is achieved by adding multiple entries for the `parVirtualWanHubs` parameter for each region a virtual hub should be deployed.
+
+Example:
+
+```bicep
+parVirtualWanHubs: [
+    {
+        parVpnGatewayEnabled: true
+        parExpressRouteGatewayEnabled: true
+        parAzFirewallEnabled: true
+        parVirtualHubAddressPrefix: '10.100.0.0/23'
+        parHubLocation: 'eastus2'
+        parHubRoutingPreference: 'ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2
+        parVirtualHubRoutingIntentDestinations: []
+        parAzFirewallDnsProxyEnabled: true
+        parAzFirewallDnsServers: []
+        parAzFirewallIntelMode: 'Alert'
+        parAzFirewallTier: 'Standard'
+        parAzFirewallAvailabilityZones: [
+            '1'
+            '2'
+            '3'
+        ]
+    },
+    {
+        parVpnGatewayEnabled: true
+        parExpressRouteGatewayEnabled: true
+        parAzFirewallEnabled: true
+        parVirtualHubAddressPrefix: '10.90.0.0/23'
+        parHubLocation: 'centralus'
+        parHubRoutingPreference: 'ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2
+        parVirtualHubRoutingIntentDestinations: []
+        parAzFirewallDnsProxyEnabled: true
+        parAzFirewallDnsServers: []
+        parAzFirewallIntelMode: 'Alert'
+        parAzFirewallTier: 'Standard'
+        parAzFirewallAvailabilityZones: [
+            '1'
+            '2'
+            '3'
+        ]
+    }
+]
+```