mspnp · v-fearam · Jun 27, 2024
diff --git a/solutions/secure-hybrid-network/README.md b/solutions/secure-hybrid-network/README.md
@@ -28,9 +28,15 @@ For detailed information, see the Implement a secure hybrid network:
 
 Clone this repo and then run the following commands to initiate the deployment. When prompted, enter values for an admin username and password. These values are used to log into the included virtual machines.
 
-```azurecli-interactive
+```bash
+## Environment
+LOCATION=eastus2
+ONPREM_RESOURCEGROUP_NAME=rg-site-to-site-mock-prem-${LOCATION}
+AZURE_NETWORK_RESOURCEGROUP_NAME=rg-site-to-site-azure-network-${LOCATION}
+
+# Resources will be created on deployment region
 cd solutions/secure-hybrid-network
-az deployment sub create --location eastus --template-file azuredeploy.bicep 
+az deployment sub create -n secure-hybrid-network --location ${LOCATION} --template-file azuredeploy.bicep  -p mocOnPremResourceGroup=${ONPREM_RESOURCEGROUP_NAME} azureNetworkResourceGroup=${AZURE_NETWORK_RESOURCEGROUP_NAME}
 ```
 
 ## Solution deployment parameters
@@ -61,7 +67,7 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep
 | spokeRoutes | object | Object representing user-defined routes for the spoke subnet. | tableName, routeNameFirewall |
 | gatewayRoutes | object | Object representing user-defined routes for the gateway network. | tableName, routeNameFirewall |
 | internalLoadBalancer | object | Object representing the configuration of the application load balancer. | name, backendName, fontendName, probeName |
-| location | string | Location to be used for all resources. | null |
+| location | string | Location to be used for all resources. | rg location |
 
 **nestedtemplates/azure-network-local-gateway.json**
 
@@ -84,7 +90,7 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep
 | bastionHost | object | Object representing the configuration of the Bastion host. | name, subnetName, subnetPrefix, publicIPAddressName, nsgName |
 | vmSize | string | Size of the load-balanced virtual machines. | Standard_A1_v2 |
 | configureSitetosite | bool | Condition for configuring a site-to-site VPN connection. | true |
-| location | string | Location to be used for all resources. | null |
+| location | string | Location to be used for all resources. | rg location |
 
 **nestedtemplates/mock-onprem-local-gateway.json**
 
@@ -96,7 +102,15 @@ az deployment sub create --location eastus --template-file azuredeploy.bicep
 | gatewayIpAddress | string | Public IP address of the Azure virtual network gateway. | null |
 | mocOnpremGatewayName | string | Name of the mock on-prem local network gateway.  | null |
 | localNetworkGateway | string | Name of the mock on-prem local network gateway. | local-gateway-moc-prem |
-| location | string | Location to be used for all resources. | null |
+| location | string | Location to be used for all resources. | rg location |
+
+
+## Clean Up 
+
+```bash
+az group delete --name ${ONPREM_RESOURCEGROUP_NAME} --yes
+az group delete --name ${AZURE_NETWORK_RESOURCEGROUP_NAME} --yes
+```
 
 ## Microsoft Open Source Code of Conduct
 

diff --git a/solutions/secure-hybrid-network/azuredeploy.bicep b/solutions/secure-hybrid-network/azuredeploy.bicep
@@ -8,16 +8,16 @@ param adminUserName string
 @description('The admin password for both the Windows and Linux virtual machines.')
 @secure()
 param adminPassword string
-param resourceGrouplocation string = 'eastus'
+param location string = deployment().location
 
 resource mocOnPremResourceGroup_resource 'Microsoft.Resources/resourceGroups@2022-09-01' = {
   name: mocOnPremResourceGroup
-  location: resourceGrouplocation
+  location: location
 }
 
 resource azureNetworkResourceGroup_resource 'Microsoft.Resources/resourceGroups@2022-09-01' = {
   name: azureNetworkResourceGroup
-  location: resourceGrouplocation
+  location: location
 }
 
 module onPremMock 'nestedtemplates/mock-onprem-azuredeploy.bicep' = {
@@ -26,7 +26,7 @@ module onPremMock 'nestedtemplates/mock-onprem-azuredeploy.bicep' = {
   params: {
     adminUserName: adminUserName
     adminPassword: adminPassword
-    location: resourceGrouplocation
+    location: location
   }
 }
 
@@ -36,7 +36,7 @@ module azureNetwork 'nestedtemplates/azure-network-azuredeploy.bicep' = {
   params: {
     adminUserName: adminUserName
     adminPassword: adminPassword
-    location: resourceGrouplocation
+    location: location
   }
 }
 
@@ -48,7 +48,7 @@ module mockOnPremLocalGateway 'nestedtemplates/mock-onprem-local-gateway.bicep'
     azureCloudVnetPrefix: azureNetwork.outputs.mocOnpremNetwork
     spokeNetworkAddressPrefix: azureNetwork.outputs.spokeNetworkAddressPrefix
     mocOnpremGatewayName: onPremMock.outputs.mocOnpremGatewayName
-    location: resourceGrouplocation
+    location: location
   }
 }
 
@@ -59,6 +59,6 @@ module azureNetworkLocalGateway 'nestedtemplates/azure-network-local-gateway.bic
     azureCloudVnetPrefix: onPremMock.outputs.mocOnpremNetworkPrefix
     gatewayIpAddress: onPremMock.outputs.vpnIp
     azureNetworkGatewayName: azureNetwork.outputs.azureGatewayName
-    location: resourceGrouplocation
+    location: location
   }
 }
diff --git a/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep b/solutions/secure-hybrid-network/nestedtemplates/azure-network-azuredeploy.bicep
@@ -51,11 +51,9 @@ param internalLoadBalancer object = {
   fontendName: 'lb-frontend'
   probeName: 'lb-probe'
 }
-param location string
+param location string = resourceGroup().location
 
 var logAnalyticsWorkspaceName = 'la-${uniqueString(subscription().subscriptionId, resourceGroup().id)}'
-var peering_name_hub_to_spoke = 'hub-to-spoke'
-var peering_name_spoke_to_hub = 'spoke-to-hub'
 var nicNameWebName = 'nic-web-server'
 var vmNameWebName = 'vm-web-server'
 var windowsOSVersion = '2012-R2-Datacenter'
@@ -386,15 +384,19 @@ resource spokeNetwork_name_Microsoft_Insights_default_logAnalyticsWorkspace 'Mic
   }
 }
 
-resource vpnGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (configureSitetosite) {
+resource vpnGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (configureSitetosite) {
   name: vpnGateway.publicIPAddressName
   location: location
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
   properties: {
-    publicIPAllocationMethod: 'Dynamic'
+    publicIPAllocationMethod: 'Static'
   }
 }
 
-resource vpnGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (configureSitetosite) {
+resource vpnGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-11-01' = if (configureSitetosite) {
   name: vpnGateway.name
   location: location
   properties: {

diff --git a/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep b/solutions/secure-hybrid-network/nestedtemplates/azure-network-local-gateway.bicep
@@ -3,7 +3,7 @@ param gatewayIpAddress string
 param azureCloudVnetPrefix string
 param azureNetworkGatewayName string
 param localNetworkGatewayName string = 'local-gateway-azure-network'
-param location string
+param location string  = resourceGroup().location
 
 resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2023-04-01' = {
   name: localNetworkGatewayName

diff --git a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-azuredeploy.bicep
@@ -23,7 +23,7 @@ param bastionHost object = {
 }
 param vmSize string = 'Standard_A1_v2'
 param configureSitetosite bool = true
-param location string
+param location string  = resourceGroup().location
 
 var nicNameWindowsName = 'nic-windows'
 var vmNameWindowsName = 'vm-windows'
@@ -61,15 +61,19 @@ resource mocOnpremNetworkResource 'Microsoft.Network/virtualNetworks@2023-04-01'
   }
 }
 
-resource mocOnpremGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = if (configureSitetosite) {
+resource mocOnpremGateway_publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-11-01' = if (configureSitetosite) {
   name: mocOnpremGateway.publicIPAddressName
   location: location
+  sku: {
+    name: 'Standard'
+    tier: 'Regional'
+  }
   properties: {
-    publicIPAllocationMethod: 'Dynamic'
+    publicIPAllocationMethod: 'Static'
   }
 }
 
-resource mocOnpremGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-04-01' = if (configureSitetosite) {
+resource mocOnpremGatewayResource 'Microsoft.Network/virtualNetworkGateways@2023-11-01' = if (configureSitetosite) {
   name: mocOnpremGateway.name
   location: location
   properties: {

diff --git a/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep b/solutions/secure-hybrid-network/nestedtemplates/mock-onprem-local-gateway.bicep
@@ -4,7 +4,7 @@ param spokeNetworkAddressPrefix string
 param gatewayIpAddress string
 param mocOnpremGatewayName string
 param localNetworkGateway string = 'local-gateway-moc-prem'
-param location string
+param location string  = resourceGroup().location
 
 resource localNetworkGateway_resource 'Microsoft.Network/localNetworkGateways@2023-04-01' = {
   name: localNetworkGateway