Create a VM Network When Subscription is created in Windows Azure Pack with SMA part2

and finally i succeed the create a VM Network, activate NVGRE GW with NAT and set some settings how i want

in part one i explained almost everything to create a runbook, now i completed the code in part2

you can find out some stupid variables like $a , $z and also some different ideas to generate some needs which are very clear to understand but all are my own if you have better way or more short way use it pls🙂

Important parameters are “-ForOnBehalfOf” , “-OnBehalfOfUser” , “-OnBehalfOfUserRole”

For such parameters and value what you will set please fallow your SCVMM -> Job section . You will find the owner informations there

Pls command me something wrong or need to explain more


workflow VahoTest2
{
    param
    (
        [object]$resourceObject,
        [object]$params
    )

    #Get some values to use it inside InlineScript
    #We will generate User and UserRole to use it create a VM Network
    #We have to generate first 27 character of AdminId underscore whole SubscipritonId
    $WAPSubscriptionId=$resourceObject.SubscriptionId
    $WAPAdminId=$resourceObject.AdminId

    InlineScript
    {

    # I dont know why but maybe because of design Owner of the VM, Network and other objects are
    # generated via first 27 character of AdminId underscore subscriptionId
        $SubscriptionID =  $USING:WAPSubscriptionId
        $UserRole = $USING:WAPAdminId
        $UserRoleCut = $UserRole.Substring(0,27)
        $Under = "_"
        $Dot = "."
        $NameForSearch = $UserRoleCut + $Under + $SubscriptionID

     # Try to generate random name for VMNetwork we will create
        $NetworkName = "VirtualNetwork"
        $NetworkNameSuffix = Get-Random -Maximum 9999999
        $NetworkNameTemplate = $NetworkName + $Under + $NetworkNameSuffix

     # Connect to SCVMM Server
     # Important thing is -ForOnBehalfOf because for WAP SPF need to connect SCVMM
     Get-SCVMMServer -ComputerName your.scvmm.fqdn -ForOnBehalfOf | Out-Null

     #To get a SCVMM user role for only related SubscriptionId and User
     $z = Get-SCUserRole | where {$_.Name -match $NameForSearch}
     $a = $UserRoleCut

     # Create a Virtual Network For Customer
     # Actually i set static LogicalNetwork in this runbook becauase Provider Address Spaces is my NVGRE enables one
     # After such command executed empty VM Network object will be appear in SCVMM
     $NewVMNetwork = New-SCVMNetwork -Name $NetworkNameTemplate -LogicalNetwork "Provider Address Spaces” -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # To assign ip block to customer need to randomize the octests
     # Actually we are using network Virtualisation and can overlap it but treditional logic, sorry😦 

     [string]$octet1 = 10
     [string]$octet2 = Get-Random -Maximum 254
     [string]$octet3 = Get-Random -Maximum 254
     [string]$octet4 = 0
     $subnetmask = "/24"

     $GenerateVMNetworkSubnetID = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4 + $subnetmask

     # Because of we are dealing with NVGRE,Network Virtualisation we do not have to set some VLAN ID
     # Just create a subnet object, thats it
     $CreateVMNetworkSubnet = New-SCSubnetVLan -Subnet $GenerateVMNetworkSubnetID

     # Right now in SCVMM VM Subnets tab is empty for create VM Network above
     # We need to add VM Subnet
     [string]$RSID = Get-Random -Maximum 254
     $NameVMSubnetUnderVMNetworkTemplate = $NetworkNameTemplate + "_Subnet" + "_" + $RSID
     $CreateVMSubnetUnderVMNetwork = New-SCVMSubnet -Name $NameVMSubnetUnderVMNetworkTemplate -VMNetwork $NewVMNetwork -SubnetVLan $CreateVMNetworkSubnet -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # SCVMM can do the IP Address Management, now we will define our ip range , dns
     # No need to deal with GW it will be auto created
     # First need to create some veriables
     #$GenerateVMNetworkSubnetWithoutMask = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + $octet4
     $RangeStart = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "50"
     $RangeEnd = $octet1 + $Dot + $octet2 + $Dot + $octet3 + $Dot + "254"

     # Create the IP Pool
     $ipAdressPoolName = $NetworkNameTemplate+"_Pool"
     $dnsIP = "8.8.8.8"

     # After this command executed you have to see an IP Pool under VM Network
     $staticIPAddressPool = New-SCStaticIPAddressPool -Name $ipAdressPoolName -VMSubnet $CreateVMSubnetUnderVMNetwork -Subnet $GenerateVMNetworkSubnetID -IPAddressRangeStart $RangeStart -IPAddressRangeEnd $RangeEnd -DNSServer $dnsIP -OnBehalfOfUser $a -OnBehalfOfUserRole $z

     # Now time to deal with NVGRE GW Service
     # This will be little static, maybe next time i will update it more dynamic and possible to load balance the service
     # Lets set static veriables
     $NVGREGWName = "internetgwservice2"
     # A statement below basicly put the NVGREGWName in front of the _Gateway string, we will use it next
     $NVGREGWNameTemplate = "{0}_Gateway" -f $NVGREGWName
     # NVGRE GW have an editional interface for internet access and distribute pulic ip address to Tenant Networks
     # Set you static IP Pool Name below
     $NVGREGWStaticIPPoolForIntenet = "Internet01"
     # A statement below basicly put the already created VM Network Name in front of the _Gateway string, we will use it next
     $VMNetworkNATConnName = "{0}_NatConnection" -f $NetworkNameTemplate
     # Now we are getting whole information about NVGREGW
     $NVGREGWOwn = Get-SCNetworkGateway -Name $NVGREGWName
     # After execute command below in SCVMM you can check the VM Network properties Connectivity Tab
     # Default Connect directly to an additional logical network & Direct Routing should be choosed
     #I command out first ActivateNVGREGWForVMNetwork because i got Error (11418) You do not have permission to access one or more of the objects required by this operation.
     #$ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork -OnBehalfOfUser $a -OnBehalfOfUserRole $z
     $ActivateNVGREGWForVMNetwork = Add-SCVMNetworkGateway -Name $NVGREGWNameTemplate -EnableBGP $false -NetworkGateway $NVGREGWOwn -VMNetwork $NewVMNetwork
     # To get public ip address and activate NAT to get ip pool
     $NVGREExternalIPPOOL = Get-SCStaticIPAddressPool -Name $NVGREGWStaticIPPoolForIntenet
     # Check the Connectivity Tab again, NAT should be choosed and you have an IP Address Now
     #$ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL -OnBehalfOfUser $a -OnBehalfOfUserRole $z
     $ActivateNAT = Add-SCNATConnection -Name $VMNetworkNATConnName -VMNetworkGateway $ActivateNVGREGWForVMNetwork -ExternalIPPool $NVGREExternalIPPOOL
    }

}

Posted on 06/02/2015, in SMA and tagged , , , , , , . Bookmark the permalink. 3 Comments.

  1. Hi,

    Thanks for the great article, i have a question regarding WAP Vnet, can we limit internet and VPN speed from WAP plan ? there is a parameter to specify the speed within WAP plan but it have no effect on user external access ?

    another question regarding quota for external traffic, can we apply a quota limit for external traffic ?

    Thanks.

    • Hi ,

      Not tested but what i know VPN speed can be configured from plan and its not effect public (external) internet access.

      When i wrote such article there is no option to do that but after UR5/UR6 (i guess UR6) a new feature vNIC based traffic measurement is added but still there is no way to configure it but Hyper-V have perfect resource metering and with using ACL you can completely configure and set what traffic you can meter. https://technet.microsoft.com/en-us/library/hh848481(v=wps.630).aspx

      Regards
      VM

  1. Pingback: Create a VM Network When Subscription is created in Windows Azure Pack with SMA part1 | vmknowledge

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: