|
1 | 1 | --- |
2 | 2 | title: Configure networking |
3 | 3 | description: Learn how to configure networking for Managed DevOps Pools. |
4 | | -ms.date: 07/29/2025 |
| 4 | +ms.date: 10/27/2025 |
5 | 5 | ms.custom: sfi-image-nochange |
6 | 6 | --- |
7 | 7 |
|
@@ -210,14 +210,103 @@ If you configure your Azure DevOps Pipeline to run inside of a container, you ne |
210 | 210 |
|
211 | 211 | To confirm that you can use a given subnet with Managed DevOps Pools, you can run the following script on a resource on that subnet to validate that the network flow is configured to reach all these available endpoints, and additionally the Managed DevOps control plane. |
212 | 212 |
|
213 | | -[ValidateMDPEndpoints.ps1](./scripts/ValidateMDPEndpoints.ps1) |
214 | | - |
215 | | -To run the script, with Powershell Core, Powershell 5 or greater you can run |
| 213 | +To run the script with Powershell Core, or Powershell 5 or greater, save the following script as `ValidateMDPEndpoints.ps1` and run the following command: |
216 | 214 |
|
217 | 215 | ```powershell |
218 | 216 | .\ValidateMDPEndpoints.ps1 -organization "<your-organization>" |
219 | 217 | ``` |
220 | 218 |
|
| 219 | +```powershell |
| 220 | +# ValidateMDPEndpoints.ps1 |
| 221 | +param ( |
| 222 | + [string]$organization |
| 223 | +) |
| 224 | +$azureDevOpsUris = @( |
| 225 | + "https://dev.azure.com", |
| 226 | + "https://vssps.dev.azure.com", |
| 227 | + "https://vsrm.dev.azure.com", |
| 228 | + "https://management.azure.com", |
| 229 | + "https://login.microsoftonline.com", |
| 230 | + "https://graph.microsoft.com", |
| 231 | + "https://aadcdn.msftauth.net", |
| 232 | + "https://${organization}.visualstudio.com", |
| 233 | + "https://${organization}.vsrm.visualstudio.com", |
| 234 | + "https://${organization}.vstmr.visualstudio.com", |
| 235 | + "https://${organization}.pkgs.visualstudio.com", |
| 236 | + "https://${organization}.vssps.visualstudio.com", |
| 237 | + "https://download.agent.dev.azure.com", |
| 238 | + "download.agent.dev.azure.com" |
| 239 | +) |
| 240 | +$managedDevOpsPoolsControlPlaneUris = @( |
| 241 | + # List of agent queue endpoints - maps to *.queue.core.windows.net |
| 242 | + "https://rmprodaedefaultcq.queue.core.windows.net", |
| 243 | + "https://rmprodbrsdefaultcq.queue.core.windows.net", |
| 244 | + "https://rmprodcncdefaultcq.queue.core.windows.net", |
| 245 | + "https://rmprodcusdefaultcq.queue.core.windows.net", |
| 246 | + "https://rmprodeus2defaultcq.queue.core.windows.net", |
| 247 | + "https://rmprodgwcdefaultcq.queue.core.windows.net", |
| 248 | + "https://rmprodincdefaultcq.queue.core.windows.net", |
| 249 | + "https://rmprodneudefaultcq.queue.core.windows.net", |
| 250 | + "https://rmprodseadefaultcq.queue.core.windows.net", |
| 251 | + "https://rmprodszndefaultcq.queue.core.windows.net", |
| 252 | + "https://rmproduksdefaultcq.queue.core.windows.net", |
| 253 | + "https://rmprodwcusdefaultcq.queue.core.windows.net", |
| 254 | + "https://rmprodwus3defaultcq.queue.core.windows.net", |
| 255 | + # CDN for downloading the Managed DevOps Pools agent - maps to *.prod.managedevops.microsoft.com |
| 256 | + "rm-agent.prod.manageddevops.microsoft.com" |
| 257 | + # List of control plane endpoints - maps to *.manageddevops.microsoft.com |
| 258 | + "default.ae.prod.manageddevops.microsoft.com", |
| 259 | + "default.brs.prod.manageddevops.microsoft.com", |
| 260 | + "default.cnc.prod.manageddevops.microsoft.com", |
| 261 | + "default.cus.prod.manageddevops.microsoft.com", |
| 262 | + "default.eus2.prod.manageddevops.microsoft.com", |
| 263 | + "default.gwc.prod.manageddevops.microsoft.com", |
| 264 | + "default.inc.prod.manageddevops.microsoft.com", |
| 265 | + "default.neu.prod.manageddevops.microsoft.com", |
| 266 | + "default.sea.prod.manageddevops.microsoft.com", |
| 267 | + "default.szn.prod.manageddevops.microsoft.com", |
| 268 | + "default.uks.prod.manageddevops.microsoft.com", |
| 269 | + "default.wcus.prod.manageddevops.microsoft.com", |
| 270 | + "default.wus3.prod.manageddevops.microsoft.com" |
| 271 | +) |
| 272 | +$unreachableUris = @() |
| 273 | +foreach ($uri in $azureDevOpsUris) { |
| 274 | + try { |
| 275 | + $hostName = ($uri -replace "^https?://", "") -replace "/.*", "" |
| 276 | + $connection = Test-NetConnection -ComputerName $hostName -Port 443 -WarningAction SilentlyContinue |
| 277 | + if (-not $connection.TcpTestSucceeded) { |
| 278 | + $unreachableUris += $uri |
| 279 | + } |
| 280 | + } catch { |
| 281 | + $unreachableUris += $uri |
| 282 | + } |
| 283 | +} |
| 284 | +if ($unreachableUris.Count -eq 0) { |
| 285 | + Write-Output "All Azure DevOps endpoints are reachable." |
| 286 | +} else { |
| 287 | + Write-Output "The following Azure DevOps endpoints could not be reached:" |
| 288 | + $unreachableUris | ForEach-Object { Write-Output $_ } |
| 289 | +} |
| 290 | +foreach ($uri in $managedDevOpsPoolsControlPlaneUris) { |
| 291 | + try { |
| 292 | + $hostName = ($uri -replace "^https?://", "") -replace "/.*", "" |
| 293 | + $connection = Test-NetConnection -ComputerName $hostName -Port 443 -WarningAction SilentlyContinue |
| 294 | +
|
| 295 | + if (-not $connection.TcpTestSucceeded) { |
| 296 | + $unreachableUris += $uri |
| 297 | + } |
| 298 | + } catch { |
| 299 | + $unreachableUris += $uri |
| 300 | + } |
| 301 | +} |
| 302 | +if ($unreachableUris.Count -eq 0) { |
| 303 | + Write-Output "All Azure Managed DevOps Pools endpoints are reachable." |
| 304 | +} else { |
| 305 | + Write-Output "The following Managed DevOps Pools endpoints could not be reached:" |
| 306 | + $unreachableUris | ForEach-Object { Write-Output $_ } |
| 307 | +} |
| 308 | +``` |
| 309 | + |
221 | 310 | ## Configure the Azure DevOps Agent to run behind a Proxy |
222 | 311 |
|
223 | 312 | If you configured a proxy service on your image and want your workloads running on your Managed DevOps pool to run behind this proxy, you must add the following environment variables on your image. |
|
0 commit comments