Merge pull request #289153 from mbender-ms/patch-625840

JamesJBarnett · web-flow · commit 26d4b3fe4c3c · 2024-10-24T10:36:34.000-07:00
virtual network manager - Major Update create-virtual-network-manager…
diff --git a/articles/virtual-network-manager/create-virtual-network-manager-powershell.md b/articles/virtual-network-manager/create-virtual-network-manager-powershell.md
@@ -5,7 +5,7 @@ author: mbender-ms
 ms.author: mbender
 ms.service: azure-virtual-network-manager
 ms.topic: quickstart
-ms.date: 04/12/2024
+ms.date: 10/22/2024
 ms.custom: template-quickstart, mode-api, engagement-fy23, devx-track-azurepowershell
 ---
 
@@ -47,13 +47,13 @@ Install the latest *Az.Network* Azure PowerShell module by using this command:
 
 ## Create a resource group
 
-Before you can create an Azure Virtual Network Manager instance, you have to create a resource group to host it. Create a resource group by using [New-AzResourceGroup](/powershell/module/az.Resources/New-azResourceGroup). This example creates a resource group named *vnm-learn-eastus-001ResourceGroup* in the East US location:
+Before you can create an Azure Virtual Network Manager instance, you have to create a resource group to host it. Create a resource group by using [New-AzResourceGroup](/powershell/module/az.Resources/New-azResourceGroup). This example creates a resource group named *resource-group* in the *West US 2* region:
 
 ```azurepowershell
-
-$location = "East US"
+# Create a resource group
+$location = "West US 2"
 $rg = @{
-    Name = 'rg-learn-eastus-001'
+    Name = 'resource-group'
     Location = $location
 }
 New-AzResourceGroup @rg
@@ -65,11 +65,10 @@ New-AzResourceGroup @rg
 Define the scope and access type for the Azure Virtual Network Manager instance by using [New-AzNetworkManagerScope](/powershell/module/az.network/new-aznetworkmanagerscope). This example defines a scope with a single subscription and sets the access type to *Connectivity*. Replace `<subscription_id>` with the ID of the subscription that you want to manage through Azure Virtual Network Manager.
 
 ```azurepowershell
-
-Import-Module -Name Az.Network -RequiredVersion "5.3.0"
+$subID= <subscription_id>
 
 [System.Collections.Generic.List[string]]$subGroup = @()  
-$subGroup.Add("/subscriptions/<subscription_id>")
+$subGroup.Add("/subscriptions/$subID")
 
 [System.Collections.Generic.List[String]]$access = @()  
 $access.Add("Connectivity"); 
@@ -80,12 +79,12 @@ $scope = New-AzNetworkManagerScope -Subscription $subGroup
 
 ## Create a Virtual Network Manager instance
 
-Create a Virtual Network Manager instance by using [New-AzNetworkManager](/powershell/module/az.network/new-aznetworkmanager). This example creates an instance named *vnm-learn-eastus-001* in the East US location:
+Create a Virtual Network Manager instance by using [New-AzNetworkManager](/powershell/module/az.network/new-aznetworkmanager). This example creates an instance named *network-manager* in the *West US 2* region:
     
 ```azurepowershell
 $avnm = @{
-    Name = 'vnm-learn-eastus-001'
-    ResourceGroupName = $rg.Name
+    Name = 'network-manager'
+    ResourceGroupName = $rg.ResourceGroupName
     NetworkManagerScope = $scope
     NetworkManagerScopeAccess = $access
     Location = $location
@@ -95,87 +94,81 @@ $networkmanager = New-AzNetworkManager @avnm
 
 ## Create three virtual networks
 
-Create three virtual networks by using [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). This example creates virtual networks named *vnet-learn-prod-eastus-001*, *vnet-learn-prod-eastus-002*, and *vnet-learn-test-eastus-003* in the East US location. If you already have virtual networks that you want create a mesh network with, you can skip to the next section.
+Create three virtual networks by using [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork). This example creates virtual networks named *vnet-spoke-001*, *vnet-spoke-002*, and *vnet-hub-001* in the *West US 2* region. If you already have virtual networks that you want create a mesh network with, you can skip to the next section.
 
 ```azurepowershell
-$vnet001 = @{
-    Name = 'vnet-learn-prod-eastus-001'
-    ResourceGroupName = $rg.Name
+$vnetspoke001 = @{
+    Name = 'vnet-spoke-001'
+    ResourceGroupName = $rg.ResourceGroupName
     Location = $location
     AddressPrefix = '10.0.0.0/16'    
 }
 
-$vnet_learn_prod_eastus_001 = New-AzVirtualNetwork @vnet001
+$vnet_spoke_001 = New-AzVirtualNetwork @vnetspoke001
 
-$vnet002 = @{
-    Name = 'vnet-learn-prod-eastus-002'
-    ResourceGroupName = $rg.Name
+$vnetspoke002 = @{
+    Name = 'vnet-spoke-002'
+    ResourceGroupName = $rg.ResourceGroupName
     Location = $location
     AddressPrefix = '10.1.0.0/16'    
 }
-$vnet_learn_prod_eastus_002 = New-AzVirtualNetwork @vnet002
+$vnet_spoke_002 = New-AzVirtualNetwork @vnetspoke002
 
-$vnet003 = @{
-    Name = 'vnet-learn-test-eastus-003'
-    ResourceGroupName = $rg.Name
+$vnethub001 = @{
+    Name = 'vnet-hub-001'
+    ResourceGroupName = $rg.ResourceGroupName
     Location = $location
     AddressPrefix = '10.2.0.0/16'    
 }
-$vnet_learn_test_eastus_003 = New-AzVirtualNetwork @vnet003
+$vnet_hub_001 = New-AzVirtualNetwork @vnethub001
 ```
 
 ### Add a subnet to each virtual network
 
 To complete the configuration of the virtual networks, create a subnet configuration named *default* with a subnet address prefix of */24* by using [Add-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/add-azvirtualnetworksubnetconfig). Then, use [Set-AzVirtualNetwork](/powershell/module/az.network/set-azvirtualnetwork) to apply the subnet configuration to the virtual network.
 
 ```azurepowershell
-$subnet_vnet001 = @{
+$subnet_vnetspoke001 = @{
     Name = 'default'
-    VirtualNetwork = $vnet_learn_prod_eastus_001
+    VirtualNetwork = $vnet_spoke_001
     AddressPrefix = '10.0.0.0/24'
 }
-$subnetConfig_vnet001 = Add-AzVirtualNetworkSubnetConfig @subnet_vnet001
-$vnet_learn_prod_eastus_001 | Set-AzVirtualNetwork
+$subnetConfig_vnetspoke001 = Add-AzVirtualNetworkSubnetConfig @subnet_vnetspoke001
+$vnet_spoke_001 | Set-AzVirtualNetwork
 
-$subnet_vnet002 = @{
+$subnet_vnetspoke002 = @{
     Name = 'default'
-    VirtualNetwork = $vnet_learn_prod_eastus_002
+    VirtualNetwork = $vnet_spoke_002
     AddressPrefix = '10.1.0.0/24'
 }
-$subnetConfig_vnet002 = Add-AzVirtualNetworkSubnetConfig @subnet_vnet002
-$vnet_learn_prod_eastus_002 | Set-AzVirtualNetwork
+$subnetConfig_vnetspoke002 = Add-AzVirtualNetworkSubnetConfig @subnet_vnetspoke002
+$vnet_spoke_002 | Set-AzVirtualNetwork
 
-$subnet_vnet003 = @{
+$subnet_vnet_hub_001 = @{
     Name = 'default'
-    VirtualNetwork = $vnet_learn_test_eastus_003
+    VirtualNetwork = $vnet_hub_001
     AddressPrefix = '10.2.0.0/24'
 }
-$subnetConfig_vnet003 = Add-AzVirtualNetworkSubnetConfig @subnet_vnet003
-$vnet_learn_test_eastus_003 | Set-AzVirtualNetwork
+$subnetConfig_vnet_hub_001 = Add-AzVirtualNetworkSubnetConfig @subnet_vnet_hub_001
+$vnet_hub_001 | Set-AzVirtualNetwork
 ```
 
 ## Create a network group
 
-Virtual Network Manager applies configurations to groups of virtual networks by placing them in network groups. Create a network group by using [New-AzNetworkManagerGroup](/powershell/module/az.network/new-aznetworkmanagergroup). This example creates a network group named *ng-learn-prod-eastus-001* in the East US location:
+Virtual Network Manager applies configurations to groups of virtual networks by placing them in network groups. Create a network group by using [New-AzNetworkManagerGroup](/powershell/module/az.network/new-aznetworkmanagergroup). This example creates a network group named *network-group* in the West US 2 region:
 
 ```azurepowershell
 $ng = @{
-        Name = 'ng-learn-prod-eastus-001'
-        ResourceGroupName = $rg.Name
+        Name = 'network-group'
+        ResourceGroupName = $rg.ResourceGroupName
         NetworkManagerName = $networkManager.Name
     }
     $ng = New-AzNetworkManagerGroup @ng
 ```
 
 ## Define membership for a mesh configuration
 
-After you create your network group, you define its membership by adding virtual networks. You can add these networks manually or by using Azure Policy.
-
-# [Manual membership](#tab/manualmembership)
-
-### Add membership manually
-
-In this task, you add the static members *vnet-learn-prod-eastus-001* and *vnet-learn-prod-eastus-002* to the network group *ng-learn-prod-eastus-001* by using [New-AzNetworkManagerStaticMember](/powershell/module/az.network/new-aznetworkmanagerstaticmember).
+In this task, you add the static members *vnet-spoke-001* and *vnet-spoke-002* to the network group *network-group* by using [New-AzNetworkManagerStaticMember](/powershell/module/az.network/new-aznetworkmanagerstaticmember).
 
 Static members must have a unique name that's scoped to the network group. We recommend that you use a consistent hash of the virtual network ID. This approach uses the Azure Resource Manager template's `uniqueString()` implementation.
 
@@ -188,101 +181,30 @@ Static members must have a unique name that's scoped to the network group. We re
 ```
 
 ```azurepowershell
-$sm_vnet001 = @{
-        Name = Get-UniqueString $vnet_learn_prod_eastus_001.Id
-        ResourceGroupName = $rg.Name
+$sm_vnetspoke001 = @{
+        Name = Get-UniqueString $vnet_spoke_001.Id
+        ResourceGroupName = $rg.ResourceGroupName
         NetworkGroupName = $ng.Name
         NetworkManagerName = $networkManager.Name
-        ResourceId = $vnet_learn_prod_eastus_001.Id
+        ResourceId = $vnet_spoke_001.Id
     }
-    $sm_vnet001 = New-AzNetworkManagerStaticMember @sm_vnet001
+    $sm_vnetspoke001 = New-AzNetworkManagerStaticMember @sm_vnetspoke001
 ```
 
 ```azurepowershell
-$sm_vnet002 = @{
-        Name = Get-UniqueString $vnet_learn_prod_eastus_002.Id
-        ResourceGroupName = $rg.Name
+$sm_vnetspoke002 = @{
+        Name = Get-UniqueString $vnet_spoke_002.Id
+        ResourceGroupName = $rg.ResourceGroupName
         NetworkGroupName = $ng.Name
         NetworkManagerName = $networkManager.Name
-        ResourceId = $vnet_learn_prod_eastus_002.Id
+        ResourceId = $vnet_spoke_002.Id
     }
-    $sm_vnet002 = New-AzNetworkManagerStaticMember @sm_vnet002
+    $sm_vnetspoke002 = New-AzNetworkManagerStaticMember @sm_vnetspoke002
 ```
-  
-# [Azure Policy](#tab/azurepolicy)
-
-### Create a policy definition for dynamic membership
-
-By using [Azure Policy](concept-azure-policy-integration.md), you define a condition to dynamically add two virtual networks to your network group when the name of the virtual network includes *-prod*.
-
-> [!NOTE]
-> We recommend that you scope all of your conditionals to scan for only type `Microsoft.Network/virtualNetworks`, for efficiency.
-
-1. Define the conditional statement and store it in a variable:
-
-    ```azurepowershell
-    $conditionalMembership = '{
-        "if": {
-            "allOf": [
-                {
-                    "field": "type",
-                    "equals": "Microsoft.Network/virtualNetworks"
-                },
-                {
-                    "field": "name",
-                    "contains": "prod"
-                }
-            ]
-        },
-        "then": {
-            "effect": "addToNetworkGroup",
-            "details": {
-                "networkGroupId": "/subscriptions/<subscription_id>/resourceGroups/rg-learn-eastus-001/providers/Microsoft.Network/networkManagers/vnm-learn-eastus-001/networkGroups/ng-learn-prod-eastus-001"}
-        },
-    }'
-    
-    ```
-
-1. Create the Azure Policy definition by using the conditional statement defined in the previous step and using [New-AzPolicyDefinition](/powershell/module/az.resources/new-azpolicydefinition).
-
-   In this example, the policy definition name is prefixed with *poldef-learn-prod-* and suffixed with a unique string that's generated from a consistent hash in the network group ID. Policy resources must have a scope unique name.
-
-     ```azurepowershell
-    function Get-UniqueString ([string]$id, $length=13)
-        {
-        $hashArray = (new-object System.Security.Cryptography.SHA512Managed).ComputeHash($id.ToCharArray())
-        -join ($hashArray[1..$length] | ForEach-Object { [char]($_ % 26 + [byte][char]'a') })
-        }
-    
-    $UniqueString = Get-UniqueString $ng.Id
-     ```
-
-     ```azurepowershell
-    $polDef = @{
-        Name = "poldef-learn-prod-"+$UniqueString
-        Mode = 'Microsoft.Network.Data'
-        Policy = $conditionalMembership
-    }
-    
-    $policyDefinition = New-AzPolicyDefinition @polDef 
-     ```
-
-1. Assign the policy definition at a scope within your network manager's scope so that it can begin taking effect:
-
-    ```azurepowershell
-    $polAssign = @{
-        Name = "polassign-learn-prod-"+$UniqueString
-        PolicyDefinition  = $policyDefinition
-    }
-    
-    $policyAssignment = New-AzPolicyAssignment @polAssign
-    ```
-
----
 
 ## Create a connectivity configuration
 
-In this task, you create a connectivity configuration with the network group *ng-learn-prod-eastus-001* by using [New-AzNetworkManagerConnectivityConfiguration](/powershell/module/az.network/new-aznetworkmanagerconnectivityconfiguration) and [New-AzNetworkManagerConnectivityGroupItem](/powershell/module/az.network/new-aznetworkmanagerconnectivitygroupitem):
+In this task, you create a connectivity configuration with the network group *network-group* by using [New-AzNetworkManagerConnectivityConfiguration](/powershell/module/az.network/new-aznetworkmanagerconnectivityconfiguration) and [New-AzNetworkManagerConnectivityGroupItem](/powershell/module/az.network/new-aznetworkmanagerconnectivitygroupitem):
 
 1. Create a connectivity group item:
 
@@ -304,8 +226,8 @@ In this task, you create a connectivity configuration with the network group *ng
 
     ```azurepowershell
     $config = @{
-        Name = 'cc-learn-prod-eastus-001'
-        ResourceGroupName = $rg.Name
+        Name = 'connectivity-configuration'
+        ResourceGroupName = $rg.ResourceGroupName
         NetworkManagerName = $networkManager.Name
         ConnectivityTopology = 'Mesh'
         AppliesToGroup = $configGroup
@@ -321,77 +243,26 @@ Commit the configuration to the target regions by using `Deploy-AzNetworkManager
 [System.Collections.Generic.List[string]]$configIds = @()  
 $configIds.add($connectivityconfig.id) 
 [System.Collections.Generic.List[string]]$target = @()   
-$target.Add("westus")     
+$target.Add("westus2")     
 
 $deployment = @{
     Name = $networkManager.Name
-    ResourceGroupName = $rg.Name
+    ResourceGroupName = $rg.ResourceGroupName
     ConfigurationId = $configIds
     TargetLocation = $target
     CommitType = 'Connectivity'
 }
-Deploy-AzNetworkManagerCommit @deployment 
+Deploy-AzNetworkManagerCommit @deployment
 ```
 
 ## Clean up resources
 
-If you no longer need the Azure Virtual Network Manager instance, make sure all of following points are true before you delete the resource:
-
-* There are no deployments of configurations to any region.
-* All configurations have been deleted.
-* All network groups have been deleted.
-
-To delete the resource:
-
-1. Remove the connectivity deployment by deploying an empty configuration via `Deploy-AzNetworkManagerCommit`:
-
-    ```azurepowershell
-    [System.Collections.Generic.List[string]]$configIds = @()
-    [System.Collections.Generic.List[string]]$target = @()   
-    $target.Add("westus")     
-    $removedeployment = @{
-        Name = 'vnm-learn-eastus-001'
-        ResourceGroupName = $rg.Name
-        ConfigurationId = $configIds
-        Target = $target
-        CommitType = 'Connectivity'
-    }
-    Deploy-AzNetworkManagerCommit @removedeployment
-    ```
-
-1. Remove the connectivity configuration by using `Remove-AzNetworkManagerConnectivityConfiguration`:
-
-    ```azurepowershell
-    
-    Remove-AzNetworkManagerConnectivityConfiguration -Name $connectivityconfig.Name -ResourceGroupName $rg.Name -NetworkManagerName $networkManager.Name
-    
-    ```
-
-1. Remove the policy resources by using `Remove-AzPolicy*`:
-
-    ```azurepowershell
-    
-    Remove-AzPolicyAssignment -Name $policyAssignment.Name
-    Remove-AzPolicyAssignment -Name $policyDefinition.Name
-    
-    ```
-
-1. Remove the network group by using `Remove-AzNetworkManagerGroup`:
-
-    ```azurepowershell
-    Remove-AzNetworkManagerGroup -Name $ng.Name -ResourceGroupName $rg.Name -NetworkManagerName $networkManager.Name
-    ```
-
-1. Delete the Virtual Network Manager instance by using `Remove-AzNetworkManager`:
-
-    ```azurepowershell
-    Remove-AzNetworkManager -name $networkManager.Name -ResourceGroupName $rg.Name
-    ```
+If you no longer need the Azure Virtual Network Manager instance and it's associate resources, delete the resource group that contains them. Deleting the resource group also deletes the resources that you created.
 
-1. If you no longer need the resource that you created, delete the resource group by using [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup):
+1. Delete the resource group using [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup):
 
     ```azurepowershell
-    Remove-AzResourceGroup -Name $rg.Name -Force
+    Remove-AzResourceGroup -Name $rg.ResourceGroupName -Force
     ```
 
 ## Next steps
