Feat/windows jumpbox#21
Open
saadmsft wants to merge 8 commits into
Open
Conversation
- Implemented a new script `0-connect-jumpbox.sh` to facilitate SSH tunneling to the jumpbox via Azure Bastion. - Created Bicep modules for infrastructure components including: - Azure Monitor Private Link Scope (AMPLS) for telemetry over VNet. - App Service Plan for hosting container apps. - Azure Bastion for secure access to the jumpbox. - Jumpbox VM with necessary configurations and cloud-init for environment setup. - Network setup with multiple subnets and NSGs for zero-trust architecture. - Private DNS zones for service resolution within the VNet. - Private Endpoints for secure connections to PaaS resources. - Web App Container module for deploying containerized applications with VNet integration. - Added a backup of the previous Bicep configuration for the web app. Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
- jumpbox.bicep: Windows Server 2022 (Azure Edition), CustomScriptExtension installs Azure CLI, Git, Bicep, Docker EE, and clones the sample repo. - main.bicep: jumpboxAdminPublicKey -> jumpboxAdminPassword (secure). - main.json: regenerated so the one-click 'Deploy to Azure' button now prompts for jumpboxAdminPassword. - 1-deploy-azure-infra.sh: --ssh-key-file deprecated, replaced with --admin-password (interactive prompt + complexity validation). - 0-connect-jumpbox.sh: auto-detects host OS — uses 'az network bastion rdp' on Windows and 'az network bastion tunnel' (localhost:50389 -> VM:3389) on macOS/Linux. - README.md, docs/PRIVATE_DEPLOYMENT.md, _assets/ZERO_TRUST_ARCHITECTURE.md, _assets/zero-trust-architecture.mmd: updated for Windows + RDP. Validated with 'az bicep build' (no errors) and 'az deployment group what-if' (status: Succeeded; VM image confirmed Windows Server 2022, windowsConfiguration present, adminPassword wired through).
- infra/bicep/modules/jumpbox-linux.bicep: restored original Linux jumpbox. - infra/bicep/main-linux.bicep + main-linux.json: parallel template that uses the Linux jumpbox (jumpboxAdminPublicKey). - README.md: two 'Deploy to Azure' buttons (Windows / Linux), pointing at the saadmsft fork so the regenerated templates are reachable. - README parameter table updated to cover both credentials.
Azure rejects Windows VMs whose osProfile.computerName exceeds 15 chars (NetBIOS limit). The VM resource name (e.g. 'aiinvest-jump-hullgpilxdvtm') is fine, but it must be shortened before being passed as computerName. Use take(replace(name, '-', ''), 15) so the hostname stays unique-ish while satisfying the Windows constraint. Reproduces from the portal one-click deploy as: Code: InvalidParameter Target: osProfile.computerName
- Add InvestCorp/customer-facing deployment guide (docs/CUSTOMER_DEPLOYMENT_INVESTCORP.md) with SKU inventory, cost estimate, network requirements, operator workstation prereqs, outbound URL whitelist, temporary bootstrap changes, RBAC, runbook, verification, hand-off checklist - Add per-resource *NameOverride params to infra/bicep/main.bicep so customers with their own CAF naming standard can plug in exact names (VNet, UAMI, LAW, AppInsights, AMPLS, Storage, Cosmos, ACR, ASP, AI Foundry) - Add worked sample params file (infra/bicep/main.investcorp.example.bicepparam) - Update zero-trust architecture diagram to reflect deployed state (P0v3, ACR Premium, AI Foundry networkAcls Deny + VNet rule) - Update README with customer doc reference + naming override table - Carry forward earlier session work: bastion/jumpbox removal, P0v3 sizing, compiled main.json artifacts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.