-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvdi.bicep
202 lines (188 loc) · 5.34 KB
/
vdi.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
@description('Project ID for resource names.')
param projectId string = 'bccVDIDemo'
@description('Location for all resources.')
param location string = resourceGroup().location
@description('The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.')
param tenantId string = ''
@description('The object ID of a user in the Azure Active Directory tenant for the vault.')
param keyVaultUser string = ''
@description('Set to false to only validate the VDI environment and no access is needed to KeyVault secrets or blob data.')
param updateAccess bool = true
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-11-01' = {
name: 'VDIVNet'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'172.23.0.0/16'
]
}
subnets: [
{
name: 'VDIHostsSubnet'
properties: {
addressPrefix: '172.23.3.0/24'
serviceEndpoints: [
{
service: 'Microsoft.Storage'
locations: [
'westus'
'eastus'
]
}
]
delegations: []
privateEndpointNetworkPolicies: 'Disabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
type: 'Microsoft.Network/virtualNetworks/subnets'
}
]
enableDdosProtection: false
}
resource defaultSubnet 'subnets' existing = {
name: 'VDIHostsSubnet'
}
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = {
name: take('${toLower(projectId)}sa${uniqueString(resourceGroup().id)}', 24)
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
networkAcls: {
bypass: 'AzureServices'
virtualNetworkRules: [
{
id: virtualNetwork::defaultSubnet.id
action: 'Allow'
}
]
defaultAction: 'Deny'
}
accessTier: 'Hot'
}
resource blobService 'blobServices' = {
name: 'default'
resource container 'containers' = {
name: 'scripts'
}
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2022-11-01' = {
name: '${projectId}-private-endpoint'
location: location
properties: {
privateLinkServiceConnections: [
{
name: '${projectId}-connection'
properties: {
privateLinkServiceId: storageAccount.id
groupIds: [
'blob'
]
privateLinkServiceConnectionState: {
status: 'Approved'
description: 'Auto-Approved'
actionsRequired: 'None'
}
}
}
]
manualPrivateLinkServiceConnections: []
subnet: {
id: virtualNetwork::defaultSubnet.id
}
}
}
resource computeGallery 'Microsoft.Compute/galleries@2022-03-03' = {
name: '${projectId}_Galery'
location: location
properties: {
identifier: {}
}
resource computeImage 'images' = {
name: 'win11-avd-vdi-apps'
location: location
properties: {
hyperVGeneration: 'V2'
architecture: 'x64'
osType: 'Windows'
osState: 'Generalized'
identifier: {
publisher: 'MicrosoftWindowsDesktop'
offer: 'windows-11'
sku: 'win11-avd'
}
}
}
}
resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2022-10-14-preview' = {
name: '${projectId}-HP'
location: location
properties: {
publicNetworkAccess: 'Enabled'
friendlyName: 'VDI Demo'
hostPoolType: 'Pooled'
customRdpProperty: 'audiomode:i:0;videoplaybackmode:i:1;devicestoredirect:s:*;enablecredsspsupport:i:1;redirectwebauthn:i:1;targetisaadjoined:i:1;redirectclipboard:i:1;'
maxSessionLimit: 10
loadBalancerType: 'DepthFirst'
validationEnvironment: false
preferredAppGroupType: 'Desktop'
startVMOnConnect: true
}
}
resource applicationGroup 'Microsoft.DesktopVirtualization/applicationgroups@2022-10-14-preview' = {
name: '${projectId}-AG'
location: location
kind: 'Desktop'
properties: {
hostPoolArmPath: hostPool.id
applicationGroupType: 'Desktop'
}
}
resource workspace 'Microsoft.DesktopVirtualization/workspaces@2022-10-14-preview' = {
name: '${projectId}-Workspace'
location: location
properties: {
publicNetworkAccess: 'Enabled'
applicationGroupReferences: [
applicationGroup.id
]
}
}
resource keyVault 'Microsoft.KeyVault/vaults@2023-02-01' = if (updateAccess) {
name: '${projectId}-KV'
location: location
properties: {
sku: {
family: 'A'
name: 'standard'
}
tenantId: tenantId
networkAcls: {
bypass: 'AzureServices'
defaultAction: 'Deny'
}
accessPolicies: [
{
tenantId: tenantId
objectId: keyVaultUser
permissions: {
secrets: [
'all'
]
}
}
]
}
}
output keyVaultName string = keyVault.name
output galleryName string = computeGallery.name
output imageName string = computeGallery::computeImage.name
output subnetId string = virtualNetwork::defaultSubnet.id
output storageAccountName string = storageAccount.name
output hostPoolName string = hostPool.name
output blobEndpoint string = storageAccount.properties.primaryEndpoints.blob