Merge branch 'IaC-ARM-DSC/1.2'

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-01.md

@@ -0,0 +1,27 @@
+# Challenge 1 - Hello World Template
+
+ [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-02.md)
+
+## Pre-requisites
+
+Make sure your machine is set up with the proper tooling: [IaC ARM-DSC Hack - Prerequisites](./Prerequisites.md)
+
+
+## Introduction
+
+Your first challenge is to create a simple "Hello World" ARM template. The goals here are to understand:
+
+- Core elements of an ARM Template and the different ways to deploy it.
+- How & where to see & troubleshoot deployments in the portal
+
+## Description
+
+Develop an ARM template that accepts a generic input value and returns it as an output value.
+   - Deploy it using the Azure CLI
+   - Deploy it using the Azure PowerShell Cmdlets
+   - Observe the deployment in the Azure Portal
+
+## Success Criteria
+
+1. You can deploy the template using both the CLI and PowerShell
+1. You can view the deployment in the Azure Portal and view the inputs & outputs

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-02.md

@@ -0,0 +1,32 @@
+# Challenge 2 - Deploy a Virtual Network
+
+[< Previous Challenge](./ARM-Challenge-01.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-03.md)
+
+## Introduction
+
+This challenge has you add to the "hello world" template you created in the previous challenge. The goals for this challenge include understanding:
+   + Parameters and Parameter Files
+   + How to find syntax for an Azure resource and add it to the template
+
+## Description
+
++	Extend the ARM template to provision a VNET w/one subnet 
+    +	The template should take the following inputs: 
+        +	Virtual Network Name and Address Prefix
+        +	Subnet Name and Address Prefix
+    +   Use a parameter file to pass in parameter values 
+
+## Success Criteria
+
+1. Verify that Virtual Network has been deployed in the portal
+1. Verify that the Virtual Network is configured as per the parameter values passed in to the ARM template from the parameter file
+
+## Learning Resources
+
+Learn how to "fish" for ARM template resource syntax:
+
+- [ARM Tools VS Code Extention](https://marketplace.visualstudio.com/items?itemName=msazurermtools.azurerm-vscode-tools)
+- [ARM Template Reference docs](https://docs.microsoft.com/en-us/azure/templates)
+- Export template from Azure Portal before resource creation
+- Export template from Azure Portal of existing Resource Group deployment
+- [Azure Quickstart Templates on GitHub](https://github.com/Azure/azure-quickstart-templates)

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-03.md

@@ -0,0 +1,24 @@
+# Challenge 3 - Open Some Ports
+
+[< Previous Challenge](./ARM-Challenge-02.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-04.md)
+
+## Introduction
+
+The goals for this challenge include understanding:
+ - variables
+ - dependencies (**Hint:** Resource IDs)
+ - idempotency
+
+## Description
+
+Extend the ARM template to add a Network Security Group that opens ports 80 and 22 and apply that rule to the subnet you created in Challenge 2.
+
+
+## Success Criteria
+
+1. Verify in the Azure portal Network Security Group has been configured as per the values specified above
+1. Verify in the Azure portal that the Network Security has been applied to the subnet
+
+## Learning Resources
+
+- [Understanding ARM Resource IDs](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-resource#resourceid)

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-04.md

@@ -0,0 +1,32 @@
+# Challenge 4 - Secret Values with Azure Key Vault
+
+[< Previous Challenge](./ARM-Challenge-03.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-05.md)
+
+## Introduction
+
+The goals for this challenge are to understand:
+- Handling secret values
+- Not getting fired!
+
+So far, the only parameters you have passed into your template have been related to the Virtual Network. In the next challenge you will deploy a VM which will require you to pass in a password for the VM's admin account.  It is an **ANTI-pattern** to put a secret value such as a password in plain text in a parameter file! NEVER do this!
+
+#### **Seriously, this is something that could cost you your job!**
+
+It is a BEST practice to store secret values (such as passwords) in the Azure Key Vault service. We have provided you with a script that can create a Key Vault for you, and prompt you to enter the secret value (password) you want to store in the vault.
+
+## Description
+
+Your challenge, should you accept it, is to:
++ Create an Azure Key Vault and store a secret value in it by running one of the provided KeyVault scripts of your choice. You can find the scripts in the Resources folder for **ARM-Challenge-04**:
+    - create-key-vault-CLI.sh - Azure CLI
+    - create-key-vault-PS.ps1 - PowerShell
++ Retrieve the secret value from Azure Key Vault and pass it into your template as a parameter without having the value exposed as plain text at any point in time!
+
+
+## Success Criteria
+
+1. Verify the value of the parameter in the portal after deployment
+
+## Advanced Challenge (Optional)
+
+The goal of this challenge was focused on how to _retrieve_ secret values from Key Vault for use in an ARM Template. You can create an Azure Key Vault using an ARM Template too.  Feel free to try this as a bonus challenge.

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-05.md

@@ -0,0 +1,37 @@
+# Challenge 5 - Deploy a Virtual Machine
+
+[< Previous Challenge](./ARM-Challenge-04.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-06.md)
+
+## Introduction 
+
+In this challenge, you will put all the pieces together and extend your ARM template to deploy a Virtual Machine in Azure.
+
+The goals for this challenge include understanding:
+   + Globally unique naming context and complex dependencies
+   + Clean code with neat parameter and variable values
+   + Figuring out what Azure resources it takes to build a VM
+
+This is where the "choose your own adventure" part of this hackathon begins:
+
+- If you plan to do the Powershell DSC challenges, complete this challenge by deploying a Windows VM, then divert to the [PowerShell DSC Challenge 01](./DSC-Challenge-01.md).
+
+- If you do not plan on doing the PowerShell DSC challenges, complete this challenge by deploying a Linux VM.  The remaining ARM challenges build on the Linux VM deployment.
+
+## Description
+
++	Extend your ARM Template to deploy a virtual machine
+    +   VM requirements -
+        +   Linux OS (Windows OS if you plan to complete the DSC Challenges)
+        +   Use a secure secret value for the admin password from Azure Key Vault
+    + Use a resource prefix and template variables to have consistent naming of resources
+
+## Success Criteria
+
+1. Verify that your virtual machine has been deployed via the Azure Portal or Azure CLI.
+1. Connect to your virtual machine and verify you can login (Windows with RDP, Linux with SSH)
+
+## Tips
+
+- **TIP:** For a Linux VM, you can use an admin password or an SSH key to control access to the VM. It is common (and a recommended practice) to use an SSH key with Linux instead of an admin password. If you are not familiar with Linux, we recommend using an admin password for this hack to keep things simple and focus on learning ARM templates.
+- **TIP:** You may need to open additional ports to connect to your VM depending on which OS you deployed.
+- **TIP:** You will need to supply your VM with a Public IP address or use the Azure Bastion service to connect to it.

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-06.md

@@ -0,0 +1,34 @@
+# Challenge 6 - Configure a Linux Server
+
+[< Previous Challenge](./ARM-Challenge-05.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-07.md)
+
+## Introduction
+
+If you are continuing with the remaining ARM Template challenges, we assume you have deployed Linux VM in the last challenge.  The remaining challenges focus on extending the ARM template with more complex infrastructure around Linux VMs.
+
+The goals for this challenge include understanding:
+- Custom script extensions
+- Globally unique naming context and complex dependencies
+- Staging artifacts in a location accessible to the Azure Resource Manager
+
+## Description
+
+We have provided a script (`install_apache.sh`) that configures a web server on a Linux VM. When run on the VM, the script deploys a static web page that should be available at `http://<PublicIPofTheVM>/wth.html`
+
+You can find the script in the Resources folder for **ARM-Challenge-06**.
+
+Your challenge is to:
+
+- Extend the ARM Template to configure a webserver on the Linux VM you deployed
+    - Host the script file in a secure artifact (staging) location that is only accessible to the Azure Resource Manager.
+    - Pull the website configuration script from the artifact location.
+
+## Success Criteria
+
+1. Verify you can view the web page configured by the script
+
+## Tips
+
+- Use an Azure Blob Storage account as the artifact location
+- Secure access to the artifact location with a SAS token
+- Pass these values to the ARM Template as parameters

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-07.md

@@ -0,0 +1,38 @@
+
+# Challenge 7 - Implementing High Availability
+
+[< Previous Challenge](./ARM-Challenge-06.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-08.md)
+
+## Introduction
+
+In this challenge, you will implement high availability for your webserver solution. In Azure high availability is typically defined as:
+
+- 2 or more VMs in an Availability Set configured behind a Load Balancer
+-OR-
+- 2 or VMs spread across Availability Zones configured behind a Standard Load Balancer
+
+The goals for this challenge include understanding:
+- Resource ownership and dependencies
+- Creating multiple identical resources within ARM templates
+- High Availability in Azure
+
+## Description
+
+-	Extend ARM template to:
+    - Add a second webserver VM 
+    - Add a public Load Balancer
+        - Put the webservers in a backend pool
+        - Create frontend pool enabling port 80 to website
+    - Ensure the VMs are highly available!
+
+## Success Criteria
+
+1. Verify you can access the website at the public IP address of the Load Balancer.
+`http://<LoadBalancerPublicIP>/wth.html`
+1. Verify you can still access the website if one of the VMs is turned off
+
+## Learning Resources
+
+- [Availability options for virtual machines in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/availability)
+- [Overview of load-balancing options in Azure](https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview)
+- [What is Azure Load Balancer?](https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview)

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-08.md

@@ -0,0 +1,18 @@
+# Challenge 8 - SSH to your Highly Available VMs
+
+[< Previous Challenge](./ARM-Challenge-07.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-09.md)
+
+## Introduction
+
+Once your virtual machines are deployed behind a Load Balancer, the way you access them is different now that they share the same public IP address on the Load Balancer.
+
+The goals for this challenge include understanding:
++ Network access policies
+
+## Description
+
+Extend your ARM template to configure the Load Balancer to enable SSH access to the backend virtual machines
+
+## Success Criteria
+
+1. Verify you can SSH to each of your virtual machines

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-09.md

@@ -0,0 +1,30 @@
+# Challenge 9 - Deploy a Virtual Machine Scale Set 
+
+[< Previous Challenge](./ARM-Challenge-08.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-10.md)
+
+## Introduction
+
+The goal for this challenge includes understanding:
+- VM scales sets provide scalability for infrastructure in Azure
+
+In the previous two challenges, you implemented high availability for the web server by adding a second VM and configuring the two VMs to be part of an Availability Set behind a load balancer. The two VMs were configured identically.
+
+This solution does not provide an easy way scale up and add more VMs after deployment. It would require you to manually deploy additional VMs and add them to the backend pool of the Load Balancer.
+
+Azure Virtual Machine Scale Sets (VMSS) offer a better solution for when you want to have multiple identically configured VMs with the ability to scale up or down in an automatic fashion.
+
+## Description
+
+- Extend the ARM template to replace the existing two virtual machines with a VM Scale Set
+- Configure the VMSS to have two instances
+- Ensure the load balancer is configured to allow you to SSH to the VMs in the scale set.
+
+## Success Criteria
+
+1. Verify the VMSS is deployed as configured in the Azure portal
+1. Verify the number of VM instances via the Azure CLI
+1. Verify that you can SSH into the VMSS instances.
+
+## Tips
+
+- Convert NAT rule to NAT pool

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-10.md

@@ -0,0 +1,35 @@
+# Challenge 10 - Configure VM Scale Set to run a Web Server
+
+[< Previous Challenge](./ARM-Challenge-09.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-11.md)
+
+## Introduction
+
+The goals of this challenge include understanding:
+- How extensions are configured in a VMSS
+- How the custom script extension works in the context of a VMSS
+- Custom script extension does not lock deployment order
+- Staging artifacts in a location accessible to the Azure Resource Manager
+
+## Description
+
+We have provided a script (`install_apache_vmss.sh`) that configures web servers in a VMSS. When run on an individual VM instance, the script deploys a static web page that should be available at: `http://<PublicIPofTheLoadBalancer>/wth.html`  
+
+This script is similar to the one used earlier in Challenge 6. However, it has some differences that take into account how the script will be executed on a VM that is part of scale set.
+
+You can find the script in the Resources folder for **ARM-Challenge-10**.
+
+Your challenge is to:
+
+- Extend the ARM Template to configure a webserver on the VM instances of the VM Scale Set you deployed earlier
+    - Host the script file in a secure artifact (staging) location that is only accessible to the Azure Resource Manager.
+    - Pull the website configuration script from the artifact location.
+
+## Success Criteria
+
+1. Verify you can view the web page configured by the script
+
+## Tips
+
+- Use an Azure Blob Storage account as the artifact location
+- Secure access to the artifact location with a SAS token
+- Pass these values to the ARM Template as parameters

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-11.md

@@ -0,0 +1,22 @@
+
+# Challenge 11 - Implement Auto Scaling
+
+[< Previous Challenge](./ARM-Challenge-10.md) - [Home](../readme.md) - [Next Challenge>](./ARM-Challenge-12.md)
+
+## Introduction
+
+The goals of this challenge include understanding:
+- ARM allows declarative management of policies and actions
+- How to configure auto-scaling of VMs
+
+## Description
+
+- Extend the ARM template to include an auto scaling policy.  The policy requirements should be:
+    - Scale up when CPU performance hits 90%
+    - Scale back down when CPU performance hits 30%
+    - Scale in single VM increments
+    - Enforce a 1 minute cool down between scale events
+
+## Success Criteria
+
+1. Verify that the auto-scale policy is set correctly in the Azure portal

011-InfraAsCode-ARM-DSC/Student/ARM-Challenge-12.md

@@ -0,0 +1,42 @@
+# Challenge 12 - Linked Templates
+
+[< Previous Challenge](./ARM-Challenge-11.md) - [Home](../readme.md)
+
+## Introduction
+
+The goals for this challenge include understanding:
+- Linked templates allow for granular resource management and deployment
+- Staging artifacts in a location accessible to the Azure Resource Manager
+
+An application may require the composition of many underlying infrastructure resources in Azure. As you have now seen with just a single VMSS and its dependencies, an ARM template can grow large rather quickly.
+
+When templates get big, they become monoliths. They are hard to manage.  By breaking your templates up into smaller linked templates, you can achieve more flexibility in how you manage your deployments.
+
+In many companies, deployment of cloud infrastructure may be managed by different teams. For example, a common network architecture and its security settings may be maintained by an operations team and shared across multiple application development teams.
+
+The network architecture and security groups are typically stable and do not change frequently. In contrast, application deployments that are deployed on the network may come and go.
+
+## Description
+
+In this challenge you will separate your existing ARM template deployment into two sets of linked templates. 
+
+- Separate networking resources (Virtual Network & Network Security Groups) in to their own template.
+- Separate the load balancer, VMSS, and its dependencies into their own template
+- Create a new template that deploys each of the new sub-templates.
+- Ensure parameters flow through from the new template to each of the sub-templates
+
+By separating the networking resources into their own template, an application team can test its infrastructure deployment in a test network. At a later point in time, the linked networking template can be replaced with a production template provided by the company's operations team.
+
+## Success Criteria
+
+1. Verify that all resources deploy as before when you had a single ARM template
+
+## Learning Resources
+
+- [Using linked and nested templates when deploying Azure resources](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates)
+
+## Tips
+
+- Use an Azure Blob Storage account as the artifact location
+- Secure access to the artifact location with a SAS token
+- Pass these values to the ARM Template as parameters