Greetings, In previous post, we have created the Azure Virtual Network Manager Resource. Now, we will try to understand concept of network groups and how to create them. In a nutshell, Network Groups are a collection of Virtual Networks. Network Groups are used to group Virtual Networks together. Once you have created a Network Group, you can add Virtual Networks statically or dynamically to the Network Group.
Let's start with the PowerShell Cmdlets for creating Network Groups. Hang on! We don't have virtual networks in our subscription yet. Let me share the PowerShell Cmdlets for creating Virtual Networks. I will create three Virtual Networks. You can carve out your own network map.
🎹 Create Virtual Networks for Network Groups
As you can see below, PowerShell Cmdlets will create three Virtual Networks. I will be using the same Resource Group that we have created in the previous post. You will see that I am using a network map to create Virtual Networks. You can use your own network map. I will be using the same network map for creating Network Groups. So make sure that you have a network map that is not conflicting with the address space of the each other.
$networkMap = @{
"vnet-a" = @{
AddressPrefix = "10.0.0.0/24"
Subnets = @{
"subnet-a" = @{ AddressPrefix = "10.0.0.0/24" }
}
}
"vnet-b" = @{
AddressPrefix = "10.0.1.0/24"
Subnets = @{
"subnet-b" = @{ AddressPrefix = "10.0.1.0/24" }
}
}
"vnet-c" = @{
AddressPrefix = "10.0.2.0/24"
Subnets = @{
"subnet-c" = @{ AddressPrefix = "10.0.2.0/24"}
}
}
}
ForEach($nw in $networkMap.Keys) {
$properties = @{
Name = $nw # Name of the virtual network from the network map
AddressPrefix = $networkMap.$nw.AddressPrefix # Address prefix for the virtual network.
ResourceGroupName = $rgDef.Name # Resource group name
Location = "uksouth" # Location of the virtual network
Subnet = foreach($subnet in $networkMap.$nw.Subnets.Keys){
Write-Information "Creating subnet configuration for subnet '$subnet', in network '$nw'" -InformationAction Continue
New-AzVirtualNetworkSubnetConfig -Name $subnet -AddressPrefix $networkMap.$nw.Subnets.$subnet.AddressPrefix
}
}
New-AzVirtualNetwork @properties -force | Out-Null
}
You should see the following output after executing the PowerShell Cmdlets.
After executing the PowerShell Cmdlets, you will see that three Virtual Networks are created in your subscription. Let's get confirmation from the Azure Portal.
Well! We have created three Virtual Networks. Now, we will create Network Groups. I would like to mention that you can create Network Groups with PowerShell Cmdlets. However, I will try to create Network Groups with PowerShell but we can explore the BiCep Template for creating Network Groups. Good to see that we can leverage BiCep Templates for creating Network Groups.
⛵ Create Network Groups with PowerShell
In order to create Network Groups with PowerShell, we need to use the New-AzVirtualNetworkManagerNetworkGroup Cmdlet. Let's see the PowerShell Cmdlets for creating Network Groups. Cmdlet will accept the following parameters.
- Name
- ResourceGroupName
- NetworkManagerName
$networkGroupMap = @{
"networkGroup-01" = @{
NetworkManagerName = $networkManager.Name # It is the name of the Azure Virtual Network Manager Resource. Variable name is $networkManager.
ResourceGroupName = $rgDef.Name # Resource group name. We have created it in the previous post. Variable name is $rgDef.
}
"networkGroup-02" = @{
NetworkManagerName = $networkManager.Name
ResourceGroupName = $rgDef.Name
}
}
ForEach ($ng in $networkGroupMap.Keys) {
$properties = @{
Name = $ng
NetworkManagerName = $networkGroupMap.$ng.NetworkManagerName
ResourceGroupName = $networkGroupMap.$ng.ResourceGroupName
}
New-AzNetworkManagerGroup @properties -force | Out-Null
}
Output of PowerShell Cmdlets is as follows. It looks like we have created two Network Groups. Let's get confirmation from the Azure Portal.
I tried to make maps of Network Group as simple as possible. You can see that I am using an iteration to create Network Groups. I have created two Network Groups. You can create as many as you want. Just extend the Network Group Map. Here is the screenshot of the Network Groups that we have created. If you go to AVNM Resource, you will see that we have two Network Groups.
🔰 Add Virtual Networks to the Network Groups
Now we can start to add Virtual Networks to the Network Groups. As we mentioned before, we can add Virtual Networks to the Network Groups statically or dynamically. Staticy way is to add Virtual Networks to the Network Groups manually. What I mean by manually is that we can add Virtual Networks to the Network Groups via Azure Portal, PowerShell, AZ CLI or ARM/BiCep Templates.
Dynamic way is little bit different. In order to add Virtual Networks to the Network Groups dynamically, we will need to create Policy Definition and Policy Assigments. I need to develop policy conditions for adding Virtual Networks to the Network Groups dynamically. Policy Definition is a JSON file that contains the policy conditions. We will explore Policy Definitions in the next post. I will show you how to add Virtual Networks to the Network Groups statically.
$memberNetworkGroupMap = @{ # This is a map of network groups and their members.
"networkGroup-01" = @{
NetworkManagerName = $networkManager.Name
ResourceGroupName = $rgDef.Name
VirtualNetworks = @("vnet-a", "vnet-b") # we will iterate through this list and add the virtual networks to the network group.
}
"networkGroup-02" = @{
NetworkManagerName = $networkManager.Name
ResourceGroupName = $rgDef.Name
VirtualNetworks = @("vnet-c")
}
}
ForEach ($member in $memberNetworkGroupMap.Keys) {
ForEach($vnet in $memberNetworkGroupMap.$member.VirtualNetworks) {
$vNetId = (Get-AzVirtualNetwork -Name $vnet -ResourceGroupName $rgDef.Name).Id
$properties = @{
Name = $vnet
NetworkGroupName = $member
NetworkManagerName = $memberNetworkGroupMap.$member.NetworkManagerName
ResourceGroupName = $memberNetworkGroupMap.$member.ResourceGroupName
ResourceId = $vNetId
}
New-AzNetworkManagerStaticMember @properties -force | Out-Null
}
}
I want to introduce you to the New-AzNetworkManagerStaticMember Cmdlet. This Cmdlet will add Virtual Networks to the Network Groups. Cmdlet will accept the following parameters. You will only use the cmdlet if you want to add Virtual Networks to the Network Groups statically. If you want to add Virtual Networks to the Network Groups dynamically, you will need to create Policy Definition and Policy Assignment. There is a lot to cover about Policy Definitions and Policy Assignments. I will cover them in the next post.
- Name
- NetworkGroupName
- NetworkManagerName
- ResourceGroupName
- ResourceId
Please closely examine the screenshot. We have added two Virtual Networks to the Network Group-01 and also added one Virtual Network to the Network Group-02. PowerShell added Virtual Networks to the Network Groups statically.
Lets explore the BiCep Template for adding Virtual Networks to the Network Groups as a static way. It should be straight forward. We will use the Microsoft.Network/networkManagers/networkGroups/staticMembers resource type. We will use the resourceId property to add Virtual Networks to the Network Groups. Here is the BiCep Template for adding Virtual Networks to the Network Groups.
resource symbolicname 'Microsoft.Network/networkManagers/networkGroups/staticMembers@2022-01-01' = {
name: 'avnm'
parent: resourceSymbolicName
properties: {
resourceId: 'string'
}
}
In this article we have explored how to create Virtual Networks and Network Groups with PowerShell. Apart from that we have also explored how to add Virtual Networks to the Network Groups with PowerShell. We will take a closer look at the consept of Configuration on Azure Virtual Network Manager in the next post.
I will see you in the next post.