Provision Azure Virtual Network with PowerShell

Provision Azure Virtual NetworkMicrosoft Azure Virtual Networks (VNets) are one of the fundamental components that enables you to provision infrastructure services on the Microsoft Azure cloud platform. Under the Azure Resource Manager (ARM) provisioning interface, you actually cannot provision a Virtual Machine instance without having a Virtual Network. This differs from the legacy Azure Service Management (ASM) interface, in which you could create a Cloud Service that handled VM networking for you, but still leaving the option of creating the VNet yourself. The ARM interface offers a couple of different options for provisioning resources. In this article, we’re going to use the imperative provisioning process to provision Azure Virtual Network(s).

  • Imperative provisioning – create resources one-by-one, using the ARM PowerShell module, the Node.js-based Azure Cross-Platform (CLI), a C# program, or the ARM REST API directly.
  • Declarative provisioning – deploy one or more resources all at once, using a declarative provisioning interface, in which you create an “ARM JSON Template” and then deploy the template using one of the aforementioned automation interfaces, or the Microsoft Azure Portal.

Installing the Azure PowerShell Module

If you are just getting started with automation of the Microsoft Azure platform, then the first thing you need to do is install the Azure PowerShell module.

Installing the Azure PowerShell module is quite easy. Thanks to the PowerShell Gallery, all you need to do is run a single command in order to install it! First, make sure that you’re running PowerShell version 5.0. To check this, fire up a new PowerShell session, using either the console host or the Integrated Scripting Editor (ISE). Simply type $PSVersionTable, and check the PSVersion key, to see which major version of the PowerShell engine you’re running. If you don’t have PowerShell 5.0 installed, grab the Windows Management Framework (WMF) 5.0 package for your operating system.

Once you’ve verified that you’re running PowerShell version 5.0 or later, use the Install-Module command to install the Azure PowerShell module. The -Name input parameter specifies the PowerShell module name that we want to install. The -Scope CurrentUser parameter specifies that we want to install the module to our user profile directory, instead of the “all users” PSModulePath. This is just good security practice, to avoid the requirement to have administrative permissions on the local system.

### Install the Azure PowerShell module
Install-Module -Name AzureRM -Scope CurrentUser -Force;

What you don’t necessarily see from the above command, is that a large number of separate modules are installed. Each module targets a domain of functionality in Azure, such as networking, compute, storage, database, caching, and others. We’ll be focusing on the functionality provided by the AzureRM.Network PowerShell module. This command exposes the commands that enable the creation of Virtual Networks in Azure.

To verify that the Azure PowerShell modules have been installed, use the Get-Module -ListAvailable -Name *Azure* command.

Authenticate to Microsoft Azure

After installing the ARM PowerShell module, you’ll authenticate to Microsoft Azure using the Login-AzureRmAccount command. You’ll be prompted to enter your username and password. You can either use a Microsoft Account (MSA), or an Azure Active Directory (AAD) user account that has access to your Azure subscription. However, our preference is to authenticate using Azure Active Directory user accounts, because you can use the -Credential parameter. This avoids the use of the built-in web browser control, which can be finicky at times, and instead relies on the built-in Get-Credential command in PowerShell core.

### Authenticate to Microsoft Azure using Microsoft Account (MSA) or Azure Active Directory (AAD)
Login-AzureRmAccount;

### Authenticate to Microsoft Azure using ONLY an Azure Active Directory (AAD) user account
Login-AzureRmAccount -Credential (Get-Credential);

Create a Resource Group

Before we create a Virtual Network, we must first create what’s called an Azure Resource Manager (ARM) Resource Group. Resource Groups are essentially just management containers that enable us to manage resources with a common lifecycle. Because your Virtual Network will likely outlive the Virtual Machines that you connect to it, you’ll probably want to keep the VNet in a separate Resource Group from the VMs.

### Create a new, empty Resource Group inside our Azure subscription.
New-AzureRmResourceGroup -Name ArtofShell-VNet -Location 'Central US' -Force;

Create Virtual Network Subnets

It might seem a little bit backwards to you, but before we create the Virtual Network, we need to create the subnets that will exist inside the VNet. These subnets don’t actually get created in Azure, because they must be created as part of a VNet, but instead they’re created in memory. When we create the VNet, we’ll reference these subnets, which carve out the IP address space defined by the VNet.

To create the subnet objects, we use the New-AzureRmVirtualNetworkSubnetConfig command. There’s just two parameters we need to specify. First, we have the -Name parameter, which simply specifies a name for the subnet. Secondly, there’s an -AddressPrefix parameter that enables us to specify the Classless Inter-Domain Routing (CIDR) block of IP address space that will be available to the subnet.

Let’s define two subnets: one for web servers, and one for database servers.

### Create an empty array to hold the Subnet objects in memory
$SubnetList = @();
### Add a new subnet for web servers
$SubnetList += New-AzureRmVirtualNetworkSubnetConfig -Name WebServers -AddressPrefix 10.5.10.0/24;
### Add a new subnet for database servers
$SubnetList += New-AzureRmVirtualNetworkSubnetConfig -Name DatabaseServers -AddressPrefix 10.5.15.0/24;

Great, now our variable named $SubnetList is holding our subnet objects in memory. Now we will create the Virtual Network itself, and reference these subnets.

Provision Azure Virtual Network

Now that you’ve defined the subnets for the Virtual Network, let’s create the VNet itself. To do this, we use the New-AzureRmVirtualNetwork command. There’s several input parameters that we need to consider when invoking this command. Also, remember that Azure Virtual Networks are made up of one or more Subnet definitions.

The -ResourceGroupName parameter specifies the ARM Resource Group that we want to create the Virtual Network inside of. We’ll use the Resource Group name that we created in an earlier section. The -Name parameter specifies a name for the Virtual Network. The -AddressPrefix parameter specifies one or more CIDR blocks that may be used by subnet definitions inside the Virtual Network. The -Location parameter specifies the Microsoft Azure Region (aka. Location) that the resource will be provisioned into. To discover a list of supported Azure Regions, use the Get-AzureRmLocation command. The -Subnet command accepts an array of Subnet objects, which we created in an earlier step. When the Virtual Network is provisioned, it will be subdivided into these Subnets.

Because there are more than just a few parameters for this command, we’ll simplify the command call using the PowerShell Splatting technique. Watch the linked video to learn about this easy, but powerful, technique!

$VirtualNetwork = @{
    ResourceGroupName = 'ArtofShell-VNet';
    Name = 'ArtofShellProd';
    Location = 'Central US';
    AddressPrefix = '10.5.0.0/16';
    Subnet = $SubnetList;
    }
New-AzureRmVirtualNetwork @VirtualNetwork;

Conclusion

In this article, we’ve discussed the process of provisioning a Virtual Network in Microsoft Azure, using the Azure Resource Manager (ARM) PowerShell module. First, we installed the module and authenticated to Azure. Next, we created a Resource Group to contain the Virtual Network. Finally, we created two subnet definitions, and used those to provision the Virtual Network itself.

Now that you’ve created a Virtual Network, you can follow up with creating Virtual Machines, or other types of resources that support VNet integration. For example, you can deploy a premium-tier Azure Redis Cache instance into a Virtual Network, and you can also deploy an Azure App Service Environment (ASE) into a VNet. I’ll leave it to you to explore these options further!

That’s all there is to provisioning Virtual Networks on Microsoft Azure, using an imperative approach! Check out our downloadable cloud & automation training courses for more information about the Microsoft Azure cloud platform!

Leave a Reply

Your email address will not be published. Required fields are marked *