From 4dae5f5ce1b9f1cac660611ab635d1af1835bca2 Mon Sep 17 00:00:00 2001 From: Gaiye Zhou Date: Fri, 27 Jun 2025 09:25:39 -0400 Subject: [PATCH 1/5] jumpbox size visibility and allowlist --- infra/main.bicep | 10 ++++++++++ infra/modules/network.bicep | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/infra/main.bicep b/infra/main.bicep index 548d49be..4d95261b 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -71,6 +71,15 @@ param vmAdminUsername string? //param vmAdminPassword string = newGuid() param vmAdminPassword string? +@allowed([ + 'Standard_B2s' + 'Standard_D2s_v3' + 'Standard_D4s_v3' + 'Standard_DS2_v2' +]) +@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true. Defaults to Standard_B2s.') +param vmSize string? + @description('Optional. Specifies the resource tags for all the resources. Tag "azd-env-name" is automatically added to all resources.') param tags object = {} @@ -207,6 +216,7 @@ module network 'modules/network.bicep' = if (enablePrivateNetworking) { logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser' vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!' + vmSize: vmSize ?? 'Standard_B2s' location: location tags: allTags enableTelemetry: enableTelemetry diff --git a/infra/modules/network.bicep b/infra/modules/network.bicep index b4e252f8..670f76d4 100644 --- a/infra/modules/network.bicep +++ b/infra/modules/network.bicep @@ -22,6 +22,10 @@ param vmAdminUsername string @secure() param vmAdminPassword string +@description('Required. VM size for the Jumpbox VM.') +param vmSize string + + // Subnet Classless Inter-Doman Routing (CIDR) Sizing Reference Table (Best Practices) // | CIDR | # of Addresses | # of /24s | Notes | // |-----------|---------------|-----------|----------------------------------------| @@ -124,7 +128,7 @@ module network 'network/main.bicep' = { } jumpboxConfiguration: { name: 'vm-jumpbox-${resourcesName}' - size: 'Standard_D2s_v3' + size: vmSize username: vmAdminUsername password: vmAdminPassword subnet: { From a0a43be44610388ec843716760d786f050baca0b Mon Sep 17 00:00:00 2001 From: Gaiye Zhou Date: Fri, 27 Jun 2025 15:38:20 -0400 Subject: [PATCH 2/5] Bring visibility of VmSize to main.bicep --- azure.v2.yaml | 20 ++++++++++++++++++++ infra/main.bicep | 15 +++++---------- infra/main.parameters.json | 3 +++ infra/modules/ai-foundry/ai-services.bicep | 2 +- infra/modules/network.bicep | 8 ++++++++ 5 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 azure.v2.yaml diff --git a/azure.v2.yaml b/azure.v2.yaml new file mode 100644 index 00000000..2f87aa52 --- /dev/null +++ b/azure.v2.yaml @@ -0,0 +1,20 @@ +name: modernize-your-code-solution-accelerator +metadata: + template: modernize-your-code-solution-accelerator@1.0 +parameters: + AzureAiServiceLocation: + type: string + default: japaneast + Prefix: + type: string + default: azdtemp + baseUrl: + type: string + default: 'https://raw.githubusercontent.com/microsoft/Modernize-your-code-solution-accelerator' +infrastructure: + mode: Incremental + template: ./infra/main.bicep # Path to the main.bicep file inside the 'infrastructure' folder + parameters: + AzureAiServiceLocation: ${{ parameters.AzureAiServiceLocation }} + Prefix: ${{ parameters.Prefix }} + baseUrl: ${{ parameters.baseUrl }} diff --git a/infra/main.bicep b/infra/main.bicep index 4d95261b..c851c552 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -61,6 +61,9 @@ param secondaryLocation string? @description('Optional. Enable private networking for the resources. Set to true to enable private networking. Defaults to false.') param enablePrivateNetworking bool = useWafAlignedArchitecture? true : false +@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true.') +param vmSize string? + @description('Optional. Admin username for the Jumpbox Virtual Machine. Set to custom value if enablePrivateNetworking is true.') @secure() //param vmAdminUsername string = take(newGuid(), 20) @@ -71,15 +74,6 @@ param vmAdminUsername string? //param vmAdminPassword string = newGuid() param vmAdminPassword string? -@allowed([ - 'Standard_B2s' - 'Standard_D2s_v3' - 'Standard_D4s_v3' - 'Standard_DS2_v2' -]) -@description('Optional. Size of the Jumpbox Virtual Machine when created. Set to custom value if enablePrivateNetworking is true. Defaults to Standard_B2s.') -param vmSize string? - @description('Optional. Specifies the resource tags for all the resources. Tag "azd-env-name" is automatically added to all resources.') param tags object = {} @@ -209,6 +203,7 @@ module applicationInsights 'br/public:avm/res/insights/component:0.6.0' = if (en } } + module network 'modules/network.bicep' = if (enablePrivateNetworking) { name: take('network-${resourcesName}-deployment', 64) params: { @@ -216,7 +211,7 @@ module network 'modules/network.bicep' = if (enablePrivateNetworking) { logAnalyticsWorkSpaceResourceId: logAnalyticsWorkspaceResourceId vmAdminUsername: vmAdminUsername ?? 'JumpboxAdminUser' vmAdminPassword: vmAdminPassword ?? 'JumpboxAdminP@ssw0rd1234!' - vmSize: vmSize ?? 'Standard_B2s' + vmSize: vmSize ?? 'Standard_DS2_v2' // Default VM size location: location tags: allTags enableTelemetry: enableTelemetry diff --git a/infra/main.parameters.json b/infra/main.parameters.json index e1a4d73d..5cbe4410 100644 --- a/infra/main.parameters.json +++ b/infra/main.parameters.json @@ -29,6 +29,9 @@ "secondaryLocation": { "value": "${AZURE_ENV_COSMOS_SECONDARY_LOCATION}" }, + "vmSize": { + "value": "${AZURE_ENV_JUMPBOX_SIZE}" + }, "vmAdminUsername": { "value": "${AZURE_ENV_JUMPBOX_ADMIN_USERNAME}" }, diff --git a/infra/modules/ai-foundry/ai-services.bicep b/infra/modules/ai-foundry/ai-services.bicep index bb601e0b..f1aeef6b 100644 --- a/infra/modules/ai-foundry/ai-services.bicep +++ b/infra/modules/ai-foundry/ai-services.bicep @@ -296,7 +296,7 @@ resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-04-01-previ ] : null // true is not supported today - encryption: null // Customer managed key encryption is used, but the property is required. + encryption: null // Customer managed key encryption is not used, but the property is required. migrationToken: migrationToken restore: restore restrictOutboundNetworkAccess: restrictOutboundNetworkAccess diff --git a/infra/modules/network.bicep b/infra/modules/network.bicep index 670f76d4..f2fb473c 100644 --- a/infra/modules/network.bicep +++ b/infra/modules/network.bicep @@ -26,6 +26,14 @@ param vmAdminPassword string param vmSize string +// VM Size Notes: +// 1 B-series VMs (like Standard_B2ms) do not support accelerated networking. +// 2 Pick a VM size that does support accelerated networking (the usual jump-box candidates): +// Standard_DS2_v2 (2 vCPU, 7 GiB RAM, Premium SSD) // The most broadly available (it’s a legacy SKU supported in virtually every region). +// Standard_D2s_v3 (2 vCPU, 8 GiB RAM, Premium SSD) // next most common +// Standard_D2s_v4 (2 vCPU, 8 GiB RAM, Premium SSD) // Newest, so fewer regions availabl + + // Subnet Classless Inter-Doman Routing (CIDR) Sizing Reference Table (Best Practices) // | CIDR | # of Addresses | # of /24s | Notes | // |-----------|---------------|-----------|----------------------------------------| From 6642165cb0f626de21fb157c61869f3b793cae23 Mon Sep 17 00:00:00 2001 From: Gaiye Zhou Date: Fri, 27 Jun 2025 15:41:07 -0400 Subject: [PATCH 3/5] For azd v2 users --- azure.v2.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/azure.v2.yaml b/azure.v2.yaml index 2f87aa52..5cf37075 100644 --- a/azure.v2.yaml +++ b/azure.v2.yaml @@ -1,3 +1,5 @@ +# for azd v2 users and they need to enable it using below azd command: +# azd up --azure-config azure.v2.yaml name: modernize-your-code-solution-accelerator metadata: template: modernize-your-code-solution-accelerator@1.0 From 746756f855b4988b846313cd27deac8a9fcd1b53 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Tue, 1 Jul 2025 16:21:50 +0530 Subject: [PATCH 4/5] Add parameter for customizing Jumpbox size in documentation --- docs/CustomizingAzdParameters.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CustomizingAzdParameters.md b/docs/CustomizingAzdParameters.md index 195d4430..d8161832 100644 --- a/docs/CustomizingAzdParameters.md +++ b/docs/CustomizingAzdParameters.md @@ -17,7 +17,7 @@ By default this template will use the environment name as the prefix to prevent | `AZURE_ENV_MODEL_CAPACITY` | integer | `200` | Set the Model Capacity (choose a number based on available GPT model capacity in your subscription). | | `AZURE_ENV_LOG_ANALYTICS_WORKSPACE_ID` | string | `` | Set this if you want to reuse an existing Log Analytics Workspace instead of creating a new one. | | `AZURE_ENV_IMAGETAG` | string | `latest` | Set the Image tag Like (allowed values: latest, dev, hotfix) | - +| `AZURE_ENV_JUMPBOX_SIZE` | string | `Standard_DS2_v2` | Specifies the size of the Jumpbox Virtual Machine. Set a custom value if `enablePrivateNetworking` is `true`. | --- ## How to Set a Parameter From ca1e78518e8919febd8156acc5e03c90c9c8e375 Mon Sep 17 00:00:00 2001 From: Abdul-Microsoft Date: Tue, 1 Jul 2025 17:54:05 +0530 Subject: [PATCH 5/5] Removing the azure.v2.yaml configuration file --- azure.v2.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 azure.v2.yaml diff --git a/azure.v2.yaml b/azure.v2.yaml deleted file mode 100644 index 5cf37075..00000000 --- a/azure.v2.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# for azd v2 users and they need to enable it using below azd command: -# azd up --azure-config azure.v2.yaml -name: modernize-your-code-solution-accelerator -metadata: - template: modernize-your-code-solution-accelerator@1.0 -parameters: - AzureAiServiceLocation: - type: string - default: japaneast - Prefix: - type: string - default: azdtemp - baseUrl: - type: string - default: 'https://raw.githubusercontent.com/microsoft/Modernize-your-code-solution-accelerator' -infrastructure: - mode: Incremental - template: ./infra/main.bicep # Path to the main.bicep file inside the 'infrastructure' folder - parameters: - AzureAiServiceLocation: ${{ parameters.AzureAiServiceLocation }} - Prefix: ${{ parameters.Prefix }} - baseUrl: ${{ parameters.baseUrl }}