ALZ bicep modules multi-region guidance

infra-as-code/bicep/modules/hubNetworking/README.md

@@ -147,9 +147,6 @@ $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
 
 Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
 
-# Set Platform management subscription ID as the the current subscription
-$ManagementSubscriptionId = "[your platform management subscription ID]"
-
 # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
 $TopLevelMGPrefix = "alz"
 
@@ -202,3 +199,206 @@ New-AzResourceGroupDeployment @inputObject
 ## Bicep Visualizer
 
 ![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer")
+
+## Multi-region deployment
+
+To extend your infrastructure to [additional regions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/regions), this module can be deployed multiple times with different parameters files to deploy additional hubs in multiple regions. The [vnetPeering module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vnetPeering) can be leveraged to peer the hub networks together across the different regions.
+
+> For the example below, two hubs will be deployed across *eastus* and *westus* regions.
+
+1. Duplicate the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json) and create a new file for the first hub in the *eastus* region **hubNetworking.parameters.az.all.eastus.json**.
+
+    > **NOTE:**
+    > Some regions do not support availability zones, so the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) without availability zones should be used. East US supports availability zones which is why the `hubNetworking.parameters.az.all.eastus.json` file is used in this example.
+
+1. Edit the new parameters file with the needed configuration for the *eastus* region.
+1. Deploy the `hubNetworking` module to deploy the first hub in the *eastus* region using the new parameters file.
+
+    **Azure CLI (Example: East US Region)**
+
+    ```bash
+    # For Azure global regions
+
+    # Set Platform connectivity subscription ID as the the current subscription
+    ConnectivitySubscriptionId="[your platform connectivity subscription ID]"
+
+    az account set --subscription $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    # Set the region where the hub will be deployed
+    location="eastus"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-HubNetworkingDeploy-${dateYMD}"
+    GROUP="rg-$TopLevelMGPrefix-hub-networking-$location"
+    TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+
+    az group create --location $location \
+      --name $GROUP
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: East US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Set the region where the hub will be deployed
+    $location = "eastus"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-$TopLevelMGPrefix-hub-networking-$location "
+      TemplateFile          = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+    }
+
+    New-AzResourceGroup `
+      -Name $inputObject.ResourceGroupName `
+      -Location $location
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+    Example output in the eastus region:
+
+      ![Example Deployment Output in eastus region](media/exampleDeploymentOutputEastus.png "Example Deployment Output in eastus region")
+
+1. Duplicate the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) and create a new file for the additional hub in the *westus* region **hubNetworking.parameters.az.all.westus.json**.
+
+    > **NOTE:**
+    > West US does not currently support availability zones, so the [parameters file](https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json) without availability zones is used in this example.
+
+1. Edit the new parameters file with the needed configuration for the *westus* region.
+1. Deploy the `hubNetworking` module to deploy the second hub in the *westus* region using the new parameters file.
+
+    > **NOTE:**
+    > If you have set the parameter `parDdosEnabled` to true and deployed a DDoS Network Protection Plan, make sure to set this parameter to false when deploying additional regions to avoid creating multiple plans. You will have to manually enable this plan for the additional hub networks you deploy.
+
+    **Azure CLI (Example: West US Region)**
+
+    ```bash
+    # For Azure global regions
+
+    # Set Platform connectivity subscription ID as the the current subscription
+    ConnectivitySubscriptionId="[your platform connectivity subscription ID]"
+
+    az account set --subscription $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    # Set the region where the hub will be deployed
+    location="westus"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-HubNetworkingDeploy-${dateYMD}"
+    GROUP="rg-$TopLevelMGPrefix-hub-networking-$location"
+    TEMPLATEFILE="infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+
+    az group create --location $location \
+      --name $GROUP
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: West US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $ConnectivitySubscriptionId = "[your platform connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $ConnectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Set the region where the hub will be deployed
+    $location = "westus"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-HubNetworkingDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-$TopLevelMGPrefix-hub-networking-$location "
+      TemplateFile          = "infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.$location.json"
+    }
+
+    New-AzResourceGroup `
+      -Name $inputObject.ResourceGroupName `
+      -Location $location
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+    Example output in the westus region
+
+      ![Example Deployment Output in westus region](media/exampleDeploymentOutputwestus.png "Example Deployment Output in westus region")
+
+1. To peer the newly created hubs, the [vnetPeering module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/vnetPeering) will be used.
+
+1. Edit the [parameters file](https://github.com/sebassem/ALZ-Bicep/blob/alz-multiple-regions/infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json) of the *vnetPeering* module to specify the source and destination virtual networks.
+
+    > **NOTE:**
+    > Module will need to be called twice to create the completed peering. Each time with a peering direction.
+
+    **Azure CLI (Example: East US Region to West US Region)**
+
+    ```bash
+    **NOTE: As there is some PowerShell code within the CLI, there is a requirement to execute the deployments in a cross-platform terminal which has PowerShell installed.**
+    ```bash
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    connectivitySubscriptionId="[your connectivity subscription ID]"
+    az account set --subscription $connectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    TopLevelMGPrefix="alz"
+
+    dateYMD=$(date +%Y%m%dT%H%M%S%NZ)
+    NAME="alz-vnetPeeringDeploy-${dateYMD}"
+    GROUP="rg-alz-hub-networking-eastus" # Specify the name of the resource group of the first hub network.
+    TEMPLATEFILE="infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep"
+    PARAMETERS="@infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json"
+
+    az deployment group create --name ${NAME:0:63} --resource-group $GROUP --template-file $TEMPLATEFILE --parameters $PARAMETERS
+    ```
+
+    **PowerShell (Example: East US Region to West US Region)**
+
+    ```powershell
+    # For Azure global regions
+    # Set Platform connectivity subscription ID as the the current subscription
+    $connectivitySubscriptionId = "[your connectivity subscription ID]"
+
+    Select-AzSubscription -SubscriptionId $connectivitySubscriptionId
+
+    # Set the top level MG Prefix in accordance to your environment. This example assumes default 'alz'.
+    $TopLevelMGPrefix = "alz"
+
+    # Parameters necessary for deployment
+    $inputObject = @{
+      DeploymentName        = 'alz-vnetPeeringDeploy-{0}' -f (-join (Get-Date -Format 'yyyyMMddTHHMMssffffZ')[0..63])
+      ResourceGroupName     = "rg-alz-hub-networking-eastus" # Specify the name of the resource group of the first hub network.
+      TemplateFile          = "infra-as-code/bicep/modules/vnetPeering/vnetPeering.bicep"
+      TemplateParameterFile = "infra-as-code/bicep/modules/vnetPeering/parameters/vnetPeering.parameters.all.json"
+    }
+
+    New-AzResourceGroupDeployment @inputObject
+    ```
+
+1. Re-deploy the module again after editing the parameters file to peer the other direction.

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json

@@ -106,7 +106,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-eastus"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json

@@ -118,7 +118,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-eastus"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json

@@ -106,7 +106,7 @@
       "value": []
     },
     "parHubRouteTableName": {
-      "value": "alz-hub-routetable"
+      "value": "alz-hub-routetable-chinaeast2"
     },
     "parDisableBgpRoutePropagation": {
       "value": false

infra-as-code/bicep/modules/vwanConnectivity/README.md

@@ -176,3 +176,52 @@ New-AzResourceGroupDeployment @inputObject
 ## Bicep Visualizer
 
 ![Bicep Visualizer](media/bicepVisualizer.png "Bicep Visualizer")
+
+## Multi-region deployment
+
+To extend your infrastructure to [additional regions](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/regions), this module can be used to deploy additional virtual hubs in multiple regions. This is achieved by adding multiple entries for the `parVirtualWanHubs` parameter for each region a virtual hub should be deployed.
+
+Example:
+
+```bicep
+parVirtualWanHubs: [
+    {
+        parVpnGatewayEnabled: true
+        parExpressRouteGatewayEnabled: true
+        parAzFirewallEnabled: true
+        parVirtualHubAddressPrefix: '10.100.0.0/23'
+        parHubLocation: 'eastus2'
+        parHubRoutingPreference: 'ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2
+        parVirtualHubRoutingIntentDestinations: []
+        parAzFirewallDnsProxyEnabled: true
+        parAzFirewallDnsServers: []
+        parAzFirewallIntelMode: 'Alert'
+        parAzFirewallTier: 'Standard'
+        parAzFirewallAvailabilityZones: [
+            '1'
+            '2'
+            '3'
+        ]
+    },
+    {
+        parVpnGatewayEnabled: true
+        parExpressRouteGatewayEnabled: true
+        parAzFirewallEnabled: true
+        parVirtualHubAddressPrefix: '10.90.0.0/23'
+        parHubLocation: 'centralus'
+        parHubRoutingPreference: 'ExpressRoute'
+        parVirtualRouterAutoScaleConfiguration: 2
+        parVirtualHubRoutingIntentDestinations: []
+        parAzFirewallDnsProxyEnabled: true
+        parAzFirewallDnsServers: []
+        parAzFirewallIntelMode: 'Alert'
+        parAzFirewallTier: 'Standard'
+        parAzFirewallAvailabilityZones: [
+            '1'
+            '2'
+            '3'
+        ]
+    }
+]
+```