Azure · jamasten · Apr 1, 2024 · Apr 1, 2024 · Apr 1, 2024 · Apr 1, 2024
@@ -16,7 +16,7 @@ This repository has carefully planned default address prefixes configured throug
 | MLZ      | Shared Services                      | 10.0.132.0/24  |
 | Add-On   | Tier 3                               | 10.0.133.0/24  |
 | Add-On   | Imaging                              | 10.0.134.0/24  |
-| Add-On   | ESRI Enterprise                      | 10.0.135.0/24  |
+| Add-On   | ESRI Enterprise                      | 10.0.135.0/23  |
 | Add-On   | Azure Virtual Desktop, Stamp Index 0 | 10.0.140.0/23  |
 | Add-On   | Azure Virtual Desktop, Stamp Index 1 | 10.0.142.0/23  |
 | Add-On   | Azure Virtual Desktop, Stamp Index 2 | 10.0.144.0/23  |

@@ -13,6 +13,7 @@ resource vault 'Microsoft.RecoveryServices/vaults@2022-03-01' existing =  {
 }
 
 resource protectionContainers 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers@2022-03-01' = [for i in range(0, storageCount): {
+  #disable-next-line use-parent-property
   name: '${vault.name}/Azure/storagecontainer;Storage;${resourceGroupStorage};${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}'
   properties: {
     backupManagementType: 'AzureStorage'

@@ -1,8 +1,15 @@
 targetScope = 'subscription'
 
-@description('The file name of the ArcGIS Pro installer in Azure Blobs.')
+@description('The file name of the ArcGIS Pro installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts.')
 param arcGisProInstaller string
 
+@secure()
+@description('The password for the ArcGIS service account.')
+param arcgisServiceAccountPassword string
+
+@description('The username for the ArcGIS service account.')
+param arcgisServiceAccountUserName string
+
 @description('The blob name of the MSI file for the AVD Agent Boot Loader installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts.')
 param avdAgentBootLoaderMsiName string
 
@@ -15,10 +22,17 @@ param avdObjectId string
 @description('The blob name of the MSI file for the  Azure PowerShell Module installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts.')
 param azurePowerShellModuleMsiName string
 
-@description('The name of the container in the Azure Storage Account containing the deployment artifacts.')
+@description('The file name for the certificate that will secure the ESRI portal. The file must be hosted in an Azure Blobs container with the other deployment artifacts.')
+param certificateFileName string
+
+@secure()
+@description('The password for the certificate that will secure the ESRI portal.')
+param certificatePassword string
+
+@description('The name of the container in Azure Blobs for the deployment artifacts.')
 param containerName string
 
-@description('A suffix to use for naming deployments uniquely. It defaults to the Bicep resolution of the "utcNow()" function.')
+@description('The suffix used for naming deployments uniquely. It defaults to a timestamp with the utcNow function.')
 param deploymentNameSuffix string = utcNow()
 
 @secure()
@@ -31,10 +45,10 @@ param domainJoinUsername string = 'domainjoin'
 @description('The name of the domain to use for Entra Domain Services.')
 param domainName string
 
-@description('Email address of the contact, in the form of john@doe.com')
+@description('The email address or distribution list to receive security alerts.')
 param emailSecurityContact string = ''
 
-@description('Determines whether to use the hybrid use benefit.')
+@description('Determines whether to use the hybrid use benefit for the Windows virtual machines.')
 param hybridUseBenefit bool
 
 @minLength(1)
@@ -52,6 +66,30 @@ param localAdministratorUsername string
 @description('The region to deploy resources into. It defaults to the deployment location.')
 param location string = deployment().location
 
+@description('The base 64 encoded string containing the license file for the ESRI portal.')
+param portalLicenseFile string
+
+@allowed([
+  'creatorUT'
+  'editorUT'
+  'fieldWorkerUT'
+  'GISProfessionalAdvUT'
+  'GISProfessionalBasicUT'
+  'GISProfessionalStdUT'
+  'IndoorsUserUT'
+  'insightsAnalystUT'
+  'viewerUT'
+])
+@description('The license user type ID for the ESRI portal.')
+param portalLicenseUserTypeId string
+
+@secure()
+@description('The password for the ESRI Primary Site Administrator Account.')
+param primarySiteAdministratorAccountPassword string
+
+@description('The username for the ESRI Primary Site Administrator Account.')
+param primarySiteAdministratorAccountUserName string
+
 @minLength(3)
 @maxLength(6)
 @description('A prefix, 3-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces')
@@ -60,7 +98,10 @@ param resourcePrefix string
 @description('The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage.')
 param securityPrincipals array
 
-@description('The resource ID of the Azure Storage Account to use for storing artifacts to customize the image.')
+@description('The base 64 encoded string containing the license file for ESRI Enterprise server.')
+param serverLicenseFile string
+
+@description('The resource ID of the Azure Storage Account used for storing the deployment artifacts.')
 param storageAccountResourceId string
 
 @allowed([
@@ -173,3 +214,49 @@ module azureVirtualDesktop '../azureVirtualDesktop/solution.bicep' = {
     domainServices
   ]
 }
+
+module esriEnterprise '../esri-enterprise/solution.bicep' = {
+  name: 'deploy-esri-enterprise-${deploymentNameSuffix}'
+  params: {
+    adminPassword: localAdministratorPassword
+    adminUsername: localAdministratorUsername
+    arcgisServiceAccountIsDomainAccount: true
+    arcgisServiceAccountPassword: arcgisServiceAccountPassword
+    arcgisServiceAccountUserName: arcgisServiceAccountUserName
+    architecture: 'singletier'
+    artifactsContainerName: containerName
+    artifactsStorageAccountName: split(storageAccountResourceId, '/')[8]
+    artifactsStorageAccountResourceGroupName: split(storageAccountResourceId, '/')[4]
+    artifactsStorageAccountSubscriptionId: split(storageAccountResourceId, '/')[2]
+    azureFirewallName: split(missionLandingZone.outputs.azureFirewallResourceId, '/')[8]
+    certificateFileName: certificateFileName
+    certificatePassword: certificatePassword
+    deployDefender: false
+    diskEncryptionSetResourceId: missionLandingZone.outputs.diskEncryptionSetResourceId
+    enableGraphDataStore: false
+    enableMonitoring: true
+    enableObjectDataStore: false
+    enableSpatiotemporalBigDataStore: true
+    enableTileCacheDataStore: true
+    externalDnsHostname: 'esri.${domainName}'
+    hubResourceGroupName: split(missionLandingZone.outputs.hubVirtualNetworkResourceId, '/')[4]
+    hubSubscriptionId: subscription().subscriptionId
+    hubVirtualNetworkName: split(missionLandingZone.outputs.hubVirtualNetworkResourceId, '/')[8]
+    joinEntraDomain: false
+    joinWindowsDomain: true
+    location: location
+    portalLicenseFile: portalLicenseFile
+    portalLicenseUserTypeId: portalLicenseUserTypeId
+    primarySiteAdministratorAccountPassword: primarySiteAdministratorAccountPassword
+    primarySiteAdministratorAccountUserName: primarySiteAdministratorAccountUserName
+    resourcePrefix: resourcePrefix
+    selfSignedCertificatePassword: certificatePassword
+    serverLicenseFile: serverLicenseFile
+    spokelogAnalyticsWorkspaceResourceId: missionLandingZone.outputs.logAnalyticsWorkspaceResourceId
+    useAzureFiles: false
+    useCloudStorage: false
+    windowsDomainAdministratorPassword: domainJoinPassword
+    windowsDomainAdministratorUserName: domainJoinUsername
+    windowsDomainName: domainName
+  }
+}