search

Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
308 stars 201 forks source link

Upload configuration scripts to storage container for private link #528

Closed chbragg closed 8 months ago

chbragg commented 8 months ago

Describe the feature end to end, including deployment scenario details under which the feature would occur.

All of the configuration scripts are located in GitHub and the endpoints are hard-coded as a URI in the code. It would be great if during the deployment, the files were uploaded to the Azure network and downloaded from there. 1) During deployment a storage account gets created. If Private Link is enabled for AVD, the storage account uses Private Link, if not, the storage account allows anonymous blob read access from the vNET where AVD is deployed. 2) All of the dependent scripts get uploaded to the storage blob and the artifacts location is stored in a variable to be used during the AVD deployment 3) During the AVD deployment at part where the Session Hosts get joined to the Host Pool and they do other configuration items, instead of pulling the configuration script from GitHub, pull the configuration script from the storage account.

Why is this feature important. Describe why this would be important for your organization and others. Would this impact similar orgs in the same way?

Security improvement. When an organization has their firewall locked down, it usually won't allow github as a place to download from. Some organizations will have to download the AVDAccelerator Repo from a middle-tier machine and then move those files to their internal network before running the bicep code and deploying to Azure.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Can you describe any alternatives that you have taken since this feature does not exist?

Currently, I had to punch a whole in the firewall for GitHub IPs to allow downloading of the AVD Accelerator configuration scripts

Feature Implementation

No response

danycontre commented 8 months ago

@chbragg thanks for your feedback, we are reviewing this item.

danycontre commented 8 months ago

@swathibhat1 let's work on this one as an ADO new feature request / enhancement.

@stalejohnsen we will keep you updated.