July 2020 Penetration test / DECOVID standby deployment

[jemrobinson]

SHM 'decovid' deployment

Code version

```pwsh Already up to date. On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean At commit 5f3ee4fa (5f3ee4fa6711003c80acdad19b3b80e21e6cb079) ```

Setup_SHM_DNS_Zone

```pwsh 2020-07-10 10:19:52 [ INFO]: Ensuring that resource group 'RG_SHM_DNS_DECOVID' exists... 2020-07-10 10:19:53 [SUCCESS]: [✔] Resource group 'RG_SHM_DNS_DECOVID' already exists 2020-07-10 10:19:53 [ INFO]: Ensuring that DNS Zone exists... 2020-07-10 10:19:53 [ INFO]: Ensuring the DNS zone 'decovid.turingsafehaven.ac.uk' exists... 2020-07-10 10:19:54 [SUCCESS]: [✔] DNS Zone 'decovid.turingsafehaven.ac.uk' already exists 2020-07-10 10:19:54 [ INFO]: Get NS records from the new DNS Zone... 2020-07-10 10:19:54 [ INFO]: Reading NS records '@' for DNS Zone 'decovid.turingsafehaven.ac.uk'... 2020-07-10 10:19:55 [ INFO]: No existing DNS Zone was found for 'turingsafehaven.ac.uk' in resource group 'RG_SHM_DNS_DECOVID'. 2020-07-10 10:19:55 [ INFO]: You need to add the following NS records to the parent DNS system for 'turingsafehaven.ac.uk': 'ns1-06.azure-dns.com. ns2-06.azure-dns.net. ns3-06.azure-dns.org. ns4-06.azure-dns.info.' ```

Setup_SHM_AAD_Domain

```pwsh WARNING: /Users/jrobinson/.local/share/powershell/Modules/AzureAD.Standard.Preview/0.1.599.7 WARNING: AzureAD.Standard.Preview WARNING: /Users/jrobinson/.local/share/powershell/Modules/AzureAD.Standard.Preview/0.1.599.7/net471 WARNING: Loading module in coreclr folder: 'netstandard2.0' ... Connecting to Azure AD 'bd57aa52-957e-4fc3-bfcc-104507f2c9d3'... WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DTS7Y7T9J to authenticate. 2020-07-10 10:21:13 [ INFO]: Adding SHM domain to AAD... 2020-07-10 10:21:14 [SUCCESS]: [✔] 'decovid.turingsafehaven.ac.uk' added as custom domain on SHM AAD. 2020-07-10 10:21:14 [ INFO]: Verifying domain on SHM AAD... 2020-07-10 10:21:17 [SUCCESS]: [✔] Verification TXT record added to 'decovid.turingsafehaven.ac.uk' DNS zone. 2020-07-10 10:21:17 [ INFO]: Checking domain verification status on SHM AAD (attempt 1 of 10)... 2020-07-10 10:21:18 [SUCCESS]: [✔] Domain 'decovid.turingsafehaven.ac.uk' is verified on SHM AAD. 2020-07-10 10:21:18 [ INFO]: Ensuring 'decovid.turingsafehaven.ac.uk' is primary domain on SHM AAD. 2020-07-10 10:21:18 [SUCCESS]: [✔] Set 'decovid.turingsafehaven.ac.uk' as primary domain on SHM AAD. ```

Setup_SHM_KeyVault_And_Emergency_Admin

```pwsh WARNING: /Users/jrobinson/.local/share/powershell/Modules/AzureAD.Standard.Preview/0.1.599.7 WARNING: AzureAD.Standard.Preview WARNING: /Users/jrobinson/.local/share/powershell/Modules/AzureAD.Standard.Preview/0.1.599.7/net471 WARNING: Loading module in coreclr folder: 'netstandard2.0' ... Connecting to Azure AD 'bd57aa52-957e-4fc3-bfcc-104507f2c9d3'... WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DWJ2QF37R to authenticate. 2020-07-10 10:23:49 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_SECRETS' exists... 2020-07-10 10:23:50 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_SECRETS' 2020-07-10 10:23:50 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_SECRETS' 2020-07-10 10:23:50 [ INFO]: Ensuring that key vault 'kv-shm-decovid' exists... 2020-07-10 10:23:51 [ INFO]: [ ] Creating key vault 'kv-shm-decovid' 2020-07-10 10:24:36 [SUCCESS]: [✔] Created key vault 'kv-shm-decovid' 2020-07-10 10:24:36 [ INFO]: Giving group 'Safe Haven Test Admins' access to key vault 'kv-shm-decovid'... 2020-07-10 10:24:40 [SUCCESS]: [✔] Set correct access policies for key vault 'kv-shm-decovid' 2020-07-10 10:24:40 [ INFO]: Ensuring that secrets exist in key vault 'kv-shm-decovid'... 2020-07-10 10:24:42 [SUCCESS]: [✔] AAD emergency administrator account username exists 2020-07-10 10:24:44 [SUCCESS]: [✔] AAD emergency administrator account password exists 2020-07-10 10:24:50 [SUCCESS]: [✔] Ensured that SHM admin usernames exist 2020-07-10 10:25:10 [SUCCESS]: [✔] Ensured that SHM VM admin passwords exist 2020-07-10 10:25:19 [SUCCESS]: [✔] Ensured that domain joining passwords exist 2020-07-10 10:25:20 [SUCCESS]: [✔] Ensured that service account passwords exist 2020-07-10 10:25:22 [ INFO]: Ensuring AAD emergency administrator account exists... 2020-07-10 10:25:22 [SUCCESS]: [✔] AAD emergency administrator account created. 2020-07-10 10:25:22 [ INFO]: Ensuring that self-signed CA certificate exists in the 'kv-shm-decovid' KeyVault... 2020-07-10 10:25:23 [ INFO]: Creating new self-signed CA certificate... 2020-07-10 10:25:24 [ INFO]: [ ] Generating self-signed certificate locally Generating a 2048 bit RSA private key ....................+++ ..................................................................................................................................................................+++ writing new private key to '/var/folders/q7/nl3w6z854711jwsdy0hj7sxhwypcgh/T/tmpeGWrkK.tmp.certificates/SHM-DECOVID-P2S-CA.key' ----- 2020-07-10 10:25:26 [SUCCESS]: [✔] Generating self-signed certificate succeeded 2020-07-10 10:25:26 [ INFO]: [ ] Uploading CA private key + certificate bundle as certificate shm-decovid-vpn-ca-cert (includes private key) 2020-07-10 10:25:27 [SUCCESS]: [✔] Uploading the full CA certificate succeeded 2020-07-10 10:25:27 [ INFO]: [ ] Uploading the plain CA certificate as secret shm-decovid-vpn-ca-cert-plain (without private key) 2020-07-10 10:25:29 [SUCCESS]: [✔] Uploading the plain CA certificate succeeded 2020-07-10 10:25:29 [ INFO]: Ensuring that client certificate exists in the 'kv-shm-decovid' KeyVault... 2020-07-10 10:25:30 [ INFO]: Creating new client certificate... 2020-07-10 10:25:30 [ INFO]: [ ] Loading CA private key from key vault... MAC verified OK 2020-07-10 10:25:31 [SUCCESS]: [✔] Loading CA private key succeeded 2020-07-10 10:25:31 [ INFO]: [ ] Retrieving CA plain certificate... 2020-07-10 10:25:32 [SUCCESS]: [✔] Validated CA certificate retrieval using MD5 2020-07-10 10:25:32 [ INFO]: [ ] Creating new certificate signing request to be signed by the CA certificate... 2020-07-10 10:25:34 [SUCCESS]: [✔] CSR creation succeeded 2020-07-10 10:25:34 [ INFO]: [ ] Signing the CSR and merging into the 'shm-decovid-vpn-client-cert' certificate... Signature ok subject=/CN=SHM-DECOVID-P2S-CLIENT Getting CA Private Key 2020-07-10 10:25:37 [SUCCESS]: [✔] Importing the signed client certificate succeeded ```

Setup_SHM_DC

```pwsh 2020-07-10 10:49:45 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_ARTIFACTS' exists... 2020-07-10 10:49:46 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_ARTIFACTS' 2020-07-10 10:49:47 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_ARTIFACTS' 2020-07-10 10:49:47 [ INFO]: Ensuring that storage account 'shmdecovidbootdiagsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 10:49:48 [ INFO]: [ ] Creating storage account 'shmdecovidbootdiagsoceuy' 2020-07-10 10:50:17 [SUCCESS]: [✔] Created storage account 'shmdecovidbootdiagsoceuy' 2020-07-10 10:50:17 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_ARTIFACTS' exists... 2020-07-10 10:50:18 [SUCCESS]: [✔] Resource group 'RG_SHM_DECOVID_ARTIFACTS' already exists 2020-07-10 10:50:18 [ INFO]: Ensuring that storage account 'shmdecovidartifactsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 10:50:19 [ INFO]: [ ] Creating storage account 'shmdecovidartifactsoceuy' 2020-07-10 10:50:38 [SUCCESS]: [✔] Created storage account 'shmdecovidartifactsoceuy' 2020-07-10 10:50:38 [ INFO]: Ensuring that blob storage containers exist... 2020-07-10 10:50:38 [ INFO]: Ensuring that storage container 'shm-dsc-dc' exists... 2020-07-10 10:50:39 [ INFO]: [ ] Creating storage container 'shm-dsc-dc' in storage account 'shmdecovidartifactsoceuy' 2020-07-10 10:50:39 [SUCCESS]: [✔] Created storage container 2020-07-10 10:50:39 [ INFO]: Ensuring that storage container 'shm-configuration-dc' exists... 2020-07-10 10:50:39 [ INFO]: [ ] Creating storage container 'shm-configuration-dc' in storage account 'shmdecovidartifactsoceuy' 2020-07-10 10:50:39 [SUCCESS]: [✔] Created storage container 2020-07-10 10:50:39 [ INFO]: Ensuring that storage container 'sre-rds-sh-packages' exists... 2020-07-10 10:50:39 [ INFO]: [ ] Creating storage container 'sre-rds-sh-packages' in storage account 'shmdecovidartifactsoceuy' 2020-07-10 10:50:39 [SUCCESS]: [✔] Created storage container 2020-07-10 10:50:39 [ INFO]: Uploading artifacts to storage account 'shmdecovidartifactsoceuy'... 2020-07-10 10:50:39 [ INFO]: [ ] Uploading desired state configuration (DSC) files to blob storage 2020-07-10 10:50:39 [SUCCESS]: [✔] Uploaded desired state configuration (DSC) files 2020-07-10 10:50:39 [ INFO]: [ ] Uploading domain controller (DC) configuration files to blob storage 2020-07-10 10:50:40 [SUCCESS]: [✔] Uploaded domain controller (DC) configuration files 2020-07-10 10:50:40 [ INFO]: [ ] Uploading Windows package installers to blob storage Container Uri: https://shmdecovidartifactsoceuy.blob.core.windows.net/sre-rds-sh-packages Name BlobType Length ContentType LastModified AccessTier SnapshotTime IsDeleted ---- -------- ------ ----------- ------------ ---------- ------------ --------- GoogleChrome_x64.msi BlockBlob -1 2020-07-10 09:50:40Z False PuTTY_x64.msi BlockBlob -1 2020-07-10 09:50:40Z False WinSCP_x32.exe BlockBlob -1 2020-07-10 09:50:42Z False 2020-07-10 10:50:42 [SUCCESS]: [✔] Uploaded Windows package installers 2020-07-10 10:50:42 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_NETWORKING' exists... 2020-07-10 10:50:42 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_NETWORKING' 2020-07-10 10:50:43 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_NETWORKING' 2020-07-10 10:50:43 [ INFO]: Deploying VNet gateway from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SHM_DECOVID_NETWORKING". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 10:50:45 - Template is valid. VERBOSE: 10:50:45 - Create template deployment 'shm-vnet-template' VERBOSE: 10:50:45 - Checking deployment status in 5 seconds VERBOSE: 10:50:50 - Checking deployment status in 5 seconds VERBOSE: 10:50:55 - Checking deployment status in 5 seconds VERBOSE: 10:51:00 - Checking deployment status in 5 seconds VERBOSE: 10:51:05 - Checking deployment status in 5 seconds VERBOSE: 10:51:10 - Checking deployment status in 5 seconds VERBOSE: 10:51:15 - Checking deployment status in 5 seconds VERBOSE: 10:51:20 - Checking deployment status in 5 seconds VERBOSE: 10:51:25 - Checking deployment status in 5 seconds VERBOSE: 10:51:31 - Checking deployment status in 5 seconds VERBOSE: 10:51:36 - Checking deployment status in 5 seconds VERBOSE: 10:51:41 - Checking deployment status in 5 seconds VERBOSE: 10:51:46 - Checking deployment status in 5 seconds VERBOSE: 10:51:51 - Resource Microsoft.Network/virtualNetworkGateways 'VNET_SHM_DECOVID_GW' provisioning status is running VERBOSE: 10:51:51 - Resource Microsoft.Network/virtualNetworks/subnets 'VNET_SHM_DECOVID/GatewaySubnet' provisioning status is succeeded VERBOSE: 10:51:51 - Resource Microsoft.Network/virtualNetworks/subnets 'VNET_SHM_DECOVID/IdentitySubnet' provisioning status is running VERBOSE: 10:51:51 - Resource Microsoft.Network/virtualNetworks/subnets 'VNET_SHM_DECOVID/WebSubnet' provisioning status is succeeded VERBOSE: 10:51:51 - Resource Microsoft.Network/virtualNetworks 'VNET_SHM_DECOVID' provisioning status is succeeded VERBOSE: 10:51:51 - Resource Microsoft.Network/publicIPAddresses 'VNET_SHM_DECOVID_GW_PIP' provisioning status is succeeded VERBOSE: 10:51:51 - Resource Microsoft.Network/networkSecurityGroups 'NSG_SHM_DECOVID_SUBNET_IDENTITY' provisioning status is succeeded VERBOSE: 10:51:51 - Checking deployment status in 16 seconds VERBOSE: 10:52:07 - Resource Microsoft.Network/virtualNetworks/subnets 'VNET_SHM_DECOVID/IdentitySubnet' provisioning status is succeeded VERBOSE: 10:52:07 - Checking deployment status in 5 seconds VERBOSE: 10:52:12 - Checking deployment status in 5 seconds VERBOSE: 10:52:17 - Checking deployment status in 5 seconds VERBOSE: 10:52:22 - Checking deployment status in 5 seconds VERBOSE: 10:52:27 - Checking deployment status in 5 seconds VERBOSE: 10:52:32 - Checking deployment status in 5 seconds VERBOSE: 10:52:38 - Checking deployment status in 5 seconds VERBOSE: 10:52:43 - Checking deployment status in 5 seconds VERBOSE: 10:52:48 - Checking deployment status in 5 seconds VERBOSE: 10:52:53 - Checking deployment status in 5 seconds VERBOSE: 10:52:58 - Checking deployment status in 5 seconds VERBOSE: 10:53:03 - Checking deployment status in 5 seconds VERBOSE: 10:53:08 - Checking deployment status in 5 seconds VERBOSE: 10:53:13 - Checking deployment status in 5 seconds VERBOSE: 10:53:18 - Checking deployment status in 5 seconds VERBOSE: 10:53:23 - Checking deployment status in 5 seconds VERBOSE: 10:53:29 - Checking deployment status in 5 seconds VERBOSE: 10:53:34 - Checking deployment status in 5 seconds VERBOSE: 10:53:39 - Checking deployment status in 5 seconds VERBOSE: 10:53:44 - Checking deployment status in 5 seconds VERBOSE: 10:53:49 - Checking deployment status in 5 seconds VERBOSE: 10:53:54 - Checking deployment status in 13 seconds VERBOSE: 10:54:07 - Checking deployment status in 5 seconds VERBOSE: 10:54:12 - Checking deployment status in 5 seconds VERBOSE: 10:54:17 - Checking deployment status in 5 seconds VERBOSE: 10:54:22 - Checking deployment status in 5 seconds VERBOSE: 10:54:28 - Checking deployment status in 5 seconds VERBOSE: 10:54:33 - Checking deployment status in 5 seconds VERBOSE: 10:54:38 - Checking deployment status in 5 seconds VERBOSE: 10:54:43 - Checking deployment status in 5 seconds VERBOSE: 10:54:48 - Checking deployment status in 5 seconds VERBOSE: 10:54:53 - Checking deployment status in 5 seconds VERBOSE: 10:54:58 - Checking deployment status in 5 seconds VERBOSE: 10:55:03 - Checking deployment status in 5 seconds VERBOSE: 10:55:08 - Checking deployment status in 5 seconds VERBOSE: 10:55:14 - Checking deployment status in 5 seconds VERBOSE: 10:55:19 - Checking deployment status in 5 seconds VERBOSE: 10:55:24 - Checking deployment status in 5 seconds VERBOSE: 10:55:29 - Checking deployment status in 5 seconds VERBOSE: 10:55:34 - Checking deployment status in 5 seconds VERBOSE: 10:55:39 - Checking deployment status in 5 seconds VERBOSE: 10:55:44 - Checking deployment status in 5 seconds VERBOSE: 10:55:49 - Checking deployment status in 5 seconds VERBOSE: 10:55:54 - Checking deployment status in 13 seconds VERBOSE: 10:56:08 - Checking deployment status in 5 seconds VERBOSE: 10:56:13 - Checking deployment status in 5 seconds VERBOSE: 10:56:18 - Checking deployment status in 5 seconds VERBOSE: 10:56:23 - Checking deployment status in 5 seconds VERBOSE: 10:56:28 - Checking deployment status in 5 seconds VERBOSE: 10:56:33 - Checking deployment status in 5 seconds VERBOSE: 10:56:38 - Checking deployment status in 5 seconds VERBOSE: 10:56:43 - Checking deployment status in 5 seconds VERBOSE: 10:56:48 - Checking deployment status in 5 seconds VERBOSE: 10:56:53 - Checking deployment status in 5 seconds VERBOSE: 10:56:59 - Checking deployment status in 5 seconds VERBOSE: 10:57:04 - Checking deployment status in 5 seconds VERBOSE: 10:57:09 - Checking deployment status in 5 seconds VERBOSE: 10:57:14 - Checking deployment status in 5 seconds VERBOSE: 10:57:19 - Checking deployment status in 5 seconds VERBOSE: 10:57:24 - Checking deployment status in 5 seconds VERBOSE: 10:57:29 - Checking deployment status in 5 seconds VERBOSE: 10:57:34 - Checking deployment status in 5 seconds VERBOSE: 10:57:39 - Checking deployment status in 5 seconds VERBOSE: 10:57:45 - Checking deployment status in 5 seconds VERBOSE: 10:57:50 - Checking deployment status in 5 seconds VERBOSE: 10:57:55 - Checking deployment status in 14 seconds VERBOSE: 10:58:09 - Checking deployment status in 5 seconds VERBOSE: 10:58:14 - Checking deployment status in 5 seconds VERBOSE: 10:58:19 - Checking deployment status in 5 seconds VERBOSE: 10:58:24 - Checking deployment status in 5 seconds VERBOSE: 10:58:29 - Checking deployment status in 5 seconds VERBOSE: 10:58:34 - Checking deployment status in 5 seconds VERBOSE: 10:58:40 - Checking deployment status in 5 seconds VERBOSE: 10:58:45 - Checking deployment status in 5 seconds VERBOSE: 10:58:50 - Checking deployment status in 5 seconds VERBOSE: 10:58:55 - Checking deployment status in 5 seconds VERBOSE: 10:59:00 - Checking deployment status in 5 seconds VERBOSE: 10:59:05 - Checking deployment status in 5 seconds VERBOSE: 10:59:10 - Checking deployment status in 5 seconds VERBOSE: 10:59:15 - Checking deployment status in 5 seconds VERBOSE: 10:59:20 - Checking deployment status in 5 seconds VERBOSE: 10:59:26 - Checking deployment status in 5 seconds VERBOSE: 10:59:31 - Checking deployment status in 5 seconds VERBOSE: 10:59:36 - Checking deployment status in 5 seconds VERBOSE: 10:59:41 - Checking deployment status in 5 seconds VERBOSE: 10:59:46 - Checking deployment status in 5 seconds VERBOSE: 10:59:51 - Checking deployment status in 5 seconds VERBOSE: 10:59:56 - Checking deployment status in 12 seconds VERBOSE: 11:00:08 - Checking deployment status in 5 seconds VERBOSE: 11:00:13 - Checking deployment status in 5 seconds VERBOSE: 11:00:18 - Checking deployment status in 5 seconds VERBOSE: 11:00:24 - Checking deployment status in 5 seconds VERBOSE: 11:00:29 - Checking deployment status in 5 seconds VERBOSE: 11:00:34 - Checking deployment status in 5 seconds VERBOSE: 11:00:39 - Checking deployment status in 5 seconds VERBOSE: 11:00:44 - Checking deployment status in 5 seconds VERBOSE: 11:00:49 - Checking deployment status in 5 seconds VERBOSE: 11:00:54 - Checking deployment status in 5 seconds VERBOSE: 11:00:59 - Checking deployment status in 5 seconds VERBOSE: 11:01:04 - Checking deployment status in 5 seconds VERBOSE: 11:01:09 - Checking deployment status in 5 seconds VERBOSE: 11:01:15 - Checking deployment status in 5 seconds VERBOSE: 11:01:20 - Checking deployment status in 5 seconds VERBOSE: 11:01:25 - Checking deployment status in 5 seconds VERBOSE: 11:01:30 - Checking deployment status in 5 seconds VERBOSE: 11:01:35 - Checking deployment status in 5 seconds VERBOSE: 11:01:40 - Checking deployment status in 5 seconds VERBOSE: 11:01:45 - Checking deployment status in 5 seconds VERBOSE: 11:01:50 - Checking deployment status in 5 seconds VERBOSE: 11:01:55 - Checking deployment status in 13 seconds VERBOSE: 11:02:09 - Checking deployment status in 5 seconds VERBOSE: 11:02:14 - Checking deployment status in 5 seconds VERBOSE: 11:02:19 - Checking deployment status in 5 seconds VERBOSE: 11:02:24 - Checking deployment status in 5 seconds VERBOSE: 11:02:29 - Checking deployment status in 5 seconds VERBOSE: 11:02:34 - Checking deployment status in 5 seconds VERBOSE: 11:02:39 - Checking deployment status in 5 seconds VERBOSE: 11:02:44 - Checking deployment status in 5 seconds VERBOSE: 11:02:50 - Checking deployment status in 5 seconds VERBOSE: 11:02:55 - Checking deployment status in 5 seconds VERBOSE: 11:03:00 - Checking deployment status in 5 seconds VERBOSE: 11:03:05 - Checking deployment status in 5 seconds VERBOSE: 11:03:10 - Checking deployment status in 5 seconds VERBOSE: 11:03:15 - Checking deployment status in 5 seconds VERBOSE: 11:03:20 - Checking deployment status in 5 seconds VERBOSE: 11:03:26 - Checking deployment status in 5 seconds VERBOSE: 11:03:31 - Checking deployment status in 5 seconds VERBOSE: 11:03:36 - Checking deployment status in 5 seconds VERBOSE: 11:03:41 - Checking deployment status in 5 seconds VERBOSE: 11:03:46 - Checking deployment status in 5 seconds VERBOSE: 11:03:51 - Checking deployment status in 5 seconds VERBOSE: 11:03:56 - Checking deployment status in 15 seconds VERBOSE: 11:04:11 - Checking deployment status in 5 seconds VERBOSE: 11:04:16 - Checking deployment status in 5 seconds VERBOSE: 11:04:22 - Checking deployment status in 5 seconds VERBOSE: 11:04:27 - Checking deployment status in 5 seconds VERBOSE: 11:04:32 - Checking deployment status in 5 seconds VERBOSE: 11:04:37 - Checking deployment status in 5 seconds VERBOSE: 11:04:42 - Checking deployment status in 5 seconds VERBOSE: 11:04:47 - Checking deployment status in 5 seconds VERBOSE: 11:04:52 - Checking deployment status in 5 seconds VERBOSE: 11:04:57 - Checking deployment status in 5 seconds VERBOSE: 11:05:03 - Checking deployment status in 5 seconds VERBOSE: 11:05:08 - Checking deployment status in 5 seconds VERBOSE: 11:05:13 - Checking deployment status in 5 seconds VERBOSE: 11:05:18 - Checking deployment status in 5 seconds VERBOSE: 11:05:23 - Checking deployment status in 5 seconds VERBOSE: 11:05:28 - Checking deployment status in 5 seconds VERBOSE: 11:05:33 - Checking deployment status in 5 seconds VERBOSE: 11:05:38 - Checking deployment status in 5 seconds VERBOSE: 11:05:44 - Checking deployment status in 5 seconds VERBOSE: 11:05:49 - Checking deployment status in 5 seconds VERBOSE: 11:05:54 - Checking deployment status in 5 seconds VERBOSE: 11:05:59 - Checking deployment status in 14 seconds VERBOSE: 11:06:13 - Checking deployment status in 5 seconds VERBOSE: 11:06:18 - Checking deployment status in 5 seconds VERBOSE: 11:06:23 - Checking deployment status in 5 seconds VERBOSE: 11:06:28 - Checking deployment status in 5 seconds VERBOSE: 11:06:33 - Checking deployment status in 5 seconds VERBOSE: 11:06:38 - Checking deployment status in 5 seconds VERBOSE: 11:06:43 - Checking deployment status in 5 seconds VERBOSE: 11:06:49 - Checking deployment status in 5 seconds VERBOSE: 11:06:54 - Checking deployment status in 5 seconds VERBOSE: 11:06:59 - Checking deployment status in 5 seconds VERBOSE: 11:07:04 - Checking deployment status in 5 seconds VERBOSE: 11:07:09 - Checking deployment status in 5 seconds VERBOSE: 11:07:14 - Checking deployment status in 5 seconds VERBOSE: 11:07:19 - Checking deployment status in 5 seconds VERBOSE: 11:07:24 - Checking deployment status in 5 seconds VERBOSE: 11:07:29 - Checking deployment status in 5 seconds VERBOSE: 11:07:34 - Checking deployment status in 5 seconds VERBOSE: 11:07:40 - Checking deployment status in 5 seconds VERBOSE: 11:07:45 - Checking deployment status in 5 seconds VERBOSE: 11:07:50 - Checking deployment status in 5 seconds VERBOSE: 11:07:55 - Checking deployment status in 5 seconds VERBOSE: 11:08:00 - Checking deployment status in 13 seconds VERBOSE: 11:08:13 - Checking deployment status in 5 seconds VERBOSE: 11:08:18 - Checking deployment status in 5 seconds VERBOSE: 11:08:23 - Checking deployment status in 5 seconds VERBOSE: 11:08:28 - Checking deployment status in 5 seconds VERBOSE: 11:08:33 - Checking deployment status in 5 seconds VERBOSE: 11:08:39 - Checking deployment status in 5 seconds VERBOSE: 11:08:44 - Checking deployment status in 5 seconds VERBOSE: 11:08:49 - Checking deployment status in 5 seconds VERBOSE: 11:08:54 - Checking deployment status in 5 seconds VERBOSE: 11:08:59 - Checking deployment status in 5 seconds VERBOSE: 11:09:04 - Checking deployment status in 5 seconds VERBOSE: 11:09:09 - Checking deployment status in 5 seconds VERBOSE: 11:09:14 - Checking deployment status in 5 seconds VERBOSE: 11:09:19 - Checking deployment status in 5 seconds VERBOSE: 11:09:24 - Checking deployment status in 5 seconds VERBOSE: 11:09:30 - Checking deployment status in 5 seconds VERBOSE: 11:09:35 - Checking deployment status in 5 seconds VERBOSE: 11:09:40 - Checking deployment status in 5 seconds VERBOSE: 11:09:45 - Checking deployment status in 5 seconds VERBOSE: 11:09:50 - Checking deployment status in 5 seconds VERBOSE: 11:09:55 - Checking deployment status in 5 seconds VERBOSE: 11:10:00 - Checking deployment status in 14 seconds VERBOSE: 11:10:14 - Checking deployment status in 5 seconds VERBOSE: 11:10:19 - Checking deployment status in 5 seconds VERBOSE: 11:10:24 - Checking deployment status in 5 seconds VERBOSE: 11:10:30 - Checking deployment status in 5 seconds VERBOSE: 11:10:35 - Checking deployment status in 5 seconds VERBOSE: 11:10:40 - Checking deployment status in 5 seconds VERBOSE: 11:10:45 - Resource Microsoft.Network/virtualNetworkGateways 'VNET_SHM_DECOVID_GW' provisioning status is succeeded ResourceGroupName : RG_SHM_DECOVID_NETWORKING OnErrorDeployment : DeploymentName : shm-vnet-template CorrelationId : 39f27f62-5908-4d69-a7e1-f620c98523e5 ProvisioningState : Succeeded Timestamp : 10/07/2020 10:10:43 Mode : Incremental TemplateLink : TemplateLinkString : DeploymentDebugLogLevel : ResponseContent Parameters : {[p2S_VPN_Certificate, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [shm_Id, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [subnet_Identity_Name, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [subnet_Identity_CIDR, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable]…} ParametersString : Name Type Value ====================== ========================= ========== p2S_VPN_Certificate String MIICtjCCAZ4CCQCoxboKVDmwMzANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJT SE0tREVDT1ZJRC1QMlMtQ0EwHhcNMjAwNzEwMDkyNTI2WhcNMjIxMDEzMDkyNTI2 WjAdMRswGQYDVQQDDBJTSE0tREVDT1ZJRC1QMlMtQ0EwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC0sq2dZm17MV3jMNhPKlwJbHB0t8+Uj2LBCNwdlJwc i6tgeaAEr1FRPnWTxFsmLGUJbd8yos70/Arlp982Bc5oi48ppMpG40jGVL/i6j+7 lEsfYxFKJfmtuRCKJtfED128LH1g7q1bZSSHP/+zgT4RrpxTl/21nNGsXZpLRoof ragiUR5wdXR0R/8lAmaxJYnkQxO2odp4N1JmfiND4YvFGs4yEynMcUt66vpPWmJc 4tnRdMnGxkMSOsBV8ktAe81UA8Jghxet9ZhCfrRnAvD12Po4BJibh6ppGWGg7a24 CBZSv/M6wlKfolaujy70VXYBWjJGiouPmjsoZ+2qXiAFAgMBAAEwDQYJKoZIhvcN AQELBQADggEBAJjlA65CA5CD14KdxwElF1b/DQ/Rz9waLKbLxzQxxWmuA4W5b5uy AXeY7C62qnkLgrMiRkM7JwSs3VvtBYdETxZ+3BdberwHbCCu5I69sIeA4yg6A2N2 46R3ADuY8Rlxp0KCPqyZy3NuFGBUK8dv+UFRApw/8a3svOglFUrbegmz+ezRkdnD gE9c9jwDNyvT+5WywFU0KZp4vW4Gp8pW40H2uk+9cynMOyw4t1fo/k3VJw5hzNhs wRDAY+SOmPcOaK5Cc4QZHrAlDWV4TWFnKnfd5PDI0hy0O6HHxM5DoSDbV7TNxvIO TQFe5qgyQq8BpVcnNnUVaTQ/R0y9rJy0ZUQ= shm_Id String decovid subnet_Identity_Name String IdentitySubnet subnet_Identity_CIDR String 10.0.0.0/24 subnet_Web_Name String WebSubnet subnet_Web_CIDR String 10.0.1.0/24 subnet_Gateway_Name String GatewaySubnet subnet_Gateway_CIDR String 10.0.7.0/24 virtual_Network_Name String VNET_SHM_DECOVID vneT_CIDR String 10.0.0.0/21 vneT_DNS_DC1 String 10.0.0.4 vneT_DNS_DC2 String 10.0.0.5 vpN_CIDR String 172.16.201.0/24 Outputs : OutputsString : 2020-07-10 11:10:47 [SUCCESS]: [✔] Template deployment 'shm-vnet-template' succeeded 2020-07-10 11:10:47 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_DC' exists... 2020-07-10 11:10:47 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_DC' 2020-07-10 11:10:48 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_DC' 2020-07-10 11:10:48 [ INFO]: Creating/retrieving secrets from key vault 'kv-shm-decovid'... 2020-07-10 11:10:54 [ INFO]: Deploying domain controller (DC) from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SHM_DECOVID_DC". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 11:11:00 - Template is valid. VERBOSE: 11:11:00 - Create template deployment 'shm-dc-template' VERBOSE: 11:11:00 - Checking deployment status in 5 seconds VERBOSE: 11:11:05 - Resource Microsoft.Network/networkInterfaces 'DC2-SHM-DECOVID-NIC' provisioning status is succeeded VERBOSE: 11:11:05 - Resource Microsoft.Network/networkInterfaces 'DC1-SHM-DECOVID-NIC' provisioning status is succeeded VERBOSE: 11:11:05 - Checking deployment status in 5 seconds VERBOSE: 11:11:10 - Checking deployment status in 5 seconds VERBOSE: 11:11:16 - Checking deployment status in 5 seconds VERBOSE: 11:11:21 - Checking deployment status in 5 seconds VERBOSE: 11:11:26 - Checking deployment status in 5 seconds VERBOSE: 11:11:31 - Checking deployment status in 5 seconds VERBOSE: 11:11:36 - Checking deployment status in 5 seconds VERBOSE: 11:11:41 - Checking deployment status in 5 seconds VERBOSE: 11:11:46 - Checking deployment status in 5 seconds VERBOSE: 11:11:51 - Checking deployment status in 5 seconds VERBOSE: 11:11:56 - Checking deployment status in 5 seconds VERBOSE: 11:12:01 - Checking deployment status in 5 seconds VERBOSE: 11:12:06 - Checking deployment status in 5 seconds VERBOSE: 11:12:11 - Resource Microsoft.Compute/virtualMachines 'DC2-SHM-DECOVID' provisioning status is running VERBOSE: 11:12:11 - Resource Microsoft.Compute/virtualMachines 'DC1-SHM-DECOVID' provisioning status is running VERBOSE: 11:12:11 - Resource Microsoft.Compute/availabilitySets 'AVSET-SHM-DECOVID-VM-DC' provisioning status is succeeded VERBOSE: 11:12:11 - Checking deployment status in 12 seconds VERBOSE: 11:12:24 - Checking deployment status in 5 seconds VERBOSE: 11:12:29 - Checking deployment status in 5 seconds VERBOSE: 11:12:34 - Checking deployment status in 5 seconds VERBOSE: 11:12:39 - Checking deployment status in 5 seconds VERBOSE: 11:12:44 - Checking deployment status in 5 seconds VERBOSE: 11:12:49 - Checking deployment status in 5 seconds VERBOSE: 11:12:54 - Checking deployment status in 5 seconds VERBOSE: 11:12:59 - Checking deployment status in 5 seconds VERBOSE: 11:13:04 - Checking deployment status in 5 seconds VERBOSE: 11:13:09 - Checking deployment status in 5 seconds VERBOSE: 11:13:14 - Checking deployment status in 5 seconds VERBOSE: 11:13:20 - Checking deployment status in 5 seconds VERBOSE: 11:13:25 - Checking deployment status in 5 seconds VERBOSE: 11:13:30 - Checking deployment status in 5 seconds VERBOSE: 11:13:35 - Checking deployment status in 5 seconds VERBOSE: 11:13:40 - Checking deployment status in 5 seconds VERBOSE: 11:13:45 - Checking deployment status in 5 seconds VERBOSE: 11:13:50 - Checking deployment status in 5 seconds VERBOSE: 11:13:55 - Checking deployment status in 5 seconds VERBOSE: 11:14:00 - Resource Microsoft.Compute/virtualMachines/extensions 'DC1-SHM-DECOVID/bginfo' provisioning status is running VERBOSE: 11:14:00 - Resource Microsoft.Compute/virtualMachines/extensions 'DC1-SHM-DECOVID/CreateADForest' provisioning status is running VERBOSE: 11:14:00 - Resource Microsoft.Compute/virtualMachines 'DC1-SHM-DECOVID' provisioning status is succeeded VERBOSE: 11:14:00 - Checking deployment status in 14 seconds VERBOSE: 11:14:14 - Checking deployment status in 10 seconds VERBOSE: 11:14:24 - Checking deployment status in 5 seconds VERBOSE: 11:14:30 - Checking deployment status in 5 seconds VERBOSE: 11:14:35 - Checking deployment status in 5 seconds VERBOSE: 11:14:40 - Checking deployment status in 5 seconds VERBOSE: 11:14:45 - Checking deployment status in 5 seconds VERBOSE: 11:14:50 - Checking deployment status in 5 seconds VERBOSE: 11:14:55 - Checking deployment status in 5 seconds VERBOSE: 11:15:00 - Checking deployment status in 5 seconds VERBOSE: 11:15:06 - Checking deployment status in 5 seconds VERBOSE: 11:15:11 - Checking deployment status in 5 seconds VERBOSE: 11:15:16 - Checking deployment status in 5 seconds VERBOSE: 11:15:21 - Checking deployment status in 5 seconds VERBOSE: 11:15:26 - Checking deployment status in 5 seconds VERBOSE: 11:15:31 - Checking deployment status in 5 seconds VERBOSE: 11:15:36 - Checking deployment status in 5 seconds VERBOSE: 11:15:41 - Checking deployment status in 5 seconds VERBOSE: 11:15:46 - Checking deployment status in 5 seconds VERBOSE: 11:15:51 - Checking deployment status in 5 seconds VERBOSE: 11:15:57 - Checking deployment status in 5 seconds VERBOSE: 11:16:02 - Checking deployment status in 14 seconds VERBOSE: 11:16:16 - Resource Microsoft.Compute/virtualMachines/extensions 'DC2-SHM-DECOVID/bginfo' provisioning status is running VERBOSE: 11:16:16 - Resource Microsoft.Compute/virtualMachines 'DC2-SHM-DECOVID' provisioning status is succeeded VERBOSE: 11:16:16 - Checking deployment status in 13 seconds VERBOSE: 11:16:29 - Checking deployment status in 5 seconds VERBOSE: 11:16:34 - Checking deployment status in 5 seconds VERBOSE: 11:16:39 - Checking deployment status in 5 seconds VERBOSE: 11:16:44 - Checking deployment status in 5 seconds VERBOSE: 11:16:49 - Checking deployment status in 5 seconds VERBOSE: 11:16:54 - Checking deployment status in 5 seconds VERBOSE: 11:16:59 - Checking deployment status in 5 seconds VERBOSE: 11:17:05 - Checking deployment status in 5 seconds VERBOSE: 11:17:10 - Checking deployment status in 5 seconds VERBOSE: 11:17:15 - Checking deployment status in 5 seconds VERBOSE: 11:17:20 - Checking deployment status in 5 seconds VERBOSE: 11:17:25 - Checking deployment status in 5 seconds VERBOSE: 11:17:30 - Checking deployment status in 5 seconds VERBOSE: 11:17:35 - Checking deployment status in 5 seconds VERBOSE: 11:17:40 - Checking deployment status in 5 seconds VERBOSE: 11:17:45 - Checking deployment status in 5 seconds VERBOSE: 11:17:50 - Checking deployment status in 5 seconds VERBOSE: 11:17:56 - Checking deployment status in 5 seconds VERBOSE: 11:18:01 - Checking deployment status in 15 seconds VERBOSE: 11:18:16 - Resource Microsoft.Compute/virtualMachines/extensions 'DC2-SHM-DECOVID/bginfo' provisioning status is succeeded VERBOSE: 11:18:16 - Checking deployment status in 5 seconds VERBOSE: 11:18:21 - Checking deployment status in 5 seconds VERBOSE: 11:18:26 - Checking deployment status in 5 seconds VERBOSE: 11:18:31 - Checking deployment status in 5 seconds VERBOSE: 11:18:36 - Checking deployment status in 5 seconds VERBOSE: 11:18:41 - Checking deployment status in 5 seconds VERBOSE: 11:18:47 - Checking deployment status in 5 seconds VERBOSE: 11:18:52 - Checking deployment status in 5 seconds VERBOSE: 11:18:57 - Checking deployment status in 5 seconds VERBOSE: 11:19:02 - Checking deployment status in 5 seconds VERBOSE: 11:19:07 - Checking deployment status in 5 seconds VERBOSE: 11:19:12 - Checking deployment status in 5 seconds VERBOSE: 11:19:17 - Checking deployment status in 5 seconds VERBOSE: 11:19:22 - Checking deployment status in 5 seconds VERBOSE: 11:19:27 - Checking deployment status in 5 seconds VERBOSE: 11:19:32 - Checking deployment status in 5 seconds VERBOSE: 11:19:38 - Checking deployment status in 5 seconds VERBOSE: 11:19:43 - Checking deployment status in 5 seconds VERBOSE: 11:19:48 - Checking deployment status in 5 seconds VERBOSE: 11:19:53 - Checking deployment status in 5 seconds VERBOSE: 11:19:58 - Checking deployment status in 5 seconds VERBOSE: 11:20:03 - Checking deployment status in 15 seconds VERBOSE: 11:20:18 - Checking deployment status in 5 seconds VERBOSE: 11:20:23 - Checking deployment status in 5 seconds VERBOSE: 11:20:28 - Checking deployment status in 5 seconds VERBOSE: 11:20:34 - Checking deployment status in 5 seconds VERBOSE: 11:20:39 - Checking deployment status in 5 seconds VERBOSE: 11:20:44 - Checking deployment status in 5 seconds VERBOSE: 11:20:49 - Checking deployment status in 5 seconds VERBOSE: 11:20:54 - Checking deployment status in 5 seconds VERBOSE: 11:20:59 - Checking deployment status in 5 seconds VERBOSE: 11:21:04 - Checking deployment status in 5 seconds VERBOSE: 11:21:09 - Checking deployment status in 5 seconds VERBOSE: 11:21:14 - Checking deployment status in 5 seconds VERBOSE: 11:21:20 - Checking deployment status in 5 seconds VERBOSE: 11:21:25 - Checking deployment status in 5 seconds VERBOSE: 11:21:30 - Checking deployment status in 5 seconds VERBOSE: 11:21:35 - Checking deployment status in 5 seconds VERBOSE: 11:21:40 - Checking deployment status in 5 seconds VERBOSE: 11:21:45 - Checking deployment status in 5 seconds VERBOSE: 11:21:50 - Checking deployment status in 5 seconds VERBOSE: 11:21:55 - Checking deployment status in 5 seconds VERBOSE: 11:22:00 - Checking deployment status in 5 seconds VERBOSE: 11:22:06 - Checking deployment status in 12 seconds VERBOSE: 11:22:18 - Checking deployment status in 5 seconds VERBOSE: 11:22:23 - Checking deployment status in 5 seconds VERBOSE: 11:22:28 - Checking deployment status in 5 seconds VERBOSE: 11:22:33 - Checking deployment status in 5 seconds VERBOSE: 11:22:38 - Checking deployment status in 5 seconds VERBOSE: 11:22:43 - Checking deployment status in 5 seconds VERBOSE: 11:22:48 - Checking deployment status in 5 seconds VERBOSE: 11:22:53 - Checking deployment status in 5 seconds VERBOSE: 11:22:59 - Checking deployment status in 5 seconds VERBOSE: 11:23:04 - Checking deployment status in 5 seconds VERBOSE: 11:23:09 - Checking deployment status in 5 seconds VERBOSE: 11:23:14 - Checking deployment status in 5 seconds VERBOSE: 11:23:19 - Checking deployment status in 5 seconds VERBOSE: 11:23:24 - Checking deployment status in 5 seconds VERBOSE: 11:23:29 - Checking deployment status in 5 seconds VERBOSE: 11:23:34 - Checking deployment status in 5 seconds VERBOSE: 11:23:39 - Checking deployment status in 5 seconds VERBOSE: 11:23:44 - Checking deployment status in 5 seconds VERBOSE: 11:23:50 - Checking deployment status in 5 seconds VERBOSE: 11:23:55 - Checking deployment status in 5 seconds VERBOSE: 11:24:00 - Checking deployment status in 5 seconds VERBOSE: 11:24:05 - Checking deployment status in 16 seconds VERBOSE: 11:24:21 - Checking deployment status in 5 seconds VERBOSE: 11:24:26 - Checking deployment status in 5 seconds VERBOSE: 11:24:31 - Checking deployment status in 5 seconds VERBOSE: 11:24:36 - Checking deployment status in 5 seconds VERBOSE: 11:24:41 - Checking deployment status in 5 seconds VERBOSE: 11:24:46 - Checking deployment status in 5 seconds VERBOSE: 11:24:52 - Checking deployment status in 5 seconds VERBOSE: 11:24:57 - Checking deployment status in 5 seconds VERBOSE: 11:25:02 - Checking deployment status in 5 seconds VERBOSE: 11:25:07 - Checking deployment status in 5 seconds VERBOSE: 11:25:12 - Checking deployment status in 5 seconds VERBOSE: 11:25:17 - Checking deployment status in 5 seconds VERBOSE: 11:25:22 - Checking deployment status in 5 seconds VERBOSE: 11:25:27 - Checking deployment status in 5 seconds VERBOSE: 11:25:32 - Checking deployment status in 5 seconds VERBOSE: 11:25:38 - Checking deployment status in 5 seconds VERBOSE: 11:25:43 - Checking deployment status in 5 seconds VERBOSE: 11:25:48 - Checking deployment status in 5 seconds VERBOSE: 11:25:53 - Checking deployment status in 5 seconds VERBOSE: 11:25:58 - Checking deployment status in 5 seconds VERBOSE: 11:26:03 - Checking deployment status in 14 seconds VERBOSE: 11:26:17 - Checking deployment status in 5 seconds VERBOSE: 11:26:22 - Checking deployment status in 5 seconds VERBOSE: 11:26:27 - Checking deployment status in 5 seconds VERBOSE: 11:26:32 - Checking deployment status in 5 seconds VERBOSE: 11:26:37 - Checking deployment status in 5 seconds VERBOSE: 11:26:43 - Checking deployment status in 5 seconds VERBOSE: 11:26:48 - Checking deployment status in 5 seconds VERBOSE: 11:26:53 - Checking deployment status in 5 seconds VERBOSE: 11:26:58 - Checking deployment status in 5 seconds VERBOSE: 11:27:03 - Checking deployment status in 5 seconds VERBOSE: 11:27:08 - Checking deployment status in 5 seconds VERBOSE: 11:27:13 - Checking deployment status in 5 seconds VERBOSE: 11:27:18 - Checking deployment status in 5 seconds VERBOSE: 11:27:23 - Checking deployment status in 5 seconds VERBOSE: 11:27:29 - Checking deployment status in 5 seconds VERBOSE: 11:27:34 - Checking deployment status in 5 seconds VERBOSE: 11:27:39 - Checking deployment status in 5 seconds VERBOSE: 11:27:44 - Checking deployment status in 5 seconds VERBOSE: 11:27:49 - Checking deployment status in 5 seconds VERBOSE: 11:27:54 - Checking deployment status in 5 seconds VERBOSE: 11:27:59 - Checking deployment status in 5 seconds VERBOSE: 11:28:04 - Checking deployment status in 14 seconds VERBOSE: 11:28:18 - Checking deployment status in 5 seconds VERBOSE: 11:28:23 - Checking deployment status in 5 seconds VERBOSE: 11:28:29 - Checking deployment status in 5 seconds VERBOSE: 11:28:34 - Checking deployment status in 5 seconds VERBOSE: 11:28:39 - Checking deployment status in 5 seconds VERBOSE: 11:28:44 - Checking deployment status in 5 seconds VERBOSE: 11:28:49 - Checking deployment status in 5 seconds VERBOSE: 11:28:54 - Checking deployment status in 5 seconds VERBOSE: 11:29:00 - Checking deployment status in 5 seconds VERBOSE: 11:29:05 - Checking deployment status in 5 seconds VERBOSE: 11:29:10 - Checking deployment status in 5 seconds VERBOSE: 11:29:15 - Checking deployment status in 5 seconds VERBOSE: 11:29:20 - Checking deployment status in 5 seconds VERBOSE: 11:29:25 - Checking deployment status in 5 seconds VERBOSE: 11:29:30 - Checking deployment status in 5 seconds VERBOSE: 11:29:35 - Checking deployment status in 5 seconds VERBOSE: 11:29:40 - Checking deployment status in 5 seconds VERBOSE: 11:29:45 - Checking deployment status in 5 seconds VERBOSE: 11:29:50 - Checking deployment status in 5 seconds VERBOSE: 11:29:56 - Checking deployment status in 5 seconds VERBOSE: 11:30:01 - Checking deployment status in 5 seconds VERBOSE: 11:30:06 - Resource Microsoft.Compute/virtualMachines/extensions 'DC2-SHM-DECOVID/CreateADBDC' provisioning status is running VERBOSE: 11:30:06 - Resource Microsoft.Compute/virtualMachines/extensions 'DC1-SHM-DECOVID/bginfo' provisioning status is succeeded VERBOSE: 11:30:06 - Resource Microsoft.Compute/virtualMachines/extensions 'DC1-SHM-DECOVID/CreateADForest' provisioning status is succeeded VERBOSE: 11:30:06 - Checking deployment status in 15 seconds VERBOSE: 11:30:21 - Checking deployment status in 5 seconds VERBOSE: 11:30:26 - Checking deployment status in 5 seconds VERBOSE: 11:30:31 - Checking deployment status in 5 seconds VERBOSE: 11:30:36 - Checking deployment status in 5 seconds VERBOSE: 11:30:41 - Checking deployment status in 5 seconds VERBOSE: 11:30:46 - Checking deployment status in 5 seconds VERBOSE: 11:30:51 - Checking deployment status in 5 seconds VERBOSE: 11:30:57 - Checking deployment status in 5 seconds VERBOSE: 11:31:02 - Checking deployment status in 5 seconds VERBOSE: 11:31:07 - Checking deployment status in 5 seconds VERBOSE: 11:31:12 - Checking deployment status in 5 seconds VERBOSE: 11:31:17 - Checking deployment status in 5 seconds VERBOSE: 11:31:22 - Checking deployment status in 5 seconds VERBOSE: 11:31:27 - Checking deployment status in 5 seconds VERBOSE: 11:31:32 - Checking deployment status in 5 seconds VERBOSE: 11:31:37 - Checking deployment status in 5 seconds VERBOSE: 11:31:42 - Checking deployment status in 5 seconds VERBOSE: 11:31:48 - Checking deployment status in 5 seconds VERBOSE: 11:31:53 - Checking deployment status in 5 seconds VERBOSE: 11:31:58 - Checking deployment status in 5 seconds VERBOSE: 11:32:03 - Checking deployment status in 5 seconds VERBOSE: 11:32:08 - Checking deployment status in 13 seconds VERBOSE: 11:32:21 - Checking deployment status in 5 seconds VERBOSE: 11:32:26 - Checking deployment status in 5 seconds VERBOSE: 11:32:31 - Checking deployment status in 5 seconds VERBOSE: 11:32:36 - Checking deployment status in 5 seconds VERBOSE: 11:32:42 - Checking deployment status in 5 seconds VERBOSE: 11:32:47 - Checking deployment status in 5 seconds VERBOSE: 11:32:52 - Checking deployment status in 5 seconds VERBOSE: 11:32:57 - Checking deployment status in 5 seconds VERBOSE: 11:33:02 - Checking deployment status in 5 seconds VERBOSE: 11:33:07 - Checking deployment status in 5 seconds VERBOSE: 11:33:12 - Checking deployment status in 5 seconds VERBOSE: 11:33:17 - Checking deployment status in 5 seconds VERBOSE: 11:33:22 - Checking deployment status in 5 seconds VERBOSE: 11:33:28 - Checking deployment status in 5 seconds VERBOSE: 11:33:33 - Checking deployment status in 5 seconds VERBOSE: 11:33:38 - Checking deployment status in 5 seconds VERBOSE: 11:33:43 - Checking deployment status in 5 seconds VERBOSE: 11:33:48 - Checking deployment status in 5 seconds VERBOSE: 11:33:53 - Checking deployment status in 5 seconds VERBOSE: 11:33:58 - Checking deployment status in 5 seconds VERBOSE: 11:34:03 - Checking deployment status in 5 seconds VERBOSE: 11:34:08 - Checking deployment status in 13 seconds VERBOSE: 11:34:22 - Checking deployment status in 5 seconds VERBOSE: 11:34:27 - Checking deployment status in 5 seconds VERBOSE: 11:34:32 - Checking deployment status in 5 seconds VERBOSE: 11:34:37 - Checking deployment status in 5 seconds VERBOSE: 11:34:42 - Checking deployment status in 5 seconds VERBOSE: 11:34:47 - Checking deployment status in 5 seconds VERBOSE: 11:34:52 - Checking deployment status in 5 seconds VERBOSE: 11:34:57 - Checking deployment status in 5 seconds VERBOSE: 11:35:02 - Checking deployment status in 5 seconds VERBOSE: 11:35:08 - Checking deployment status in 5 seconds VERBOSE: 11:35:13 - Checking deployment status in 5 seconds VERBOSE: 11:35:18 - Checking deployment status in 5 seconds VERBOSE: 11:35:23 - Checking deployment status in 5 seconds VERBOSE: 11:35:28 - Checking deployment status in 5 seconds VERBOSE: 11:35:33 - Checking deployment status in 5 seconds VERBOSE: 11:35:38 - Checking deployment status in 5 seconds VERBOSE: 11:35:43 - Checking deployment status in 5 seconds VERBOSE: 11:35:49 - Checking deployment status in 5 seconds VERBOSE: 11:35:54 - Checking deployment status in 5 seconds VERBOSE: 11:35:59 - Checking deployment status in 5 seconds VERBOSE: 11:36:04 - Checking deployment status in 5 seconds VERBOSE: 11:36:09 - Checking deployment status in 13 seconds VERBOSE: 11:36:22 - Checking deployment status in 5 seconds VERBOSE: 11:36:27 - Checking deployment status in 5 seconds VERBOSE: 11:36:32 - Checking deployment status in 5 seconds VERBOSE: 11:36:37 - Checking deployment status in 5 seconds VERBOSE: 11:36:42 - Checking deployment status in 5 seconds VERBOSE: 11:36:47 - Checking deployment status in 5 seconds VERBOSE: 11:36:53 - Checking deployment status in 5 seconds VERBOSE: 11:36:58 - Checking deployment status in 5 seconds VERBOSE: 11:37:03 - Checking deployment status in 5 seconds VERBOSE: 11:37:08 - Checking deployment status in 5 seconds VERBOSE: 11:37:13 - Checking deployment status in 5 seconds VERBOSE: 11:37:18 - Checking deployment status in 5 seconds VERBOSE: 11:37:23 - Checking deployment status in 5 seconds VERBOSE: 11:37:28 - Checking deployment status in 5 seconds VERBOSE: 11:37:33 - Checking deployment status in 5 seconds VERBOSE: 11:37:38 - Checking deployment status in 5 seconds VERBOSE: 11:37:44 - Checking deployment status in 5 seconds VERBOSE: 11:37:49 - Checking deployment status in 5 seconds VERBOSE: 11:37:54 - Checking deployment status in 5 seconds VERBOSE: 11:37:59 - Checking deployment status in 5 seconds VERBOSE: 11:38:04 - Checking deployment status in 5 seconds VERBOSE: 11:38:09 - Checking deployment status in 15 seconds VERBOSE: 11:38:24 - Checking deployment status in 5 seconds VERBOSE: 11:38:30 - Checking deployment status in 5 seconds VERBOSE: 11:38:35 - Checking deployment status in 5 seconds VERBOSE: 11:38:40 - Checking deployment status in 5 seconds VERBOSE: 11:38:45 - Checking deployment status in 5 seconds VERBOSE: 11:38:50 - Resource Microsoft.Compute/virtualMachines/extensions 'DC2-SHM-DECOVID/CreateADBDC' provisioning status is succeeded ResourceGroupName : RG_SHM_DECOVID_DC OnErrorDeployment : DeploymentName : shm-dc-template CorrelationId : a79724dc-0dcc-45a3-a2b5-0ca34880c7c5 ProvisioningState : Succeeded Timestamp : 10/07/2020 10:38:50 Mode : Incremental TemplateLink : TemplateLinkString : DeploymentDebugLogLevel : ResponseContent Parameters : {[administrator_Password, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [administrator_User, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [artifacts_Location, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable], [artifacts_Location_SAS_Token, Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkModels.DeploymentVariable]…} ParametersString : Name Type Value ================================ ========================= ========== administrator_Password SecureString administrator_User String domaindecovidadmin artifacts_Location String https://shmdecovidartifactsoceuy.blob.core.windows.net artifacts_Location_SAS_Token SecureString bootDiagnostics_Account_Name String shmdecovidbootdiagsoceuy dC1_Data_Disk_Size_GB Int 20 dC1_Data_Disk_Type String Standard_LRS dC1_Host_Name String DC1-SHM-DECOVID dC1_IP_Address String 10.0.0.4 dC1_Os_Disk_Size_GB Int 128 dC1_Os_Disk_Type String Standard_LRS dC1_VM_Name String DC1-SHM-DECOVID dC1_VM_Size String Standard_D2s_v3 dC2_Data_Disk_Size_GB Int 20 dC2_Data_Disk_Type String Standard_LRS dC2_Host_Name String DC2-SHM-DECOVID dC2_IP_Address String 10.0.0.5 dC2_Os_Disk_Size_GB Int 128 dC2_Os_Disk_Type String Standard_LRS dC2_VM_Name String DC2-SHM-DECOVID dC2_VM_Size String Standard_D2s_v3 domain_Name String decovid.turingsafehaven.ac.uk domain_NetBIOS_Name String DECOVID external_DNS_Resolver String 168.63.129.16 safeMode_Password SecureString shm_Id String decovid virtual_Network_Name String VNET_SHM_DECOVID virtual_Network_Resource_Group String RG_SHM_DECOVID_NETWORKING virtual_Network_Subnet String IdentitySubnet Outputs : OutputsString : 2020-07-10 11:38:53 [ INFO]: CreateADBDC: ProvisioningState/succeeded DSC configuration was applied successfully. 2020-07-10 11:38:53 [ INFO]: CreateADBDC: ComponentStatus/DscConfigurationLog/succeeded [2020-07-10 10:38:32Z] [WARNING] [DC2-SHM-DECOVID]: [[xPendingReboot]RebootAfterPromotion] Unable to query CCM_ClientUtilities: Invalid namespace [2020-07-10 10:38:32Z] [VERBOSE] [DC2-SHM-DECOVID]: [[xPendingReboot]RebootAfterPromotion] No pending reboots found. [2020-07-10 10:38:32Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Test ] [[xPendingReboot]RebootAfterPromotion] in 0.3120 seconds. [2020-07-10 10:38:32Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ Skip Set ] [[xPendingReboot]RebootAfterPromotion] [2020-07-10 10:38:32Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Resource ] [[xPendingReboot]RebootAfterPromotion] [2020-07-10 10:38:32Z] [VERBOSE] [DC2-SHM-DECOVID]: [] Consistency check completed. [2020-07-10 10:38:32Z] [VERBOSE] Operation 'Invoke CimMethod' complete. [2020-07-10 10:38:32Z] [VERBOSE] Time taken for configuration job to complete is 27.122 seconds [2020-07-10 10:38:37Z] [VERBOSE] Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target "MSFT_DSCLocalConfigurationManager". [2020-07-10 10:38:37Z] [VERBOSE] Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. [2020-07-10 10:38:37Z] [VERBOSE] An LCM method call arrived from computer DC2-SHM-DECOVID with user sid S-1-5-18. [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ Start Set ] [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ Start Resource ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ Start Set ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Set ] [MSFT_DSCMetaConfiguration] in 0.0310 seconds. [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Resource ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Set ] [2020-07-10 10:38:37Z] [VERBOSE] [DC2-SHM-DECOVID]: LCM: [ End Set ] in 0.0620 seconds. [2020-07-10 10:38:37Z] [VERBOSE] Operation 'Invoke CimMethod' complete. [2020-07-10 10:38:37Z] [VERBOSE] Set-DscLocalConfigurationManager finished in 0.179 seconds. 2020-07-10 11:38:53 [ INFO]: CreateADBDC: ComponentStatus/DscExtensionLog/succeeded [2020-07-10 10:37:57Z] Extension request for sequence number 0 attempting to create lock.0 mutex [2020-07-10 10:37:57Z] Attempting to grab mutex DscExtensionHandler_Lock for sequence number 0 [2020-07-10 10:37:57Z] Acquired lock for extension instance for sequence number 0 [2020-07-10 10:37:57Z] Attempting to acquire extension lock [2020-07-10 10:37:57Z] Attempting to grab mutex DscExtensionHandler_Lock [2020-07-10 10:37:57Z] Acquired lock for extension [2020-07-10 10:37:57Z] lock does not exist: begin processing [2020-07-10 10:37:57Z] Starting DSC Extension ... [2020-07-10 10:37:57Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:37:57Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:37:57Z] Reading handler settings from C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\RuntimeSettings\0.settings [2020-07-10 10:37:57Z] Found protected settings on Azure VM. Decrypting. [2020-07-10 10:38:00Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:38:00Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:38:00Z] Updating execution status (HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status) [2020-07-10 10:38:00Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:38:00Z] Will continue the existing configuration. Executing Start-DscConfiguration with -UseExisting option ... [2020-07-10 10:38:01Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:38:33Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:38:35Z] LCM state is Idle [2020-07-10 10:38:35Z] DSC configuration completed. [2020-07-10 10:38:35Z] Resetting metaconfiguration... [2020-07-10 10:38:35Z] Restoring C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\DSCWork\CreateADBDC.0\CreateADBDC\localhost.meta.mof.bk... [2020-07-10 10:38:35Z] Executing Set-DscLocalConfigurationManager... [2020-07-10 10:38:35Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:38:38Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:38:38Z] Get-DscLocalConfigurationManager: ActionAfterReboot : ContinueConfiguration AgentId : 75B069C0-C298-11EA-969F-0022483EEE02 AllowModuleOverWrite : False CertificateID : 03614A7E4684441BB92F84365051184E824F0320 ConfigurationDownloadManagers : {} ConfigurationID : ConfigurationMode : ApplyOnly ConfigurationModeFrequencyMins : 15 Credential : DebugMode : {NONE} DownloadManagerCustomData : DownloadManagerName : LCMCompatibleVersions : {1.0, 2.0} LCMState : Idle LCMStateDetail : LCMVersion : 2.0 StatusRetentionTimeInDays : 10 SignatureValidationPolicy : NONE SignatureValidations : {} MaximumDownloadSizeMB : 500 PartialConfigurations : RebootNodeIfNeeded : True RefreshFrequencyMins : 30 RefreshMode : PUSH ReportManagers : {} ResourceModuleManagers : {} PSComputerName : [2020-07-10 10:38:38Z] Settings handler status to 'success' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) 2020-07-10 11:38:53 [ INFO]: CreateADBDC: ComponentStatus/Metadata/succeeded VMUUId=D1F78C5C-D45B-4918-BF3E-5E68227DD6CE;AgentId=75B069C0-C298-11EA-969F-0022483EEE02; 2020-07-10 11:38:53 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 11:38:53 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 11:38:53 [ INFO]: CreateADForest: ProvisioningState/succeeded DSC configuration was applied successfully. 2020-07-10 11:38:53 [ INFO]: CreateADForest: ComponentStatus/DscConfigurationLog/succeeded [2020-07-10 10:29:50Z] [WARNING] [DC1-SHM-DECOVID]: [[xPendingReboot]RebootAfterPromotion] Unable to query CCM_ClientUtilities: Invalid namespace [2020-07-10 10:29:50Z] [VERBOSE] [DC1-SHM-DECOVID]: [[xPendingReboot]RebootAfterPromotion] No pending reboots found. [2020-07-10 10:29:50Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Test ] [[xPendingReboot]RebootAfterPromotion] in 0.4770 seconds. [2020-07-10 10:29:50Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ Skip Set ] [[xPendingReboot]RebootAfterPromotion] [2020-07-10 10:29:50Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Resource ] [[xPendingReboot]RebootAfterPromotion] [2020-07-10 10:29:50Z] [VERBOSE] [DC1-SHM-DECOVID]: [] Consistency check completed. [2020-07-10 10:29:50Z] [VERBOSE] Operation 'Invoke CimMethod' complete. [2020-07-10 10:29:50Z] [VERBOSE] Time taken for configuration job to complete is 330.389 seconds [2020-07-10 10:29:54Z] [VERBOSE] Performing the operation "Start-DscConfiguration: SendMetaConfigurationApply" on target "MSFT_DSCLocalConfigurationManager". [2020-07-10 10:29:54Z] [VERBOSE] Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendMetaConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'. [2020-07-10 10:29:54Z] [VERBOSE] An LCM method call arrived from computer DC1-SHM-DECOVID with user sid S-1-5-18. [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ Start Set ] [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ Start Resource ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ Start Set ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Set ] [MSFT_DSCMetaConfiguration] in 0.0310 seconds. [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Resource ] [MSFT_DSCMetaConfiguration] [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Set ] [2020-07-10 10:29:54Z] [VERBOSE] [DC1-SHM-DECOVID]: LCM: [ End Set ] in 0.0620 seconds. [2020-07-10 10:29:54Z] [VERBOSE] Operation 'Invoke CimMethod' complete. [2020-07-10 10:29:54Z] [VERBOSE] Set-DscLocalConfigurationManager finished in 0.191 seconds. 2020-07-10 11:38:53 [ INFO]: CreateADForest: ComponentStatus/DscExtensionLog/succeeded [2020-07-10 10:24:13Z] Extension request for sequence number 0 attempting to create lock.0 mutex [2020-07-10 10:24:13Z] Attempting to grab mutex DscExtensionHandler_Lock for sequence number 0 [2020-07-10 10:24:13Z] Acquired lock for extension instance for sequence number 0 [2020-07-10 10:24:13Z] Attempting to acquire extension lock [2020-07-10 10:24:13Z] Attempting to grab mutex DscExtensionHandler_Lock [2020-07-10 10:24:13Z] Acquired lock for extension [2020-07-10 10:24:13Z] lock does not exist: begin processing [2020-07-10 10:24:13Z] Starting DSC Extension ... [2020-07-10 10:24:13Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:24:13Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:24:13Z] Reading handler settings from C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\RuntimeSettings\0.settings [2020-07-10 10:24:13Z] Found protected settings on Azure VM. Decrypting. [2020-07-10 10:24:16Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:24:17Z] Getting handler execution status HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status ... [2020-07-10 10:24:17Z] Updating execution status (HKLM:\SOFTWARE\Microsoft\Azure\DSC\2.80.0.2\Status) [2020-07-10 10:24:17Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:24:17Z] Will continue the existing configuration. Executing Start-DscConfiguration with -UseExisting option ... [2020-07-10 10:24:17Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:29:52Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:29:52Z] LCM state is Idle [2020-07-10 10:29:52Z] DSC configuration completed. [2020-07-10 10:29:52Z] Resetting metaconfiguration... [2020-07-10 10:29:52Z] Restoring C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\DSCWork\CreateADPDC.0\CreateADPDC\localhost.meta.mof.bk... [2020-07-10 10:29:52Z] Executing Set-DscLocalConfigurationManager... [2020-07-10 10:29:52Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:29:56Z] Settings handler status to 'transitioning' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) [2020-07-10 10:29:56Z] Get-DscLocalConfigurationManager: ActionAfterReboot : ContinueConfiguration AgentId : 632DBCBE-C296-11EA-969F-0022483EEA42 AllowModuleOverWrite : False CertificateID : 5A946F8E5D1C68F1C790B6B60E0484585956E6ED ConfigurationDownloadManagers : {} ConfigurationID : ConfigurationMode : ApplyOnly ConfigurationModeFrequencyMins : 15 Credential : DebugMode : {NONE} DownloadManagerCustomData : DownloadManagerName : LCMCompatibleVersions : {1.0, 2.0} LCMState : Idle LCMStateDetail : LCMVersion : 2.0 StatusRetentionTimeInDays : 10 SignatureValidationPolicy : NONE SignatureValidations : {} MaximumDownloadSizeMB : 500 PartialConfigurations : RebootNodeIfNeeded : True RefreshFrequencyMins : 30 RefreshMode : PUSH ReportManagers : {} ResourceModuleManagers : {} PSComputerName : [2020-07-10 10:29:56Z] Settings handler status to 'success' (C:\Packages\Plugins\Microsoft.Powershell.DSC\2.80.0.2\Status\0.status) 2020-07-10 11:38:53 [ INFO]: CreateADForest: ComponentStatus/Metadata/succeeded VMUUId=99068AEE-01B4-4B5D-AA7F-37320103BB02;AgentId=632DBCBE-C296-11EA-969F-0022483EEA42; 2020-07-10 11:38:53 [SUCCESS]: [✔] Template deployment 'shm-dc-template' succeeded 2020-07-10 11:38:53 [ INFO]: Importing configuration artifacts for: DC1-SHM-DECOVID... 2020-07-10 11:41:05 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Directory: C:\ Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7/10/2020 10:39 AM Installation Downloading 7 files to 'C:\Installation'... Downloading AzureADConnect to 'C:\Installation'... [o] Completed Extracting zip files... [o] Completed Contents of 'C:\Installation' are: Directory: C:\Installation Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 7/10/2020 10:40 AM GPOs -a---- 7/10/2020 10:40 AM 101203968 AzureADConnect.msi -a---- 7/10/2020 10:39 AM 1949 CreateUsers.ps1 -a---- 7/10/2020 10:39 AM 1143 Disconnect_AD.ps1 -a---- 7/10/2020 10:39 AM 36260 GPOs.zip -a---- 7/10/2020 10:39 AM 286 Run_ADSync.ps1 -a---- 7/10/2020 10:39 AM 1746 StartMenuLayoutModification.xml -a---- 7/10/2020 10:39 AM 1919 UpdateAADSyncRule.ps1 -a---- 7/10/2020 10:39 AM 151 user_details_template.csv Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:41:15 [ INFO]: Configuring Active Directory for: DC1-SHM-DECOVID... 2020-07-10 11:42:26 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : fc-758c74888661 DisplayName : All Servers - Windows Services Enabled : True Enforced : False Target : OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 2 [o] Linking GPO 'All Servers - Windows Services' to 'Secure Research Environment Data Servers' succeeded GpoId : 92e8a6ee-9a0d-4057-bffc-758c74888661 DisplayName : All Servers - Windows Services Enabled : True Enforced : False Target : OU=Secure Research Environment RDS Session Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 2 [o] Linking GPO 'All Servers - Windows Services' to 'Secure Research Environment RDS Session Servers' succeeded GpoId : 92e8a6ee-9a0d-4057-bffc-758c74888661 DisplayName : All Servers - Windows Services Enabled : True Enforced : False Target : OU=Secure Research Environment RDS Gateway Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 2 [o] Linking GPO 'All Servers - Windows Services' to 'Secure Research Environment RDS Gateway Servers' succeeded GpoId : 0cb867e5-f504-4103-9682-33437c4ab458 DisplayName : All Servers - Windows Update Enabled : True Enforced : False Target : OU=Domain Controllers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 3 [o] Linking GPO 'All Servers - Windows Update' to 'Domain Controllers' succeeded GpoId : 0cb867e5-f504-4103-9682-33437c4ab458 DisplayName : All Servers - Windows Update Enabled : True Enforced : False Target : OU=Safe Haven Identity Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 3 [o] Linking GPO 'All Servers - Windows Update' to 'Safe Haven Identity Servers' succeeded GpoId : 0cb867e5-f504-4103-9682-33437c4ab458 DisplayName : All Servers - Windows Update Enabled : True Enforced : False Target : OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 3 [o] Linking GPO 'All Servers - Windows Update' to 'Secure Research Environment Data Servers' succeeded GpoId : 0cb867e5-f504-4103-9682-33437c4ab458 DisplayName : All Servers - Windows Update Enabled : True Enforced : False Target : OU=Secure Research Environment RDS Session Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 3 [o] Linking GPO 'All Servers - Windows Update' to 'Secure Research Environment RDS Session Servers' succeeded GpoId : 0cb867e5-f504-4103-9682-33437c4ab458 DisplayName : All Servers - Windows Update Enabled : True Enforced : False Target : OU=Secure Research Environment RDS Gateway Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 3 [o] Linking GPO 'All Servers - Windows Update' to 'Secure Research Environment RDS Gateway Servers' succeeded GpoId : ea2f18e4-97e1-498e-ac78-0fc17edee9a0 DisplayName : Session Servers - Remote Desktop Control Enabled : True Enforced : False Target : OU=Secure Research Environment RDS Session Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk Order : 4 [o] Linking GPO 'Session Servers - Remote Desktop Control' to 'Secure Research Environment RDS Session Servers' succeeded Setting AAD sync permissions for AD Sync Service account (decovidlocaladsync)... [o] Successfully updated ACL permissions for AD Sync Service account 'decovidlocaladsync' Delegating Active Directory registration permissions to service users... [o] Successfully delegated permissions on the 'Safe Haven Identity Servers' container to 'DECOVID\decovididentitysrvrs' [o] Successfully delegated permissions on the 'Secure Research Environment Data Servers' container to 'DECOVID\decoviddatasrvrs' [o] Successfully delegated permissions on the 'Secure Research Environment Linux Servers' container to 'DECOVID\decovidlinuxsrvrs' [o] Successfully delegated permissions on the 'Secure Research Environment RDS Gateway Servers' container to 'DECOVID\decovidgatewaysrvrs' [o] Successfully delegated permissions on the 'Secure Research Environment RDS Session Servers' container to 'DECOVID\decovidsessionsrvrs' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:42:36 [ INFO]: Configuring group policies for: DC1-SHM-DECOVID... 2020-07-10 11:43:07 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Found the 'Local Administrators' group: S-1-5-32-544 Ensuring that members of 'SG Safe Haven Server Administrators' are local administrators [o] Successfully set group policies for 'Local Administrators' Setting the layout file for the Remote Desktop servers... [o] Succeeded Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:43:48 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Forward external DNS requests to Microsoft Azure DNS server... UseRootHint : True Timeout(s) : 3 EnableReordering : True IPAddress : 168.63.129.16 ReorderedIPAddress : 168.63.129.16 [o] Successfully created/updated DNS forwarding Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : VirtualMachine : Microsoft.Azure.Commands.Network.Models.PSResourceId IpConfigurations : {ipconfig1} TapConfigurations : {} DnsSettings : Microsoft.Azure.Commands.Network.Models.PSNetworkInterfaceDnsSettings MacAddress : 00-22-48-3E-EA-42 Primary : True EnableAcceleratedNetworking : False EnableIPForwarding : False HostedWorkloads : {} NetworkSecurityGroup : PrivateEndpoint : ProvisioningState : Succeeded VirtualMachineText : { "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Compute/virtualMachines/DC1-SHM-DECOVID" } IpConfigurationsText : [ { "Name": "ipconfig1", "Etag": "W/\"657a8025-7524-4b76-96a8-a20c03c1c53e\"", "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Network/networkInterfaces/DC1-SHM-DECOVID-NIC/ipConfigurations/ipconfig1", "PrivateIpAddress": "10.0.0.4", "PrivateIpAllocationMethod": "Static", "Subnet": { "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_NETWORKING/providers/Microsoft.Network/virtualNetworks/VNET_SHM_DECOVID/subnets/IdentitySubnet" }, "ProvisioningState": "Succeeded", "PrivateIpAddressVersion": "IPv4", "LoadBalancerBackendAddressPools": [], "LoadBalancerInboundNatRules": [], "Primary": true, "ApplicationGatewayBackendAddressPools": [], "ApplicationSecurityGroups": [], "VirtualNetworkTaps": [] } ] TapConfigurationsText : [] DnsSettingsText : { "DnsServers": [], "AppliedDnsServers": [ "10.0.0.4", "10.0.0.5", "168.63.129.16" ], "InternalDomainNameSuffix": "fwobo5yyamgetmimerib1u0k1f.zx.internal.cloudapp.net" } NetworkSecurityGroupText : null PrivateEndpointText : null ResourceGroupName : RG_SHM_DECOVID_DC Location : uksouth ResourceGuid : f704d989-cc68-4af9-8bdc-47ed745841d3 Type : Microsoft.Network/networkInterfaces Tag : TagsTable : Name : DC1-SHM-DECOVID-NIC Etag : W/"657a8025-7524-4b76-96a8-a20c03c1c53e" Id : /subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Network/networkInterfaces/DC1-SHM-DECOVID-NIC 2020-07-10 11:45:03 [ INFO]: Updating DC VM 'DC1-SHM-DECOVID'... 2020-07-10 11:45:03 [ INFO]: [ ] Installing core Powershell modules on 'DC1-SHM-DECOVID' 2020-07-10 11:48:06 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:49:16 [ INFO]: [ ] Setting OS locale and installing updates on 'DC1-SHM-DECOVID' 2020-07-10 11:52:48 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 5 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:52:59 [ INFO]: [ ] (Re)starting VM 'DC1-SHM-DECOVID' [PowerState/running] 2020-07-10 11:53:30 [SUCCESS]: [✔] Successfully (re)started 'DC1-SHM-DECOVID' [PowerState/running] 2020-07-10 11:54:31 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Forward external DNS requests to Microsoft Azure DNS server... UseRootHint : True Timeout(s) : 3 EnableReordering : True IPAddress : {168.63.129.16, 10.0.0.4} ReorderedIPAddress : {168.63.129.16, 10.0.0.4} [o] Successfully created/updated DNS forwarding Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : VirtualMachine : Microsoft.Azure.Commands.Network.Models.PSResourceId IpConfigurations : {ipconfig1} TapConfigurations : {} DnsSettings : Microsoft.Azure.Commands.Network.Models.PSNetworkInterfaceDnsSettings MacAddress : 00-22-48-3E-EE-02 Primary : True EnableAcceleratedNetworking : False EnableIPForwarding : False HostedWorkloads : {} NetworkSecurityGroup : PrivateEndpoint : ProvisioningState : Succeeded VirtualMachineText : { "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Compute/virtualMachines/DC2-SHM-DECOVID" } IpConfigurationsText : [ { "Name": "ipconfig1", "Etag": "W/\"88b99086-8b6f-482c-a032-8f325f64882e\"", "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Network/networkInterfaces/DC2-SHM-DECOVID-NIC/ipConfigurations/ipconfig1", "PrivateIpAddress": "10.0.0.5", "PrivateIpAllocationMethod": "Static", "Subnet": { "Id": "/subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_NETWORKING/providers/Microsoft.Network/virtualNetworks/VNET_SHM_DECOVID/subnets/IdentitySubnet" }, "ProvisioningState": "Succeeded", "PrivateIpAddressVersion": "IPv4", "LoadBalancerBackendAddressPools": [], "LoadBalancerInboundNatRules": [], "Primary": true, "ApplicationGatewayBackendAddressPools": [], "ApplicationSecurityGroups": [], "VirtualNetworkTaps": [] } ] TapConfigurationsText : [] DnsSettingsText : { "DnsServers": [], "AppliedDnsServers": [], "InternalDomainNameSuffix": "fwobo5yyamgetmimerib1u0k1f.zx.internal.cloudapp.net" } NetworkSecurityGroupText : null PrivateEndpointText : null ResourceGroupName : RG_SHM_DECOVID_DC Location : uksouth ResourceGuid : d84e612f-197e-4650-b1a2-50be59f6c2fe Type : Microsoft.Network/networkInterfaces Tag : TagsTable : Name : DC2-SHM-DECOVID-NIC Etag : W/"88b99086-8b6f-482c-a032-8f325f64882e" Id : /subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SHM_DECOVID_DC/providers/Microsoft.Network/networkInterfaces/DC2-SHM-DECOVID-NIC 2020-07-10 11:55:35 [ INFO]: Updating DC VM 'DC2-SHM-DECOVID'... 2020-07-10 11:55:35 [ INFO]: [ ] Installing core Powershell modules on 'DC2-SHM-DECOVID' 2020-07-10 11:58:07 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 11:59:17 [ INFO]: [ ] Setting OS locale and installing updates on 'DC2-SHM-DECOVID' 2020-07-10 12:02:49 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 5 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 12:03:00 [ INFO]: [ ] (Re)starting VM 'DC2-SHM-DECOVID' [PowerState/running] 2020-07-10 12:03:31 [SUCCESS]: [✔] Successfully (re)started 'DC2-SHM-DECOVID' [PowerState/running] ```

Setup_SHM_NPS

```pwsh 2020-07-10 12:23:48 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_NPS' exists... 2020-07-10 12:23:49 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_NPS' 2020-07-10 12:23:49 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_NPS' 2020-07-10 12:23:49 [ INFO]: Creating/retrieving secrets from key vault 'kv-shm-decovid'... 2020-07-10 12:23:53 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_ARTIFACTS' exists... 2020-07-10 12:23:54 [SUCCESS]: [✔] Resource group 'RG_SHM_DECOVID_ARTIFACTS' already exists 2020-07-10 12:23:54 [ INFO]: Ensuring that storage account 'shmdecovidartifactsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 12:23:55 [SUCCESS]: [✔] Storage account 'shmdecovidartifactsoceuy' already exists 2020-07-10 12:23:55 [ INFO]: Ensuring that storage container 'shm-configuration-nps' exists... 2020-07-10 12:23:56 [ INFO]: [ ] Creating storage container 'shm-configuration-nps' in storage account 'shmdecovidartifactsoceuy' 2020-07-10 12:23:56 [SUCCESS]: [✔] Created storage container 2020-07-10 12:23:56 [ INFO]: Uploading artifacts to storage account 'shmdecovidartifactsoceuy'... 2020-07-10 12:23:56 [ INFO]: [ ] Uploading network policy server (NPS) configuration files to blob storage 2020-07-10 12:23:56 [SUCCESS]: [✔] Uploaded NPS configuration files 2020-07-10 12:23:56 [ INFO]: Deploying network policy server (NPS) from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SHM_DECOVID_NPS". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 12:23:57 - Template is valid. VERBOSE: 12:23:57 - Create template deployment 'shm-nps-template' VERBOSE: 12:23:57 - Checking deployment status in 5 seconds VERBOSE: 12:24:02 - Resource Microsoft.Compute/virtualMachines 'NPS-SHM-DECOVID' provisioning status is running VERBOSE: 12:24:02 - Resource Microsoft.Network/networkInterfaces 'NPS-SHM-DECOVID-NIC' provisioning status is succeeded VERBOSE: 12:24:02 - Checking deployment status in 13 seconds VERBOSE: 12:24:15 - Checking deployment status in 5 seconds VERBOSE: 12:24:20 - Checking deployment status in 5 seconds VERBOSE: 12:24:26 - Checking deployment status in 5 seconds VERBOSE: 12:24:31 - Checking deployment status in 5 seconds VERBOSE: 12:24:36 - Checking deployment status in 5 seconds VERBOSE: 12:24:41 - Checking deployment status in 5 seconds VERBOSE: 12:24:46 - Checking deployment status in 5 seconds VERBOSE: 12:24:51 - Checking deployment status in 5 seconds VERBOSE: 12:24:56 - Checking deployment status in 5 seconds VERBOSE: 12:25:01 - Checking deployment status in 5 seconds VERBOSE: 12:25:06 - Checking deployment status in 5 seconds VERBOSE: 12:25:11 - Checking deployment status in 5 seconds VERBOSE: 12:25:16 - Checking deployment status in 5 seconds VERBOSE: 12:25:21 - Checking deployment status in 5 seconds VERBOSE: 12:25:26 - Resource Microsoft.Compute/virtualMachines/extensions 'NPS-SHM-DECOVID/bginfo' provisioning status is running VERBOSE: 12:25:26 - Resource Microsoft.Compute/virtualMachines 'NPS-SHM-DECOVID' provisioning status is succeeded VERBOSE: 12:25:26 - Checking deployment status in 15 seconds VERBOSE: 12:25:42 - Checking deployment status in 5 seconds VERBOSE: 12:25:47 - Checking deployment status in 5 seconds VERBOSE: 12:25:52 - Checking deployment status in 5 seconds VERBOSE: 12:25:57 - Checking deployment status in 5 seconds VERBOSE: 12:26:02 - Checking deployment status in 5 seconds VERBOSE: 12:26:07 - Checking deployment status in 5 seconds VERBOSE: 12:26:12 - Checking deployment status in 5 seconds VERBOSE: 12:26:17 - Checking deployment status in 5 seconds VERBOSE: 12:26:22 - Checking deployment status in 5 seconds VERBOSE: 12:26:27 - Checking deployment status in 5 seconds VERBOSE: 12:26:32 - Checking deployment status in 5 seconds VERBOSE: 12:26:37 - Checking deployment status in 5 seconds VERBOSE: 12:26:43 - Checking deployment status in 5 seconds VERBOSE: 12:26:48 - Checking deployment status in 5 seconds VERBOSE: 12:26:53 - Checking deployment status in 5 seconds VERBOSE: 12:26:58 - Checking deployment status in 5 seconds VERBOSE: 12:27:03 - Checking deployment status in 5 seconds VERBOSE: 12:27:08 - Checking deployment status in 5 seconds VERBOSE: 12:27:13 - Checking deployment status in 5 seconds VERBOSE: 12:27:18 - Resource Microsoft.Compute/virtualMachines/extensions 'NPS-SHM-DECOVID/joindomain' provisioning status is running VERBOSE: 12:27:18 - Resource Microsoft.Compute/virtualMachines/extensions 'NPS-SHM-DECOVID/bginfo' provisioning status is succeeded VERBOSE: 12:27:18 - Checking deployment status in 14 seconds VERBOSE: 12:27:32 - Checking deployment status in 5 seconds VERBOSE: 12:27:37 - Checking deployment status in 5 seconds VERBOSE: 12:27:42 - Checking deployment status in 5 seconds VERBOSE: 12:27:48 - Resource Microsoft.Compute/virtualMachines/extensions 'NPS-SHM-DECOVID/joindomain' provisioning status is succeeded DeploymentName : shm-nps-template ResourceGroupName : RG_SHM_DECOVID_NPS ProvisioningState : Succeeded Timestamp : 10/07/2020 11:27:47 Mode : Incremental TemplateLink : Parameters : Name Type Value ================================ ========================= ========== administrator_User String shmdecovidadmin administrator_Password SecureString bootDiagnostics_Account_Name String shmdecovidbootdiagsoceuy domain_Join_Password SecureString domain_Join_User String decovididentitysrvrs domain_Name String decovid.turingsafehaven.ac.uk npS_Data_Disk_Size_GB Int 20 npS_Data_Disk_Type String Standard_LRS npS_Host_Name String NPS-SHM-DECOVID npS_IP_Address String 10.0.0.6 npS_Os_Disk_Size_GB Int 128 npS_Os_Disk_Type String Standard_LRS npS_VM_Name String NPS-SHM-DECOVID npS_VM_Size String Standard_D2s_v3 oU_Path String OU=Safe Haven Identity Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk virtual_Network_Name String VNET_SHM_DECOVID virtual_Network_Resource_Group String RG_SHM_DECOVID_NETWORKING virtual_Network_Subnet String IdentitySubnet Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 12:27:51 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 12:27:51 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 12:27:51 [SUCCESS]: [✔] Template deployment 'shm-nps-template' succeeded 2020-07-10 12:27:51 [ INFO]: Configuring NPS server 'NPS-SHM-DECOVID'... 2020-07-10 12:30:23 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Installing NPAS feature... Success Restart Needed Exit Code Feature Result ------- -------------- --------- -------------- True No Success {Network Policy and Access Services, Remot... [o] Successfully installed NPAS Setting SQL Firewall rules... [o] Set inbound rule [o] Set outbound rule Formatting data drive... [o] Completed Downloading NPS extension to 'C:\Installation'... [o] Successfully downloaded NPS extension Installing NPS extension... [o] Successfully installed NPS extension Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 12:30:33 [ INFO]: Importing NPS configuration 'NPS-SHM-DECOVID'... 2020-07-10 12:31:12 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Downloading 2 files to 'C:\Installation'... Importing NPS configuration for RDG_CAP policy... Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 12:31:22 [ INFO]: Updating NPS VM 'NPS-SHM-DECOVID'... 2020-07-10 12:31:22 [ INFO]: [ ] Installing core Powershell modules on 'NPS-SHM-DECOVID' 2020-07-10 12:33:53 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 12:35:03 [ INFO]: [ ] Setting OS locale and installing updates on 'NPS-SHM-DECOVID' 2020-07-10 12:38:35 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 7 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 12:38:46 [ INFO]: [ ] (Re)starting VM 'NPS-SHM-DECOVID' [PowerState/running] 2020-07-10 12:39:18 [SUCCESS]: [✔] Successfully (re)started 'NPS-SHM-DECOVID' [PowerState/running] ```

Setup_SHM_Firewall

```pwsh 2020-07-10 12:51:48 [ INFO]: Ensuring that subnet 'AzureFirewallSubnet' exists... 2020-07-10 12:51:48 [ INFO]: [ ] Creating subnet 'AzureFirewallSubnet' 2020-07-10 12:52:03 [SUCCESS]: [✔] Created subnet 'AzureFirewallSubnet' 2020-07-10 12:52:03 [ INFO]: Create the firewall with a public IP address 2020-07-10 12:52:03 [ INFO]: Ensuring that firewall 'FIREWALL-SHM-DECOVID' exists... 2020-07-10 12:52:04 [ INFO]: [ ] Creating firewall 'FIREWALL-SHM-DECOVID' 2020-07-10 12:52:04 [ INFO]: Ensuring that public IP address 'FIREWALL-SHM-DECOVID-PIP' exists... 2020-07-10 12:52:05 [ INFO]: [ ] Creating public IP address 'FIREWALL-SHM-DECOVID-PIP' 2020-07-10 12:52:07 [SUCCESS]: [✔] Created public IP address 'FIREWALL-SHM-DECOVID-PIP' 2020-07-10 12:55:20 [SUCCESS]: [✔] Created firewall 'FIREWALL-SHM-DECOVID' 2020-07-10 12:55:20 [ INFO]: Enable logging for this firewall 2020-07-10 12:55:20 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_LOGGING' exists... 2020-07-10 12:55:21 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_LOGGING' 2020-07-10 12:55:22 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_LOGGING' 2020-07-10 12:55:22 [ INFO]: Ensuring that log analytics workspace 'shmdecovidloganalytics' exists... 2020-07-10 12:55:22 [ INFO]: [ ] Creating log analytics workspace 'shmdecovidloganalytics' 2020-07-10 12:56:07 [SUCCESS]: [✔] Created log analytics workspace 'shmdecovidloganalytics' 2020-07-10 12:56:10 [ INFO]: [ ] Registering Microsoft.Insights provider in this subscription... 2020-07-10 12:56:13 [ INFO]: Waiting 5 minutes for this change to propagate... 2020-07-10 13:01:18 [SUCCESS]: [✔] Successfully registered Microsoft.Insights provider WARNING: 13:01:18 - *** The namespace for all the model classes will change from Microsoft.Azure.Management.Monitor.Management.Models to Microsoft.Azure.Management.Monitor.Models in future releases. WARNING: 13:01:18 - *** The namespace for output classes will be uniform for all classes in future releases to make it independent of modifications in the model classes. 2020-07-10 13:01:21 [SUCCESS]: [✔] Enabled logging to workspace 'shmdecovidloganalytics' 2020-07-10 13:01:21 [ INFO]: Ensuring that route table 'ROUTE-TABLE-SHM-DECOVID' exists... 2020-07-10 13:01:21 [ INFO]: [ ] Creating route table 'ROUTE-TABLE-SHM-DECOVID' 2020-07-10 13:01:32 [SUCCESS]: [✔] Created route table 'ROUTE-TABLE-SHM-DECOVID' 2020-07-10 13:01:33 [ INFO]: Setting firewall rules from template... 2020-07-10 13:01:34 [ INFO]: Ensuring that route 'ViaFirewall' exists... 2020-07-10 13:01:34 [ INFO]: [ ] Creating route 'ViaFirewall' 2020-07-10 13:01:46 [SUCCESS]: [✔] Created route 'ViaFirewall' 2020-07-10 13:01:47 [ INFO]: Ensuring that route 'ViaVpn' exists... 2020-07-10 13:01:47 [ INFO]: [ ] Creating route 'ViaVpn' 2020-07-10 13:01:59 [SUCCESS]: [✔] Created route 'ViaVpn' 2020-07-10 13:02:15 [ INFO]: Setting firewall application rules... 2020-07-10 13:02:15 [ INFO]: Setting firewall application rules... 2020-07-10 13:02:15 [ INFO]: Ensuring that 'Allow' rule for 'WindowsUpdate' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:16 [ INFO]: [ ] Creating application rule collection 'shm-decovid-allow' 2020-07-10 13:02:17 [SUCCESS]: [✔] Created application rule collection 'shm-decovid-allow' 2020-07-10 13:02:17 [SUCCESS]: [✔] Ensured that application rule 'AllowWindowsUpdate' exists on local firewall object only. 2020-07-10 13:02:17 [ INFO]: Ensuring that 'Allow' rule for 'ocsp.digicert.com crl3.digicert.com crl4.digicert.com crl.microsoft.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:17 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:17 [SUCCESS]: [✔] Ensured that application rule 'AllowCertificateStatusCheck' exists on local firewall object only. 2020-07-10 13:02:18 [ INFO]: Ensuring that 'Allow' rule for '11b396b6-d8f6-4d36-b714-cfab5d196e6a.ods.opinsights.azure.com 11b396b6-d8f6-4d36-b714-cfab5d196e6a.oms.opinsights.azure.com 11b396b6-d8f6-4d36-b714-cfab5d196e6a.blob.core.windows.net 11b396b6-d8f6-4d36-b714-cfab5d196e6a.azure-automation.net' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:18 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:18 [SUCCESS]: [✔] Ensured that application rule 'AllowLogAnalytics' exists on local firewall object only. 2020-07-10 13:02:18 [ INFO]: Ensuring that 'Allow' rule for 'login.microsoftonline.com secure.aadcdn.microsoftonline-p.com login.windows.net aadcdn.msftauth.net login.live.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:19 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:19 [SUCCESS]: [✔] Ensured that application rule 'AllowAzureADLogin' exists on local firewall object only. 2020-07-10 13:02:19 [ INFO]: Ensuring that 'Allow' rule for 'pfd.phonefactor.net pfd2.phonefactor.net css.phonefactor.net' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:20 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:20 [SUCCESS]: [✔] Ensured that application rule 'AllowAzureMFAConnectOperations' exists on local firewall object only. 2020-07-10 13:02:20 [ INFO]: Ensuring that 'Allow' rule for 'adminwebservice.microsoftonline.com passwordreset.microsoftonline.com adnotifications.windowsazure.com *.blob.core.windows.net *.servicebus.windows.net *.events.data.microsoft.com *.aadconnecthealth.azure.com *.adhybridhealth.azure.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:20 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:20 [SUCCESS]: [✔] Ensured that application rule 'AllowADConnectOperations' exists on local firewall object only. 2020-07-10 13:02:20 [ INFO]: Ensuring that 'Allow' rule for 'provisioningapi.microsoftonline.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:21 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:21 [SUCCESS]: [✔] Ensured that application rule 'AllowMSOnlinePSModule' exists on local firewall object only. 2020-07-10 13:02:21 [ INFO]: Ensuring that 'Allow' rule for 'management.azure.com *.adhybridhealth.azure.com www.office.com policykeyservice.dc.ad.msft.net' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:22 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:22 [SUCCESS]: [✔] Ensured that application rule 'AllowADConnectSetup' exists on local firewall object only. 2020-07-10 13:02:22 [ INFO]: Ensuring that 'Allow' rule for 'login.microsoftonline.com secure.aadcdn.microsoftonline-p.com login.windows.net aadcdn.msftauth.net login.live.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:23 [SUCCESS]: [✔] Application rule collection 'shm-decovid-allow' already exists 2020-07-10 13:02:23 [SUCCESS]: [✔] Ensured that application rule 'AllowAzureADLoginForADConnectAndMFAConnectSetup' exists on local firewall object only. 2020-07-10 13:02:23 [ INFO]: Ensuring that 'Deny' rule for 'settings-win.data.microsoft.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 13:02:23 [ INFO]: [ ] Creating application rule collection 'shm-decovid-deny' 2020-07-10 13:02:24 [SUCCESS]: [✔] Created application rule collection 'shm-decovid-deny' 2020-07-10 13:02:24 [SUCCESS]: [✔] Ensured that application rule 'DenyWindowsDiagnosticsToMicrosoft' exists on local firewall object only. 2020-07-10 13:02:24 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 13:03:35 [SUCCESS]: [✔] Updated remote firewall with rule changes. 2020-07-10 13:03:35 [ INFO]: Setting firewall network rules... 2020-07-10 13:03:35 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 13:03:36 [SUCCESS]: [✔] Updated remote firewall with rule changes. 2020-07-10 13:03:37 [ INFO]: [ ] (Re)starting VM 'DC1-SHM-DECOVID' [PowerState/running] 2020-07-10 13:04:08 [SUCCESS]: [✔] Successfully (re)started 'DC1-SHM-DECOVID' [PowerState/running] 2020-07-10 13:04:09 [ INFO]: [ ] (Re)starting VM 'DC2-SHM-DECOVID' [PowerState/running] 2020-07-10 13:04:40 [SUCCESS]: [✔] Successfully (re)started 'DC2-SHM-DECOVID' [PowerState/running] ```

Setup_SHM_Logging

```pwsh 2020-07-10 13:07:59 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DC1-SHM-DECOVID'. 2020-07-10 13:09:31 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'DC1-SHM-DECOVID'. 2020-07-10 13:09:31 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DC1-SHM-DECOVID'. 2020-07-10 13:10:34 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'DC1-SHM-DECOVID'. 2020-07-10 13:10:34 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DC2-SHM-DECOVID'. 2020-07-10 13:12:06 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'DC2-SHM-DECOVID'. 2020-07-10 13:12:06 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DC2-SHM-DECOVID'. 2020-07-10 13:13:08 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'DC2-SHM-DECOVID'. 2020-07-10 13:13:09 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'NPS-SHM-DECOVID'. 2020-07-10 13:14:41 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'NPS-SHM-DECOVID'. 2020-07-10 13:14:41 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'NPS-SHM-DECOVID'. 2020-07-10 13:15:46 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'NPS-SHM-DECOVID'. 2020-07-10 13:15:47 [ INFO]: Ensuring required Windows event logs are being collected...' 2020-07-10 13:15:50 [SUCCESS]: [✔] Logging activated for 'Active Directory Web Services'. 2020-07-10 13:15:53 [SUCCESS]: [✔] Logging activated for 'Directory Service'. 2020-07-10 13:15:56 [SUCCESS]: [✔] Logging activated for 'DFS Replication'. 2020-07-10 13:15:59 [SUCCESS]: [✔] Logging activated for 'DNS Server'. 2020-07-10 13:16:01 [SUCCESS]: [✔] Logging activated for 'Microsoft-Windows-Security-Netlogon/Operational'. 2020-07-10 13:16:03 [SUCCESS]: [✔] Logging activated for 'Microsoft-Windows-Winlogon/Operational'. 2020-07-10 13:16:04 [SUCCESS]: [✔] Logging activated for 'System'. 2020-07-10 13:16:04 [ INFO]: Ensuring required Windows performance counters are being collected...' 2020-07-10 13:16:05 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Avg. Disk sec/Read'. 2020-07-10 13:16:07 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Avg. Disk sec/Write'. 2020-07-10 13:16:09 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Current Disk Queue Length'. 2020-07-10 13:16:10 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Disk Reads/sec'. 2020-07-10 13:16:12 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Disk Transfers/sec'. 2020-07-10 13:16:14 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Disk Writes/sec'. 2020-07-10 13:16:15 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/Free Megabytes'. 2020-07-10 13:16:17 [SUCCESS]: [✔] Logging activated for 'Memory/Available MBytes'. 2020-07-10 13:16:18 [SUCCESS]: [✔] Logging activated for 'Memory/% Committed Bytes In Use'. 2020-07-10 13:16:20 [SUCCESS]: [✔] Logging activated for 'LogicalDisk/% Free Space'. 2020-07-10 13:16:22 [SUCCESS]: [✔] Logging activated for 'Processor/% Processor Time'. 2020-07-10 13:16:23 [SUCCESS]: [✔] Logging activated for 'System/Processor Queue Length'. 2020-07-10 13:16:23 [ INFO]: Ensuring required Log Analytics Intelligence Packs are enabled...' 2020-07-10 13:16:25 [SUCCESS]: [✔] 'AgentHealthAssessment' Intelligence Pack enabled. 2020-07-10 13:16:26 [SUCCESS]: [✔] 'AzureActivity' Intelligence Pack enabled. 2020-07-10 13:16:28 [SUCCESS]: [✔] 'AzureNetworking' Intelligence Pack enabled. 2020-07-10 13:16:29 [SUCCESS]: [✔] 'AntiMalware' Intelligence Pack enabled. 2020-07-10 13:16:31 [SUCCESS]: [✔] 'CapacityPerformance' Intelligence Pack enabled. 2020-07-10 13:16:32 [SUCCESS]: [✔] 'ChangeTracking' Intelligence Pack enabled. 2020-07-10 13:16:34 [SUCCESS]: [✔] 'DnsAnalytics' Intelligence Pack enabled. 2020-07-10 13:16:35 [SUCCESS]: [✔] 'InternalWindowsEvent' Intelligence Pack enabled. 2020-07-10 13:16:37 [SUCCESS]: [✔] 'NetFlow' Intelligence Pack enabled. 2020-07-10 13:16:38 [SUCCESS]: [✔] 'NetworkMonitoring' Intelligence Pack enabled. 2020-07-10 13:16:40 [SUCCESS]: [✔] 'ServiceMap' Intelligence Pack enabled. 2020-07-10 13:16:41 [SUCCESS]: [✔] 'Updates' Intelligence Pack enabled. 2020-07-10 13:16:43 [SUCCESS]: [✔] 'VMInsights' Intelligence Pack enabled. 2020-07-10 13:16:44 [SUCCESS]: [✔] 'WindowsDefenderATP' Intelligence Pack enabled. 2020-07-10 13:16:45 [SUCCESS]: [✔] 'WindowsFirewall' Intelligence Pack enabled. 2020-07-10 13:16:47 [SUCCESS]: [✔] 'WinLog' Intelligence Pack enabled. ```

Setup_SHM_Package_Mirrors - tier 2

```pwsh 2020-07-10 13:08:37 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_PKG_MIRRORS' exists... 2020-07-10 13:08:38 [ INFO]: [ ] Creating resource group 'RG_SHM_DECOVID_PKG_MIRRORS' 2020-07-10 13:08:38 [SUCCESS]: [✔] Created resource group 'RG_SHM_DECOVID_PKG_MIRRORS' 2020-07-10 13:08:38 [ INFO]: Ensuring that resource group 'RG_SHM_DECOVID_NETWORKING' exists... 2020-07-10 13:08:39 [SUCCESS]: [✔] Resource group 'RG_SHM_DECOVID_NETWORKING' already exists 2020-07-10 13:08:39 [ INFO]: Ensuring that virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2' exists... 2020-07-10 13:08:39 [ INFO]: [ ] Creating virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:08:45 [SUCCESS]: [✔] Created virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:08:45 [ INFO]: Ensuring that subnet 'ExternalPackageMirrorsTier2Subnet' exists... 2020-07-10 13:08:46 [ INFO]: [ ] Creating subnet 'ExternalPackageMirrorsTier2Subnet' 2020-07-10 13:08:51 [SUCCESS]: [✔] Created subnet 'ExternalPackageMirrorsTier2Subnet' 2020-07-10 13:08:51 [ INFO]: Ensuring that subnet 'InternalPackageMirrorsTier2Subnet' exists... 2020-07-10 13:08:52 [ INFO]: [ ] Creating subnet 'InternalPackageMirrorsTier2Subnet' 2020-07-10 13:08:56 [SUCCESS]: [✔] Created subnet 'InternalPackageMirrorsTier2Subnet' 2020-07-10 13:08:57 [ INFO]: Ensuring that network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2' exists... 2020-07-10 13:08:58 [ INFO]: [ ] Creating network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:09:02 [SUCCESS]: [✔] Created network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:09:17 [ INFO]: Ensuring that NSG rule 'RsyncToInternal' exists on 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2'... 2020-07-10 13:09:17 [ INFO]: [ ] Creating NSG rule 'RsyncToInternal' 2020-07-10 13:09:21 [SUCCESS]: [✔] Created NSG rule 'RsyncToInternal' 2020-07-10 13:09:21 [ INFO]: Ensuring that NSG 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2' is attached to subnet 'ExternalPackageMirrorsTier2Subnet'... 2020-07-10 13:09:26 [SUCCESS]: [✔] Set network security group on 'ExternalPackageMirrorsTier2Subnet' 2020-07-10 13:09:26 [SUCCESS]: [✔] Configuring NSG 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER2' succeeded 2020-07-10 13:09:26 [ INFO]: Ensuring that network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER2' exists... 2020-07-10 13:09:27 [ INFO]: [ ] Creating network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:09:31 [SUCCESS]: [✔] Created network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER2' 2020-07-10 13:09:51 [ INFO]: Ensuring that NSG 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER2' is attached to subnet 'InternalPackageMirrorsTier2Subnet'... 2020-07-10 13:09:57 [SUCCESS]: [✔] Set network security group on 'InternalPackageMirrorsTier2Subnet' 2020-07-10 13:09:57 [SUCCESS]: [✔] Configuring NSG 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER2' succeeded 2020-07-10 13:09:57 [ INFO]: Ensuring that storage account 'shmdecovidbootdiagsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 13:09:57 [SUCCESS]: [✔] Storage account 'shmdecovidbootdiagsoceuy' already exists 2020-07-10 13:10:00 [ INFO]: Ensuring that VM network card 'CRAN-EXTERNAL-MIRROR-TIER-2-NIC' exists... 2020-07-10 13:10:01 [ INFO]: [ ] Creating VM network card 'CRAN-EXTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:10:03 [SUCCESS]: [✔] Created VM network card 'CRAN-EXTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:10:03 [ INFO]: Ensuring that managed disk 'CRAN-EXTERNAL-MIRROR-TIER-2-DATA-DISK' exists... 2020-07-10 13:10:03 [ INFO]: [ ] Creating 127 GB managed disk 'CRAN-EXTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:10:07 [SUCCESS]: [✔] Created managed disk 'CRAN-EXTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:10:08 [ INFO]: Temporarily allowing outbound internet access from 10.20.2.5 on ports 80, 443 and 3128 2020-07-10 13:10:19 [ INFO]: Ensuring that virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-2' exists... 2020-07-10 13:10:23 [ INFO]: [ ] Creating virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-2' 2020-07-10 13:11:44 [SUCCESS]: [✔] Created virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-2' 2020-07-10 13:12:14 [ INFO]: Waiting for cloud-init provisioning to finish for CRAN-EXTERNAL-MIRROR-TIER-2... 2020-07-10 13:13:19 [SUCCESS]: [✔] Cloud-init provisioning is finished for CRAN-EXTERNAL-MIRROR-TIER-2 2020-07-10 13:13:19 [ INFO]: Disabling outbound internet access from 10.20.2.5 and restarting VM: 'CRAN-EXTERNAL-MIRROR-TIER-2'... 2020-07-10 13:13:23 [SUCCESS]: [✔] Configuring VM 'CRAN-EXTERNAL-MIRROR-TIER-2' succeeded 2020-07-10 13:13:24 [ INFO]: [ ] (Re)starting VM 'CRAN-EXTERNAL-MIRROR-TIER-2' [PowerState/stopped] 2020-07-10 13:13:35 [SUCCESS]: [✔] Successfully (re)started 'CRAN-EXTERNAL-MIRROR-TIER-2' [PowerState/running] 2020-07-10 13:14:06 [SUCCESS]: [✔] Remote script execution succeeded 2020-07-10 13:14:16 [SUCCESS]: [✔] Fetching ssh key from external package mirror succeeded 2020-07-10 13:14:18 [ INFO]: Ensuring that VM network card 'CRAN-INTERNAL-MIRROR-TIER-2-NIC' exists... 2020-07-10 13:14:18 [ INFO]: [ ] Creating VM network card 'CRAN-INTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:14:20 [SUCCESS]: [✔] Created VM network card 'CRAN-INTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:14:20 [ INFO]: Ensuring that managed disk 'CRAN-INTERNAL-MIRROR-TIER-2-DATA-DISK' exists... 2020-07-10 13:14:21 [ INFO]: [ ] Creating 127 GB managed disk 'CRAN-INTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:14:25 [SUCCESS]: [✔] Created managed disk 'CRAN-INTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:14:25 [ INFO]: Temporarily allowing outbound internet access from 10.20.2.21 on ports 80, 443 and 3128 2020-07-10 13:14:37 [ INFO]: Ensuring that virtual machine 'CRAN-INTERNAL-MIRROR-TIER-2' exists... 2020-07-10 13:14:41 [ INFO]: [ ] Creating virtual machine 'CRAN-INTERNAL-MIRROR-TIER-2' 2020-07-10 13:16:03 [SUCCESS]: [✔] Created virtual machine 'CRAN-INTERNAL-MIRROR-TIER-2' 2020-07-10 13:16:33 [ INFO]: Waiting for cloud-init provisioning to finish for CRAN-INTERNAL-MIRROR-TIER-2... 2020-07-10 13:17:38 [SUCCESS]: [✔] Cloud-init provisioning is finished for CRAN-INTERNAL-MIRROR-TIER-2 2020-07-10 13:17:38 [ INFO]: Disabling outbound internet access from 10.20.2.21 and restarting VM: 'CRAN-INTERNAL-MIRROR-TIER-2'... 2020-07-10 13:17:44 [SUCCESS]: [✔] Configuring VM 'CRAN-INTERNAL-MIRROR-TIER-2' succeeded 2020-07-10 13:17:45 [ INFO]: [ ] (Re)starting VM 'CRAN-INTERNAL-MIRROR-TIER-2' [PowerState/stopped] 2020-07-10 13:17:56 [SUCCESS]: [✔] Successfully (re)started 'CRAN-INTERNAL-MIRROR-TIER-2' [PowerState/running] 2020-07-10 13:17:56 [ INFO]: Ensuring that 'CRAN-INTERNAL-MIRROR-TIER-2' can accept connections from the external mirror... 2020-07-10 13:17:56 [ INFO]: Retrieving public key for 'CRAN-INTERNAL-MIRROR-TIER-2'... 2020-07-10 13:18:27 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqIFAesEhS6TK0imLiEQMG7Q+563FHpjPKC1opcL0Qj7M5jeBYUY+cUOitioTiakvPBQ16rPrf1dF9ewae0kuoZQv8WNI0TF6eP+/IrrlbYsf7bDf5UjMZBfx6CBsJb3EjSaa4XziamgSEXOlg4HnDs1hEuouAKrJbzIO8dGvgwa8kvYXRAghvcq+yEt+W+zhFw0o31qUvjQjuU0pICgCJEXYXR1kj3/8PBv5LRTJkIWaZfYeqSaves1CgTyu5Se+wTQygPnGIEMwH3riKzxHboU6V3fcKnSWTP8Vddeyjn8FhnBSPp46l8BN8wrdw91bi+8nB0flqDw1aodeM95w7 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAgfoc0Zk0iC8/seHhCFS9aeiveFTk4YwXR7Nke9OpN/JhXnFoo1m9hiy7Xo8r5I4XxeMMtcYKYL6RVgUNRAcrY= 127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm4XE60hZtgarWurQA4kU0oUlN7G73PrmcDgMF1FPmm [stderr] Time : 2020-07-10 13:18:37 [ INFO]: Uploading 'CRAN-INTERNAL-MIRROR-TIER-2' public key to 'CRAN-EXTERNAL-MIRROR-TIER-2'... 2020-07-10 13:19:08 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Update known hosts on the external server to allow connections to the internal server... WARNING: /home/mirrordaemon/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames /home/mirrordaemon/.ssh/known_hosts updated. Original contents retained as /home/mirrordaemon/.ssh/known_hosts.old |1|NyEawmFBgfZzMBO+faCw40yQP8I=|91hWTbUwKJ1jV73d54AhyaslfYA= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqIFAesEhS6TK0imLiEQMG7Q+563FHpjPKC1opcL0Qj7M5jeBYUY+cUOitioTiakvPBQ16rPrf1dF9ewae0kuoZQv8WNI0TF6eP+/IrrlbYsf7bDf5UjMZBfx6CBsJb3EjSaa4XziamgSEXOlg4HnDs1hEuouAKrJbzIO8dGvgwa8kvYXRAghvcq+yEt+W+zhFw0o31qUvjQjuU0pICgCJEXYXR1kj3/8PBv5LRTJkIWaZfYeqSaves1CgTyu5Se+wTQygPnGIEMwH3riKzxHboU6V3fcKnSWTP8Vddeyjn8FhnBSPp46l8BN8wrdw91bi+8nB0flqDw1aodeM95w7 10.20.2.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAgfoc0Zk0iC8/seHhCFS9aeiveFTk4YwXR7Nke9OpN/JhXnFoo1m9hiy7Xo8r5I4XxeMMtcYKYL6RVgUNRAcrY= 10.20.2.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm4XE60hZtgarWurQA4kU0oUlN7G73PrmcDgMF1FPmm total 20K drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:18 . drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:12 .. -rw------- 1 mirrordaemon mirrordaemon 1.7K Jul 10 12:12 id_rsa -rw-r--r-- 1 mirrordaemon mirrordaemon 422 Jul 10 12:12 id_rsa.pub -rw------- 1 mirrordaemon mirrordaemon 706 Jul 10 12:18 known_hosts Update known IP addresses on the external server to schedule pushing to the internal server... 10.20.2.21 total 32K drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:18 . drwxr-xr-x 4 root root 4.0K Jul 10 12:11 .. drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:18 .ssh -rw------- 1 mirrordaemon mirrordaemon 11 Jul 10 12:18 internal_mirror_ip_addresses.txt -rw------- 1 mirrordaemon mirrordaemon 20 Jul 10 12:11 package_whitelist.txt -rwx------ 1 mirrordaemon mirrordaemon 3.0K Jul 10 12:11 pull_from_internet.sh -rwx------ 1 mirrordaemon mirrordaemon 105 Jul 10 12:11 pull_then_push.sh -rwx------ 1 mirrordaemon mirrordaemon 1.2K Jul 10 12:11 push_to_internal_mirrors.sh [stderr] Time : 2020-07-10 13:19:20 [ INFO]: Ensuring that VM network card 'PYPI-EXTERNAL-MIRROR-TIER-2-NIC' exists... 2020-07-10 13:19:20 [ INFO]: [ ] Creating VM network card 'PYPI-EXTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:19:22 [SUCCESS]: [✔] Created VM network card 'PYPI-EXTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:19:22 [ INFO]: Ensuring that managed disk 'PYPI-EXTERNAL-MIRROR-TIER-2-DATA-DISK' exists... 2020-07-10 13:19:23 [ INFO]: [ ] Creating 8191 GB managed disk 'PYPI-EXTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:19:26 [SUCCESS]: [✔] Created managed disk 'PYPI-EXTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:19:27 [ INFO]: Temporarily allowing outbound internet access from 10.20.2.4 on ports 80, 443 and 3128 2020-07-10 13:19:38 [ INFO]: Ensuring that virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-2' exists... 2020-07-10 13:19:43 [ INFO]: [ ] Creating virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-2' 2020-07-10 13:21:05 [SUCCESS]: [✔] Created virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-2' 2020-07-10 13:21:35 [ INFO]: Waiting for cloud-init provisioning to finish for PYPI-EXTERNAL-MIRROR-TIER-2... 2020-07-10 13:25:20 [SUCCESS]: [✔] Cloud-init provisioning is finished for PYPI-EXTERNAL-MIRROR-TIER-2 2020-07-10 13:25:20 [ INFO]: Disabling outbound internet access from 10.20.2.4 and restarting VM: 'PYPI-EXTERNAL-MIRROR-TIER-2'... 2020-07-10 13:25:25 [SUCCESS]: [✔] Configuring VM 'PYPI-EXTERNAL-MIRROR-TIER-2' succeeded 2020-07-10 13:25:26 [ INFO]: [ ] (Re)starting VM 'PYPI-EXTERNAL-MIRROR-TIER-2' [PowerState/stopped] 2020-07-10 13:25:38 [SUCCESS]: [✔] Successfully (re)started 'PYPI-EXTERNAL-MIRROR-TIER-2' [PowerState/running] 2020-07-10 13:26:09 [SUCCESS]: [✔] Remote script execution succeeded 2020-07-10 13:26:19 [SUCCESS]: [✔] Fetching ssh key from external package mirror succeeded 2020-07-10 13:26:21 [ INFO]: Ensuring that VM network card 'PYPI-INTERNAL-MIRROR-TIER-2-NIC' exists... 2020-07-10 13:26:21 [ INFO]: [ ] Creating VM network card 'PYPI-INTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:26:22 [SUCCESS]: [✔] Created VM network card 'PYPI-INTERNAL-MIRROR-TIER-2-NIC' 2020-07-10 13:26:22 [ INFO]: Ensuring that managed disk 'PYPI-INTERNAL-MIRROR-TIER-2-DATA-DISK' exists... 2020-07-10 13:26:24 [ INFO]: [ ] Creating 8191 GB managed disk 'PYPI-INTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:26:27 [SUCCESS]: [✔] Created managed disk 'PYPI-INTERNAL-MIRROR-TIER-2-DATA-DISK' 2020-07-10 13:26:28 [ INFO]: Temporarily allowing outbound internet access from 10.20.2.20 on ports 80, 443 and 3128 2020-07-10 13:26:39 [ INFO]: Ensuring that virtual machine 'PYPI-INTERNAL-MIRROR-TIER-2' exists... 2020-07-10 13:26:44 [ INFO]: [ ] Creating virtual machine 'PYPI-INTERNAL-MIRROR-TIER-2' 2020-07-10 13:28:06 [SUCCESS]: [✔] Created virtual machine 'PYPI-INTERNAL-MIRROR-TIER-2' 2020-07-10 13:28:36 [ INFO]: Waiting for cloud-init provisioning to finish for PYPI-INTERNAL-MIRROR-TIER-2... 2020-07-10 13:31:27 [SUCCESS]: [✔] Cloud-init provisioning is finished for PYPI-INTERNAL-MIRROR-TIER-2 2020-07-10 13:31:27 [ INFO]: Disabling outbound internet access from 10.20.2.20 and restarting VM: 'PYPI-INTERNAL-MIRROR-TIER-2'... 2020-07-10 13:31:32 [SUCCESS]: [✔] Configuring VM 'PYPI-INTERNAL-MIRROR-TIER-2' succeeded 2020-07-10 13:31:33 [ INFO]: [ ] (Re)starting VM 'PYPI-INTERNAL-MIRROR-TIER-2' [PowerState/stopped] 2020-07-10 13:31:45 [SUCCESS]: [✔] Successfully (re)started 'PYPI-INTERNAL-MIRROR-TIER-2' [PowerState/running] 2020-07-10 13:31:45 [ INFO]: Ensuring that 'PYPI-INTERNAL-MIRROR-TIER-2' can accept connections from the external mirror... 2020-07-10 13:31:45 [ INFO]: Retrieving public key for 'PYPI-INTERNAL-MIRROR-TIER-2'... 2020-07-10 13:32:16 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] 127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1HJEMHBy5W1KVe9ZH3ViY04Z+Lt3wKMSHRSCmtYWC6 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsOwWoCAjAK+UuZA0fHM0gykeoVeMJNweF87aoJDNr1NPAkzT/seOI76J4wsqZtBVtShjrCUFy90EH1luXO2rtjSAE6X0byewFiVRaSCnp+vYTVQRV6jcZpcm23fvmxuUrxD6pC2vkGQRGeyuiqdwTb8Sww7cpt7yRRb+Qlm3iJJSiXJGFSFnhrfYGwJMrkW41Yn+9dcwpLRNerACaILtlEV7DD0tmsLcFgPgyLzWH7ewbCytzq0+SdVEXNTDKszUoZ7o/WiBwBOBUiAuEAOrzrH8sBehEcp+M/ookns4nHUBY4ZZWvAAyNSno0Egb9ru5vuBgUBcCVYr1pDBGTFp3 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/WSDJxzmxYCrtGLV44UkYeMqFVa3zwRlfRakxkh8ZYDnnDv5T1zSeDrnbDISzQphi3kMcRHTGoyLb9eXaVcUw= [stderr] Time : 2020-07-10 13:32:26 [ INFO]: Uploading 'PYPI-INTERNAL-MIRROR-TIER-2' public key to 'PYPI-EXTERNAL-MIRROR-TIER-2'... 2020-07-10 13:32:57 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Update known hosts on the external server to allow connections to the internal server... WARNING: /home/mirrordaemon/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames /home/mirrordaemon/.ssh/known_hosts updated. Original contents retained as /home/mirrordaemon/.ssh/known_hosts.old |1|0VtoXSS36X2R25DGxZ8XCGJAHjE=|rhlRoiyuSQE6x89Ah9X0i3kAnWs= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1HJEMHBy5W1KVe9ZH3ViY04Z+Lt3wKMSHRSCmtYWC6 10.20.2.20 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsOwWoCAjAK+UuZA0fHM0gykeoVeMJNweF87aoJDNr1NPAkzT/seOI76J4wsqZtBVtShjrCUFy90EH1luXO2rtjSAE6X0byewFiVRaSCnp+vYTVQRV6jcZpcm23fvmxuUrxD6pC2vkGQRGeyuiqdwTb8Sww7cpt7yRRb+Qlm3iJJSiXJGFSFnhrfYGwJMrkW41Yn+9dcwpLRNerACaILtlEV7DD0tmsLcFgPgyLzWH7ewbCytzq0+SdVEXNTDKszUoZ7o/WiBwBOBUiAuEAOrzrH8sBehEcp+M/ookns4nHUBY4ZZWvAAyNSno0Egb9ru5vuBgUBcCVYr1pDBGTFp3 10.20.2.20 ecdsa-sha2-nistp256AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/WSDJxzmxYCrtGLV44UkYeMqFVa3zwRlfRakxkh8ZYDnnDv5T1zSeDrnbDISzQphi3kMcRHTGoyLb9eXaVcUw= total 20K drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:32 . drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:24 .. -rw------- 1 mirrordaemon mirrordaemon 1.7K Jul 10 12:24 id_rsa -rw-r--r-- 1 mirrordaemon mirrordaemon 422 Jul 10 12:24 id_rsa.pub -rw------- 1 mirrordaemon mirrordaemon 706 Jul 10 12:32 known_hosts Update known IP addresses on the external server to schedule pushing to the internal server... 10.20.2.20 total 36K drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:32 . drwxr-xr-x 4 root root 4.0K Jul 10 12:22 .. drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:32 .ssh -rw------- 1 mirrordaemon mirrordaemon 11 Jul 10 12:32 internal_mirror_ip_addresses.txt -rw------- 1 mirrordaemon mirrordaemon 20 Jul 10 12:21 package_whitelist.txt -rwx------ 1 mirrordaemon mirrordaemon 1.1K Jul 10 12:21 pull_from_internet.sh -rwx------ 1 mirrordaemon mirrordaemon 105 Jul 10 12:21 pull_then_push.sh -rwx------ 1 mirrordaemon mirrordaemon 1.2K Jul 10 12:21 push_to_internal_mirrors.sh -r-------- 1 mirrordaemon mirrordaemon 1.8K Jul 10 12:21 update_bandersnatch_config.py [stderr] Time : ```

Setup_SHM_Package_Mirrors - tier 3

```pwsh 2020-07-10 13:34:55 [SUCCESS]: [✔] Resource group 'RG_SHM_DECOVID_NETWORKING' already exists 2020-07-10 13:34:55 [ INFO]: Ensuring that virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' exists... 2020-07-10 13:34:56 [ INFO]: [ ] Creating virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:35:00 [SUCCESS]: [✔] Created virtual network 'VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:35:00 [ INFO]: Ensuring that subnet 'ExternalPackageMirrorsTier3Subnet' exists... 2020-07-10 13:35:01 [ INFO]: [ ] Creating subnet 'ExternalPackageMirrorsTier3Subnet' 2020-07-10 13:35:05 [SUCCESS]: [✔] Created subnet 'ExternalPackageMirrorsTier3Subnet' 2020-07-10 13:35:06 [ INFO]: Ensuring that subnet 'InternalPackageMirrorsTier3Subnet' exists... 2020-07-10 13:35:07 [ INFO]: [ ] Creating subnet 'InternalPackageMirrorsTier3Subnet' 2020-07-10 13:35:11 [SUCCESS]: [✔] Created subnet 'InternalPackageMirrorsTier3Subnet' 2020-07-10 13:35:12 [ INFO]: Ensuring that network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3' exists... 2020-07-10 13:35:13 [ INFO]: [ ] Creating network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:35:18 [SUCCESS]: [✔] Created network security group 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:35:33 [ INFO]: Ensuring that NSG rule 'RsyncToInternal' exists on 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3'... 2020-07-10 13:35:33 [ INFO]: [ ] Creating NSG rule 'RsyncToInternal' 2020-07-10 13:35:38 [SUCCESS]: [✔] Created NSG rule 'RsyncToInternal' 2020-07-10 13:35:38 [ INFO]: Ensuring that NSG 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3' is attached to subnet 'ExternalPackageMirrorsTier3Subnet'... 2020-07-10 13:35:43 [SUCCESS]: [✔] Set network security group on 'ExternalPackageMirrorsTier3Subnet' 2020-07-10 13:35:43 [SUCCESS]: [✔] Configuring NSG 'NSG_SHM_DECOVID_EXTERNAL_PACKAGE_MIRRORS_TIER3' succeeded 2020-07-10 13:35:43 [ INFO]: Ensuring that network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER3' exists... 2020-07-10 13:35:43 [ INFO]: [ ] Creating network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:35:48 [SUCCESS]: [✔] Created network security group 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER3' 2020-07-10 13:36:08 [ INFO]: Ensuring that NSG 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER3' is attached to subnet 'InternalPackageMirrorsTier3Subnet'... 2020-07-10 13:36:14 [SUCCESS]: [✔] Set network security group on 'InternalPackageMirrorsTier3Subnet' 2020-07-10 13:36:14 [SUCCESS]: [✔] Configuring NSG 'NSG_SHM_DECOVID_INTERNAL_PACKAGE_MIRRORS_TIER3' succeeded 2020-07-10 13:36:14 [ INFO]: Ensuring that storage account 'shmdecovidbootdiagsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 13:36:15 [SUCCESS]: [✔] Storage account 'shmdecovidbootdiagsoceuy' already exists 2020-07-10 13:36:17 [ INFO]: Ensuring that VM network card 'CRAN-EXTERNAL-MIRROR-TIER-3-NIC' exists... 2020-07-10 13:36:17 [ INFO]: [ ] Creating VM network card 'CRAN-EXTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:36:19 [SUCCESS]: [✔] Created VM network card 'CRAN-EXTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:36:19 [ INFO]: Ensuring that managed disk 'CRAN-EXTERNAL-MIRROR-TIER-3-DATA-DISK' exists... 2020-07-10 13:36:20 [ INFO]: [ ] Creating 31 GB managed disk 'CRAN-EXTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:36:23 [SUCCESS]: [✔] Created managed disk 'CRAN-EXTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:36:23 [ INFO]: Temporarily allowing outbound internet access from 10.20.3.5 on ports 80, 443 and 3128 2020-07-10 13:36:36 [ INFO]: Ensuring that virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-3' exists... 2020-07-10 13:36:41 [ INFO]: [ ] Creating virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-3' 2020-07-10 13:38:03 [SUCCESS]: [✔] Created virtual machine 'CRAN-EXTERNAL-MIRROR-TIER-3' 2020-07-10 13:38:33 [ INFO]: Waiting for cloud-init provisioning to finish for CRAN-EXTERNAL-MIRROR-TIER-3... 2020-07-10 13:38:33 [SUCCESS]: [✔] Cloud-init provisioning is finished for CRAN-EXTERNAL-MIRROR-TIER-3 2020-07-10 13:38:33 [ INFO]: Disabling outbound internet access from 10.20.3.5 and restarting VM: 'CRAN-EXTERNAL-MIRROR-TIER-3'... 2020-07-10 13:38:38 [SUCCESS]: [✔] Configuring VM 'CRAN-EXTERNAL-MIRROR-TIER-3' succeeded 2020-07-10 13:38:39 [ INFO]: [ ] (Re)starting VM 'CRAN-EXTERNAL-MIRROR-TIER-3' [PowerState/stopped] 2020-07-10 13:38:50 [SUCCESS]: [✔] Successfully (re)started 'CRAN-EXTERNAL-MIRROR-TIER-3' [PowerState/running] 2020-07-10 13:39:21 [SUCCESS]: [✔] Remote script execution succeeded 2020-07-10 13:39:31 [SUCCESS]: [✔] Fetching ssh key from external package mirror succeeded 2020-07-10 13:39:32 [ INFO]: Ensuring that VM network card 'CRAN-INTERNAL-MIRROR-TIER-3-NIC' exists... 2020-07-10 13:39:33 [ INFO]: [ ] Creating VM network card 'CRAN-INTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:39:34 [SUCCESS]: [✔] Created VM network card 'CRAN-INTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:39:34 [ INFO]: Ensuring that managed disk 'CRAN-INTERNAL-MIRROR-TIER-3-DATA-DISK' exists... 2020-07-10 13:39:35 [ INFO]: [ ] Creating 31 GB managed disk 'CRAN-INTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:39:39 [SUCCESS]: [✔] Created managed disk 'CRAN-INTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:39:40 [ INFO]: Temporarily allowing outbound internet access from 10.20.3.21 on ports 80, 443 and 3128 2020-07-10 13:39:50 [ INFO]: Ensuring that virtual machine 'CRAN-INTERNAL-MIRROR-TIER-3' exists... 2020-07-10 13:39:55 [ INFO]: [ ] Creating virtual machine 'CRAN-INTERNAL-MIRROR-TIER-3' 2020-07-10 13:41:16 [SUCCESS]: [✔] Created virtual machine 'CRAN-INTERNAL-MIRROR-TIER-3' 2020-07-10 13:41:46 [ INFO]: Waiting for cloud-init provisioning to finish for CRAN-INTERNAL-MIRROR-TIER-3... 2020-07-10 13:43:38 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsOk4WHXiJbEUKJUw+cUB1V328YmXDSyW2DWA5JiSeJhiw9hOMr4XB4BY415rZTCYX61kYfmi4ttFJlgXojt5DOgItwBgwJctVnW4wOBrRbdfcmRJV5UfD85IeMj6wz7gUAJrlUTjW9wAjOHXiBJJVhPKoggKdvW+pciHHqCjIaUhY6+R0m3lepa1pJx0UgMKbLWNHWxbvOWxaZzOP2w17SChZ15rDU+3xScKur0yiNHdDEHMMg+RzXfnLBU26JIANZmixplqM/1rguYT2jNnN7yux4p3ntGcwnrkH6awJbaZ6jI9Zps19J1E/QlXROf9LF7JnhpsnIRzh89WSsfC1 127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSiv+k7eTfkUbBKuQGeeQGygZlQ6bgbYBGffuSlFbDp 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAtz7DMwXBrYhtExpUXiwTLVyIrex1/rKE0UyJJD7HWbv+eHEyM2bB1Unx38hkXrnJ53DJ9RKtRCahjRABPQBhU= [stderr] Time : 2020-07-10 13:43:49 [ INFO]: Uploading 'CRAN-INTERNAL-MIRROR-TIER-3' public key to 'CRAN-EXTERNAL-MIRROR-TIER-3'... 2020-07-10 13:44:20 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Update known hosts on the external server to allow connections to the internal server... WARNING: /home/mirrordaemon/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames /home/mirrordaemon/.ssh/known_hosts updated. Original contents retained as /home/mirrordaemon/.ssh/known_hosts.old |1|CegNEc7Vnldc3e8ao7FNAAyd5Qo=|/bSxsJSNhSJElt23oO1xgIjMWi4= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsOk4WHXiJbEUKJUw+cUB1V328YmXDSyW2DWA5JiSeJhiw9hOMr4XB4BY415rZTCYX61kYfmi4ttFJlgXojt5DOgItwBgwJctVnW4wOBrRbdfcmRJV5UfD85IeMj6wz7gUAJrlUTjW9wAjOHXiBJJVhPKoggKdvW+pciHHqCjIaUhY6+R0m3lepa1pJx0UgMKbLWNHWxbvOWxaZzOP2w17SChZ15rDU+3xScKur0yiNHdDEHMMg+RzXfnLBU26JIANZmixplqM/1rguYT2jNnN7yux4p3ntGcwnrkH6awJbaZ6jI9Zps19J1E/QlXROf9LF7JnhpsnIRzh89WSsfC1 10.20.3.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSiv+k7eTfkUbBKuQGeeQGygZlQ6bgbYBGffuSlFbDp 10.20.3.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAtz7DMwXBrYhtExpUXiwTLVyIrex1/rKE0UyJJD7HWbv+eHEyM2bB1Unx38hkXrnJ53DJ9RKtRCahjRABPQBhU= total 20K drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:43 . drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:38 .. -rw------- 1 mirrordaemon mirrordaemon 1.7K Jul 10 12:38 id_rsa -rw-r--r-- 1 mirrordaemon mirrordaemon 422 Jul 10 12:38 id_rsa.pub -rw------- 1 mirrordaemon mirrordaemon 706 Jul 10 12:43 known_hosts Update known IP addresses on the external server to schedule pushing to the internal server... 10.20.3.21 total 40K drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:43 . drwxr-xr-x 4 root root 4.0K Jul 10 12:37 .. drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:43 .ssh -rw------- 1 mirrordaemon mirrordaemon 11 Jul 10 12:43 internal_mirror_ip_addresses.txt -rw------- 1 mirrordaemon mirrordaemon 12K Jul 10 12:37 package_whitelist.txt -rwx------ 1 mirrordaemon mirrordaemon 3.0K Jul 10 12:37 pull_from_internet.sh -rwx------ 1 mirrordaemon mirrordaemon 105 Jul 10 12:37 pull_then_push.sh -rwx------ 1 mirrordaemon mirrordaemon 1.2K Jul 10 12:37 push_to_internal_mirrors.sh [stderr] Time : 2020-07-10 13:44:31 [ INFO]: Ensuring that VM network card 'PYPI-EXTERNAL-MIRROR-TIER-3-NIC' exists... 2020-07-10 13:44:32 [ INFO]: [ ] Creating VM network card 'PYPI-EXTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:44:33 [SUCCESS]: [✔] Created VM network card 'PYPI-EXTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:44:33 [ INFO]: Ensuring that managed disk 'PYPI-EXTERNAL-MIRROR-TIER-3-DATA-DISK' exists... 2020-07-10 13:44:34 [ INFO]: [ ] Creating 511 GB managed disk 'PYPI-EXTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:44:38 [SUCCESS]: [✔] Created managed disk 'PYPI-EXTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:44:39 [ INFO]: Temporarily allowing outbound internet access from 10.20.3.4 on ports 80, 443 and 3128 2020-07-10 13:44:50 [ INFO]: Ensuring that virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-3' exists... 2020-07-10 13:44:56 [ INFO]: [ ] Creating virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-3' 2020-07-10 13:46:17 [SUCCESS]: [✔] Created virtual machine 'PYPI-EXTERNAL-MIRROR-TIER-3' 2020-07-10 13:46:47 [ INFO]: Waiting for cloud-init provisioning to finish for PYPI-EXTERNAL-MIRROR-TIER-3... 2020-07-10 13:48:47 [SUCCESS]: [✔] Cloud-init provisioning is finished for PYPI-EXTERNAL-MIRROR-TIER-3 2020-07-10 13:48:47 [ INFO]: Disabling outbound internet access from 10.20.3.4 and restarting VM: 'PYPI-EXTERNAL-MIRROR-TIER-3'... 2020-07-10 13:48:51 [SUCCESS]: [✔] Configuring VM 'PYPI-EXTERNAL-MIRROR-TIER-3' succeeded 2020-07-10 13:48:52 [ INFO]: [ ] (Re)starting VM 'PYPI-EXTERNAL-MIRROR-TIER-3' [PowerState/stopped] 2020-07-10 13:49:03 [SUCCESS]: [✔] Successfully (re)started 'PYPI-EXTERNAL-MIRROR-TIER-3' [PowerState/running] 2020-07-10 13:49:34 [SUCCESS]: [✔] Remote script execution succeeded 2020-07-10 13:49:44 [SUCCESS]: [✔] Fetching ssh key from external package mirror succeeded 2020-07-10 13:49:45 [ INFO]: Ensuring that VM network card 'PYPI-INTERNAL-MIRROR-TIER-3-NIC' exists... 2020-07-10 13:49:45 [ INFO]: [ ] Creating VM network card 'PYPI-INTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:49:47 [SUCCESS]: [✔] Created VM network card 'PYPI-INTERNAL-MIRROR-TIER-3-NIC' 2020-07-10 13:49:47 [ INFO]: Ensuring that managed disk 'PYPI-INTERNAL-MIRROR-TIER-3-DATA-DISK' exists... 2020-07-10 13:49:48 [ INFO]: [ ] Creating 511 GB managed disk 'PYPI-INTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:49:51 [SUCCESS]: [✔] Created managed disk 'PYPI-INTERNAL-MIRROR-TIER-3-DATA-DISK' 2020-07-10 13:49:52 [ INFO]: Temporarily allowing outbound internet access from 10.20.3.20 on ports 80, 443 and 3128 2020-07-10 13:50:03 [ INFO]: Ensuring that virtual machine 'PYPI-INTERNAL-MIRROR-TIER-3' exists... 2020-07-10 13:50:07 [ INFO]: [ ] Creating virtual machine 'PYPI-INTERNAL-MIRROR-TIER-3' 2020-07-10 13:51:29 [SUCCESS]: [✔] Created virtual machine 'PYPI-INTERNAL-MIRROR-TIER-3' 2020-07-10 13:51:59 [ INFO]: Waiting for cloud-init provisioning to finish for PYPI-INTERNAL-MIRROR-TIER-3... 2020-07-10 13:54:45 [SUCCESS]: [✔] Cloud-init provisioning is finished for PYPI-INTERNAL-MIRROR-TIER-3 2020-07-10 13:54:45 [ INFO]: Disabling outbound internet access from 10.20.3.20 and restarting VM: 'PYPI-INTERNAL-MIRROR-TIER-3'... 2020-07-10 13:54:50 [SUCCESS]: [✔] Configuring VM 'PYPI-INTERNAL-MIRROR-TIER-3' succeeded 2020-07-10 13:54:50 [ INFO]: [ ] (Re)starting VM 'PYPI-INTERNAL-MIRROR-TIER-3' [PowerState/stopped] 2020-07-10 13:55:02 [SUCCESS]: [✔] Successfully (re)started 'PYPI-INTERNAL-MIRROR-TIER-3' [PowerState/running] 2020-07-10 13:55:02 [ INFO]: Ensuring that 'PYPI-INTERNAL-MIRROR-TIER-3' can accept connections from the external mirror... 2020-07-10 13:55:02 [ INFO]: Retrieving public key for 'PYPI-INTERNAL-MIRROR-TIER-3'... 2020-07-10 13:55:32 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] 127.0.0.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCFzO/47bNQtPThU/xf59E5QGKNR3Y+3HQ+35cijlj8h/J7GuJZcZSY5dN2ISev2SyZRDa/O73UWGIK8TiZhY44= 127.0.0.1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbjF+b3LyWTwlpI6ONf9IfK9f/owxuZ3ZnfaHUjFW6krrbmMGgAz3jWDK5Z8IhVHz2qxpA+DnERjjGTTHgTulq8krF5qeBiyvBZwm6SLEXX23JEiKsAoHrOaF24F9zwNV7ZD2o/SIXDo8c3XrDptjH3KRZDdsYVhucTqmz22QAGlkoiaBtWNgCWx1B4utrEmD8N8praf7bRAWF1rZT+eFaptkMS0vSt3nTBy5q9YiscZsozyXm89g0t7i60is5/2u55QQWsVFp1OuGso6hPdRTeoVrhP5yha1QliZB1tRQLxUeC7HcImIe9Gt1eTHe0vkCxAj3CRWWV9iiAN23aF7d 127.0.0.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrvTufsc1OlwC6ST51Z7rHQxcuEFdkvoeL/YqH4lGaF [stderr] Time : 2020-07-10 13:55:42 [ INFO]: Uploading 'PYPI-INTERNAL-MIRROR-TIER-3' public key to 'PYPI-EXTERNAL-MIRROR-TIER-3'... 2020-07-10 13:56:13 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Update known hosts on the external server to allow connections to the internal server... WARNING: /home/mirrordaemon/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames /home/mirrordaemon/.ssh/known_hosts updated. Original contents retained as /home/mirrordaemon/.ssh/known_hosts.old |1|jIPttLzVI89RF219QJCVjOrjwOE=|Qhq93Bb25mB3CdjQ8LbNJlzUjMc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCFzO/47bNQtPThU/xf59E5QGKNR3Y+3HQ+35cijlj8h/J7GuJZcZSY5dN2ISev2SyZRDa/O73UWGIK8TiZhY44= 10.20.3.20 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbjF+b3LyWTwlpI6ONf9IfK9f/owxuZ3ZnfaHUjFW6krrbmMGgAz3jWDK5Z8IhVHz2qxpA+DnERjjGTTHgTulq8krF5qeBiyvBZwm6SLEXX23JEiKsAoHrOaF24F9zwNV7ZD2o/SIXDo8c3XrDptjH3KRZDdsYVhucTqmz22QAGlkoiaBtWNgCWx1B4utrEmD8N8praf7bRAWF1rZT+eFaptkMS0vSt3nTBy5q9YiscZsozyXm89g0t7i60is5/2u55QQWsVFp1OuGso6hPdRTeoVrhP5yha1QliZB1tRQLxUeC7HcImIe9Gt1eTHe0vkCxAj3CRWWV9iiAN23aF7d 10.20.3.20 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrvTufsc1OlwC6ST51Z7rHQxcuEFdkvoeL/YqH4lGaF total 20K drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:55 . drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:48 .. -rw------- 1 mirrordaemon mirrordaemon 1.7K Jul 10 12:48 id_rsa -rw-r--r-- 1 mirrordaemon mirrordaemon 422 Jul 10 12:48 id_rsa.pub -rw------- 1 mirrordaemon mirrordaemon 706 Jul 10 12:55 known_hosts Update known IP addresses on the external server to schedule pushing to the internal server... 10.20.3.20 total 40K drwxr-xr-x 3 mirrordaemon mirrordaemon 4.0K Jul 10 12:55 . drwxr-xr-x 4 root root 4.0K Jul 10 12:46 .. drwxr-xr-x 2 mirrordaemon mirrordaemon 4.0K Jul 10 12:55 .ssh -rw------- 1 mirrordaemon mirrordaemon 11 Jul 10 12:55 internal_mirror_ip_addresses.txt -rw------- 1 mirrordaemon mirrordaemon 5.6K Jul 10 12:45 package_whitelist.txt -rwx------ 1 mirrordaemon mirrordaemon 1.1K Jul 10 12:45 pull_from_internet.sh -rwx------ 1 mirrordaemon mirrordaemon 105 Jul 10 12:45 pull_then_push.sh -rwx------ 1 mirrordaemon mirrordaemon 1.2K Jul 10 12:45 push_to_internal_mirrors.sh -r-------- 1 mirrordaemon mirrordaemon 1.8K Jul 10 12:45 update_bandersnatch_config.py [stderr] Time : ```

[jemrobinson]

SRE 'sre1' deployment

Code version

```pwsh Already up to date. On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean At commit bb8ec345 (bb8ec345078016bb2f4883f7b945a21a359e5ea2) ```

Setup_SRE_KeyVault_And_Users

```pwsh 2020-07-10 15:03:22 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_SECRETS' exists... 2020-07-10 15:03:22 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_SECRETS' 2020-07-10 15:03:23 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_SECRETS' 2020-07-10 15:03:23 [ INFO]: Ensuring that key vault 'kv-decovid-sre-sre1' exists... 2020-07-10 15:03:24 [ INFO]: [ ] Creating key vault 'kv-decovid-sre-sre1' 2020-07-10 15:03:56 [SUCCESS]: [✔] Created key vault 'kv-decovid-sre-sre1' 2020-07-10 15:03:56 [ INFO]: Giving group 'Safe Haven Test Admins' access to key vault 'kv-decovid-sre-sre1'... 2020-07-10 15:04:01 [SUCCESS]: [✔] Set correct access policies for key vault 'kv-decovid-sre-sre1' 2020-07-10 15:04:02 [ INFO]: Ensuring that secrets exist in key vault 'kv-decovid-sre-sre1'... 2020-07-10 15:04:05 [SUCCESS]: [✔] Ensured that SRE admin usernames exist 2020-07-10 15:04:19 [SUCCESS]: [✔] Ensured that SRE VM admin passwords exist 2020-07-10 15:04:31 [SUCCESS]: [✔] Ensured that SRE database secrets exist 2020-07-10 15:04:35 [SUCCESS]: [✔] Ensured that other SRE secrets exist 2020-07-10 15:04:35 [ INFO]: Loading secrets for SRE users and groups... 2020-07-10 15:04:40 [ INFO]: [ ] Adding SRE users and groups to SHM... 2020-07-10 15:05:45 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [ ] Creating group 'SG SRE1 Data Administrators' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE1 Data Administrators' created [ ] Creating group 'SG SRE1 Research Users' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE1 Research Users' created [ ] Creating group 'SG SRE1 System Administrators' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE1 System Administrators' created [ ] Adding 'SG Safe Haven Server Administrators' user to group 'SG SRE1 System Administrators' [o] User 'SG Safe Haven Server Administrators' was added to 'SG SRE1 System Administrators' [ ] Creating user 'SRE1 Data Mount Service Account' (sre1datamount)... [o] User 'SRE1 Data Mount Service Account' (sre1datamount) created [ ] Creating user 'SRE1 Postgres DB Service Account' (sre1dbpostgres)... [o] User 'SRE1 Postgres DB Service Account' (sre1dbpostgres) created [ ] Creating user 'SRE1 LDAP Search Service Account' (sre1ldapsearch)... [o] User 'SRE1 LDAP Search Service Account' (sre1ldapsearch) created Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : ```

Setup_SRE_DNS_Zone

```pwsh 2020-07-10 15:09:51 [ INFO]: Ensuring that DNS Zone exists... 2020-07-10 15:09:51 [ INFO]: Ensuring the DNS zone 'sre1.decovid.turingsafehaven.ac.uk' exists... 2020-07-10 15:09:51 [ INFO]: [ ] Creating DNS Zone 'sre1.decovid.turingsafehaven.ac.uk' 2020-07-10 15:09:53 [SUCCESS]: [✔] Created DNS Zone 'sre1.decovid.turingsafehaven.ac.uk' 2020-07-10 15:09:53 [ INFO]: Get NS records from the new DNS Zone... 2020-07-10 15:09:53 [ INFO]: Reading NS records '@' for DNS Zone 'sre1.decovid.turingsafehaven.ac.uk'... 2020-07-10 15:09:56 [ INFO]: Add NS records to the parent DNS Zone... 2020-07-10 15:09:57 [ INFO]: Creating new Record Set 'sre1' in DNS Zone 'decovid.turingsafehaven.ac.uk' with NS records 'ns1-07.azure-dns.com. ns2-07.azure-dns.net. ns3-07.azure-dns.org. ns4-07.azure-dns.info.' to ... 2020-07-10 15:09:58 [SUCCESS]: [✔] Created DNS Record Set 'sre1' ```

Setup_SRE_VNET_RDS

```pwsh 2020-07-10 15:10:24 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_NETWORKING' exists... 2020-07-10 15:10:24 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_NETWORKING' 2020-07-10 15:10:25 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_NETWORKING' 2020-07-10 15:10:25 [ INFO]: Ensuring that virtual network 'VNET_SRE_SRE1' exists... 2020-07-10 15:10:25 [ INFO]: [ ] Creating virtual network 'VNET_SRE_SRE1' 2020-07-10 15:10:29 [SUCCESS]: [✔] Created virtual network 'VNET_SRE_SRE1' 2020-07-10 15:10:29 [ INFO]: Ensuring that subnet 'SharedDataSubnet' exists... 2020-07-10 15:10:30 [ INFO]: [ ] Creating subnet 'SharedDataSubnet' 2020-07-10 15:10:34 [SUCCESS]: [✔] Created subnet 'SharedDataSubnet' 2020-07-10 15:10:35 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 15:10:35 [ INFO]: [ ] Creating subnet 'DatabasesSubnet' 2020-07-10 15:10:40 [SUCCESS]: [✔] Created subnet 'DatabasesSubnet' 2020-07-10 15:10:40 [ INFO]: Ensuring that subnet 'IdentitySubnet' exists... 2020-07-10 15:10:41 [ INFO]: [ ] Creating subnet 'IdentitySubnet' 2020-07-10 15:10:45 [SUCCESS]: [✔] Created subnet 'IdentitySubnet' 2020-07-10 15:10:46 [ INFO]: Ensuring that subnet 'RDSSubnet' exists... 2020-07-10 15:10:46 [ INFO]: [ ] Creating subnet 'RDSSubnet' 2020-07-10 15:10:51 [SUCCESS]: [✔] Created subnet 'RDSSubnet' 2020-07-10 15:10:59 [SUCCESS]: [✔] Peering removal succeeded 2020-07-10 15:11:01 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE1' from 'VNET_SRE_SRE1' to 'VNET_SHM_DECOVID'... 2020-07-10 15:11:14 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID' from 'VNET_SHM_DECOVID' to 'VNET_SRE_SRE1'... 2020-07-10 15:11:37 [SUCCESS]: [✔] Peering 'VNET_SHM_DECOVID' and 'VNET_SRE_SRE1' succeeded 2020-07-10 15:11:37 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 15:11:45 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_ARTIFACTS' exists... 2020-07-10 15:11:46 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_ARTIFACTS' 2020-07-10 15:11:47 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_ARTIFACTS' 2020-07-10 15:11:47 [ INFO]: Ensuring that storage account 'sresre1bootdiagstplkehgv' exists in 'RG_SRE_SRE1_ARTIFACTS'... 2020-07-10 15:11:47 [ INFO]: [ ] Creating storage account 'sresre1bootdiagstplkehgv' 2020-07-10 15:12:06 [SUCCESS]: [✔] Created storage account 'sresre1bootdiagstplkehgv' 2020-07-10 15:12:06 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_ARTIFACTS' exists... 2020-07-10 15:12:07 [SUCCESS]: [✔] Resource group 'RG_SRE_SRE1_ARTIFACTS' already exists 2020-07-10 15:12:07 [ INFO]: Ensuring that storage account 'sresre1artifactstplkehgv' exists in 'RG_SRE_SRE1_ARTIFACTS'... 2020-07-10 15:12:08 [ INFO]: [ ] Creating storage account 'sresre1artifactstplkehgv' 2020-07-10 15:12:26 [SUCCESS]: [✔] Created storage account 'sresre1artifactstplkehgv' 2020-07-10 15:12:29 [ INFO]: Ensuring that storage account 'shmdecovidartifactsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 15:12:29 [SUCCESS]: [✔] Storage account 'shmdecovidartifactsoceuy' already exists 2020-07-10 15:12:32 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_RDS_SERVER' exists... 2020-07-10 15:12:33 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_RDS_SERVER' 2020-07-10 15:12:37 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_RDS_SERVER' 2020-07-10 15:12:47 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_RDS_SESSION_HOSTS' exists... 2020-07-10 15:12:48 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_RDS_SESSION_HOSTS' 2020-07-10 15:12:52 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_RDS_SESSION_HOSTS' 2020-07-10 15:12:56 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_RDS' exists... 2020-07-10 15:12:57 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_RDS' 2020-07-10 15:12:58 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_RDS' 2020-07-10 15:12:58 [ INFO]: Deploying RDS from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE1_RDS". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 15:13:01 - Template is valid. VERBOSE: 15:13:01 - Create template deployment 'sre-rds-template' VERBOSE: 15:13:01 - Checking deployment status in 5 seconds VERBOSE: 15:13:06 - Resource Microsoft.Compute/virtualMachines 'RDG-SRE-SRE1' provisioning status is running VERBOSE: 15:13:06 - Resource Microsoft.Network/networkInterfaces 'RDG-SRE-SRE1-NIC' provisioning status is succeeded VERBOSE: 15:13:06 - Resource Microsoft.Compute/virtualMachines 'APP-SRE-SRE1' provisioning status is running VERBOSE: 15:13:06 - Resource Microsoft.Network/publicIPAddresses 'RDG-SRE-SRE1-PIP' provisioning status is succeeded VERBOSE: 15:13:06 - Resource Microsoft.Network/networkInterfaces 'APP-SRE-SRE1-NIC' provisioning status is succeeded VERBOSE: 15:13:06 - Checking deployment status in 14 seconds VERBOSE: 15:13:20 - Checking deployment status in 5 seconds VERBOSE: 15:13:25 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE1/bginfo' provisioning status is running VERBOSE: 15:13:25 - Resource Microsoft.Compute/virtualMachines 'RDG-SRE-SRE1' provisioning status is succeeded VERBOSE: 15:13:25 - Checking deployment status in 13 seconds VERBOSE: 15:13:38 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE1/bginfo' provisioning status is running VERBOSE: 15:13:38 - Resource Microsoft.Compute/virtualMachines 'APP-SRE-SRE1' provisioning status is succeeded VERBOSE: 15:13:38 - Checking deployment status in 7 seconds VERBOSE: 15:13:45 - Checking deployment status in 5 seconds VERBOSE: 15:13:50 - Checking deployment status in 5 seconds VERBOSE: 15:13:56 - Checking deployment status in 5 seconds VERBOSE: 15:14:01 - Checking deployment status in 5 seconds VERBOSE: 15:14:06 - Checking deployment status in 5 seconds VERBOSE: 15:14:11 - Checking deployment status in 5 seconds VERBOSE: 15:14:16 - Checking deployment status in 5 seconds VERBOSE: 15:14:21 - Checking deployment status in 5 seconds VERBOSE: 15:14:26 - Checking deployment status in 5 seconds VERBOSE: 15:14:31 - Checking deployment status in 5 seconds VERBOSE: 15:14:36 - Checking deployment status in 5 seconds VERBOSE: 15:14:42 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE1/joindomain' provisioning status is running VERBOSE: 15:14:42 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE1/bginfo' provisioning status is succeeded VERBOSE: 15:14:42 - Checking deployment status in 12 seconds VERBOSE: 15:14:54 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE1/joindomain' provisioning status is running VERBOSE: 15:14:54 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE1/bginfo' provisioning status is succeeded VERBOSE: 15:14:54 - Checking deployment status in 12 seconds VERBOSE: 15:15:06 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE1/joindomain' provisioning status is succeeded VERBOSE: 15:15:06 - Checking deployment status in 5 seconds VERBOSE: 15:15:11 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE1/joindomain' provisioning status is succeeded DeploymentName : sre-rds-template ResourceGroupName : RG_SRE_SRE1_RDS ProvisioningState : Succeeded Timestamp : 10/07/2020 14:15:10 Mode : Incremental TemplateLink : Parameters : Name Type Value ======================================= ========================= ========== administrator_User String sresre1admin bootDiagnostics_Account_Name String sresre1bootdiagstplkehgv domain_Join_Password_Gateway SecureString domain_Join_Password_Session_Hosts SecureString domain_Join_User_Gateway String decovidgatewaysrvrs domain_Join_User_Session_Hosts String decovidsessionsrvrs domain_Name String decovid.turingsafehaven.ac.uk nsG_Gateway_Name String NSG_SRE_SRE1_RDS_SERVER oU_Path_Gateway String OU=Secure Research Environment RDS Gateway Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk oU_Path_Session_Hosts String OU=Secure Research Environment RDS Session Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk rdS_Gateway_Admin_Password SecureString rdS_Gateway_Data1_Disk_Size_GB Int 1023 rdS_Gateway_Data1_Disk_Type String Standard_LRS rdS_Gateway_Data2_Disk_Size_GB Int 1023 rdS_Gateway_Data2_Disk_Type String Standard_LRS rdS_Gateway_IP_Address String 10.150.1.4 rdS_Gateway_Name String RDG-SRE-SRE1 rdS_Gateway_Os_Disk_Size_GB Int 128 rdS_Gateway_Os_Disk_Type String Standard_LRS rdS_Gateway_VM_Size String Standard_DS2_v2 rdS_Session_Host_Apps_Admin_Password SecureString rdS_Session_Host_Apps_IP_Address String 10.150.1.5 rdS_Session_Host_Apps_Name String APP-SRE-SRE1 rdS_Session_Host_Apps_Os_Disk_Size_GB Int 128 rdS_Session_Host_Apps_Os_Disk_Type String Standard_LRS rdS_Session_Host_Apps_VM_Size String Standard_DS2_v2 srE_ID String sre1 virtual_Network_Name String VNET_SRE_SRE1 virtual_Network_Resource_Group String RG_SRE_SRE1_NETWORKING virtual_Network_Subnet String RDSSubnet Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 15:15:13 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 15:15:13 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 15:15:13 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 15:15:13 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 15:15:13 [SUCCESS]: [✔] Template deployment 'sre-rds-template' succeeded 2020-07-10 15:15:13 [ INFO]: Creating blob storage containers in storage account 'sresre1artifactstplkehgv'... 2020-07-10 15:15:13 [ INFO]: Ensuring that storage container 'sre-rds-gateway-scripts' exists... 2020-07-10 15:15:14 [ INFO]: [ ] Creating storage container 'sre-rds-gateway-scripts' in storage account 'sresre1artifactstplkehgv' 2020-07-10 15:15:14 [SUCCESS]: [✔] Created storage container 2020-07-10 15:15:14 [ INFO]: Ensuring that storage container 'sre-rds-sh-packages' exists... 2020-07-10 15:15:14 [ INFO]: [ ] Creating storage container 'sre-rds-sh-packages' in storage account 'sresre1artifactstplkehgv' 2020-07-10 15:15:14 [SUCCESS]: [✔] Created storage container 2020-07-10 15:15:14 [ INFO]: Upload RDS deployment scripts to storage... 2020-07-10 15:15:14 [ INFO]: [ ] Copying RDS installers to storage account 'sresre1artifactstplkehgv' 2020-07-10 15:15:16 [SUCCESS]: [✔] File copying succeeded 2020-07-10 15:15:16 [ INFO]: [ ] Uploading RDS gateway scripts to storage account 'sresre1artifactstplkehgv' 2020-07-10 15:15:16 [SUCCESS]: [✔] File uploading succeeded 2020-07-10 15:15:19 [ INFO]: Adding DNS record for RDS Gateway 2020-07-10 15:15:22 [ INFO]: [ ] Setting 'A' record for gateway host to '51.140.12.182' in SRE sre1 DNS zone (sre1.decovid.turingsafehaven.ac.uk) 2020-07-10 15:15:26 [SUCCESS]: [✔] Successfully set 'A' record for gateway host 2020-07-10 15:15:26 [ INFO]: [ ] Setting CNAME record for gateway host to point to the 'A' record in SRE sre1 DNS zone (sre1.decovid.turingsafehaven.ac.uk) 2020-07-10 15:15:28 [SUCCESS]: [✔] Successfully set 'CNAME' record for gateway host 2020-07-10 15:15:30 [ INFO]: Updating RDS Gateway: 'RDG-SRE-SRE1'... 2020-07-10 15:15:30 [ INFO]: [ ] Installing core Powershell modules on 'RDG-SRE-SRE1' 2020-07-10 15:17:31 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:18:41 [ INFO]: [ ] Setting OS locale and installing updates on 'RDG-SRE-SRE1' 2020-07-10 15:23:17 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 6 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:23:28 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:23:59 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:23:59 [ INFO]: Updating RDS Session Host (App server): 'APP-SRE-SRE1'... 2020-07-10 15:23:59 [ INFO]: [ ] Installing core Powershell modules on 'APP-SRE-SRE1' 2020-07-10 15:27:00 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:28:10 [ INFO]: [ ] Setting OS locale and installing updates on 'APP-SRE-SRE1' 2020-07-10 15:32:14 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 6 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:32:25 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE1' [PowerState/running] 2020-07-10 15:32:57 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE1' [PowerState/running] 2020-07-10 15:33:00 [ INFO]: Importing files from storage to RDS VMs... 2020-07-10 15:33:08 [ INFO]: [ ] Copying 2 files to RDS Gateway 2020-07-10 15:33:39 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Downloading 2 files to 'C:\Installation' [ ] Fetching https://sresre1artifactstplkehgv.blob.core.windows.net/sre-rds-gateway-scripts/Deploy_RDS_Environment.ps1... [o] Succeeded [ ] Fetching https://sresre1artifactstplkehgv.blob.core.windows.net/sre-rds-gateway-scripts/ServerList.xml... [o] Succeeded Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:33:54 [ INFO]: [ ] Copying 2 files to RDS Session Host (App server) 2020-07-10 15:36:56 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Downloading 2 files to 'C:\Installation' [ ] Fetching https://sresre1artifactstplkehgv.blob.core.windows.net/sre-rds-sh-packages/GoogleChrome_x64.msi... [o] Succeeded [ ] Installing GoogleChrome_x64.msi... [o] Succeeded [ ] Fetching https://sresre1artifactstplkehgv.blob.core.windows.net/sre-rds-sh-packages/PuTTY_x64.msi... [o] Succeeded [ ] Installing PuTTY_x64.msi... [o] Succeeded Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:37:06 [ INFO]: Updating RDS Gateway: 'RDG-SRE-SRE1'... 2020-07-10 15:37:06 [ INFO]: [ ] Installing core Powershell modules on 'RDG-SRE-SRE1' 2020-07-10 15:38:38 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:39:18 [ INFO]: [ ] Installing additional Powershell modules on 'RDG-SRE-SRE1' 2020-07-10 15:40:21 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing RDWebClientManagement... [o] RDWebClientManagement 1.0.3 is installed Newly installed modules: ... RDWebClientManagement Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:41:01 [ INFO]: [ ] Setting OS locale and installing updates on 'RDG-SRE-SRE1' 2020-07-10 15:41:33 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 0 Windows updates: [o] Installing Windows updates succeeded. Newly installed Windows updates: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:41:44 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:42:15 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:42:15 [ INFO]: Updating RDS Session Host (App server): 'APP-SRE-SRE1'... 2020-07-10 15:42:15 [ INFO]: [ ] Installing core Powershell modules on 'APP-SRE-SRE1' 2020-07-10 15:43:46 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:44:56 [ INFO]: [ ] Setting OS locale and installing updates on 'APP-SRE-SRE1' 2020-07-10 15:45:27 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 0 Windows updates: [o] Installing Windows updates succeeded. Newly installed Windows updates: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 15:45:38 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE1' [PowerState/running] 2020-07-10 15:46:10 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE1' [PowerState/running] 2020-07-10 15:46:10 [ INFO]: [ ] Associating RDG-SRE-SRE1 with NSG_SRE_SRE1_RDS_SERVER... 2020-07-10 15:46:13 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 15:46:23 [ INFO]: [ ] Associating APP-SRE-SRE1 with NSG_SRE_SRE1_RDS_SESSION_HOSTS... 2020-07-10 15:46:36 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 15:46:47 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:47:18 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE1' [PowerState/running] 2020-07-10 15:47:19 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE1' [PowerState/running] 2020-07-10 15:48:43 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE1' [PowerState/running] ```

Configure_SRE_RDS_CAP_And_RAP

```pwsh 2020-07-10 16:00:58 [ INFO]: Creating/retrieving NPS secret from key vault 'kv-decovid-sre-sre1'... 2020-07-10 16:01:00 [ INFO]: [ ] Configuring CAP and RAP settings on RDS Gateway 2020-07-10 16:01:31 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [o] Successfully restricted 'RDG_AllDomainComputers' User Groups to 'SG SRE1 Research Users@DECOVID'. [o] Successfully restricted 'RDG_RDConnectionBrokers' User Groups to 'SG SRE1 Research Users@DECOVID'. [o] Successfully configured '10.0.0.6' as the only remote NPS server. [o] Successfully set remote NPS server as RD CAP store. Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 16:01:43 [ INFO]: Adding RDS Gateway as RADIUS client on SHM NPS 2020-07-10 16:02:14 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring that RADIUS client 'RDG-SRE-SRE1.decovid.turingsafehaven.ac.uk' is registered... Creating RADIUS client 'RDG-SRE-SRE1.decovid.turingsafehaven.ac.uk' at '10.150.1.4'... [o] Successfully created RADIUS client Adding RDS gateway inbound rule... [o] Inbound RADIUS firewall rule 'SRE SRE1 RDS Gateway RADIUS inbound (10.150.1.4)' already exists Updating 'SRE SRE1 RDS Gateway RADIUS inbound (10.150.1.4)' inbound RADIUS firewall rule for RDG-SRE-SRE1.decovid.turingsafehaven.ac.uk (10.150.1.4)... [o] Successfully updated RDS gateway inbound rule Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 16:02:31 [ INFO]: Restarting NPS Server... 2020-07-10 16:02:31 [ INFO]: [ ] (Re)starting VM 'NPS-SHM-DECOVID' [PowerState/running] 2020-07-10 16:03:03 [SUCCESS]: [✔] Successfully (re)started 'NPS-SHM-DECOVID' [PowerState/running] 2020-07-10 16:03:03 [ INFO]: Waiting 2 minutes for NPS services to start... ```

Update_SRE_RDS_SSL_Certificate

```pwsh 2020-07-10 16:09:24 [ INFO]: [ ] Checking whether signed certificate 'sre-sre1-lets-encrypt-certificate' already exists in key vault... 2020-07-10 16:09:26 [ INFO]: No certificate found in key vault 'kv-decovid-sre-sre1' 2020-07-10 16:09:26 [ INFO]: Preparing to request a new certificate... 2020-07-10 16:09:26 [ INFO]: Using Let's Encrypt production server! 2020-07-10 16:09:26 [ INFO]: [ ] Checking for Posh-ACME account 2020-07-10 16:09:26 [SUCCESS]: [✔] Using Posh-ACME account: 72641526 2020-07-10 16:09:30 [ INFO]: Test that we can interact with DNS records... 2020-07-10 16:09:30 [ INFO]: [ ] Attempting to create a DNS record for dnstest.sre1.decovid.turingsafehaven.ac.uk... VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/providers/Microsoft.Network/dnszones?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 23124-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 42 zone(s) found VERBOSE: Checking dnstest.sre1.decovid.turingsafehaven.ac.uk VERBOSE: Checking sre1.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.dnstest.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 187-byte response of content type application/json VERBOSE: Sending updated _acme-challenge.dnstest VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 491-byte response of content type application/json VERBOSE: Content encoding: utf-8 2020-07-10 16:09:32 [SUCCESS]: [✔] DNS record creation succeeded 2020-07-10 16:09:32 [ INFO]: [ ] Attempting to delete a DNS record for dnstest.sre1.decovid.turingsafehaven.ac.uk... VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.sre1.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.dnstest.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 491-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Deleting _acme-challenge.dnstest. No values left. VERBOSE: DELETE https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 0-byte response of content type VERBOSE: Content encoding: iso-8859-1 2020-07-10 16:09:33 [SUCCESS]: [✔] DNS record deletion succeeded 2020-07-10 16:09:33 [ INFO]: Generating a certificate signing request for sre1.decovid.turingsafehaven.ac.uk to be signed by Let's Encrypt... 2020-07-10 16:09:34 [SUCCESS]: [✔] CSR creation succeeded 2020-07-10 16:09:34 [ INFO]: Sending the CSR to be signed by Let's Encrypt... VERBOSE: Attempting to find hosted zone for _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/providers/Microsoft.Network/dnszones?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 23124-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 42 zone(s) found VERBOSE: Checking sre1.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 179-byte response of content type application/json VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 2020-07-10 16:09:36 [ INFO]: [ ] Creating certificate for sre1.decovid.turingsafehaven.ac.uk... VERBOSE: Using directory https://acme-v02.api.letsencrypt.org/directory VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/acct/72341183 with 398-byte payload VERBOSE: received 340-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/acct/72641526 with 398-byte payload VERBOSE: received 314-byte response of content type application/json VERBOSE: Using account 72641526 VERBOSE: Creating a new order for sre1.decovid.turingsafehaven.ac.uk, RDG-SRE-SRE1.decovid.turingsafehaven.ac.uk VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/new-order with 587-byte payload VERBOSE: received 527-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5790479839 with 406-byte payload VERBOSE: received 514-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5791851841 with 406-byte payload VERBOSE: received 812-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5791851841 with 406-byte payload VERBOSE: received 812-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5790479839 with 406-byte payload VERBOSE: received 514-byte response of content type application/json WARNING: Fewer DnsPlugin values than names in the order. Using Azure for the rest. VERBOSE: Publishing DNS challenge for sre1.decovid.turingsafehaven.ac.uk VERBOSE: Attempting to find hosted zone for _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 156-byte payload VERBOSE: received 525-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: rdg-sre-sre1.decovid.turingsafehaven.ac.uk authorization is already valid VERBOSE: Saving changes for Azure plugin VERBOSE: Sleeping for 120 seconds while DNS change(s) propagate VERBOSE: Requesting challenge validations VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/chall-v3/5791851841/Z0-bSg with 419-byte payload VERBOSE: received 184-byte response of content type application/json VERBOSE: Attempting to find hosted zone for _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre1.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 525-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre1.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Saving changes for Azure plugin VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/72641526/4142837132 with 414-byte payload VERBOSE: received 515-byte response of content type application/json VERBOSE: Finalizing the order. VERBOSE: Using the provided certificate request. VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/finalize/72641526/4142837132 with 1988-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/72641526/4142837132 with 414-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/72641526/4142837132 with 414-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/cert/03bc2b71564e3db0145c5d777f64da418223 with 436-byte payload VERBOSE: received 3669-byte response of content type application/pem-certificate-chain VERBOSE: No private key available. Skipping Pfx creation. VERBOSE: Updating cert expiration and renewal window VERBOSE: Successfully created certificate. 2020-07-10 16:11:54 [SUCCESS]: [✔] Certificate creation succeeded 2020-07-10 16:11:54 [ INFO]: Importing signed certificate into KeyVault 'kv-decovid-sre-sre1'... 2020-07-10 16:11:58 [SUCCESS]: [✔] Certificate import succeeded 2020-07-10 16:11:58 [ INFO]: Adding SSL certificate to RDS Gateway VM 2020-07-10 16:12:32 [SUCCESS]: [✔] Adding certificate succeeded 2020-07-10 16:12:32 [ INFO]: Configuring RDS Gateway VM to use SSL certificate 2020-07-10 16:13:34 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Looking for certificate with thumbprint: DC08042125216EEFDF2B5A8EBDE940AC6FF7BA92 [o] Found certificate with correct thumbprint Updating RDS roles to use new certificate... [o] Successfully updated RDS roles Currently installed certificates: Role Level ExpiresOn IssuedTo ---- ----- --------- -------- RDRedirector Trusted 10/08/2020 15:11:52 CN=sre1.decovid.turingsafehaven.ac.uk RDPublishing Trusted 10/08/2020 15:11:52 CN=sre1.decovid.turingsafehaven.ac.uk RDWebAccess Trusted 10/08/2020 15:11:52 CN=sre1.decovid.turingsafehaven.ac.uk RDGateway Trusted 10/08/2020 15:11:52 CN=sre1.decovid.turingsafehaven.ac.uk Extracting a base64-encoded certificate... [o] Base64-encoded certificate extracted to C:\Certificates\letsencrypt_b64.cer Importing certificate to RDS Web Client... WARNING: The requested package has already been published for this client type. [o] Certificate installed on RDS Web Client Checking webclient broker certificate... [o] Webclient broker certificate has the correct thumbprint: 'DC08042125216EEFDF2B5A8EBDE940AC6FF7BA92' Checking RDGateway certificate... [o] RDGateway certificate has the correct thumbprint: 'DC08042125216EEFDF2B5A8EBDE940AC6FF7BA92' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : ```

Setup_SRE_WebApp_Servers

```pwsh 2020-07-10 16:18:53 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 16:19:00 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_WEBAPPS' exists... 2020-07-10 16:19:02 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_WEBAPPS' 2020-07-10 16:19:07 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_WEBAPPS' 2020-07-10 16:19:12 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_WEBAPPS' exists... 2020-07-10 16:19:12 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_WEBAPPS' 2020-07-10 16:19:13 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_WEBAPPS' 2020-07-10 16:19:13 [ INFO]: Deploying GitLab/HackMD VMs from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE1_WEBAPPS". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 16:19:13 - Template is valid. VERBOSE: 16:19:14 - Create template deployment 'sre-webapps-template' VERBOSE: 16:19:14 - Checking deployment status in 5 seconds VERBOSE: 16:19:19 - Resource Microsoft.Compute/virtualMachines 'GITLAB-SRE-SRE1' provisioning status is running VERBOSE: 16:19:19 - Resource Microsoft.Compute/virtualMachines 'HACKMD-SRE-SRE1' provisioning status is running VERBOSE: 16:19:19 - Resource Microsoft.Network/networkInterfaces 'GITLAB-SRE-SRE1-NIC' provisioning status is succeeded VERBOSE: 16:19:19 - Resource Microsoft.Network/networkInterfaces 'HACKMD-SRE-SRE1-NIC' provisioning status is succeeded VERBOSE: 16:19:19 - Checking deployment status in 13 seconds VERBOSE: 16:19:32 - Checking deployment status in 5 seconds VERBOSE: 16:19:37 - Checking deployment status in 5 seconds VERBOSE: 16:19:42 - Checking deployment status in 5 seconds VERBOSE: 16:19:47 - Checking deployment status in 5 seconds VERBOSE: 16:19:52 - Checking deployment status in 5 seconds VERBOSE: 16:19:57 - Checking deployment status in 5 seconds VERBOSE: 16:20:02 - Checking deployment status in 5 seconds VERBOSE: 16:20:07 - Checking deployment status in 5 seconds VERBOSE: 16:20:12 - Checking deployment status in 5 seconds VERBOSE: 16:20:17 - Checking deployment status in 5 seconds VERBOSE: 16:20:23 - Resource Microsoft.Compute/virtualMachines 'HACKMD-SRE-SRE1' provisioning status is succeeded VERBOSE: 16:20:23 - Checking deployment status in 5 seconds VERBOSE: 16:20:28 - Checking deployment status in 5 seconds VERBOSE: 16:20:33 - Checking deployment status in 5 seconds VERBOSE: 16:20:38 - Checking deployment status in 5 seconds VERBOSE: 16:20:43 - Checking deployment status in 5 seconds VERBOSE: 16:20:48 - Checking deployment status in 5 seconds VERBOSE: 16:20:53 - Resource Microsoft.Compute/virtualMachines 'GITLAB-SRE-SRE1' provisioning status is succeeded DeploymentName : sre-webapps-template ResourceGroupName : RG_SRE_SRE1_WEBAPPS ProvisioningState : Succeeded Timestamp : 10/07/2020 15:20:53 Mode : Incremental TemplateLink : Parameters : Name Type Value ================================ ========================= ========== administrator_User String sresre1admin bootDiagnostics_Account_Name String sresre1bootdiagstplkehgv gitLab_Administrator_Password SecureString gitLab_Cloud_Init String I2Nsb3VkLWNvbmZpZwpwYWNrYWdlX3VwZGF0ZTogdHJ1ZQpwYWNrYWdlX3VwZ3JhZGU6IHRydWUKCiMgSW5zdGFsbCBMREFQIHRvb2xzIGZvciBkZWJ1Z2dpbmcgTERBUCBpc3N1ZXMKcGFja2FnZX M6CiAgLSBhcHQtdHJhbnNwb3J0LWh0dHBzCiAgLSBjYS1jZXJ0aWZpY2F0ZXMKICAtIGN1cmwKICAtIGdpdGxhYi1jZQogIC0gZ251cGcKICAtIGxkYXAtdXRpbHMKICAtIG9wZW5zc2gtc2VydmVyCiAgLSBwb3N0Zml4CgphcHQ6CiAgIyBQcmVzZXJ2ZXMgdGhlIGV4aXN0aW5nI C9ldGMvYXB0L3NvdXJjZXMubGlzdAogIHByZXNlcnZlX3NvdXJjZXNfbGlzdDogdHJ1ZQoKICAjIEFkZCByZXBvc2l0b3JpZXMKICBzb3VyY2VzOgogICAgZ2l0bGFiLmxpc3Q6CiAgICAgIHNvdXJjZTogImRlYiBodHRwczovL3BhY2thZ2VzLmdpdGxhYi5jb20vZ2l0bGFiL2dp dGxhYi1jZS91YnVudHUgYmlvbmljIG1haW4iCiAgICAgIGtleWlkOiAzRjAxNjE4QTUxMzEyRjNGCgojIFdlIGtub3cgdGhhdCBleGFjdGx5IG9uZSBkYXRhIGRpc2sgd2lsbCBiZSBhdHRhY2hlZCB0byB0aGlzIFZNIGFuZCBpdCB3aWxsIGJlIGF0dGFjaGVkIGFzIGx1bjEKZGl za19zZXR1cDoKICAvZGV2L2Rpc2svYXp1cmUvc2NzaTEvbHVuMToKICAgIHRhYmxlX3R5cGU6IGdwdAogICAgbGF5b3V0OiBUcnVlCiAgICBvdmVyd3JpdGU6IFRydWUKCmZzX3NldHVwOgogIC0gZGV2aWNlOiAvZGV2L2Rpc2svYXp1cmUvc2NzaTEvbHVuMQogICAgcGFydGl0aW 9uOiAxCiAgICBmaWxlc3lzdGVtOiBleHQ0Cgptb3VudHM6CiAgLSBbL2Rldi9kaXNrL2F6dXJlL3Njc2kxL2x1bjEtcGFydDEsIC9kYXRhZHJpdmUsIGV4dDQsICJkZWZhdWx0cyxub2ZhaWwiXQoKd3JpdGVfZmlsZXM6CiAgLSBwYXRoOiAvZXRjL2dpdGxhYi9naXRsYWIucmIKI CAgIHBlcm1pc3Npb25zOiAiMDYwMCIKICAgIGNvbnRlbnQ6IHwKICAgICAgZXh0ZXJuYWxfdXJsICdodHRwOi8vMTAuMTUwLjIuNScKICAgICAgZ2l0bGFiX3JhaWxzWydsZGFwX2VuYWJsZWQnXSA9IHRydWUKICAgICAgZ2l0bGFiX3JhaWxzWydsZGFwX3NlcnZlcnMnXSA9IFlB TUwubG9hZCA8PC0nRU9TJwogICAgICAgIG1haW46ICMgJ21haW4nIGlzIHRoZSBHaXRMYWIgJ3Byb3ZpZGVyIElEJyBvZiB0aGlzIExEQVAgc2VydmVyCiAgICAgICAgICBsYWJlbDogJ0xEQVAnCiAgICAgICAgICBob3N0OiAnREMxLVNITS1ERUNPVklELmRlY292aWQudHVyaW5 nc2FmZWhhdmVuLmFjLnVrJwogICAgICAgICAgcG9ydDogMzg5CiAgICAgICAgICB1aWQ6ICdzQU1BY2NvdW50TmFtZScKICAgICAgICAgIG1ldGhvZDogJ3BsYWluJyAjICJ0bHMiIG9yICJzc2wiIG9yICJwbGFpbiIKICAgICAgICAgIGJpbmRfZG46ICdDTj1TUkUxIExEQVAgU2 VhcmNoIFNlcnZpY2UgQWNjb3VudCxPVT1TYWZlIEhhdmVuIFNlcnZpY2UgQWNjb3VudHMsREM9ZGVjb3ZpZCxEQz10dXJpbmdzYWZlaGF2ZW4sREM9YWMsREM9dWsnCiAgICAgICAgICBwYXNzd29yZDogJ0FMdFM5VzFkbVA5VjhuZ1B2djRGJwogICAgICAgICAgYWN0aXZlX2Rpc mVjdG9yeTogdHJ1ZQogICAgICAgICAgYWxsb3dfdXNlcm5hbWVfb3JfZW1haWxfbG9naW46IHRydWUKICAgICAgICAgIGJsb2NrX2F1dG9fY3JlYXRlZF91c2VyczogZmFsc2UKICAgICAgICAgIGJhc2U6ICdPVT1TYWZlIEhhdmVuIFJlc2VhcmNoIFVzZXJzLERDPWRlY292aWQs REM9dHVyaW5nc2FmZWhhdmVuLERDPWFjLERDPXVrJwogICAgICAgICAgdXNlcl9maWx0ZXI6ICcoJihvYmplY3RDbGFzcz11c2VyKShtZW1iZXJPZj1DTj1TRyBTUkUxIFJlc2VhcmNoIFVzZXJzLE9VPVNhZmUgSGF2ZW4gU2VjdXJpdHkgR3JvdXBzLERDPWRlY292aWQsREM9dHV yaW5nc2FmZWhhdmVuLERDPWFjLERDPXVrKSknCiAgICAgIGF0dHJpYnV0ZXM6CiAgICAgICAgdXNlcm5hbWU6IFsndWlkJywgJ3VzZXJpZCcsICdzQU1BY2NvdW50TmFtZSddCiAgICAgICAgZW1haWw6ICAgIFsnbWFpbCcsICdlbWFpbCcsICd1c2VyUHJpbmNpcGFsTmFtZSddCi AgICAgICAgbmFtZTogICAgICAgJ2NuJwogICAgICAgIGZpcnN0X25hbWU6ICdnaXZlbk5hbWUnCiAgICAgICAgbGFzdF9uYW1lOiAgJ3NuJwogICAgICBFT1MKICAgICAgZ2l0X2RhdGFfZGlycyh7ICJkZWZhdWx0IiA9PiB7ICJwYXRoIiA9PiAiL2RhdGFkcml2ZS9naXRkYXRhI iB9IH0pCgpydW5jbWQ6CiAgIyBDb25maWd1cmUgc2VydmVyCiAgLSBlY2hvICI+PT09IENvbmZpZ3VyaW5nIHNlcnZlci4uLiA9PT08IgogIC0gZWNobyAiMTAuMTUwLjIuNSBHSVRMQUItU1JFLVNSRTEgR0lUTEFCLVNSRS1TUkUxLnNyZTEuZGVjb3ZpZC50dXJpbmdzYWZlaGF2 ZW4uYWMudWsiID4+IC9ldGMvaG9zdHMKICAtIHRpbWVkYXRlY3RsIHNldC10aW1lem9uZSBFdXJvcGUvTG9uZG9uCiAgLSBkcGtnLXJlY29uZmlndXJlIC1mIG5vbmludGVyYWN0aXZlIHR6ZGF0YQogIC0gZWNobyAiVGltZXpvbmUgaXMgJChkYXRlICslWikiCiAgIyBTZXQgdXA gdGhlIGRhdGEgZGlzawogIC0gZWNobyAiPj09PSBDaGVja2luZyBhdHRhY2hlZCBkaXNrcy4uLiA9PT08IgogIC0gbWtkaXIgLXAgL2RhdGFkcml2ZS9naXRkYXRhCiAgLSBjYXQgL2V0Yy9mc3RhYgogICMgRW5hYmxlIGN1c3RvbSBHaXRMYWIgc2V0dGluZ3MgYW5kIHJ1biBhbi Bpbml0aWFsIGNvbmZpZ3VyYXRpb24KICAtIGVjaG8gIlJ1bm5pbmcgaW5pdGlhbCBjb25maWd1cmF0aW9uIgogIC0gZ2l0bGFiLWN0bCByZWNvbmZpZ3VyZQogICMgU2V0IHJvb3QgcGFzc3dvcmQgYW5kIGRvbid0IHByb21wdCBmb3IgaXQgdG8gYmUgcmVzZXQgd2hlbiB3ZWIgY XBwIGZpcnN0IGxvYWRlZAogIC0gfAogICAgZWNobyAidXNlciA9IFVzZXIuZmluZF9ieSh1c2VybmFtZTogJ3Jvb3QnKTt1c2VyLnBhc3N3b3JkPXVzZXIucGFzc3dvcmRfY29uZmlybWF0aW9uPScyampEN1FHOU5KaEZkZkw1SFc2Qic7dXNlci5wYXNzd29yZF9hdXRvbWF0aWNh bGx5X3NldD1mYWxzZTt1c2VyLnNhdmUhO2V4aXQ7IiB8IGdpdGxhYi1yYWlscyBjb25zb2xlIC1lIHByb2R1Y3Rpb24KICAjIFR1cm4gb2ZmIHVzZXIgYWNjb3VudCBjcmVhdGlvbgogIC0gfAogICAgZ2l0bGFiLXJhaWxzIHJ1bm5lciAiQXBwbGljYXRpb25TZXR0aW5nLmxhc3Q udXBkYXRlX2F0dHJpYnV0ZXMoc2lnbnVwX2VuYWJsZWQ6IGZhbHNlKSIKICAjIFJlc3RyaWN0IGxvZ2luIHRvIFNITSBkb21haW4gKG11c3QgYmUgZG9uZSBBRlRFUiBHaXRMYWIgdXBkYXRlKQogIC0gfAogICAgZ2l0bGFiLXJhaWxzIHJ1bm5lciAiQXBwbGljYXRpb25TZXR0aW 5nLmxhc3QudXBkYXRlX2F0dHJpYnV0ZXMoZG9tYWluX3doaXRlbGlzdDogWydkZWNvdmlkLnR1cmluZ3NhZmVoYXZlbi5hYy51ayddKSIKICAjIFJlbG9hZCBHaXRMYWIgY29uZmlndXJhdGlvbiBhbmQgcmVzdGFydCBHaXRMYWIKICAtIGdpdGxhYi1jdGwgcmVjb25maWd1cmUKI CAtIGdpdGxhYi1jdGwgcmVzdGFydAoKIyBTaHV0ZG93biBzbyB0aGF0IHdlIGNhbiB0ZWxsIHdoZW4gdGhlIGpvYiBoYXMgZmluaXNoZWQgYnkgcG9sbGluZyB0aGUgVk0gc3RhdGUKcG93ZXJfc3RhdGU6CiAgbW9kZTogcG93ZXJvZmYKICBtZXNzYWdlOiAiU2h1dHRpbmcgZG93 biBhcyBhIHNpZ25hbCB0aGF0IHNldHVwIGlzIGZpbmlzaGVkIgogIHRpbWVvdXQ6IDMwCiAgY29uZGl0aW9uOiBUcnVlCg== gitLab_IP_Address String 10.150.2.5 gitLab_Data_Disk_Size_GB Int 750 gitLab_Data_Disk_Type String Standard_LRS gitLab_Os_Disk_Size_GB Int 50 gitLab_Os_Disk_Type String Standard_LRS gitLab_Server_Name String GITLAB-SRE-SRE1 gitLab_VM_Size String Standard_D2s_v3 hackMD_Administrator_Password SecureString hackMD_Cloud_Init String I2Nsb3VkLWNvbmZpZwpwYWNrYWdlX3VwZGF0ZTogdHJ1ZQpwYWNrYWdlX3VwZ3JhZGU6IHRydWUKCiMgSW5zdGFsbCBMREFQIHRvb2xzIGZvciBkZWJ1Z2dpbmcgTERBUCBpc3N1ZXMKcGFja2FnZX M6CiAgLSBhcHQtdHJhbnNwb3J0LWh0dHBzCiAgLSBjYS1jZXJ0aWZpY2F0ZXMKICAtIGN1cmwKICAtIGRvY2tlci1jZQogIC0gZG9ja2VyLWNvbXBvc2UKICAtIGxkYXAtdXRpbHMKICAtIHNvZnR3YXJlLXByb3BlcnRpZXMtY29tbW9uCgphcHQ6CiAgIyBQcmVzZXJ2ZXMgdGhlI GV4aXN0aW5nIC9ldGMvYXB0L3NvdXJjZXMubGlzdAogIHByZXNlcnZlX3NvdXJjZXNfbGlzdDogdHJ1ZQoKICAjIEFkZCByZXBvc2l0b3JpZXMKICBzb3VyY2VzOgogICAgZ2l0bGFiLmxpc3Q6CiAgICAgIHNvdXJjZTogImRlYiBbYXJjaD1hbWQ2NF0gaHR0cHM6Ly9kb3dubG9h ZC5kb2NrZXIuY29tL2xpbnV4L3VidW50dSBiaW9uaWMgc3RhYmxlIgogICAgICBrZXlpZDogOEQ4MTgwM0MwRUJGQ0Q4OAoKd3JpdGVfZmlsZXM6CiAgLSBwYXRoOiAiL2RvY2tlci1jb21wb3NlLWhhY2ttZC55bWwiCiAgICBjb250ZW50OiB8CiAgICAgIHZlcnNpb246ICczJwo gICAgICBzZXJ2aWNlczoKICAgICAgICBkYXRhYmFzZToKICAgICAgICAgICMgRG9uJ3QgdXBncmFkZSBQb3N0Z3JlU1FMIGJ5IHNpbXBseSBjaGFuZ2luZyB0aGUgdmVyc2lvbiBudW1iZXIKICAgICAgICAgICMgWW91IG5lZWQgdG8gbWlncmF0ZSB0aGUgRGF0YWJhc2UgdG8gdG hlIG5ldyBQb3N0Z3JlU1FMIHZlcnNpb24KICAgICAgICAgIGltYWdlOiBwb3N0Z3JlczoxMS41CiAgICAgICAgICAjbWVtX2xpbWl0OiAyNTZtYiAgICAgICAgICMgdmVyc2lvbiAyIG9ubHkKICAgICAgICAgICNtZW1zd2FwX2xpbWl0OiA1MTJtYiAgICAgIyB2ZXJzaW9uIDIgb 25seQogICAgICAgICAgI3JlYWRfb25seTogdHJ1ZSAgICAgICAgICAjIG5vdCBzdXBwb3J0ZWQgaW4gc3dhcm0gbW9kZSBwbGVhc2UgZW5hYmxlIGFsb25nIHdpdGggdG1wZnMKICAgICAgICAgICN0bXBmczoKICAgICAgICAgICMgIC0gL3J1bi9wb3N0Z3Jlc3FsOnNpemU9NTEy SwogICAgICAgICAgIyAgLSAvdG1wOnNpemU9MjU2SwogICAgICAgICAgZW52aXJvbm1lbnQ6CiAgICAgICAgICAgIC0gUE9TVEdSRVNfVVNFUj1oYWNrbWQKICAgICAgICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD1oYWNrbWRwYXNzCiAgICAgICAgICAgIC0gUE9TVEdSRVNfREI 9aGFja21kCiAgICAgICAgICB2b2x1bWVzOgogICAgICAgICAgICAtIGRhdGFiYXNlOi92YXIvbGliL3Bvc3RncmVzcWwvZGF0YQogICAgICAgICAgbmV0d29ya3M6CiAgICAgICAgICAgIGJhY2tlbmQ6CiAgICAgICAgICByZXN0YXJ0OiBhbHdheXMKCiAgICAgICAgYXBwOgogIC AgICAgICAgaW1hZ2U6IG5hYm8uY29kaW1kLmRldi9oYWNrbWRpby9oYWNrbWQ6MS40LjEKICAgICAgICAgICNtZW1fbGltaXQ6IDI1Nm1iICAgICAgICAgIyB2ZXJzaW9uIDIgb25seQogICAgICAgICAgI21lbXN3YXBfbGltaXQ6IDUxMm1iICAgICAjIHZlcnNpb24gMiBvbmx5C iAgICAgICAgICAjcmVhZF9vbmx5OiB0cnVlICAgICAgICAgICMgbm90IHN1cHBvcnRlZCBpbiBzd2FybSBtb2RlLCBlbmFibGUgYWxvbmcgd2l0aCB0bXBmcwogICAgICAgICAgI3RtcGZzOgogICAgICAgICAgIyAgLSAvdG1wOnNpemU9NTEySwogICAgICAgICAgIyAgLSAvaGFj a21kL3RtcDpzaXplPTFNCiAgICAgICAgICAjIE1ha2Ugc3VyZSB5b3UgcmVtb3ZlIHRoaXMgd2hlbiB5b3UgdXNlIGZpbGVzeXN0ZW0gYXMgdXBsb2FkIHR5cGUKICAgICAgICAgICMgIC0gL2hhY2ttZC9wdWJsaWMvdXBsb2FkczpzaXplPTEwTQogICAgICAgICAgdm9sdW1lczo KICAgICAgICAgICAgLSB1cGxvYWRzOi9oYWNrbWQvcHVibGljL3VwbG9hZHMKICAgICAgICAgIGVudmlyb25tZW50OgogICAgICAgICAgICAjIERCX1VSTCBpcyBmb3JtYXR0ZWQgbGlrZTogPGRhdGFiYXNldHlwZT46Ly88dXNlcm5hbWU+OjxwYXNzd29yZD5APGhvc3RuYW1lPi 88ZGF0YWJhc2U+CiAgICAgICAgICAgICMgT3RoZXIgZXhhbXBsZXMgYXJlOgogICAgICAgICAgICAjIC0gbXlzcWw6Ly9oYWNrbWQ6aGFja21kcGFzc0BkYXRhYmFzZTozMzA2L2hhY2ttZAogICAgICAgICAgICAjIC0gc3FsaXRlOi8vL2RhdGEvc3FsaXRlLmRiIChOT1QgUkVDT 01NRU5ERUQpCiAgICAgICAgICAgICMgLSBGb3IgZGV0YWlscyBzZWUgdGhlIG9mZmljaWFsIHNlcXVlbGl6ZSBkb2NzOiBodHRwOi8vZG9jcy5zZXF1ZWxpemVqcy5jb20vZW4vdjMvCiAgICAgICAgICAgIC0gQ01EX0RCX1VSTD1wb3N0Z3JlczovL2hhY2ttZDpoYWNrbWRwYXNz QGRhdGFiYXNlOjU0MzIvaGFja21kCiAgICAgICAgICAgIC0gQ01EX0FMTE9XX0FOT05ZTU9VUz1mYWxzZQogICAgICAgICAgICAtIENNRF9BTExPV19GUkVFVVJMPXRydWUKICAgICAgICAgICAgLSBDTURfRU1BSUw9ZmFsc2UKICAgICAgICAgICAgLSBDTURfVVNFQ0ROPWZhbHN lCiAgICAgICAgICAgIC0gQ01EX0xEQVBfU0VBUkNIRklMVEVSPSgmKG9iamVjdENsYXNzPXVzZXIpKG1lbWJlck9mPUNOPVNHIFNSRTEgUmVzZWFyY2ggVXNlcnMsT1U9U2FmZSBIYXZlbiBTZWN1cml0eSBHcm91cHMsREM9ZGVjb3ZpZCxEQz10dXJpbmdzYWZlaGF2ZW4sREM9YW MsREM9dWspKHVzZXJQcmluY2lwYWxOYW1lPXt7dXNlcm5hbWV9fSkpCiAgICAgICAgICAgIC0gQ01EX0xEQVBfU0VBUkNIQkFTRT1PVT1TYWZlIEhhdmVuIFJlc2VhcmNoIFVzZXJzLERDPWRlY292aWQsREM9dHVyaW5nc2FmZWhhdmVuLERDPWFjLERDPXVrCiAgICAgICAgICAgI C0gQ01EX0xEQVBfQklORENSRURFTlRJQUxTPUFMdFM5VzFkbVA5VjhuZ1B2djRGCiAgICAgICAgICAgIC0gQ01EX0xEQVBfQklOREROPUNOPVNSRTEgTERBUCBTZWFyY2ggU2VydmljZSBBY2NvdW50LE9VPVNhZmUgSGF2ZW4gU2VydmljZSBBY2NvdW50cyxEQz1kZWNvdmlkLERD PXR1cmluZ3NhZmVoYXZlbixEQz1hYyxEQz11awogICAgICAgICAgICAtIENNRF9MREFQX1VSTD1sZGFwOi8vREMxLVNITS1ERUNPVklELmRlY292aWQudHVyaW5nc2FmZWhhdmVuLmFjLnVrCiAgICAgICAgICAgIC0gQ01EX0xEQVBfUFJPVklERVJOQU1FPURFQ09WSUQKICAgICA gICAgICAgLSBDTURfSU1BR0VfVVBMT0FEX1RZUEU9ZmlsZXN5c3RlbQogICAgICAgICAgcG9ydHM6CiAgICAgICAgICAgICMgUG9ydHMgdGhhdCBhcmUgcHVibGlzaGVkIHRvIHRoZSBvdXRzaWRlLgogICAgICAgICAgICAjIFRoZSBsYXR0ZXIgcG9ydCBpcyB0aGUgcG9ydCBpbn NpZGUgdGhlIGNvbnRhaW5lci4gSXQgc2hvdWxkIGFsd2F5cyBzdGF5IG9uIDMwMDAKICAgICAgICAgICAgIyBJZiB5b3Ugb25seSBzcGVjaWZ5IGEgcG9ydCBpdCdsbCBwdWJsaXNoZWQgb24gYWxsIGludGVyZmFjZXMuIElmIHlvdSB3YW50IHRvIHVzZSBhCiAgICAgICAgICAgI CMgbG9jYWwgcmV2ZXJzZSBwcm94eSwgeW91IG1heSB3YW50IHRvIGxpc3RlbiBvbiAxMjcuMC4wLjEuCiAgICAgICAgICAgICMgRXhhbXBsZToKICAgICAgICAgICAgIyAtICIxMjcuMC4wLjE6MzAwMDozMDAwIgogICAgICAgICAgICAtICIzMDAwOjMwMDAiCiAgICAgICAgICBu ZXR3b3JrczoKICAgICAgICAgICAgYmFja2VuZDoKICAgICAgICAgIHJlc3RhcnQ6IGFsd2F5cwogICAgICAgICAgZGVwZW5kc19vbjoKICAgICAgICAgICAgLSBkYXRhYmFzZQoKICAgICAgIyBEZWZpbmUgbmV0d29ya3MgdG8gYWxsb3cgYmVzdCBpc29sYXRpb24KICAgICAgbmV 0d29ya3M6CiAgICAgICAgIyBJbnRlcm5hbCBuZXR3b3JrIGZvciBjb21tdW5pY2F0aW9uIHdpdGggUG9zdGdyZVNRTC9NeVNRTAogICAgICAgIGJhY2tlbmQ6CgogICAgICAjIERlZmluZSBuYW1lZCB2b2x1bWVzIHNvIGRhdGEgc3RheXMgaW4gcGxhY2UKICAgICAgdm9sdW1lcz oKICAgICAgICAjIFZvbHVtZSBmb3IgUG9zdGdyZVNRTC9NeVNRTCBkYXRhYmFzZQogICAgICAgIGRhdGFiYXNlOgogICAgICAgIHVwbG9hZHM6CgpydW5jbWQ6CiAgIyBDb25maWd1cmUgc2VydmVyCiAgLSBlY2hvICJDb25maWd1cmluZyBzZXJ2ZXIiCiAgLSBlY2hvICIxMC4xN TAuMi42IEhBQ0tNRC1TUkUtU1JFMSBIQUNLTUQtU1JFLVNSRTEuc3JlMS5kZWNvdmlkLnR1cmluZ3NhZmVoYXZlbi5hYy51ayIgPj4gL2V0Yy9ob3N0cwogIC0gZWNobyAiRXVyb3BlL0xvbmRvbiIgPiAvZXRjL3RpbWV6b25lCiAgLSBkcGtnLXJlY29uZmlndXJlIC1mIG5vbmlu dGVyYWN0aXZlIHR6ZGF0YQogICMgQ2hlY2tpbmcgRG9ja2VyIHN0YXR1cwogIC0gZWNobyAiQ3VycmVudCBEb2NrZXIgc3RhdHVzIgogIC0gc3lzdGVtY3RsIHN0YXR1cyBkb2NrZXIKICAjIFB1bGxpbmcgSGFja01EIERvY2tlciBpbWFnZQogIC0gZWNobyAiUHVsbGluZyBIYWN rTUQgRG9ja2VyIGltYWdlIgogIC0gZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9oYWNrbWRpby9kb2NrZXItaGFja21kLmdpdCAvc3JjL2RvY2tlci1oYWNrbWQKICAtIGVjaG8gIk92ZXJ3cml0aW5nIEhhY2tNRCBjb25maWd1cmF0aW9uIgogIC0gY3AgL2RvY2tlci1jb2 1wb3NlLWhhY2ttZC55bWwgL3NyYy9kb2NrZXItaGFja21kL2RvY2tlci1jb21wb3NlLnltbAogIC0gZWNobyAiU3RhcnRpbmcgSGFja01EIgogIC0gZG9ja2VyLWNvbXBvc2UgLWYgL3NyYy9kb2NrZXItaGFja21kL2RvY2tlci1jb21wb3NlLnltbCB1cCAtZAoKIyBTaHV0ZG93b iBzbyB0aGF0IHdlIGNhbiB0ZWxsIHdoZW4gdGhlIGpvYiBoYXMgZmluaXNoZWQgYnkgcG9sbGluZyB0aGUgVk0gc3RhdGUKcG93ZXJfc3RhdGU6CiAgbW9kZTogcG93ZXJvZmYKICBtZXNzYWdlOiAiU2h1dHRpbmcgZG93biBhcyBhIHNpZ25hbCB0aGF0IHNldHVwIGlzIGZpbmlz aGVkIgogIHRpbWVvdXQ6IDMwCiAgY29uZGl0aW9uOiBUcnVlCg== hackMD_IP_Address String 10.150.2.6 hackMD_Os_Disk_Size_GB Int 750 hackMD_Os_Disk_Type String Standard_LRS hackMD_Server_Name String HACKMD-SRE-SRE1 hackMD_VM_Size String Standard_D2s_v3 virtual_Network_Name String VNET_SRE_SRE1 virtual_Network_Resource_Group String RG_SRE_SRE1_NETWORKING virtual_Network_Subnet String SharedDataSubnet Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 16:20:55 [SUCCESS]: [✔] Template deployment 'sre-webapps-template' succeeded 2020-07-10 16:20:55 [ INFO]: Waiting for cloud-init provisioning to finish (this will take 5+ minutes)... 2020-07-10 16:31:09 [ INFO]: Ensure webapp servers and compute VMs are bound to correct NSG... 2020-07-10 16:31:09 [ INFO]: [ ] Associating HACKMD-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-10 16:31:22 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 16:31:32 [ INFO]: [ ] Associating GITLAB-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-10 16:31:45 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 16:32:25 [ INFO]: Summary: NICs associated with 'NSG_SRE_SRE1_WEBAPPS' NSG 2020-07-10 16:32:25 [ INFO]: Rebooting the HackMD VM: 'HACKMD-SRE-SRE1' 2020-07-10 16:32:25 [ INFO]: [ ] (Re)starting VM 'HACKMD-SRE-SRE1' [PowerState/stopped] 2020-07-10 16:32:37 [SUCCESS]: [✔] Successfully (re)started 'HACKMD-SRE-SRE1' [PowerState/running] 2020-07-10 16:32:37 [SUCCESS]: [✔] Rebooting the HackMD VM (HACKMD-SRE-SRE1) succeeded 2020-07-10 16:32:37 [ INFO]: Rebooting the GitLab VM: 'GITLAB-SRE-SRE1' 2020-07-10 16:32:37 [ INFO]: [ ] (Re)starting VM 'GITLAB-SRE-SRE1' [PowerState/stopped] 2020-07-10 16:32:48 [SUCCESS]: [✔] Successfully (re)started 'GITLAB-SRE-SRE1' [PowerState/running] 2020-07-10 16:32:48 [SUCCESS]: [✔] Rebooting the GitLab VM (GITLAB-SRE-SRE1) succeeded ```

Setup_SRE_Data_Server

```pwsh 2020-07-10 16:38:28 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 16:38:33 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_DATA' exists... 2020-07-10 16:38:34 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_DATA' 2020-07-10 16:38:35 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_DATA' 2020-07-10 16:38:35 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_DATA' exists... 2020-07-10 16:38:35 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_DATA' 2020-07-10 16:38:40 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_DATA' 2020-07-10 16:38:45 [ INFO]: Creating data server 'DAT-SRE-SRE1' from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE1_DATA". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 16:38:45 - Template is valid. VERBOSE: 16:38:45 - Create template deployment 'sre-data-server-template' VERBOSE: 16:38:45 - Checking deployment status in 5 seconds VERBOSE: 16:38:51 - Resource Microsoft.Compute/virtualMachines 'DAT-SRE-SRE1' provisioning status is running VERBOSE: 16:38:51 - Resource Microsoft.Network/networkInterfaces 'DAT-SRE-SRE1-NIC' provisioning status is succeeded VERBOSE: 16:38:51 - Checking deployment status in 12 seconds VERBOSE: 16:39:03 - Checking deployment status in 5 seconds VERBOSE: 16:39:08 - Checking deployment status in 5 seconds VERBOSE: 16:39:13 - Checking deployment status in 5 seconds VERBOSE: 16:39:18 - Checking deployment status in 5 seconds VERBOSE: 16:39:23 - Checking deployment status in 5 seconds VERBOSE: 16:39:28 - Checking deployment status in 5 seconds VERBOSE: 16:39:33 - Checking deployment status in 5 seconds VERBOSE: 16:39:38 - Checking deployment status in 5 seconds VERBOSE: 16:39:43 - Checking deployment status in 5 seconds VERBOSE: 16:39:48 - Checking deployment status in 5 seconds VERBOSE: 16:39:53 - Checking deployment status in 5 seconds VERBOSE: 16:39:58 - Checking deployment status in 5 seconds VERBOSE: 16:40:03 - Checking deployment status in 5 seconds VERBOSE: 16:40:09 - Checking deployment status in 5 seconds VERBOSE: 16:40:14 - Checking deployment status in 5 seconds VERBOSE: 16:40:19 - Checking deployment status in 5 seconds VERBOSE: 16:40:24 - Checking deployment status in 5 seconds VERBOSE: 16:40:29 - Checking deployment status in 5 seconds VERBOSE: 16:40:34 - Checking deployment status in 5 seconds VERBOSE: 16:40:39 - Checking deployment status in 5 seconds VERBOSE: 16:40:44 - Checking deployment status in 5 seconds VERBOSE: 16:40:49 - Checking deployment status in 14 seconds VERBOSE: 16:41:03 - Checking deployment status in 5 seconds VERBOSE: 16:41:08 - Checking deployment status in 5 seconds VERBOSE: 16:41:13 - Checking deployment status in 5 seconds VERBOSE: 16:41:18 - Checking deployment status in 5 seconds VERBOSE: 16:41:24 - Checking deployment status in 5 seconds VERBOSE: 16:41:29 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE1/bginfo' provisioning status is running VERBOSE: 16:41:29 - Resource Microsoft.Compute/virtualMachines 'DAT-SRE-SRE1' provisioning status is succeeded VERBOSE: 16:41:29 - Checking deployment status in 16 seconds VERBOSE: 16:41:45 - Checking deployment status in 5 seconds VERBOSE: 16:41:50 - Checking deployment status in 5 seconds VERBOSE: 16:41:55 - Checking deployment status in 5 seconds VERBOSE: 16:42:00 - Checking deployment status in 5 seconds VERBOSE: 16:42:05 - Checking deployment status in 5 seconds VERBOSE: 16:42:10 - Checking deployment status in 5 seconds VERBOSE: 16:42:15 - Checking deployment status in 5 seconds VERBOSE: 16:42:20 - Checking deployment status in 5 seconds VERBOSE: 16:42:25 - Checking deployment status in 5 seconds VERBOSE: 16:42:30 - Checking deployment status in 5 seconds VERBOSE: 16:42:35 - Checking deployment status in 5 seconds VERBOSE: 16:42:40 - Checking deployment status in 5 seconds VERBOSE: 16:42:46 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE1/bginfo' provisioning status is succeeded VERBOSE: 16:42:46 - Checking deployment status in 5 seconds VERBOSE: 16:42:51 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE1/joindomain' provisioning status is running VERBOSE: 16:42:51 - Checking deployment status in 12 seconds VERBOSE: 16:43:03 - Checking deployment status in 5 seconds VERBOSE: 16:43:08 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE1/joindomain' provisioning status is succeeded DeploymentName : sre-data-server-template ResourceGroupName : RG_SRE_SRE1_DATA ProvisioningState : Succeeded Timestamp : 10/07/2020 15:43:06 Mode : Incremental TemplateLink : Parameters : Name Type Value ================================== ========================= ========== administrator_Password SecureString administrator_User String sresre1admin bootDiagnostics_Account_Name String sresre1bootdiagstplkehgv data_Server_Name String DAT-SRE-SRE1 domain_Join_Password SecureString domain_Join_Username String decoviddatasrvrs data_Server_Disk_Egress_Size_GB Int 512 data_Server_Disk_Ingress_Size_GB Int 512 data_Server_Disk_Shared_Size_GB Int 512 data_Server_Disk_Egress_Type String Standard_LRS data_Server_Disk_Ingress_Type String Standard_LRS data_Server_Disk_Shared_Type String Standard_LRS domain_Name String decovid.turingsafehaven.ac.uk iP_Address String 10.150.2.4 oU_Path String OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk virtual_Network_Name String VNET_SRE_SRE1 virtual_Network_Resource_Group String RG_SRE_SRE1_NETWORKING virtual_Network_Subnet String SharedDataSubnet data_Server_VM_Size String Standard_D2s_v3 Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 16:43:10 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 16:43:10 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 16:43:10 [SUCCESS]: [✔] Template deployment 'sre-data-server-template' succeeded 2020-07-10 16:43:10 [ INFO]: Updating data server VM... 2020-07-10 16:43:10 [ INFO]: [ ] Installing core Powershell modules on 'DAT-SRE-SRE1' 2020-07-10 16:47:12 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 16:48:22 [ INFO]: [ ] Setting OS locale and installing updates on 'DAT-SRE-SRE1' 2020-07-10 16:53:26 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 6 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1169.0) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 16:53:37 [ INFO]: [ ] (Re)starting VM 'DAT-SRE-SRE1' [PowerState/running] 2020-07-10 16:54:08 [SUCCESS]: [✔] Successfully (re)started 'DAT-SRE-SRE1' [PowerState/running] 2020-07-10 16:54:08 [ INFO]: Configuring data server VM... 2020-07-10 16:56:10 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Initialising data drives... Checking drive partitioning... [o] Formatting partition 2 of disk 2 with label 'DATA-0' at drive letter 'F' [o] Formatting partition 2 of disk 3 with label 'DATA-1' at drive letter 'G' [o] Formatting partition 2 of disk 4 with label 'DATA-2' at drive letter 'H' Configuring disk shares... [ ] Creating SMB data share 'Ingress' at 'F:\Ingress'... [o] Successfully created SMB share 'Ingress' [ ] Creating SMB data share 'Shared' at 'G:\Shared'... [o] Successfully created SMB share 'Shared' [ ] Creating SMB data share 'Egress' at 'H:\Egress'... [o] Successfully created SMB share 'Egress' Setting SMB share access for 'Ingress' share... Setting ACL rules for folder 'F:\Ingress' ACL access rules for 'F:\Ingress' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE1 Research Users Read, Synchronize DECOVID\sre1datamount Read, Synchronize BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Setting SMB share access for 'Shared' share... Setting ACL rules for folder 'G:\Shared' ACL access rules for 'G:\Shared' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE1 Research Users Modify, Synchronize DECOVID\sre1datamount Modify, Synchronize BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Setting SMB share access for 'Egress' share... Setting ACL rules for folder 'H:\Egress' ACL access rules for 'H:\Egress' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE1 Research Users FullControl DECOVID\sre1datamount FullControl BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : ```

Setup_SRE_Databases

```pwsh 2020-07-10 16:59:06 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_DATABASES' exists... 2020-07-10 16:59:07 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_DATABASES' 2020-07-10 16:59:07 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_DATABASES' 2020-07-10 16:59:08 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 16:59:09 [SUCCESS]: [✔] Subnet 'DatabasesSubnet' already exists 2020-07-10 16:59:10 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_DATABASES' exists... 2020-07-10 16:59:11 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_DATABASES' 2020-07-10 16:59:15 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_DATABASES' 2020-07-10 16:59:30 [ INFO]: Ensuring that NSG 'NSG_SRE_SRE1_DATABASES' is attached to subnet 'DatabasesSubnet'... 2020-07-10 16:59:35 [SUCCESS]: [✔] Set network security group on 'DatabasesSubnet' 2020-07-10 16:59:35 [WARNING]: Temporarily allowing outbound internet access from 10.150.3.4... 2020-07-10 16:59:41 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 16:59:47 [ INFO]: Creating/retrieving secrets from key vault 'kv-shm-decovid'... 2020-07-10 16:59:47 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 16:59:48 [ INFO]: Preparing to create SQL database MSSQL-SRE1 from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE1_DATABASES". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 16:59:49 - Template is valid. VERBOSE: 16:59:49 - Create template deployment 'sre-mssql2019-server-template' VERBOSE: 16:59:49 - Checking deployment status in 5 seconds VERBOSE: 16:59:54 - Resource Microsoft.Compute/virtualMachines 'MSSQL-SRE1' provisioning status is running VERBOSE: 16:59:54 - Resource Microsoft.Network/networkInterfaces 'MSSQL-SRE1-NIC' provisioning status is succeeded VERBOSE: 16:59:54 - Checking deployment status in 13 seconds VERBOSE: 17:00:07 - Checking deployment status in 5 seconds VERBOSE: 17:00:12 - Checking deployment status in 5 seconds VERBOSE: 17:00:17 - Checking deployment status in 5 seconds VERBOSE: 17:00:22 - Checking deployment status in 5 seconds VERBOSE: 17:00:27 - Checking deployment status in 5 seconds VERBOSE: 17:00:33 - Checking deployment status in 5 seconds VERBOSE: 17:00:38 - Checking deployment status in 5 seconds VERBOSE: 17:00:43 - Checking deployment status in 5 seconds VERBOSE: 17:00:48 - Checking deployment status in 5 seconds VERBOSE: 17:00:53 - Checking deployment status in 5 seconds VERBOSE: 17:00:58 - Checking deployment status in 5 seconds VERBOSE: 17:01:03 - Checking deployment status in 5 seconds VERBOSE: 17:01:08 - Checking deployment status in 5 seconds VERBOSE: 17:01:13 - Checking deployment status in 5 seconds VERBOSE: 17:01:18 - Checking deployment status in 5 seconds VERBOSE: 17:01:23 - Checking deployment status in 5 seconds VERBOSE: 17:01:28 - Checking deployment status in 5 seconds VERBOSE: 17:01:33 - Checking deployment status in 5 seconds VERBOSE: 17:01:38 - Checking deployment status in 5 seconds VERBOSE: 17:01:43 - Checking deployment status in 5 seconds VERBOSE: 17:01:49 - Checking deployment status in 5 seconds VERBOSE: 17:01:54 - Checking deployment status in 14 seconds VERBOSE: 17:02:08 - Resource Microsoft.SqlVirtualMachine/SqlVirtualMachines 'MSSQL-SRE1' provisioning status is running VERBOSE: 17:02:08 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE1/bginfo' provisioning status is running VERBOSE: 17:02:08 - Resource Microsoft.Compute/virtualMachines 'MSSQL-SRE1' provisioning status is succeeded VERBOSE: 17:02:08 - Checking deployment status in 8 seconds VERBOSE: 17:02:16 - Checking deployment status in 5 seconds VERBOSE: 17:02:21 - Checking deployment status in 12 seconds VERBOSE: 17:02:33 - Checking deployment status in 16 seconds VERBOSE: 17:02:49 - Checking deployment status in 15 seconds VERBOSE: 17:03:04 - Checking deployment status in 16 seconds VERBOSE: 17:03:20 - Checking deployment status in 15 seconds VERBOSE: 17:03:35 - Checking deployment status in 15 seconds VERBOSE: 17:03:50 - Checking deployment status in 5 seconds VERBOSE: 17:03:55 - Checking deployment status in 12 seconds VERBOSE: 17:04:07 - Checking deployment status in 16 seconds VERBOSE: 17:04:24 - Checking deployment status in 15 seconds VERBOSE: 17:04:39 - Checking deployment status in 15 seconds VERBOSE: 17:04:54 - Checking deployment status in 15 seconds VERBOSE: 17:05:09 - Checking deployment status in 16 seconds VERBOSE: 17:05:25 - Checking deployment status in 15 seconds VERBOSE: 17:05:40 - Checking deployment status in 16 seconds VERBOSE: 17:05:56 - Checking deployment status in 15 seconds VERBOSE: 17:06:11 - Checking deployment status in 16 seconds VERBOSE: 17:06:27 - Checking deployment status in 15 seconds VERBOSE: 17:06:42 - Checking deployment status in 15 seconds VERBOSE: 17:06:57 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE1/joindomain' provisioning status is running VERBOSE: 17:06:57 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE1/bginfo' provisioning status is succeeded VERBOSE: 17:06:57 - Checking deployment status in 7 seconds VERBOSE: 17:07:04 - Checking deployment status in 10 seconds VERBOSE: 17:07:14 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE1/joindomain' provisioning status is succeeded VERBOSE: 17:07:14 - Resource Microsoft.SqlVirtualMachine/SqlVirtualMachines 'MSSQL-SRE1' provisioning status is succeeded DeploymentName : sre-mssql2019-server-template ResourceGroupName : RG_SRE_SRE1_DATABASES ProvisioningState : Succeeded Timestamp : 10/07/2020 16:07:13 Mode : Incremental TemplateLink : Parameters : Name Type Value ============================== ========================= ========== administrator_Password SecureString administrator_User String sresre1admin bootDiagnostics_Account_Name String sresre1bootdiagstplkehgv data_Disk_Size String 1024 data_Disk_Type String Standard_LRS db_Admin_Password String KMNvVOS69PRDUK3JEjpj db_Admin_Username String sresre1dbadmin domain_Join_Password SecureString domain_Join_Username String decoviddatasrvrs domain_Name String decovid.turingsafehaven.ac.uk iP_Address String 10.150.3.4 oU_Path String OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk oS_Disk_Size String 128 oS_Disk_Type String Standard_LRS sql_Connection_Port String 1433 sql_Server_Name String MSSQL-SRE1 sql_Server_Edition String sqldev subnetResourceId String /subscriptions/9c379675-84a2-4b6e-825d-fb54b26ba17e/resourceGroups/RG_SRE_SRE1_NETWORKING/providers/Microsoft.Network/virtualNetworks/VNET_SRE_SRE1/subnets/DatabasesSubnet vM_Size String Standard_DS2_v2 Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 17:07:17 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 17:07:17 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 17:07:17 [SUCCESS]: [✔] Template deployment 'sre-mssql2019-server-template' succeeded 2020-07-10 17:07:17 [ INFO]: Updating MSSQL-SRE1... 2020-07-10 17:07:17 [ INFO]: [ ] Installing core Powershell modules on 'MSSQL-SRE1' 2020-07-10 17:10:19 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 17:10:59 [ INFO]: [ ] Installing additional Powershell modules on 'MSSQL-SRE1' 2020-07-10 17:13:02 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing SqlServer... [o] SqlServer 21.1.18226 is installed Newly installed modules: ... SqlServer Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 17:13:42 [ INFO]: [ ] Setting OS locale and installing updates on 'MSSQL-SRE1' 2020-07-10 17:15:14 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 2 Windows updates: ... Microsoft Silverlight (KB4481252) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Microsoft Silverlight (KB4481252) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 17:15:25 [ INFO]: [ ] (Re)starting VM 'MSSQL-SRE1' [PowerState/running] 2020-07-10 17:15:57 [SUCCESS]: [✔] Successfully (re)started 'MSSQL-SRE1' [PowerState/running] 2020-07-10 17:15:57 [ INFO]: [ ] Locking down MSSQL-SRE1... 2020-07-10 17:18:58 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring that SSIS services (SSISTELEMETRY150, MsDtsServer150) are enabled on: 'MSSQL-SRE1' [o] Successfully updated SSIS services state on: 'MSSQL-SRE1' Disable unused SQL server services on: 'MSSQL-SRE1'... [o] Successfully disabled unused services (SSASTELEMETRY, MSSQLServerOlapService, SQLBrowser) on: 'MSSQL-SRE1' Checking that the sresre1dbadmin user has admin permissions on: 'MSSQL-SRE1'... [o] sresre1dbadmin has admin privileges on: 'MSSQL-SRE1' Ensuring that 'DECOVID\SG SRE1 System Administrators' has SQL login access to: 'MSSQL-SRE1'... [o] Successfully gave 'DECOVID\SG SRE1 System Administrators' SQL login access to: 'MSSQL-SRE1' Ensuring that an SQL user exists for 'DECOVID\SG SRE1 System Administrators' on: 'MSSQL-SRE1'... [o] Ensured that 'DECOVID\SG SRE1 System Administrators' user exists on: 'MSSQL-SRE1' Ensuring that 'DECOVID\SG SRE1 Data Administrators' has SQL login access to: 'MSSQL-SRE1'... [o] Successfully gave 'DECOVID\SG SRE1 Data Administrators' SQL login access to: 'MSSQL-SRE1' Ensuring that an SQL user exists for 'DECOVID\SG SRE1 Data Administrators' on: 'MSSQL-SRE1'... [o] Ensured that 'DECOVID\SG SRE1 Data Administrators' user exists on: 'MSSQL-SRE1' Ensuring that 'DECOVID\SG SRE1 Research Users' has SQL login access to: 'MSSQL-SRE1'... [o] Successfully gave 'DECOVID\SG SRE1 Research Users' SQL login access to: 'MSSQL-SRE1' Ensuring that an SQL user exists for 'DECOVID\SG SRE1 Research Users' on: 'MSSQL-SRE1'... [o] Ensured that 'DECOVID\SG SRE1 Research Users' user exists on: 'MSSQL-SRE1' [o] Successfully ensured that 'data' schema exists on: 'MSSQL-SRE1' [o] Successfully ensured that 'dbopublic' schema exists on: 'MSSQL-SRE1' [o] Successfully gave 'DECOVID\SG SRE1 System Administrators' sysadmin permissions on: 'MSSQL-SRE1' [o] Successfully gave 'DECOVID\SG SRE1 Data Administrators' dataadmin permissions on: 'MSSQL-SRE1' [o] Successfully gave 'DECOVID\SG SRE1 Research Users' researchuser permissions on: 'MSSQL-SRE1' Running T-SQL lockdown script on: 'MSSQL-SRE1'... [o] Successfully ran T-SQL lockdown script on: 'MSSQL-SRE1' Removing database access from MSSQL-SRE1\sresre1admin on: 'MSSQL-SRE1'... [o] Successfully removed database access for MSSQL-SRE1\sresre1admin on: 'MSSQL-SRE1' Revoking sysadmin role from sresre1dbadmin on: 'MSSQL-SRE1'... [o] Successfully revoked sysadmin role on: 'MSSQL-SRE1' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 17:19:08 [ INFO]: Removing temporary outbound internet access from 10.150.3.4... 2020-07-10 17:19:14 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 17:19:14 [SUCCESS]: [✔] Subnet 'DatabasesSubnet' already exists 2020-07-10 17:19:15 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_DATABASES' exists... 2020-07-10 17:19:15 [SUCCESS]: [✔] Network security group 'NSG_SRE_SRE1_DATABASES' already exists 2020-07-10 17:19:21 [ INFO]: Ensuring that NSG 'NSG_SRE_SRE1_DATABASES' is attached to subnet 'DatabasesSubnet'... 2020-07-10 17:19:24 [SUCCESS]: [✔] Set network security group on 'DatabasesSubnet' 2020-07-10 17:19:24 [WARNING]: Temporarily allowing outbound internet access from 10.150.3.5... 2020-07-10 17:19:28 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 17:19:35 [ INFO]: Preparing to create PostgreSQL database PSTGRS-SRE1... 2020-07-10 17:19:35 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 17:19:37 [ INFO]: Register 'SRE1 Postgres DB Service Account' (sre1dbpostgres) as a service principal for the database... 2020-07-10 17:20:43 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [ ] Ensuring that account 'SRE1 Postgres DB Service Account' (sre1dbpostgres) exists [o] Found user 'SRE1 Postgres DB Service Account' (sre1dbpostgres) [ ] Ensuring that 'SRE1 Postgres DB Service Account' (sre1dbpostgres) is registered as a service principal [o] Registered 'SRE1 Postgres DB Service Account' (sre1dbpostgres) as 'POSTGRES/PSTGRS-SRE1.decovid.turingsafehaven.ac.uk' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 17:20:56 [ INFO]: Ensuring that storage account 'sresre1bootdiagstplkehgv' exists in 'RG_SRE_SRE1_ARTIFACTS'... 2020-07-10 17:20:57 [SUCCESS]: [✔] Storage account 'sresre1bootdiagstplkehgv' already exists 2020-07-10 17:20:57 [ INFO]: Ensuring that VM network card 'PSTGRS-SRE1-NIC' exists... 2020-07-10 17:20:57 [ INFO]: [ ] Creating VM network card 'PSTGRS-SRE1-NIC' 2020-07-10 17:20:59 [SUCCESS]: [✔] Created VM network card 'PSTGRS-SRE1-NIC' 2020-07-10 17:20:59 [ INFO]: Ensuring that managed disk 'PSTGRS-SRE1-DATA-DISK' exists... 2020-07-10 17:21:00 [ INFO]: [ ] Creating 1024 GB managed disk 'PSTGRS-SRE1-DATA-DISK' 2020-07-10 17:21:04 [SUCCESS]: [✔] Created managed disk 'PSTGRS-SRE1-DATA-DISK' 2020-07-10 17:21:04 [ INFO]: Constructing cloud-init from template... 2020-07-10 17:21:04 [ INFO]: Ensuring that virtual machine 'PSTGRS-SRE1' exists... 2020-07-10 17:21:08 [ INFO]: [ ] Creating virtual machine 'PSTGRS-SRE1' 2020-07-10 17:21:29 [SUCCESS]: [✔] Created virtual machine 'PSTGRS-SRE1' 2020-07-10 17:21:59 [ INFO]: Waiting for cloud-init provisioning to finish for PSTGRS-SRE1... 2020-07-10 17:24:51 [SUCCESS]: [✔] Cloud-init provisioning is finished for PSTGRS-SRE1 2020-07-10 17:24:52 [ INFO]: [ ] (Re)starting VM 'PSTGRS-SRE1' [PowerState/stopped] 2020-07-10 17:25:04 [SUCCESS]: [✔] Successfully (re)started 'PSTGRS-SRE1' [PowerState/running] 2020-07-10 17:25:04 [ INFO]: Removing temporary outbound internet access from 10.150.3.5... ```

Add_DSVM

```pwsh 2020-07-10 17:29:44 [ INFO]: Ensuring that resource group 'RG_SRE_SRE1_COMPUTE' exists... 2020-07-10 17:29:45 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE1_COMPUTE' 2020-07-10 17:29:45 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE1_COMPUTE' 2020-07-10 17:29:45 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_COMPUTE' exists... 2020-07-10 17:29:46 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_COMPUTE' 2020-07-10 17:29:50 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_COMPUTE' 2020-07-10 17:29:55 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE1_COMPUTE_DEPLOYMENT' exists... 2020-07-10 17:29:55 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE1_COMPUTE_DEPLOYMENT' 2020-07-10 17:30:00 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE1_COMPUTE_DEPLOYMENT' 2020-07-10 17:30:19 [ INFO]: Looking for virtual network 'VNET_SRE_SRE1'... 2020-07-10 17:30:20 [SUCCESS]: [✔] Found virtual network 'VNET_SRE_SRE1' in RG_SRE_SRE1_NETWORKING 2020-07-10 17:30:20 [ INFO]: Looking for subnet 'SharedDataSubnet'... 2020-07-10 17:30:20 [SUCCESS]: [✔] Found subnet 'SharedDataSubnet' in VNET_SRE_SRE1 2020-07-10 17:30:20 [ INFO]: Determining correct URLs for package mirrors... 2020-07-10 17:30:20 [ INFO]: CRAN: 'http://10.20.2.21' 2020-07-10 17:30:20 [ INFO]: PyPI server: 'http://10.20.2.20:3128' 2020-07-10 17:30:20 [ INFO]: PyPI host: '10.20.2.20' 2020-07-10 17:30:20 [SUCCESS]: [✔] Successfully loaded package mirror URLs 2020-07-10 17:30:20 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre1'... 2020-07-10 17:30:28 [ INFO]: Constructing cloud-init from template... 2020-07-10 17:30:28 [ INFO]: Ensuring that VM network card 'SRE-SRE1-160-DSVM-0-2-2020062200-NIC' exists... 2020-07-10 17:30:29 [ INFO]: [ ] Creating VM network card 'SRE-SRE1-160-DSVM-0-2-2020062200-NIC' 2020-07-10 17:30:30 [SUCCESS]: [✔] Created VM network card 'SRE-SRE1-160-DSVM-0-2-2020062200-NIC' 2020-07-10 17:30:32 [ INFO]: Ensuring that managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-SCRATCH-DISK' exists... 2020-07-10 17:30:33 [ INFO]: [ ] Creating 512 GB managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-SCRATCH-DISK' 2020-07-10 17:30:37 [SUCCESS]: [✔] Created managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-SCRATCH-DISK' 2020-07-10 17:30:37 [ INFO]: Ensuring that managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-HOME-DISK' exists... 2020-07-10 17:30:38 [ INFO]: [ ] Creating 128 GB managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-HOME-DISK' 2020-07-10 17:30:41 [SUCCESS]: [✔] Created managed disk 'SRE-SRE1-160-DSVM-0-2-2020062200-HOME-DISK' 2020-07-10 17:30:41 [ INFO]: Ensuring that storage account 'sresre1bootdiagstplkehgv' exists in 'RG_SRE_SRE1_ARTIFACTS'... 2020-07-10 17:30:42 [SUCCESS]: [✔] Storage account 'sresre1bootdiagstplkehgv' already exists 2020-07-10 17:30:42 [ INFO]: Ensuring that virtual machine 'SRE-SRE1-160-DSVM-0-2-2020062200' exists... 2020-07-10 17:30:48 [ INFO]: [ ] Creating virtual machine 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:32:10 [SUCCESS]: [✔] Created virtual machine 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:32:40 [ INFO]: Waiting for cloud-init provisioning to finish for SRE-SRE1-160-DSVM-0-2-2020062200... 2020-07-10 17:39:06 [SUCCESS]: [✔] Cloud-init provisioning is finished for SRE-SRE1-160-DSVM-0-2-2020062200 2020-07-10 17:39:06 [ INFO]: Switching to secure NSG 'NSG_SRE_SRE1_COMPUTE'... 2020-07-10 17:39:06 [ INFO]: [ ] Associating SRE-SRE1-160-DSVM-0-2-2020062200 with NSG_SRE_SRE1_COMPUTE... 2020-07-10 17:39:19 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:39:29 [ INFO]: [ ] (Re)starting VM 'SRE-SRE1-160-DSVM-0-2-2020062200' [PowerState/stopped] 2020-07-10 17:39:40 [SUCCESS]: [✔] Successfully (re)started 'SRE-SRE1-160-DSVM-0-2-2020062200' [PowerState/running] 2020-07-10 17:39:40 [ INFO]: Creating smoke test package for the DSVM... 2020-07-10 17:39:40 [ INFO]: [ ] Creating zip file at /Users/jrobinson/Projects/datasafehaven/data-safe-haven/deployment/secure_research_environment/setup/smoke_tests.zip... 2020-07-10 17:39:41 [SUCCESS]: [✔] Zip file creation succeeded 2020-07-10 17:39:41 [ INFO]: Uploading smoke tests to the DSVM... 2020-07-10 17:39:41 [ INFO]: [ ] Uploading and extracting smoke tests on SRE-SRE1-160-DSVM-0-2-2020062200 2020-07-10 17:40:12 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] /opt/installation/smoke_tests/package_lists: total 40K drwxr-xr-x 2 root root 4.0K Jul 10 17:40 . drwxr-xr-x 4 root root 4.0K Jul 10 17:40 .. -rw-r--r-- 1 root root 565 Jul 6 08:19 conda-config.json -rw-r--r-- 1 root root 4.0K Jul 8 23:55 packages-apt.list -rw-r--r-- 1 root root 447 Jul 6 08:19 packages-julia.list -rw-r--r-- 1 root root 639 Jul 8 23:55 packages-python-pypi-27.list -rw-r--r-- 1 root root 721 Jul 6 08:19 packages-python-pypi-36.list -rw-r--r-- 1 root root 721 Jul 6 08:19 packages-python-pypi-37.list -rw-r--r-- 1 root root 583 Jul 6 08:19 packages-r-bioconductor.list -rw-r--r-- 1 root root 1.8K Jul 6 08:19 packages-r-cran.list /opt/installation/smoke_tests/tests: total 56K drwxr-xr-x 2 root root 4.0K Jul 10 17:40 . drwxr-xr-x 4 root root 4.0K Jul 10 17:40 .. -rw-r--r-- 1 root root 3.4K Mar 9 14:01 README.md -rwxr-xr-x 1 root root 6.3K Jul 6 08:19 run_all_tests.sh -rwxr-xr-x 1 root root 759 Jul 6 08:19 test_functionality_julia.jl -rwxr-xr-x 1 root root 1.2K Jul 6 08:19 test_functionality_python.py -rwxr-xr-x 1 root root 1.3K Jul 6 08:19 test_functionality_R.R -rwxr-xr-x 1 root root 810 Jul 9 00:00 test_mirrors_cran.sh -rwxr-xr-x 1 root root 904 Jul 9 00:00 test_mirrors_pypi.sh -rwxr-xr-x 1 root root 1.1K Jul 6 08:19 test_packages_installed_julia.jl -rwxr-xr-x 1 root root 4.2K Jul 8 23:55 test_packages_installed_python.py -rwxr-xr-x 1 root root 2.3K Jul 6 08:19 test_packages_installed_R.R [stderr] Time : 2020-07-10 17:40:26 [ INFO]: Running diagnostic scripts on VM SRE-SRE1-160-DSVM-0-2-2020062200... 2020-07-10 17:40:26 [ INFO]: [ ] Configuring LDAP connection (check_ldap_connection.sh) on compute VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:42:27 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking LDAP connectivity Testing LDAP search... [o] LDAP search succeeded: found user 'decovidlocaladsync'. LDAP SEARCH RESULT: dn: CN=DECOVID Local AD Sync Administrator,OU=Safe Haven Service Accounts,DC=d ecovid,DC=turingsafehaven,DC=ac,DC=uk objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: DECOVID Local AD Sync Administrator description: DECOVID Local AD Sync Administrator distinguishedName: CN=DECOVID Local AD Sync Administrator,OU=Safe Haven Servic e Accounts,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk instanceType: 4 whenCreated: 20200710104142.0Z whenChanged: 20200710111237.0Z displayName: DECOVID Local AD Sync Administrator uSNCreated: 12898 uSNChanged: 16566 name: DECOVID Local AD Sync Administrator objectGUID:: j6p+rbPNckyuScHWx7W3XA== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 132388725879908734 pwdLastSet: 132388513027946625 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAABC1s57nVR7b2y3AgUgQAAA== accountExpires: 9223372036854775807 logonCount: 178 sAMAccountName: decovidlocaladsync sAMAccountType: 805306368 userPrincipalName: decovidlocaladsync@decovid.turingsafehaven.ac.uk objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=decovid,DC=turingsafeh aven,DC=ac,DC=uk dSCorePropagationData: 20200710104154.0Z dSCorePropagationData: 16010101000001.0Z lastLogonTimestamp: 132388531574807849 [stderr] Time : 2020-07-10 17:42:37 [SUCCESS]: [✔] Configuring LDAP connection on SRE-SRE1-160-DSVM-0-2-2020062200 was successful 2020-07-10 17:42:37 [ INFO]: [ ] Configuring name resolution (restart_name_resolution_service.sh) on compute VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:43:09 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking name resolution Testing connectivity for 'DC1-SHM-DECOVID.decovid.turingsafehaven.ac.uk' NS LOOKUP RESULT: Server: 10.0.0.4 Address: 10.0.0.4#53 Name: DC1-SHM-DECOVID.decovid.turingsafehaven.ac.uk Address: 10.0.0.4 Name resolution working. Testing /etc/systemd/resolved.conf No updates needed Testing /etc/resolv.conf # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 10.0.0.4 nameserver 10.0.0.5 search decovid.turingsafehaven.ac.uk reddog.microsoft.com /etc/resolv.conf is currently pointing to /run/systemd/resolve/resolv.conf [stderr] Time : 2020-07-10 17:43:19 [SUCCESS]: [✔] Configuring name resolution on SRE-SRE1-160-DSVM-0-2-2020062200 was successful 2020-07-10 17:43:19 [ INFO]: [ ] Configuring realm join (rerun_realm_join.sh) on compute VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:43:49 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking realm membership Testing current realms... [o] Currently a member of realm: 'decovid.turingsafehaven.ac.uk'. No need to rejoin. REALM LIST RESULT: decovid.turingsafehaven.ac.uk type: kerberos realm-name: DECOVID.TURINGSAFEHAVEN.AC.UK domain-name: decovid.turingsafehaven.ac.uk configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-permitted-logins permitted-logins: permitted-groups: [stderr] Time : 2020-07-10 17:43:59 [SUCCESS]: [✔] Configuring realm join on SRE-SRE1-160-DSVM-0-2-2020062200 was successful 2020-07-10 17:43:59 [ INFO]: [ ] Configuring SSSD service (restart_sssd_service.sh) on compute VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:44:32 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking SSSD status Testing sssd status... [o] SSSD service is working. No need to restart. SSSD STATUS RESULT: ● sssd.service - System Security Services Daemon Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 17:39:57 BST; 4min 9s ago Main PID: 1496 (sssd) Tasks: 4 (limit: 4915) CGroup: /system.slice/sssd.service ├─1496 /usr/sbin/sssd -i --logger=files ├─2036 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain decovid.turingsafehaven.ac.uk --uid 0 --gid 0 --logger=files ├─2085 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --uid 0 --gid 0 --logger=files └─2086 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --uid 0 --gid 0 --logger=files Jul 10 17:39:56 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1496]: Starting up Jul 10 17:39:56 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[be[2036]: Starting up Jul 10 17:39:57 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2085]: Starting up Jul 10 17:39:57 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2086]: Starting up Jul 10 17:39:57 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started System Security Services Daemon. Jul 10 17:39:58 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1496]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 17:39:58 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1496]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 17:39:58 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1496]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 17:39:58 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1496]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 17:40:04 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2085]: Enumeration requested but not enabled [stderr] Time : 2020-07-10 17:44:42 [SUCCESS]: [✔] Configuring SSSD service on SRE-SRE1-160-DSVM-0-2-2020062200 was successful 2020-07-10 17:44:42 [ INFO]: [ ] Configuring xrdp service (restart_xrdp_service.sh) on compute VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-07-10 17:45:13 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking xrdp status Testing xrdp status... [o] xrdp services are working. No need to restart. XRDP STATUS RESULT: ● xrdp.service - xrdp daemon Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 17:39:57 BST; 4min 51s ago Docs: man:xrdp(8) man:xrdp.ini(5) Process: 1941 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS) Process: 1883 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/SUCCESS) Main PID: 1966 (xrdp) Tasks: 1 (limit: 4915) CGroup: /system.slice/xrdp.service └─1966 /usr/sbin/xrdp Jul 10 17:39:55 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Starting xrdp daemon... Jul 10 17:39:55 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[1941]: (1941)(139704346101568)[DEBUG] Testing if xrdp can listen on 0.0.0.0 port 3389. Jul 10 17:39:56 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[1941]: (1941)(139704346101568)[DEBUG] Closed socket 7 (AF_INET6 :: port 3389) Jul 10 17:39:56 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: xrdp.service: Can't open PID file /var/run/xrdp/xrdp.pid (yet?) after start: No such file or directory Jul 10 17:39:57 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started xrdp daemon. Jul 10 17:39:57 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[1966]: (1966)(139704346101568)[INFO ] starting xrdp with pid 1966 Jul 10 17:39:58 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[1966]: (1966)(139704346101568)[INFO ] listening to port 3389 on 0.0.0.0 ● xrdp-sesman.service - xrdp session manager Loaded: loaded (/lib/systemd/system/xrdp-sesman.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 17:39:55 BST; 4min 52s ago Docs: man:xrdp-sesman(8) man:sesman.ini(5) Process: 1657 ExecStart=/usr/sbin/xrdp-sesman $SESMAN_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1806 (xrdp-sesman) Tasks: 1 (limit: 4915) CGroup: /system.slice/xrdp-sesman.service └─1806 /usr/sbin/xrdp-sesman Jul 10 17:39:54 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Starting xrdp session manager... Jul 10 17:39:54 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1657]: (1657)(140388757169472)[DEBUG] libscp initialized Jul 10 17:39:54 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1657]: (1657)(140388757169472)[DEBUG] Testing if xrdp-sesman can listen on 127.0.0.1 port 3350. Jul 10 17:39:54 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1806]: (1806)(140388757169472)[INFO ] starting xrdp-sesman with pid 1806 Jul 10 17:39:55 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1657]: (1657)(140388757169472)[DEBUG] Closed socket 6 (AF_INET6 ::1 port 3350) Jul 10 17:39:55 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1806]: (1806)(140388757169472)[INFO ] listening to port 3350 on 127.0.0.1 Jul 10 17:39:55 SRE-SRE1-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started xrdp session manager. [stderr] Time : 2020-07-10 17:45:23 [SUCCESS]: [✔] Configuring xrdp service on SRE-SRE1-160-DSVM-0-2-2020062200 was successful 2020-07-10 17:45:38 [ INFO]: Deployment complete. This new VM can be accessed from the RDS at 10.150.2.160 ```

Apply_SRE_Network_Configuration

```pwsh 2020-07-10 17:52:56 [ INFO]: Applying network configuration for SRE 'sre1' (Tier 2), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-07-10 17:52:56 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-07-10 17:52:56 [ INFO]: [ ] Associating RDG-SRE-SRE1 with NSG_SRE_SRE1_RDS_SERVER... 2020-07-10 17:52:59 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:53:10 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-07-10 17:53:10 [ INFO]: [ ] Associating APP-SRE-SRE1 with NSG_SRE_SRE1_RDS_SESSION_HOSTS... 2020-07-10 17:53:13 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:53:23 [ INFO]: Ensure data server is bound to correct NSG... 2020-07-10 17:53:23 [ INFO]: [ ] Associating DAT-SRE-SRE1 with NSG_SRE_SRE1_DATA... 2020-07-10 17:53:36 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:53:47 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-07-10 17:53:47 [ INFO]: [ ] Associating GITLAB-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-10 17:53:49 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:53:59 [ INFO]: [ ] Associating HACKMD-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-10 17:54:02 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:54:14 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-07-10 17:54:15 [ INFO]: [ ] Associating SRE-SRE1-160-DSVM-0-2-2020062200 with NSG_SRE_SRE1_COMPUTE... 2020-07-10 17:54:17 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 17:54:27 [ INFO]: NICs associated with NSG_SRE_SRE1_DATA: 2020-07-10 17:54:27 [ INFO]: => DAT-SRE-SRE1-NIC 2020-07-10 17:54:27 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SERVER: 2020-07-10 17:54:27 [ INFO]: => RDG-SRE-SRE1-NIC 2020-07-10 17:54:27 [ INFO]: NICs associated with NSG_SRE_SRE1_COMPUTE: 2020-07-10 17:54:27 [ INFO]: => SRE-SRE1-160-DSVM-0-2-2020062200-NIC 2020-07-10 17:54:27 [ INFO]: NICs associated with NSG_SRE_SRE1_WEBAPPS: 2020-07-10 17:54:27 [ INFO]: => HACKMD-SRE-SRE1-NIC 2020-07-10 17:54:27 [ INFO]: => GITLAB-SRE-SRE1-NIC 2020-07-10 17:54:27 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SESSION_HOSTS: 2020-07-10 17:54:27 [ INFO]: => APP-SRE-SRE1-NIC 2020-07-10 17:54:27 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-07-10 17:54:27 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE1_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240 35.178.242.198 80.229.141.188 35.177.105.78 90.255.223.48 188.214.11.75' 2020-07-10 17:54:33 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE1_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240 35.178.242.198 80.229.141.188 35.177.105.78 90.255.223.48 188.214.11.75' 2020-07-10 17:54:33 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-07-10 17:54:34 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_COMPUTE' to 'Deny' access to 'Internet' 2020-07-10 17:54:35 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_COMPUTE' will now 'Deny' access to 'Internet' 2020-07-10 17:54:36 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_WEBAPPS' to 'Deny' access to 'Internet' 2020-07-10 17:54:38 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_WEBAPPS' will now 'Deny' access to 'Internet' 2020-07-10 17:54:38 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-07-10 17:54:46 [ INFO]: Removing all existing mirror peerings... 2020-07-10 17:54:53 [ INFO]: Peering to the correct mirror network... 2020-07-10 17:54:57 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE1' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2. 2020-07-10 17:55:08 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE1' succeeded 2020-07-10 17:55:11 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2' to SRE VNet VNET_SRE_SRE1. 2020-07-10 17:55:42 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2' succeeded 2020-07-10 17:55:42 [ INFO]: Determining correct URLs for package mirrors... 2020-07-10 17:55:42 [ INFO]: CRAN: 'http://10.20.2.21' 2020-07-10 17:55:42 [ INFO]: PyPI server: 'http://10.20.2.20:3128' 2020-07-10 17:55:42 [ INFO]: PyPI host: '10.20.2.20' 2020-07-10 17:55:45 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE1-160-DSVM-0-2-2020062200 2020-07-10 17:56:15 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.2.20' Updating CRAN mirror to point at 'http://10.20.2.21' [stderr] Time : ```

Setup_SRE_Firewall

```pwsh 2020-07-10 17:56:57 [ INFO]: Ensuring that route table 'ROUTE-TABLE-SRE-SRE1' exists... 2020-07-10 17:56:57 [ INFO]: [ ] Creating route table 'ROUTE-TABLE-SRE-SRE1' 2020-07-10 17:57:08 [SUCCESS]: [✔] Created route table 'ROUTE-TABLE-SRE-SRE1' 2020-07-10 17:57:10 [ INFO]: Ensuring that route 'ViaFirewall' exists... 2020-07-10 17:57:11 [ INFO]: [ ] Creating route 'ViaFirewall' 2020-07-10 17:57:23 [SUCCESS]: [✔] Created route 'ViaFirewall' 2020-07-10 17:57:23 [ INFO]: Ensuring that route 'ViaVpn' exists... 2020-07-10 17:57:24 [ INFO]: [ ] Creating route 'ViaVpn' 2020-07-10 17:57:36 [SUCCESS]: [✔] Created route 'ViaVpn' 2020-07-10 17:57:53 [ INFO]: Setting firewall application rules... 2020-07-10 17:57:53 [ INFO]: Setting firewall application rules... 2020-07-10 17:57:53 [ INFO]: Ensuring that 'Allow' rule for 'WindowsUpdate' is set on FIREWALL-SHM-DECOVID... 2020-07-10 17:57:54 [ INFO]: [ ] Creating application rule collection 'sre-sre1-allow' 2020-07-10 17:57:55 [SUCCESS]: [✔] Created application rule collection 'sre-sre1-allow' 2020-07-10 17:57:55 [SUCCESS]: [✔] Ensured that application rule 'WindowsUpdate' exists on local firewall object only. 2020-07-10 17:57:55 [ INFO]: Ensuring that 'Allow' rule for 'ocsp.digicert.com crl3.digicert.com crl4.digicert.com crl.microsoft.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 17:57:55 [SUCCESS]: [✔] Application rule collection 'sre-sre1-allow' already exists 2020-07-10 17:57:55 [SUCCESS]: [✔] Ensured that application rule 'AllowCertificateStatusCheck' exists on local firewall object only. 2020-07-10 17:57:55 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 17:58:37 [SUCCESS]: [✔] Updated remote firewall with rule changes. 2020-07-10 17:58:37 [ INFO]: Setting firewall network rules... 2020-07-10 17:58:37 [ INFO]: Setting firewall network rules... 2020-07-10 17:58:37 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 17:58:39 [SUCCESS]: [✔] Updated remote firewall with rule changes. ```

Setup_SRE_Logging

```pwsh 2020-07-10 18:03:29 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:05:01 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'APP-SRE-SRE1'. 2020-07-10 18:05:01 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:07:03 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'APP-SRE-SRE1'. 2020-07-10 18:07:03 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:08:36 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'RDG-SRE-SRE1'. 2020-07-10 18:08:36 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:09:38 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'RDG-SRE-SRE1'. 2020-07-10 18:09:38 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:12:40 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'GITLAB-SRE-SRE1'! 2020-07-10 18:12:40 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:15:43 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:15:43 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:18:47 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'HACKMD-SRE-SRE1'! 2020-07-10 18:18:47 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:21:20 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:21:20 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:23:22 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'DAT-SRE-SRE1'. 2020-07-10 18:23:22 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:24:54 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'DAT-SRE-SRE1'. 2020-07-10 18:24:55 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'MSSQL-SRE1'. 2020-07-10 18:26:59 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'MSSQL-SRE1'. 2020-07-10 18:26:59 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'MSSQL-SRE1'. 2020-07-10 18:28:32 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'MSSQL-SRE1'. 2020-07-10 18:28:32 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:31:35 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'PSTGRS-SRE1'! 2020-07-10 18:31:35 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:34:37 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'PSTGRS-SRE1'. 2020-07-10 18:34:38 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:36:40 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'! 2020-07-10 18:36:40 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:37:42 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:40:09 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:40:10 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:40:10 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:40:10 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'APP-SRE-SRE1'. 2020-07-10 18:40:11 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:40:11 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:40:11 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:40:12 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'RDG-SRE-SRE1'. 2020-07-10 18:40:12 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:40:13 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:40:13 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:40:14 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'GITLAB-SRE-SRE1'. 2020-07-10 18:40:14 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:40:14 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:40:14 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:40:15 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'HACKMD-SRE-SRE1'. 2020-07-10 18:40:16 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:40:16 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:40:16 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:40:17 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'DAT-SRE-SRE1'. 2020-07-10 18:40:17 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'MSSQL-SRE1'. 2020-07-10 18:40:18 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'MSSQL-SRE1'. 2020-07-10 18:40:18 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'MSSQL-SRE1'. 2020-07-10 18:40:19 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'MSSQL-SRE1'. 2020-07-10 18:40:19 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:40:19 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:40:19 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:40:20 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'PSTGRS-SRE1'. 2020-07-10 18:40:20 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:40:21 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:40:21 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. 2020-07-10 18:40:22 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'SRE-SRE1-160-DSVM-0-2-2020062200'. ```

Smoke tests

- Package mirror errors are expected since tier-2 mirrors have not synchronised yet - R package failures are expected (these packages require R 4.0) ```shell [ RUNNING ] julia_packages [ DEBUG ] Testing 48 Julia packages [ DEBUG ] [ Info: JavaCall could not determine javapath from `which java` [ DEBUG ] All packages are installed! [ OK ] julia_packages (202 s) [ RUNNING ] julia_functionality [ DEBUG ] All functionality tests passed [ OK ] julia_functionality (14 s) [ RUNNING ] python_27_packages [ DEBUG ] Python version 2.7.18 found [ DEBUG ] Testing 79 python packages [ DEBUG ] Tensorflow can see the following devices [u'/device:CPU:0', u'/device:XLA_CPU:0'] [ OK ] python_27_packages (8 s) [ RUNNING ] python_27_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_27_functionality (1 s) [ RUNNING ] python_27_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_27_mirrors_pypi (20 s) [ RUNNING ] python_36_packages [ DEBUG ] Python version 3.6.10 found [ DEBUG ] Testing 88 python packages [ DEBUG ] Tensorflow can see the following devices ['/device:CPU:0', '/device:XLA_CPU:0'] [ OK ] python_36_packages (12 s) [ RUNNING ] python_36_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_36_functionality (1 s) [ RUNNING ] python_36_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_36_mirrors_pypi (21 s) [ RUNNING ] python_37_packages [ DEBUG ] Python version 3.7.7 found [ DEBUG ] Testing 88 python packages [ DEBUG ] Tensorflow can see the following devices ['/device:CPU:0', '/device:XLA_CPU:0'] [ OK ] python_37_packages (10 s) [ RUNNING ] python_37_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_37_functionality (1 s) [ RUNNING ] python_37_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_37_mirrors_pypi (20 s) [ RUNNING ] R_packages [ DEBUG ] Testing 241 CRAN packages [ DEBUG ] Testing 62 Bioconductor packages [ DEBUG ] The following 1 packages gave a warning: [ DEBUG ] BiocInstaller [ DEBUG ] The following 5 packages gave a error: [ DEBUG ] Scale [ DEBUG ] traj [ DEBUG ] FlowSOM [ DEBUG ] GO [ DEBUG ] moe430a Unexpected problem found with: BiocInstaller Unexpected problem found with: Scale Unexpected problem found with: traj Unexpected problem found with: FlowSOM Unexpected problem found with: GO Unexpected problem found with: moe430a [ FAILED ] R_packages (582 s) [ RUNNING ] R_functionality [ DEBUG ] Logistic regression ran OK [ DEBUG ] Clustering ran OK [ DEBUG ] All functionality tests passed [ OK ] R_functionality (0 s) [ RUNNING ] R_mirrors_cran [ DEBUG ] Attempting to install abn [ DEBUG ] ... abn installation succeeded [ DEBUG ] Attempting to install yum [ DEBUG ] ... yum installation succeeded [ DEBUG ] CRAN working OK [ OK ] R_mirrors_cran (88 s) [ SUMMARY ] Ran 14 tests. [ SUMMARY ] 10 / 14 [71%] passed ```

[martintoreilly]

SRE 'sre2' deployment

Code version

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> exit MAC-ATI0132:setup moreilly$ git fetch;git pull;git status;git log -1 --pretty="At commit %h (%H)" Already up to date. On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean At commit bb8ec345 (bb8ec345078016bb2f4883f7b945a21a359e5ea2) MAC-ATI0132:setup moreilly$ ```

Setup_SRE_KeyVault_And_Users

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_KeyVault_And_Users.ps1 -configId decovidsre2 2020-07-10 18:03:11 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_SECRETS' exists... 2020-07-10 18:03:11 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_SECRETS' 2020-07-10 18:03:12 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_SECRETS' 2020-07-10 18:03:12 [ INFO]: Ensuring that key vault 'kv-decovid-sre-sre2' exists... 2020-07-10 18:03:13 [ INFO]: [ ] Creating key vault 'kv-decovid-sre-sre2' 2020-07-10 18:03:46 [SUCCESS]: [✔] Created key vault 'kv-decovid-sre-sre2' 2020-07-10 18:03:46 [ INFO]: Giving group 'Safe Haven Test Admins' access to key vault 'kv-decovid-sre-sre2'... 2020-07-10 18:03:51 [SUCCESS]: [✔] Set correct access policies for key vault 'kv-decovid-sre-sre2' 2020-07-10 18:03:52 [ INFO]: Ensuring that secrets exist in key vault 'kv-decovid-sre-sre2'... 2020-07-10 18:03:55 [SUCCESS]: [✔] Ensured that SRE admin usernames exist 2020-07-10 18:04:08 [SUCCESS]: [✔] Ensured that SRE VM admin passwords exist 2020-07-10 18:04:20 [SUCCESS]: [✔] Ensured that SRE database secrets exist 2020-07-10 18:04:24 [SUCCESS]: [✔] Ensured that other SRE secrets exist 2020-07-10 18:04:24 [ INFO]: Loading secrets for SRE users and groups... 2020-07-10 18:04:29 [ INFO]: [ ] Adding SRE users and groups to SHM... 2020-07-10 18:05:33 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [ ] Creating group 'SG SRE2 System Administrators' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE2 System Administrators' created [ ] Creating group 'SG SRE2 Research Users' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE2 Research Users' created [ ] Creating group 'SG SRE2 Data Administrators' in OU 'OU=Safe Haven Security Groups,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk'... [o] Group 'SG SRE2 Data Administrators' created [ ] Adding 'SG Safe Haven Server Administrators' user to group 'SG SRE2 System Administrators' [o] User 'SG Safe Haven Server Administrators' was added to 'SG SRE2 System Administrators' [ ] Creating user 'SRE2 Data Mount Service Account' (sre2datamount)... [o] User 'SRE2 Data Mount Service Account' (sre2datamount) created [ ] Creating user 'SRE2 LDAP Search Service Account' (sre2ldapsearch)... [o] User 'SRE2 LDAP Search Service Account' (sre2ldapsearch) created [ ] Creating user 'SRE2 Postgres DB Service Account' (sre2dbpostgres)... [o] User 'SRE2 Postgres DB Service Account' (sre2dbpostgres) created Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_DNS_Zone

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_DNS_Zone.ps1 -configId decovidsre2 2020-07-10 18:08:03 [ INFO]: Ensuring that DNS Zone exists... 2020-07-10 18:08:03 [ INFO]: Ensuring the DNS zone 'sre2.decovid.turingsafehaven.ac.uk' exists... 2020-07-10 18:08:03 [ INFO]: [ ] Creating DNS Zone 'sre2.decovid.turingsafehaven.ac.uk' 2020-07-10 18:08:05 [SUCCESS]: [✔] Created DNS Zone 'sre2.decovid.turingsafehaven.ac.uk' 2020-07-10 18:08:05 [ INFO]: Get NS records from the new DNS Zone... 2020-07-10 18:08:05 [ INFO]: Reading NS records '@' for DNS Zone 'sre2.decovid.turingsafehaven.ac.uk'... 2020-07-10 18:08:08 [ INFO]: Add NS records to the parent DNS Zone... 2020-07-10 18:08:08 [ INFO]: Creating new Record Set 'sre2' in DNS Zone 'decovid.turingsafehaven.ac.uk' with NS records 'ns1-07.azure-dns.com. ns2-07.azure-dns.net. ns3-07.azure-dns.org. ns4-07.azure-dns.info.' to ... 2020-07-10 18:08:10 [SUCCESS]: [✔] Created DNS Record Set 'sre2' PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_VNET_RDS

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_VNET_RDS.ps1 -configId decovidsre2 2020-07-10 18:09:58 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_NETWORKING' exists... 2020-07-10 18:09:59 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_NETWORKING' 2020-07-10 18:09:59 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_NETWORKING' 2020-07-10 18:09:59 [ INFO]: Ensuring that virtual network 'VNET_SRE_SRE2' exists... 2020-07-10 18:10:00 [ INFO]: [ ] Creating virtual network 'VNET_SRE_SRE2' 2020-07-10 18:10:06 [SUCCESS]: [✔] Created virtual network 'VNET_SRE_SRE2' 2020-07-10 18:10:06 [ INFO]: Ensuring that subnet 'SharedDataSubnet' exists... 2020-07-10 18:10:07 [ INFO]: [ ] Creating subnet 'SharedDataSubnet' 2020-07-10 18:10:11 [SUCCESS]: [✔] Created subnet 'SharedDataSubnet' 2020-07-10 18:10:12 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 18:10:13 [ INFO]: [ ] Creating subnet 'DatabasesSubnet' 2020-07-10 18:10:17 [SUCCESS]: [✔] Created subnet 'DatabasesSubnet' 2020-07-10 18:10:18 [ INFO]: Ensuring that subnet 'IdentitySubnet' exists... 2020-07-10 18:10:19 [ INFO]: [ ] Creating subnet 'IdentitySubnet' 2020-07-10 18:10:24 [SUCCESS]: [✔] Created subnet 'IdentitySubnet' 2020-07-10 18:10:25 [ INFO]: Ensuring that subnet 'RDSSubnet' exists... 2020-07-10 18:10:25 [ INFO]: [ ] Creating subnet 'RDSSubnet' 2020-07-10 18:10:30 [SUCCESS]: [✔] Created subnet 'RDSSubnet' 2020-07-10 18:10:33 [ INFO]: [ ] Removing existing peering from 'VNET_SRE_SRE2' to 'VNET_SHM_DECOVID'... 2020-07-10 18:10:37 [SUCCESS]: [✔] Peering removal succeeded 2020-07-10 18:10:39 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE2' from 'VNET_SRE_SRE2' to 'VNET_SHM_DECOVID'... 2020-07-10 18:10:52 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID' from 'VNET_SHM_DECOVID' to 'VNET_SRE_SRE2'... 2020-07-10 18:11:14 [SUCCESS]: [✔] Peering 'VNET_SHM_DECOVID' and 'VNET_SRE_SRE2' succeeded 2020-07-10 18:11:14 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 18:11:22 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_ARTIFACTS' exists... 2020-07-10 18:11:22 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_ARTIFACTS' 2020-07-10 18:11:23 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_ARTIFACTS' 2020-07-10 18:11:23 [ INFO]: Ensuring that storage account 'sresre2bootdiagsqiclwyxn' exists in 'RG_SRE_SRE2_ARTIFACTS'... 2020-07-10 18:11:24 [ INFO]: [ ] Creating storage account 'sresre2bootdiagsqiclwyxn' 2020-07-10 18:11:43 [SUCCESS]: [✔] Created storage account 'sresre2bootdiagsqiclwyxn' 2020-07-10 18:11:43 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_ARTIFACTS' exists... 2020-07-10 18:11:43 [SUCCESS]: [✔] Resource group 'RG_SRE_SRE2_ARTIFACTS' already exists 2020-07-10 18:11:43 [ INFO]: Ensuring that storage account 'sresre2artifactsqiclwyxn' exists in 'RG_SRE_SRE2_ARTIFACTS'... 2020-07-10 18:11:44 [ INFO]: [ ] Creating storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:12:03 [SUCCESS]: [✔] Created storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:12:05 [ INFO]: Ensuring that storage account 'shmdecovidartifactsoceuy' exists in 'RG_SHM_DECOVID_ARTIFACTS'... 2020-07-10 18:12:06 [SUCCESS]: [✔] Storage account 'shmdecovidartifactsoceuy' already exists 2020-07-10 18:12:09 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_RDS_SERVER' exists... 2020-07-10 18:12:09 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_RDS_SERVER' 2020-07-10 18:12:14 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_RDS_SERVER' 2020-07-10 18:12:24 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_RDS_SESSION_HOSTS' exists... 2020-07-10 18:12:25 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_RDS_SESSION_HOSTS' 2020-07-10 18:12:29 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_RDS_SESSION_HOSTS' 2020-07-10 18:12:34 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_RDS' exists... 2020-07-10 18:12:35 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_RDS' 2020-07-10 18:12:35 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_RDS' 2020-07-10 18:12:35 [ INFO]: Deploying RDS from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE2_RDS". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 18:12:38 - Template is valid. VERBOSE: 18:12:39 - Create template deployment 'sre-rds-template' VERBOSE: 18:12:39 - Checking deployment status in 5 seconds VERBOSE: 18:12:44 - Resource Microsoft.Compute/virtualMachines 'RDG-SRE-SRE2' provisioning status is running VERBOSE: 18:12:44 - Resource Microsoft.Network/networkInterfaces 'RDG-SRE-SRE2-NIC' provisioning status is succeeded VERBOSE: 18:12:44 - Resource Microsoft.Compute/virtualMachines 'APP-SRE-SRE2' provisioning status is running VERBOSE: 18:12:44 - Resource Microsoft.Network/publicIPAddresses 'RDG-SRE-SRE2-PIP' provisioning status is succeeded VERBOSE: 18:12:44 - Resource Microsoft.Network/networkInterfaces 'APP-SRE-SRE2-NIC' provisioning status is succeeded VERBOSE: 18:12:44 - Checking deployment status in 14 seconds VERBOSE: 18:12:58 - Checking deployment status in 5 seconds VERBOSE: 18:13:03 - Checking deployment status in 5 seconds VERBOSE: 18:13:08 - Checking deployment status in 5 seconds VERBOSE: 18:13:13 - Checking deployment status in 5 seconds VERBOSE: 18:13:18 - Checking deployment status in 5 seconds VERBOSE: 18:13:24 - Checking deployment status in 5 seconds VERBOSE: 18:13:29 - Checking deployment status in 5 seconds VERBOSE: 18:13:34 - Checking deployment status in 5 seconds VERBOSE: 18:13:39 - Checking deployment status in 5 seconds VERBOSE: 18:13:44 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE2/bginfo' provisioning status is running VERBOSE: 18:13:44 - Resource Microsoft.Compute/virtualMachines 'RDG-SRE-SRE2' provisioning status is succeeded VERBOSE: 18:13:44 - Checking deployment status in 16 seconds VERBOSE: 18:14:01 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE2/bginfo' provisioning status is running VERBOSE: 18:14:01 - Resource Microsoft.Compute/virtualMachines 'APP-SRE-SRE2' provisioning status is succeeded VERBOSE: 18:14:01 - Checking deployment status in 9 seconds VERBOSE: 18:14:10 - Checking deployment status in 5 seconds VERBOSE: 18:14:15 - Checking deployment status in 5 seconds VERBOSE: 18:14:20 - Checking deployment status in 5 seconds VERBOSE: 18:14:25 - Checking deployment status in 5 seconds VERBOSE: 18:14:30 - Checking deployment status in 5 seconds VERBOSE: 18:14:35 - Checking deployment status in 5 seconds VERBOSE: 18:14:40 - Checking deployment status in 5 seconds VERBOSE: 18:14:45 - Checking deployment status in 5 seconds VERBOSE: 18:14:51 - Checking deployment status in 5 seconds VERBOSE: 18:14:56 - Checking deployment status in 5 seconds VERBOSE: 18:15:01 - Checking deployment status in 5 seconds VERBOSE: 18:15:06 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE2/joindomain' provisioning status is running VERBOSE: 18:15:06 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE2/bginfo' provisioning status is succeeded VERBOSE: 18:15:06 - Checking deployment status in 12 seconds VERBOSE: 18:15:18 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE2/joindomain' provisioning status is running VERBOSE: 18:15:18 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE2/bginfo' provisioning status is succeeded VERBOSE: 18:15:18 - Checking deployment status in 11 seconds VERBOSE: 18:15:29 - Resource Microsoft.Compute/virtualMachines/extensions 'RDG-SRE-SRE2/joindomain' provisioning status is succeeded VERBOSE: 18:15:29 - Checking deployment status in 5 seconds VERBOSE: 18:15:34 - Checking deployment status in 5 seconds VERBOSE: 18:15:39 - Checking deployment status in 5 seconds VERBOSE: 18:15:44 - Checking deployment status in 5 seconds VERBOSE: 18:15:50 - Checking deployment status in 5 seconds VERBOSE: 18:15:55 - Checking deployment status in 5 seconds VERBOSE: 18:16:00 - Checking deployment status in 5 seconds VERBOSE: 18:16:05 - Checking deployment status in 5 seconds VERBOSE: 18:16:10 - Resource Microsoft.Compute/virtualMachines/extensions 'APP-SRE-SRE2/joindomain' provisioning status is succeeded DeploymentName : sre-rds-template ResourceGroupName : RG_SRE_SRE2_RDS ProvisioningState : Succeeded Timestamp : 10/07/2020 17:16:05 Mode : Incremental TemplateLink : Parameters : Name Type Value ======================================= ========================= ========== administrator_User String sresre2admin bootDiagnostics_Account_Name String sresre2bootdiagsqiclwyxn domain_Join_Password_Gateway SecureString domain_Join_Password_Session_Hosts SecureString domain_Join_User_Gateway String decovidgatewaysrvrs domain_Join_User_Session_Hosts String decovidsessionsrvrs domain_Name String decovid.turingsafehaven.ac.uk nsG_Gateway_Name String NSG_SRE_SRE2_RDS_SERVER oU_Path_Gateway String OU=Secure Research Environment RDS Gateway Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk oU_Path_Session_Hosts String OU=Secure Research Environment RDS Session Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk rdS_Gateway_Admin_Password SecureString rdS_Gateway_Data1_Disk_Size_GB Int 1023 rdS_Gateway_Data1_Disk_Type String Standard_LRS rdS_Gateway_Data2_Disk_Size_GB Int 1023 rdS_Gateway_Data2_Disk_Type String Standard_LRS rdS_Gateway_IP_Address String 10.151.1.4 rdS_Gateway_Name String RDG-SRE-SRE2 rdS_Gateway_Os_Disk_Size_GB Int 128 rdS_Gateway_Os_Disk_Type String Standard_LRS rdS_Gateway_VM_Size String Standard_DS2_v2 rdS_Session_Host_Apps_Admin_Password SecureString rdS_Session_Host_Apps_IP_Address String 10.151.1.5 rdS_Session_Host_Apps_Name String APP-SRE-SRE2 rdS_Session_Host_Apps_Os_Disk_Size_GB Int 128 rdS_Session_Host_Apps_Os_Disk_Type String Standard_LRS rdS_Session_Host_Apps_VM_Size String Standard_DS2_v2 srE_ID String sre2 virtual_Network_Name String VNET_SRE_SRE2 virtual_Network_Resource_Group String RG_SRE_SRE2_NETWORKING virtual_Network_Subnet String RDSSubnet Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 18:16:11 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 18:16:11 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 18:16:11 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 18:16:11 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 18:16:11 [SUCCESS]: [✔] Template deployment 'sre-rds-template' succeeded 2020-07-10 18:16:11 [ INFO]: Creating blob storage containers in storage account 'sresre2artifactsqiclwyxn'... 2020-07-10 18:16:12 [ INFO]: Ensuring that storage container 'sre-rds-gateway-scripts' exists... 2020-07-10 18:16:12 [ INFO]: [ ] Creating storage container 'sre-rds-gateway-scripts' in storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:16:12 [SUCCESS]: [✔] Created storage container 2020-07-10 18:16:12 [ INFO]: Ensuring that storage container 'sre-rds-sh-packages' exists... 2020-07-10 18:16:12 [ INFO]: [ ] Creating storage container 'sre-rds-sh-packages' in storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:16:12 [SUCCESS]: [✔] Created storage container 2020-07-10 18:16:12 [ INFO]: Upload RDS deployment scripts to storage... 2020-07-10 18:16:12 [ INFO]: [ ] Copying RDS installers to storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:16:13 [SUCCESS]: [✔] File copying succeeded 2020-07-10 18:16:13 [ INFO]: [ ] Uploading RDS gateway scripts to storage account 'sresre2artifactsqiclwyxn' 2020-07-10 18:16:13 [SUCCESS]: [✔] File uploading succeeded 2020-07-10 18:16:16 [ INFO]: Adding DNS record for RDS Gateway 2020-07-10 18:16:20 [ INFO]: [ ] Setting 'A' record for gateway host to '51.143.172.72' in SRE sre2 DNS zone (sre2.decovid.turingsafehaven.ac.uk) 2020-07-10 18:16:23 [SUCCESS]: [✔] Successfully set 'A' record for gateway host 2020-07-10 18:16:23 [ INFO]: [ ] Setting CNAME record for gateway host to point to the 'A' record in SRE sre2 DNS zone (sre2.decovid.turingsafehaven.ac.uk) 2020-07-10 18:16:26 [SUCCESS]: [✔] Successfully set 'CNAME' record for gateway host 2020-07-10 18:16:28 [ INFO]: Updating RDS Gateway: 'RDG-SRE-SRE2'... 2020-07-10 18:16:28 [ INFO]: [ ] Installing core Powershell modules on 'RDG-SRE-SRE2' 2020-07-10 18:18:30 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:19:40 [ INFO]: [ ] Setting OS locale and installing updates on 'RDG-SRE-SRE2' 2020-07-10 18:23:41 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 6 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1195.0) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.1195.0) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:23:52 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:24:23 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:24:23 [ INFO]: Updating RDS Session Host (App server): 'APP-SRE-SRE2'... 2020-07-10 18:24:23 [ INFO]: [ ] Installing core Powershell modules on 'APP-SRE-SRE2' 2020-07-10 18:27:24 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:28:34 [ INFO]: [ ] Setting OS locale and installing updates on 'APP-SRE-SRE2' 2020-07-10 18:31:36 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 0 Windows updates: Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:31:46 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE2' [PowerState/running] 2020-07-10 18:32:18 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE2' [PowerState/running] 2020-07-10 18:32:27 [ INFO]: Importing files from storage to RDS VMs... 2020-07-10 18:32:34 [ INFO]: [ ] Copying 2 files to RDS Gateway 2020-07-10 18:33:04 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Downloading 2 files to 'C:\Installation' [ ] Fetching https://sresre2artifactsqiclwyxn.blob.core.windows.net/sre-rds-gateway-scripts/Deploy_RDS_ Environment.ps1... [o] Succeeded [ ] Fetching https://sresre2artifactsqiclwyxn.blob.core.windows.net/sre-rds-gateway-scripts/ServerList.xml... [o] Succeeded Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:33:19 [ INFO]: [ ] Copying 2 files to RDS Session Host (App server) 2020-07-10 18:35:50 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Clearing all pre-existing files and folders from 'C:\Installation' Downloading 2 files to 'C:\Installation' [ ] Fetching https://sresre2artifactsqiclwyxn.blob.core.windows.net/sre-rds-sh-packages/GoogleChrome_x64.msi... [o] Succeeded [ ] Installing GoogleChrome_x64.msi... [o] Succeeded [ ] Fetching https://sresre2artifactsqiclwyxn.blob.core.windows.net/sre-rds-sh-packages/PuTTY_x64.msi... [o] Succeeded [ ] Installing PuTTY_x64.msi... [o] Succeeded Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:36:00 [ INFO]: Updating RDS Gateway: 'RDG-SRE-SRE2'... 2020-07-10 18:36:00 [ INFO]: [ ] Installing core Powershell modules on 'RDG-SRE-SRE2' 2020-07-10 18:37:31 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:38:11 [ INFO]: [ ] Installing additional Powershell modules on 'RDG-SRE-SRE2' 2020-07-10 18:39:11 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing RDWebClientManagement... [o] RDWebClientManagement 1.0.3 is installed Newly installed modules: ... RDWebClientManagement Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:39:51 [ INFO]: [ ] Setting OS locale and installing updates on 'RDG-SRE-SRE2' 2020-07-10 18:40:53 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 2 Windows updates: ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:41:03 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:41:35 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:41:35 [ INFO]: Updating RDS Session Host (App server): 'APP-SRE-SRE2'... 2020-07-10 18:41:35 [ INFO]: [ ] Installing core Powershell modules on 'APP-SRE-SRE2' 2020-07-10 18:43:06 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:44:16 [ INFO]: [ ] Setting OS locale and installing updates on 'APP-SRE-SRE2' 2020-07-10 18:44:47 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 0 Windows updates: [o] Installing Windows updates succeeded. Newly installed Windows updates: Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 18:44:58 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE2' [PowerState/running] 2020-07-10 18:45:30 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE2' [PowerState/running] 2020-07-10 18:45:30 [ INFO]: [ ] Associating RDG-SRE-SRE2 with NSG_SRE_SRE2_RDS_SERVER... 2020-07-10 18:45:33 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 18:45:43 [ INFO]: [ ] Associating APP-SRE-SRE2 with NSG_SRE_SRE2_RDS_SESSION_HOSTS... 2020-07-10 18:45:57 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 18:46:07 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:46:39 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE2' [PowerState/running] 2020-07-10 18:46:40 [ INFO]: [ ] (Re)starting VM 'APP-SRE-SRE2' [PowerState/running] 2020-07-10 18:47:11 [SUCCESS]: [✔] Successfully (re)started 'APP-SRE-SRE2' [PowerState/running] PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Deploy_RDS_Environment

```pwsh S C:\Users\domaindecovidadmin> C:\Installation\Deploy_RDS_Environment.ps1 Initialising data drives... Configuring disk 2 Configuring disk 3 Removing any old RDS settings... Creating RDS Environment... Server Roles ------ ----- RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk {RDS-LICENSING} RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk {RDS-GATEWAY} [o] RDS environment configuration update succeeded Creating user profile disk shares... Creating 'Applications' collection... [o] Creating 'Applications' collection succeeded Registering applications... [o] Registering applications succeeded Updating server configuration... [o] Server configuration update succeeded Installing RDS webclient... WARNING: Initializing RDWebClientManagement in 'C:\Program Files\RemoteDesktopWeb'. To uninstall, use Uninstall-RDWebClient. [o] RDS webclient installation succeeded Setting up IIS redirect... [o] IIS redirection succeeded PS C:\Users\domaindecovidadmin> ```pwsh ```

Configure_SRE_RDS_CAP_And_RAP

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Configure_SRE_RDS_CAP_And_RAP.ps1 -configId decovidsre2 2020-07-10 19:08:44 [ INFO]: Creating/retrieving NPS secret from key vault 'kv-decovid-sre-sre2'... 2020-07-10 19:08:46 [ INFO]: [ ] Configuring CAP and RAP settings on RDS Gateway 2020-07-10 19:09:17 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [o] Successfully restricted 'RDG_AllDomainComputers' User Groups to 'SG SRE2 Research Users@DECOVID'. [o] Successfully restricted 'RDG_RDConnectionBrokers' User Groups to 'SG SRE2 Research Users@DECOVID'. [o] Successfully configured '10.0.0.6' as the only remote NPS server. [o] Successfully set remote NPS server as RD CAP store. Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 19:09:29 [ INFO]: Adding RDS Gateway as RADIUS client on SHM NPS 2020-07-10 19:10:00 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring that RADIUS client 'RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk' is registered... Creating RADIUS client 'RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk' at '10.151.1.4'... [o] Successfully created RADIUS client Adding RDS gateway inbound rule... [o] Inbound RADIUS firewall rule 'SRE SRE2 RDS Gateway RADIUS inbound (10.151.1.4)' already exists Updating 'SRE SRE2 RDS Gateway RADIUS inbound (10.151.1.4)' inbound RADIUS firewall rule for RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk (10.151.1.4)... [o] Successfully updated RDS gateway inbound rule Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 19:10:16 [ INFO]: Restarting NPS Server... 2020-07-10 19:10:16 [ INFO]: [ ] (Re)starting VM 'NPS-SHM-DECOVID' [PowerState/running] 2020-07-10 19:10:48 [SUCCESS]: [✔] Successfully (re)started 'NPS-SHM-DECOVID' [PowerState/running] 2020-07-10 19:10:48 [ INFO]: Waiting 2 minutes for NPS services to start... PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Update_SRE_RDS_SSL_Certificate

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Update_SRE_RDS_SSL_Certificate.ps1 -configId decovidsre2 -emailAddress moreilly@turing.ac.uk 2020-07-10 19:18:08 [ INFO]: [ ] Checking whether signed certificate 'sre-sre2-lets-encrypt-certificate' already exists in key vault... 2020-07-10 19:18:09 [ INFO]: No certificate found in key vault 'kv-decovid-sre-sre2' 2020-07-10 19:18:09 [ INFO]: Preparing to request a new certificate... 2020-07-10 19:18:09 [ INFO]: Using Let's Encrypt production server! 2020-07-10 19:18:09 [ INFO]: [ ] Checking for Posh-ACME account 2020-07-10 19:18:09 [SUCCESS]: [✔] Using Posh-ACME account: 83124626 2020-07-10 19:18:14 [ INFO]: Test that we can interact with DNS records... 2020-07-10 19:18:14 [ INFO]: [ ] Attempting to create a DNS record for dnstest.sre2.decovid.turingsafehaven.ac.uk... VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/providers/Microsoft.Network/dnszones?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 23695-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 43 zone(s) found VERBOSE: Checking dnstest.sre2.decovid.turingsafehaven.ac.uk VERBOSE: Checking sre2.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.dnstest.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 187-byte response of content type application/json VERBOSE: Sending updated _acme-challenge.dnstest VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 491-byte response of content type application/json VERBOSE: Content encoding: utf-8 2020-07-10 19:18:16 [SUCCESS]: [✔] DNS record creation succeeded 2020-07-10 19:18:16 [ INFO]: [ ] Attempting to delete a DNS record for dnstest.sre2.decovid.turingsafehaven.ac.uk... VERBOSE: Attempting to find hosted zone for _acme-challenge.dnstest.sre2.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.dnstest.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 491-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Deleting _acme-challenge.dnstest. No values left. VERBOSE: DELETE https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge.dnstest?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 0-byte response of content type VERBOSE: Content encoding: iso-8859-1 2020-07-10 19:18:17 [SUCCESS]: [✔] DNS record deletion succeeded 2020-07-10 19:18:17 [ INFO]: Generating a certificate signing request for sre2.decovid.turingsafehaven.ac.uk to be signed by Let's Encrypt... 2020-07-10 19:18:18 [SUCCESS]: [✔] CSR creation succeeded 2020-07-10 19:18:18 [ INFO]: Sending the CSR to be signed by Let's Encrypt... VERBOSE: Attempting to find hosted zone for _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/providers/Microsoft.Network/dnszones?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 23695-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: 43 zone(s) found VERBOSE: Checking sre2.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 179-byte response of content type application/json VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 2020-07-10 19:18:20 [ INFO]: [ ] Creating certificate for sre2.decovid.turingsafehaven.ac.uk... VERBOSE: Using directory https://acme-v02.api.letsencrypt.org/directory VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/acct/83124626 with 398-byte payload VERBOSE: received 314-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/acct/90892462 with 398-byte payload VERBOSE: received 313-byte response of content type application/json VERBOSE: Using account 83124626 VERBOSE: Creating a new order for sre2.decovid.turingsafehaven.ac.uk, RDG-SRE-SRE2.decovid.turingsafehaven.ac.uk VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/new-order with 587-byte payload VERBOSE: received 526-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5793052575 with 406-byte payload VERBOSE: received 514-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5794555913 with 406-byte payload VERBOSE: received 812-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5794555913 with 406-byte payload VERBOSE: received 812-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/authz-v3/5793052575 with 406-byte payload VERBOSE: received 514-byte response of content type application/json WARNING: Fewer DnsPlugin values than names in the order. Using Azure for the rest. VERBOSE: Publishing DNS challenge for sre2.decovid.turingsafehaven.ac.uk VERBOSE: Attempting to find hosted zone for _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 156-byte payload VERBOSE: received 525-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: rdg-sre-sre2.decovid.turingsafehaven.ac.uk authorization is already valid VERBOSE: Saving changes for Azure plugin VERBOSE: Sleeping for 120 seconds while DNS change(s) propagate VERBOSE: Requesting challenge validations VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/chall-v3/5794555913/opwf0A with 419-byte payload VERBOSE: received 184-byte response of content type application/json VERBOSE: Attempting to find hosted zone for _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: Querying _acme-challenge.sre2.decovid.turingsafehaven.ac.uk VERBOSE: GET https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 0-byte payload VERBOSE: received 525-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Sending updated _acme-challenge VERBOSE: PUT https://management.azure.com/subscriptions/afe7c62f-cf25-44b3-9e56-d7a14a3ea5e4/resourceGroups/rg_shm_dns_decovid/providers/Microsoft.Network/dnszones/sre2.decovid.turingsafehaven.ac.uk/TXT/_acme-challenge?api-version=2018-03-01-preview with 98-byte payload VERBOSE: received 467-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: Saving changes for Azure plugin VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/83124626/4144773035 with 414-byte payload VERBOSE: received 515-byte response of content type application/json VERBOSE: Finalizing the order. VERBOSE: Using the provided certificate request. VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/finalize/83124626/4144773035 with 1988-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/83124626/4144773035 with 414-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/order/83124626/4144773035 with 414-byte payload VERBOSE: received 619-byte response of content type application/json VERBOSE: POST https://acme-v02.api.letsencrypt.org/acme/cert/04923ab7dd85ebcc4c7c578ad3731eef7c1f with 436-byte payload VERBOSE: received 3669-byte response of content type application/pem-certificate-chain VERBOSE: No private key available. Skipping Pfx creation. VERBOSE: Updating cert expiration and renewal window VERBOSE: Successfully created certificate. 2020-07-10 19:20:37 [SUCCESS]: [✔] Certificate creation succeeded 2020-07-10 19:20:37 [ INFO]: Importing signed certificate into KeyVault 'kv-decovid-sre-sre2'... 2020-07-10 19:20:39 [SUCCESS]: [✔] Certificate import succeeded 2020-07-10 19:20:39 [ INFO]: Adding SSL certificate to RDS Gateway VM 2020-07-10 19:21:14 [SUCCESS]: [✔] Adding certificate succeeded 2020-07-10 19:21:14 [ INFO]: Configuring RDS Gateway VM to use SSL certificate 2020-07-10 19:22:45 [SUCCESS]: [✔] Remote script execution succeeded Subject NotAfter KeyLength Thumbprint AllSANs ------- -------- --------- ---------- ------- CN=sre2.decovid.turingsafehaven.ac.uk 08/10/2020 18:20:35 2048 1A6029A06050E0CD5AD93E42149A37A6D14F5612 {sre2.deco… Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Looking for certificate with thumbprint: 1A6029A06050E0CD5AD93E42149A37A6D14F5612 [o] Found certificate with correct thumbprint Updating RDS roles to use new certificate... [o] Successfully updated RDS roles Currently installed certificates: Role Level ExpiresOn IssuedTo ---- ----- --------- -------- RDRedirector Trusted 10/08/2020 18:20:35 CN=sre2.decovid.turingsafehaven.ac.uk RDPublishing Trusted 10/08/2020 18:20:35 CN=sre2.decovid.turingsafehaven.ac.uk RDWebAccess Trusted 10/08/2020 18:20:35 CN=sre2.decovid.turingsafehaven.ac.uk RDGateway Trusted 10/08/2020 18:20:35 CN=sre2.decovid.turingsafehaven.ac.uk Extracting a base64-encoded certificate... [o] Base64-encoded certificate extracted to C:\Certificates\letsencrypt_b64.cer Importing certificate to RDS Web Client... WARNING: Using the Remote Desktop web client with per-device licensing is not supported. [o] Certificate installed on RDS Web Client Checking webclient broker certificate... [o] Webclient broker certificate has the correct thumbprint: '1A6029A06050E0CD5AD93E42149A37A6D14F5612' Checking RDGateway certificate... [o] RDGateway certificate has the correct thumbprint: '1A6029A06050E0CD5AD93E42149A37A6D14F5612' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_WebApp_Servers

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_WebApp_Servers.ps1 -configId decovidsre2 2020-07-10 19:39:17 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 19:39:23 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_WEBAPPS' exists... 2020-07-10 19:39:24 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_WEBAPPS' 2020-07-10 19:39:28 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_WEBAPPS' 2020-07-10 19:39:33 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_WEBAPPS' exists... 2020-07-10 19:39:33 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_WEBAPPS' 2020-07-10 19:39:33 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_WEBAPPS' 2020-07-10 19:39:33 [ INFO]: Deploying GitLab/HackMD VMs from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE2_WEBAPPS". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 19:39:34 - Template is valid. VERBOSE: 19:39:34 - Create template deployment 'sre-webapps-template' VERBOSE: 19:39:34 - Checking deployment status in 5 seconds VERBOSE: 19:39:40 - Resource Microsoft.Compute/virtualMachines 'GITLAB-SRE-SRE2' provisioning status is running VERBOSE: 19:39:40 - Resource Microsoft.Compute/virtualMachines 'HACKMD-SRE-SRE2' provisioning status is running VERBOSE: 19:39:40 - Resource Microsoft.Network/networkInterfaces 'GITLAB-SRE-SRE2-NIC' provisioning status is succeeded VERBOSE: 19:39:40 - Resource Microsoft.Network/networkInterfaces 'HACKMD-SRE-SRE2-NIC' provisioning status is succeeded VERBOSE: 19:39:40 - Checking deployment status in 13 seconds VERBOSE: 19:39:53 - Checking deployment status in 5 seconds VERBOSE: 19:39:58 - Checking deployment status in 5 seconds VERBOSE: 19:40:03 - Checking deployment status in 5 seconds VERBOSE: 19:40:08 - Checking deployment status in 5 seconds VERBOSE: 19:40:13 - Checking deployment status in 5 seconds VERBOSE: 19:40:18 - Checking deployment status in 5 seconds VERBOSE: 19:40:24 - Resource Microsoft.Compute/virtualMachines 'GITLAB-SRE-SRE2' provisioning status is succeeded VERBOSE: 19:40:24 - Resource Microsoft.Compute/virtualMachines 'HACKMD-SRE-SRE2' provisioning status is succeeded DeploymentName : sre-webapps-template ResourceGroupName : RG_SRE_SRE2_WEBAPPS ProvisioningState : Succeeded Timestamp : 10/07/2020 18:40:22 Mode : Incremental TemplateLink : Parameters : Name Type Value ================================ ========================= ========== administrator_User String sresre2admin bootDiagnostics_Account_Name String sresre2bootdiagsqiclwyxn gitLab_Administrator_Password SecureString gitLab_Cloud_Init String I2Nsb3VkLWNvbmZpZwpwYWNrYWdlX3VwZ GF0ZTogdHJ1ZQpwYWNrYWdlX3VwZ3JhZGU6IHRydWUKCiMgSW5zdGFsbCBMREFQIHRvb2xzIGZvciBkZWJ1Z2dpbmcgTER BUCBpc3N1ZXMKcGFja2FnZXM6CiAgLSBhcHQtdHJhbnNwb3J0LWh0dHBzCiAgLSBjYS1jZXJ0aWZpY2F0ZXMKICAtIGN1c mwKICAtIGdpdGxhYi1jZQogIC0gZ251cGcKICAtIGxkYXAtdXRpbHMKICAtIG9wZW5zc2gtc2VydmVyCiAgLSBwb3N0Zml 4CgphcHQ6CiAgIyBQcmVzZXJ2ZXMgdGhlIGV4aXN0aW5nIC9ldGMvYXB0L3NvdXJjZXMubGlzdAogIHByZXNlcnZlX3Nvd XJjZXNfbGlzdDogdHJ1ZQoKICAjIEFkZCByZXBvc2l0b3JpZXMKICBzb3VyY2VzOgogICAgZ2l0bGFiLmxpc3Q6CiAgICA gIHNvdXJjZTogImRlYiBodHRwczovL3BhY2thZ2VzLmdpdGxhYi5jb20vZ2l0bGFiL2dpdGxhYi1jZS91YnVudHUgYmlvb mljIG1haW4iCiAgICAgIGtleWlkOiAzRjAxNjE4QTUxMzEyRjNGCgojIFdlIGtub3cgdGhhdCBleGFjdGx5IG9uZSBkYXR hIGRpc2sgd2lsbCBiZSBhdHRhY2hlZCB0byB0aGlzIFZNIGFuZCBpdCB3aWxsIGJlIGF0dGFjaGVkIGFzIGx1bjEKZGlza 19zZXR1cDoKICAvZGV2L2Rpc2svYXp1cmUvc2NzaTEvbHVuMToKICAgIHRhYmxlX3R5cGU6IGdwdAogICAgbGF5b3V0OiB UcnVlCiAgICBvdmVyd3JpdGU6IFRydWUKCmZzX3NldHVwOgogIC0gZGV2aWNlOiAvZGV2L2Rpc2svYXp1cmUvc2NzaTEvb HVuMQogICAgcGFydGl0aW9uOiAxCiAgICBmaWxlc3lzdGVtOiBleHQ0Cgptb3VudHM6CiAgLSBbL2Rldi9kaXNrL2F6dXJ lL3Njc2kxL2x1bjEtcGFydDEsIC9kYXRhZHJpdmUsIGV4dDQsICJkZWZhdWx0cyxub2ZhaWwiXQoKd3JpdGVfZmlsZXM6C iAgLSBwYXRoOiAvZXRjL2dpdGxhYi9naXRsYWIucmIKICAgIHBlcm1pc3Npb25zOiAiMDYwMCIKICAgIGNvbnRlbnQ6IHw KICAgICAgZXh0ZXJuYWxfdXJsICdodHRwOi8vMTAuMTUxLjIuNScKICAgICAgZ2l0bGFiX3JhaWxzWydsZGFwX2VuYWJsZ WQnXSA9IHRydWUKICAgICAgZ2l0bGFiX3JhaWxzWydsZGFwX3NlcnZlcnMnXSA9IFlBTUwubG9hZCA8PC0nRU9TJwogICA gICAgIG1haW46ICMgJ21haW4nIGlzIHRoZSBHaXRMYWIgJ3Byb3ZpZGVyIElEJyBvZiB0aGlzIExEQVAgc2VydmVyCiAgI CAgICAgICBsYWJlbDogJ0xEQVAnCiAgICAgICAgICBob3N0OiAnREMxLVNITS1ERUNPVklELmRlY292aWQudHVyaW5nc2F mZWhhdmVuLmFjLnVrJwogICAgICAgICAgcG9ydDogMzg5CiAgICAgICAgICB1aWQ6ICdzQU1BY2NvdW50TmFtZScKICAgI CAgICAgIG1ldGhvZDogJ3BsYWluJyAjICJ0bHMiIG9yICJzc2wiIG9yICJwbGFpbiIKICAgICAgICAgIGJpbmRfZG46ICd DTj1TUkUyIExEQVAgU2VhcmNoIFNlcnZpY2UgQWNjb3VudCxPVT1TYWZlIEhhdmVuIFNlcnZpY2UgQWNjb3VudHMsREM9Z GVjb3ZpZCxEQz10dXJpbmdzYWZlaGF2ZW4sREM9YWMsREM9dWsnCiAgICAgICAgICBwYXNzd29yZDogJ2IzQVNldjBqMnl kclFjYjJDNTVIJwogICAgICAgICAgYWN0aXZlX2RpcmVjdG9yeTogdHJ1ZQogICAgICAgICAgYWxsb3dfdXNlcm5hbWVfb 3JfZW1haWxfbG9naW46IHRydWUKICAgICAgICAgIGJsb2NrX2F1dG9fY3JlYXRlZF91c2VyczogZmFsc2UKICAgICAgICA gIGJhc2U6ICdPVT1TYWZlIEhhdmVuIFJlc2VhcmNoIFVzZXJzLERDPWRlY292aWQsREM9dHVyaW5nc2FmZWhhdmVuLERDP WFjLERDPXVrJwogICAgICAgICAgdXNlcl9maWx0ZXI6ICcoJihvYmplY3RDbGFzcz11c2VyKShtZW1iZXJPZj1DTj1TRyB TUkUyIFJlc2VhcmNoIFVzZXJzLE9VPVNhZmUgSGF2ZW4gU2VjdXJpdHkgR3JvdXBzLERDPWRlY292aWQsREM9dHVyaW5nc 2FmZWhhdmVuLERDPWFjLERDPXVrKSknCiAgICAgIGF0dHJpYnV0ZXM6CiAgICAgICAgdXNlcm5hbWU6IFsndWlkJywgJ3V zZXJpZCcsICdzQU1BY2NvdW50TmFtZSddCiAgICAgICAgZW1haWw6ICAgIFsnbWFpbCcsICdlbWFpbCcsICd1c2VyUHJpb mNpcGFsTmFtZSddCiAgICAgICAgbmFtZTogICAgICAgJ2NuJwogICAgICAgIGZpcnN0X25hbWU6ICdnaXZlbk5hbWUnCiA gICAgICAgbGFzdF9uYW1lOiAgJ3NuJwogICAgICBFT1MKICAgICAgZ2l0X2RhdGFfZGlycyh7ICJkZWZhdWx0IiA9PiB7I CJwYXRoIiA9PiAiL2RhdGFkcml2ZS9naXRkYXRhIiB9IH0pCgpydW5jbWQ6CiAgIyBDb25maWd1cmUgc2VydmVyCiAgLSB lY2hvICI+PT09IENvbmZpZ3VyaW5nIHNlcnZlci4uLiA9PT08IgogIC0gZWNobyAiMTAuMTUxLjIuNSBHSVRMQUItU1JFL VNSRTIgR0lUTEFCLVNSRS1TUkUyLnNyZTIuZGVjb3ZpZC50dXJpbmdzYWZlaGF2ZW4uYWMudWsiID4+IC9ldGMvaG9zdHM KICAtIHRpbWVkYXRlY3RsIHNldC10aW1lem9uZSBFdXJvcGUvTG9uZG9uCiAgLSBkcGtnLXJlY29uZmlndXJlIC1mIG5vb mludGVyYWN0aXZlIHR6ZGF0YQogIC0gZWNobyAiVGltZXpvbmUgaXMgJChkYXRlICslWikiCiAgIyBTZXQgdXAgdGhlIGR hdGEgZGlzawogIC0gZWNobyAiPj09PSBDaGVja2luZyBhdHRhY2hlZCBkaXNrcy4uLiA9PT08IgogIC0gbWtkaXIgLXAgL 2RhdGFkcml2ZS9naXRkYXRhCiAgLSBjYXQgL2V0Yy9mc3RhYgogICMgRW5hYmxlIGN1c3RvbSBHaXRMYWIgc2V0dGluZ3M gYW5kIHJ1biBhbiBpbml0aWFsIGNvbmZpZ3VyYXRpb24KICAtIGVjaG8gIlJ1bm5pbmcgaW5pdGlhbCBjb25maWd1cmF0a W9uIgogIC0gZ2l0bGFiLWN0bCByZWNvbmZpZ3VyZQogICMgU2V0IHJvb3QgcGFzc3dvcmQgYW5kIGRvbid0IHByb21wdCB mb3IgaXQgdG8gYmUgcmVzZXQgd2hlbiB3ZWIgYXBwIGZpcnN0IGxvYWRlZAogIC0gfAogICAgZWNobyAidXNlciA9IFVzZ XIuZmluZF9ieSh1c2VybmFtZTogJ3Jvb3QnKTt1c2VyLnBhc3N3b3JkPXVzZXIucGFzc3dvcmRfY29uZmlybWF0aW9uPSd IMXREcmVpcHQwbmlZM3BHb2ozdSc7dXNlci5wYXNzd29yZF9hdXRvbWF0aWNhbGx5X3NldD1mYWxzZTt1c2VyLnNhdmUhO 2V4aXQ7IiB8IGdpdGxhYi1yYWlscyBjb25zb2xlIC1lIHByb2R1Y3Rpb24KICAjIFR1cm4gb2ZmIHVzZXIgYWNjb3VudCB jcmVhdGlvbgogIC0gfAogICAgZ2l0bGFiLXJhaWxzIHJ1bm5lciAiQXBwbGljYXRpb25TZXR0aW5nLmxhc3QudXBkYXRlX 2F0dHJpYnV0ZXMoc2lnbnVwX2VuYWJsZWQ6IGZhbHNlKSIKICAjIFJlc3RyaWN0IGxvZ2luIHRvIFNITSBkb21haW4gKG1 1c3QgYmUgZG9uZSBBRlRFUiBHaXRMYWIgdXBkYXRlKQogIC0gfAogICAgZ2l0bGFiLXJhaWxzIHJ1bm5lciAiQXBwbGljY XRpb25TZXR0aW5nLmxhc3QudXBkYXRlX2F0dHJpYnV0ZXMoZG9tYWluX3doaXRlbGlzdDogWydkZWNvdmlkLnR1cmluZ3N hZmVoYXZlbi5hYy51ayddKSIKICAjIFJlbG9hZCBHaXRMYWIgY29uZmlndXJhdGlvbiBhbmQgcmVzdGFydCBHaXRMYWIKI CAtIGdpdGxhYi1jdGwgcmVjb25maWd1cmUKICAtIGdpdGxhYi1jdGwgcmVzdGFydAoKIyBTaHV0ZG93biBzbyB0aGF0IHd lIGNhbiB0ZWxsIHdoZW4gdGhlIGpvYiBoYXMgZmluaXNoZWQgYnkgcG9sbGluZyB0aGUgVk0gc3RhdGUKcG93ZXJfc3Rhd GU6CiAgbW9kZTogcG93ZXJvZmYKICBtZXNzYWdlOiAiU2h1dHRpbmcgZG93biBhcyBhIHNpZ25hbCB0aGF0IHNldHVwIGl zIGZpbmlzaGVkIgogIHRpbWVvdXQ6IDMwCiAgY29uZGl0aW9uOiBUcnVlCg== gitLab_IP_Address String 10.151.2.5 gitLab_Data_Disk_Size_GB Int 750 gitLab_Data_Disk_Type String Standard_LRS gitLab_Os_Disk_Size_GB Int 50 gitLab_Os_Disk_Type String Standard_LRS gitLab_Server_Name String GITLAB-SRE-SRE2 gitLab_VM_Size String Standard_D2s_v3 hackMD_Administrator_Password SecureString hackMD_Cloud_Init String I2Nsb3VkLWNvbmZpZwpwYWNrYWdlX3VwZ GF0ZTogdHJ1ZQpwYWNrYWdlX3VwZ3JhZGU6IHRydWUKCiMgSW5zdGFsbCBMREFQIHRvb2xzIGZvciBkZWJ1Z2dpbmcgTER BUCBpc3N1ZXMKcGFja2FnZXM6CiAgLSBhcHQtdHJhbnNwb3J0LWh0dHBzCiAgLSBjYS1jZXJ0aWZpY2F0ZXMKICAtIGN1c mwKICAtIGRvY2tlci1jZQogIC0gZG9ja2VyLWNvbXBvc2UKICAtIGxkYXAtdXRpbHMKICAtIHNvZnR3YXJlLXByb3BlcnR pZXMtY29tbW9uCgphcHQ6CiAgIyBQcmVzZXJ2ZXMgdGhlIGV4aXN0aW5nIC9ldGMvYXB0L3NvdXJjZXMubGlzdAogIHByZ XNlcnZlX3NvdXJjZXNfbGlzdDogdHJ1ZQoKICAjIEFkZCByZXBvc2l0b3JpZXMKICBzb3VyY2VzOgogICAgZ2l0bGFiLmx pc3Q6CiAgICAgIHNvdXJjZTogImRlYiBbYXJjaD1hbWQ2NF0gaHR0cHM6Ly9kb3dubG9hZC5kb2NrZXIuY29tL2xpbnV4L 3VidW50dSBiaW9uaWMgc3RhYmxlIgogICAgICBrZXlpZDogOEQ4MTgwM0MwRUJGQ0Q4OAoKd3JpdGVfZmlsZXM6CiAgLSB wYXRoOiAiL2RvY2tlci1jb21wb3NlLWhhY2ttZC55bWwiCiAgICBjb250ZW50OiB8CiAgICAgIHZlcnNpb246ICczJwogI CAgICBzZXJ2aWNlczoKICAgICAgICBkYXRhYmFzZToKICAgICAgICAgICMgRG9uJ3QgdXBncmFkZSBQb3N0Z3JlU1FMIGJ 5IHNpbXBseSBjaGFuZ2luZyB0aGUgdmVyc2lvbiBudW1iZXIKICAgICAgICAgICMgWW91IG5lZWQgdG8gbWlncmF0ZSB0a GUgRGF0YWJhc2UgdG8gdGhlIG5ldyBQb3N0Z3JlU1FMIHZlcnNpb24KICAgICAgICAgIGltYWdlOiBwb3N0Z3JlczoxMS4 1CiAgICAgICAgICAjbWVtX2xpbWl0OiAyNTZtYiAgICAgICAgICMgdmVyc2lvbiAyIG9ubHkKICAgICAgICAgICNtZW1zd 2FwX2xpbWl0OiA1MTJtYiAgICAgIyB2ZXJzaW9uIDIgb25seQogICAgICAgICAgI3JlYWRfb25seTogdHJ1ZSAgICAgICA gICAjIG5vdCBzdXBwb3J0ZWQgaW4gc3dhcm0gbW9kZSBwbGVhc2UgZW5hYmxlIGFsb25nIHdpdGggdG1wZnMKICAgICAgI CAgICN0bXBmczoKICAgICAgICAgICMgIC0gL3J1bi9wb3N0Z3Jlc3FsOnNpemU9NTEySwogICAgICAgICAgIyAgLSAvdG1 wOnNpemU9MjU2SwogICAgICAgICAgZW52aXJvbm1lbnQ6CiAgICAgICAgICAgIC0gUE9TVEdSRVNfVVNFUj1oYWNrbWQKI CAgICAgICAgICAgLSBQT1NUR1JFU19QQVNTV09SRD1oYWNrbWRwYXNzCiAgICAgICAgICAgIC0gUE9TVEdSRVNfREI9aGF ja21kCiAgICAgICAgICB2b2x1bWVzOgogICAgICAgICAgICAtIGRhdGFiYXNlOi92YXIvbGliL3Bvc3RncmVzcWwvZGF0Y QogICAgICAgICAgbmV0d29ya3M6CiAgICAgICAgICAgIGJhY2tlbmQ6CiAgICAgICAgICByZXN0YXJ0OiBhbHdheXMKCiA gICAgICAgYXBwOgogICAgICAgICAgaW1hZ2U6IG5hYm8uY29kaW1kLmRldi9oYWNrbWRpby9oYWNrbWQ6MS40LjEKICAgI CAgICAgICNtZW1fbGltaXQ6IDI1Nm1iICAgICAgICAgIyB2ZXJzaW9uIDIgb25seQogICAgICAgICAgI21lbXN3YXBfbGl taXQ6IDUxMm1iICAgICAjIHZlcnNpb24gMiBvbmx5CiAgICAgICAgICAjcmVhZF9vbmx5OiB0cnVlICAgICAgICAgICMgb m90IHN1cHBvcnRlZCBpbiBzd2FybSBtb2RlLCBlbmFibGUgYWxvbmcgd2l0aCB0bXBmcwogICAgICAgICAgI3RtcGZzOgo gICAgICAgICAgIyAgLSAvdG1wOnNpemU9NTEySwogICAgICAgICAgIyAgLSAvaGFja21kL3RtcDpzaXplPTFNCiAgICAgI CAgICAjIE1ha2Ugc3VyZSB5b3UgcmVtb3ZlIHRoaXMgd2hlbiB5b3UgdXNlIGZpbGVzeXN0ZW0gYXMgdXBsb2FkIHR5cGU KICAgICAgICAgICMgIC0gL2hhY2ttZC9wdWJsaWMvdXBsb2FkczpzaXplPTEwTQogICAgICAgICAgdm9sdW1lczoKICAgI CAgICAgICAgLSB1cGxvYWRzOi9oYWNrbWQvcHVibGljL3VwbG9hZHMKICAgICAgICAgIGVudmlyb25tZW50OgogICAgICA gICAgICAjIERCX1VSTCBpcyBmb3JtYXR0ZWQgbGlrZTogPGRhdGFiYXNldHlwZT46Ly88dXNlcm5hbWU+OjxwYXNzd29yZ D5APGhvc3RuYW1lPi88ZGF0YWJhc2U+CiAgICAgICAgICAgICMgT3RoZXIgZXhhbXBsZXMgYXJlOgogICAgICAgICAgICA jIC0gbXlzcWw6Ly9oYWNrbWQ6aGFja21kcGFzc0BkYXRhYmFzZTozMzA2L2hhY2ttZAogICAgICAgICAgICAjIC0gc3Fsa XRlOi8vL2RhdGEvc3FsaXRlLmRiIChOT1QgUkVDT01NRU5ERUQpCiAgICAgICAgICAgICMgLSBGb3IgZGV0YWlscyBzZWU gdGhlIG9mZmljaWFsIHNlcXVlbGl6ZSBkb2NzOiBodHRwOi8vZG9jcy5zZXF1ZWxpemVqcy5jb20vZW4vdjMvCiAgICAgI CAgICAgIC0gQ01EX0RCX1VSTD1wb3N0Z3JlczovL2hhY2ttZDpoYWNrbWRwYXNzQGRhdGFiYXNlOjU0MzIvaGFja21kCiA gICAgICAgICAgIC0gQ01EX0FMTE9XX0FOT05ZTU9VUz1mYWxzZQogICAgICAgICAgICAtIENNRF9BTExPV19GUkVFVVJMP XRydWUKICAgICAgICAgICAgLSBDTURfRU1BSUw9ZmFsc2UKICAgICAgICAgICAgLSBDTURfVVNFQ0ROPWZhbHNlCiAgICA gICAgICAgIC0gQ01EX0xEQVBfU0VBUkNIRklMVEVSPSgmKG9iamVjdENsYXNzPXVzZXIpKG1lbWJlck9mPUNOPVNHIFNSR TIgUmVzZWFyY2ggVXNlcnMsT1U9U2FmZSBIYXZlbiBTZWN1cml0eSBHcm91cHMsREM9ZGVjb3ZpZCxEQz10dXJpbmdzYWZ laGF2ZW4sREM9YWMsREM9dWspKHVzZXJQcmluY2lwYWxOYW1lPXt7dXNlcm5hbWV9fSkpCiAgICAgICAgICAgIC0gQ01EX 0xEQVBfU0VBUkNIQkFTRT1PVT1TYWZlIEhhdmVuIFJlc2VhcmNoIFVzZXJzLERDPWRlY292aWQsREM9dHVyaW5nc2FmZWh hdmVuLERDPWFjLERDPXVrCiAgICAgICAgICAgIC0gQ01EX0xEQVBfQklORENSRURFTlRJQUxTPWIzQVNldjBqMnlkclFjY jJDNTVICiAgICAgICAgICAgIC0gQ01EX0xEQVBfQklOREROPUNOPVNSRTIgTERBUCBTZWFyY2ggU2VydmljZSBBY2NvdW5 0LE9VPVNhZmUgSGF2ZW4gU2VydmljZSBBY2NvdW50cyxEQz1kZWNvdmlkLERDPXR1cmluZ3NhZmVoYXZlbixEQz1hYyxEQ z11awogICAgICAgICAgICAtIENNRF9MREFQX1VSTD1sZGFwOi8vREMxLVNITS1ERUNPVklELmRlY292aWQudHVyaW5nc2F mZWhhdmVuLmFjLnVrCiAgICAgICAgICAgIC0gQ01EX0xEQVBfUFJPVklERVJOQU1FPURFQ09WSUQKICAgICAgICAgICAgL SBDTURfSU1BR0VfVVBMT0FEX1RZUEU9ZmlsZXN5c3RlbQogICAgICAgICAgcG9ydHM6CiAgICAgICAgICAgICMgUG9ydHM gdGhhdCBhcmUgcHVibGlzaGVkIHRvIHRoZSBvdXRzaWRlLgogICAgICAgICAgICAjIFRoZSBsYXR0ZXIgcG9ydCBpcyB0a GUgcG9ydCBpbnNpZGUgdGhlIGNvbnRhaW5lci4gSXQgc2hvdWxkIGFsd2F5cyBzdGF5IG9uIDMwMDAKICAgICAgICAgICA gIyBJZiB5b3Ugb25seSBzcGVjaWZ5IGEgcG9ydCBpdCdsbCBwdWJsaXNoZWQgb24gYWxsIGludGVyZmFjZXMuIElmIHlvd SB3YW50IHRvIHVzZSBhCiAgICAgICAgICAgICMgbG9jYWwgcmV2ZXJzZSBwcm94eSwgeW91IG1heSB3YW50IHRvIGxpc3R lbiBvbiAxMjcuMC4wLjEuCiAgICAgICAgICAgICMgRXhhbXBsZToKICAgICAgICAgICAgIyAtICIxMjcuMC4wLjE6MzAwM DozMDAwIgogICAgICAgICAgICAtICIzMDAwOjMwMDAiCiAgICAgICAgICBuZXR3b3JrczoKICAgICAgICAgICAgYmFja2V uZDoKICAgICAgICAgIHJlc3RhcnQ6IGFsd2F5cwogICAgICAgICAgZGVwZW5kc19vbjoKICAgICAgICAgICAgLSBkYXRhY mFzZQoKICAgICAgIyBEZWZpbmUgbmV0d29ya3MgdG8gYWxsb3cgYmVzdCBpc29sYXRpb24KICAgICAgbmV0d29ya3M6CiA gICAgICAgIyBJbnRlcm5hbCBuZXR3b3JrIGZvciBjb21tdW5pY2F0aW9uIHdpdGggUG9zdGdyZVNRTC9NeVNRTAogICAgI CAgIGJhY2tlbmQ6CgogICAgICAjIERlZmluZSBuYW1lZCB2b2x1bWVzIHNvIGRhdGEgc3RheXMgaW4gcGxhY2UKICAgICA gdm9sdW1lczoKICAgICAgICAjIFZvbHVtZSBmb3IgUG9zdGdyZVNRTC9NeVNRTCBkYXRhYmFzZQogICAgICAgIGRhdGFiY XNlOgogICAgICAgIHVwbG9hZHM6CgpydW5jbWQ6CiAgIyBDb25maWd1cmUgc2VydmVyCiAgLSBlY2hvICJDb25maWd1cml uZyBzZXJ2ZXIiCiAgLSBlY2hvICIxMC4xNTEuMi42IEhBQ0tNRC1TUkUtU1JFMiBIQUNLTUQtU1JFLVNSRTIuc3JlMi5kZ WNvdmlkLnR1cmluZ3NhZmVoYXZlbi5hYy51ayIgPj4gL2V0Yy9ob3N0cwogIC0gZWNobyAiRXVyb3BlL0xvbmRvbiIgPiA vZXRjL3RpbWV6b25lCiAgLSBkcGtnLXJlY29uZmlndXJlIC1mIG5vbmludGVyYWN0aXZlIHR6ZGF0YQogICMgQ2hlY2tpb mcgRG9ja2VyIHN0YXR1cwogIC0gZWNobyAiQ3VycmVudCBEb2NrZXIgc3RhdHVzIgogIC0gc3lzdGVtY3RsIHN0YXR1cyB kb2NrZXIKICAjIFB1bGxpbmcgSGFja01EIERvY2tlciBpbWFnZQogIC0gZWNobyAiUHVsbGluZyBIYWNrTUQgRG9ja2VyI GltYWdlIgogIC0gZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9oYWNrbWRpby9kb2NrZXItaGFja21kLmdpdCAvc3J jL2RvY2tlci1oYWNrbWQKICAtIGVjaG8gIk92ZXJ3cml0aW5nIEhhY2tNRCBjb25maWd1cmF0aW9uIgogIC0gY3AgL2RvY 2tlci1jb21wb3NlLWhhY2ttZC55bWwgL3NyYy9kb2NrZXItaGFja21kL2RvY2tlci1jb21wb3NlLnltbAogIC0gZWNobyA iU3RhcnRpbmcgSGFja01EIgogIC0gZG9ja2VyLWNvbXBvc2UgLWYgL3NyYy9kb2NrZXItaGFja21kL2RvY2tlci1jb21wb 3NlLnltbCB1cCAtZAoKIyBTaHV0ZG93biBzbyB0aGF0IHdlIGNhbiB0ZWxsIHdoZW4gdGhlIGpvYiBoYXMgZmluaXNoZWQ gYnkgcG9sbGluZyB0aGUgVk0gc3RhdGUKcG93ZXJfc3RhdGU6CiAgbW9kZTogcG93ZXJvZmYKICBtZXNzYWdlOiAiU2h1d HRpbmcgZG93biBhcyBhIHNpZ25hbCB0aGF0IHNldHVwIGlzIGZpbmlzaGVkIgogIHRpbWVvdXQ6IDMwCiAgY29uZGl0aW9 uOiBUcnVlCg== hackMD_IP_Address String 10.151.2.6 hackMD_Os_Disk_Size_GB Int 750 hackMD_Os_Disk_Type String Standard_LRS hackMD_Server_Name String HACKMD-SRE-SRE2 hackMD_VM_Size String Standard_D2s_v3 virtual_Network_Name String VNET_SRE_SRE2 virtual_Network_Resource_Group String RG_SRE_SRE2_NETWORKING virtual_Network_Subnet String SharedDataSubnet Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 19:40:25 [SUCCESS]: [✔] Template deployment 'sre-webapps-template' succeeded 2020-07-10 19:40:25 [ INFO]: Waiting for cloud-init provisioning to finish (this will take 5+ minutes)... 2020-07-10 19:50:06 [ INFO]: Ensure webapp servers and compute VMs are bound to correct NSG... 2020-07-10 19:50:06 [ INFO]: [ ] Associating HACKMD-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-10 19:50:18 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 19:50:28 [ INFO]: [ ] Associating GITLAB-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-10 19:50:42 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 19:51:22 [ INFO]: Summary: NICs associated with 'NSG_SRE_SRE2_WEBAPPS' NSG 2020-07-10 19:51:22 [ INFO]: Rebooting the HackMD VM: 'HACKMD-SRE-SRE2' 2020-07-10 19:51:23 [ INFO]: [ ] (Re)starting VM 'HACKMD-SRE-SRE2' [PowerState/stopped] 2020-07-10 19:51:34 [SUCCESS]: [✔] Successfully (re)started 'HACKMD-SRE-SRE2' [PowerState/running] 2020-07-10 19:51:34 [SUCCESS]: [✔] Rebooting the HackMD VM (HACKMD-SRE-SRE2) succeeded 2020-07-10 19:51:34 [ INFO]: Rebooting the GitLab VM: 'GITLAB-SRE-SRE2' 2020-07-10 19:51:35 [ INFO]: [ ] (Re)starting VM 'GITLAB-SRE-SRE2' [PowerState/stopped] 2020-07-10 19:51:47 [SUCCESS]: [✔] Successfully (re)started 'GITLAB-SRE-SRE2' [PowerState/running] 2020-07-10 19:51:47 [SUCCESS]: [✔] Rebooting the GitLab VM (GITLAB-SRE-SRE2) succeeded PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_Data_Server

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_Data_Server.ps1 -configId decovidsre2 2020-07-10 20:46:33 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 20:46:37 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_DATA' exists... 2020-07-10 20:46:38 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_DATA' 2020-07-10 20:46:38 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_DATA' 2020-07-10 20:46:38 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_DATA' exists... 2020-07-10 20:46:39 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_DATA' 2020-07-10 20:46:43 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_DATA' 2020-07-10 20:46:49 [ INFO]: Creating data server 'DAT-SRE-SRE2' from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE2_DATA". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 20:46:49 - Template is valid. VERBOSE: 20:46:50 - Create template deployment 'sre-data-server-template' VERBOSE: 20:46:50 - Checking deployment status in 5 seconds VERBOSE: 20:46:55 - Resource Microsoft.Compute/virtualMachines 'DAT-SRE-SRE2' provisioning status is running VERBOSE: 20:46:55 - Resource Microsoft.Network/networkInterfaces 'DAT-SRE-SRE2-NIC' provisioning status is succeeded VERBOSE: 20:46:55 - Checking deployment status in 13 seconds VERBOSE: 20:47:08 - Checking deployment status in 5 seconds VERBOSE: 20:47:13 - Checking deployment status in 5 seconds VERBOSE: 20:47:18 - Checking deployment status in 5 seconds VERBOSE: 20:47:23 - Checking deployment status in 5 seconds VERBOSE: 20:47:28 - Checking deployment status in 5 seconds VERBOSE: 20:47:33 - Checking deployment status in 5 seconds VERBOSE: 20:47:38 - Checking deployment status in 5 seconds VERBOSE: 20:47:43 - Checking deployment status in 5 seconds VERBOSE: 20:47:48 - Checking deployment status in 5 seconds VERBOSE: 20:47:54 - Checking deployment status in 5 seconds VERBOSE: 20:47:59 - Checking deployment status in 5 seconds VERBOSE: 20:48:04 - Checking deployment status in 5 seconds VERBOSE: 20:48:09 - Checking deployment status in 5 seconds VERBOSE: 20:48:14 - Checking deployment status in 5 seconds VERBOSE: 20:48:19 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE2/bginfo' provisioning status is running VERBOSE: 20:48:19 - Resource Microsoft.Compute/virtualMachines 'DAT-SRE-SRE2' provisioning status is succeeded VERBOSE: 20:48:19 - Checking deployment status in 16 seconds VERBOSE: 20:48:35 - Checking deployment status in 5 seconds VERBOSE: 20:48:40 - Checking deployment status in 5 seconds VERBOSE: 20:48:45 - Checking deployment status in 5 seconds VERBOSE: 20:48:50 - Checking deployment status in 5 seconds VERBOSE: 20:48:55 - Checking deployment status in 5 seconds VERBOSE: 20:49:00 - Checking deployment status in 5 seconds VERBOSE: 20:49:06 - Checking deployment status in 5 seconds VERBOSE: 20:49:11 - Checking deployment status in 5 seconds VERBOSE: 20:49:16 - Checking deployment status in 5 seconds VERBOSE: 20:49:21 - Checking deployment status in 5 seconds VERBOSE: 20:49:26 - Checking deployment status in 5 seconds VERBOSE: 20:49:31 - Checking deployment status in 5 seconds VERBOSE: 20:49:36 - Checking deployment status in 5 seconds VERBOSE: 20:49:41 - Checking deployment status in 5 seconds VERBOSE: 20:49:46 - Checking deployment status in 5 seconds VERBOSE: 20:49:51 - Checking deployment status in 5 seconds VERBOSE: 20:49:56 - Checking deployment status in 5 seconds VERBOSE: 20:50:01 - Checking deployment status in 5 seconds VERBOSE: 20:50:07 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE2/joindomain' provisioning status is running VERBOSE: 20:50:07 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE2/bginfo' provisioning status is succeeded VERBOSE: 20:50:07 - Checking deployment status in 15 seconds VERBOSE: 20:50:22 - Checking deployment status in 5 seconds VERBOSE: 20:50:27 - Resource Microsoft.Compute/virtualMachines/extensions 'DAT-SRE-SRE2/joindomain' provisioning status is succeeded DeploymentName : sre-data-server-template ResourceGroupName : RG_SRE_SRE2_DATA ProvisioningState : Succeeded Timestamp : 10/07/2020 19:50:26 Mode : Incremental TemplateLink : Parameters : Name Type Value ================================== ========================= ========== administrator_Password SecureString administrator_User String sresre2admin bootDiagnostics_Account_Name String sresre2bootdiagsqiclwyxn data_Server_Name String DAT-SRE-SRE2 domain_Join_Password SecureString domain_Join_Username String decoviddatasrvrs data_Server_Disk_Egress_Size_GB Int 512 data_Server_Disk_Ingress_Size_GB Int 512 data_Server_Disk_Shared_Size_GB Int 512 data_Server_Disk_Egress_Type String Standard_LRS data_Server_Disk_Ingress_Type String Standard_LRS data_Server_Disk_Shared_Type String Standard_LRS domain_Name String decovid.turingsafehaven.ac.uk iP_Address String 10.151.2.4 oU_Path String OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk virtual_Network_Name String VNET_SRE_SRE2 virtual_Network_Resource_Group String RG_SRE_SRE2_NETWORKING virtual_Network_Subnet String SharedDataSubnet data_Server_VM_Size String Standard_D2s_v3 Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 20:50:28 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 20:50:28 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 20:50:28 [SUCCESS]: [✔] Template deployment 'sre-data-server-template' succeeded 2020-07-10 20:50:28 [ INFO]: Updating data server VM... 2020-07-10 20:50:28 [ INFO]: [ ] Installing core Powershell modules on 'DAT-SRE-SRE2' 2020-07-10 20:54:59 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 20:56:09 [ INFO]: [ ] Setting OS locale and installing updates on 'DAT-SRE-SRE2' 2020-07-10 21:00:11 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 7 Windows updates: ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) ... Microsoft Silverlight (KB4481252) ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Update for Microsoft Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2006.10) ... 2020-06 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4561600) ... Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) ... Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10) ... Microsoft Silverlight (KB4481252) ... Update for Adobe Flash Player for Windows Server 2019 (1809) for x64-based Systems (KB4462930) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:00:22 [ INFO]: [ ] (Re)starting VM 'DAT-SRE-SRE2' [PowerState/running] 2020-07-10 21:00:53 [SUCCESS]: [✔] Successfully (re)started 'DAT-SRE-SRE2' [PowerState/running] 2020-07-10 21:00:53 [ INFO]: Configuring data server VM... 2020-07-10 21:02:54 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Initialising data drives... Checking drive partitioning... [o] Formatting partition 2 of disk 2 with label 'DATA-0' at drive letter 'F' [o] Formatting partition 2 of disk 3 with label 'DATA-1' at drive letter 'G' [o] Formatting partition 2 of disk 4 with label 'DATA-2' at drive letter 'H' Configuring disk shares... [ ] Creating SMB data share 'Ingress' at 'F:\Ingress'... [o] Successfully created SMB share 'Ingress' [ ] Creating SMB data share 'Shared' at 'G:\Shared'... [o] Successfully created SMB share 'Shared' [ ] Creating SMB data share 'Egress' at 'H:\Egress'... [o] Successfully created SMB share 'Egress' Setting SMB share access for 'Ingress' share... Setting ACL rules for folder 'F:\Ingress' ACL access rules for 'F:\Ingress' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE2 Research Users Read, Synchronize DECOVID\sre2datamount Read, Synchronize BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Setting SMB share access for 'Shared' share... Setting ACL rules for folder 'G:\Shared' ACL access rules for 'G:\Shared' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE2 Research Users Modify, Synchronize DECOVID\sre2datamount Modify, Synchronize BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Setting SMB share access for 'Egress' share... Setting ACL rules for folder 'H:\Egress' ACL access rules for 'H:\Egress' folder are currently: IdentityReference FileSystemRights ----------------- ---------------- DECOVID\SG Safe Haven Server Administrators FullControl DECOVID\SG SRE2 Research Users FullControl DECOVID\sre2datamount FullControl BUILTIN\Administrators FullControl NT AUTHORITY\SYSTEM FullControl CREATOR OWNER 268435456 BUILTIN\Users ReadAndExecute, Synchronize BUILTIN\Users AppendData BUILTIN\Users CreateFiles Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_Databases

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_Databases.ps1 -configId decovidsre2 2020-07-10 21:08:04 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_DATABASES' exists... 2020-07-10 21:08:05 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_DATABASES' 2020-07-10 21:08:05 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_DATABASES' 2020-07-10 21:08:06 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 21:08:06 [SUCCESS]: [✔] Subnet 'DatabasesSubnet' already exists 2020-07-10 21:08:07 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_DATABASES' exists... 2020-07-10 21:08:08 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_DATABASES' 2020-07-10 21:08:12 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_DATABASES' 2020-07-10 21:08:27 [ INFO]: Ensuring that NSG 'NSG_SRE_SRE2_DATABASES' is attached to subnet 'DatabasesSubnet'... 2020-07-10 21:08:32 [SUCCESS]: [✔] Set network security group on 'DatabasesSubnet' 2020-07-10 21:08:32 [WARNING]: Temporarily allowing outbound internet access from 10.151.3.4... 2020-07-10 21:08:37 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 21:08:43 [ INFO]: Creating/retrieving secrets from key vault 'kv-shm-decovid'... 2020-07-10 21:08:43 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 21:08:44 [ INFO]: Preparing to create SQL database MSSQL-SRE2 from template... VERBOSE: Performing the operation "Creating Deployment" on target "RG_SRE_SRE2_DATABASES". WARNING: The DeploymentDebug setting has been enabled. This can potentially log secrets like passwords used in resource property or listKeys operations when you retrieve the deployment operations through Get-AzResourceGroupDeploymentOperation VERBOSE: 21:08:45 - Template is valid. VERBOSE: 21:08:45 - Create template deployment 'sre-mssql2019-server-template' VERBOSE: 21:08:45 - Checking deployment status in 5 seconds VERBOSE: 21:08:50 - Resource Microsoft.Compute/virtualMachines 'MSSQL-SRE2' provisioning status is running VERBOSE: 21:08:50 - Resource Microsoft.Network/networkInterfaces 'MSSQL-SRE2-NIC' provisioning status is succeeded VERBOSE: 21:08:50 - Checking deployment status in 13 seconds VERBOSE: 21:09:03 - Checking deployment status in 5 seconds VERBOSE: 21:09:08 - Checking deployment status in 5 seconds VERBOSE: 21:09:14 - Checking deployment status in 5 seconds VERBOSE: 21:09:19 - Checking deployment status in 5 seconds VERBOSE: 21:09:24 - Checking deployment status in 5 seconds VERBOSE: 21:09:29 - Checking deployment status in 5 seconds VERBOSE: 21:09:34 - Checking deployment status in 5 seconds VERBOSE: 21:09:39 - Checking deployment status in 5 seconds VERBOSE: 21:09:44 - Checking deployment status in 5 seconds VERBOSE: 21:09:49 - Checking deployment status in 5 seconds VERBOSE: 21:09:54 - Checking deployment status in 5 seconds VERBOSE: 21:09:59 - Checking deployment status in 5 seconds VERBOSE: 21:10:04 - Checking deployment status in 5 seconds VERBOSE: 21:10:09 - Checking deployment status in 5 seconds VERBOSE: 21:10:15 - Checking deployment status in 5 seconds VERBOSE: 21:10:20 - Checking deployment status in 5 seconds VERBOSE: 21:10:25 - Checking deployment status in 5 seconds VERBOSE: 21:10:30 - Checking deployment status in 5 seconds VERBOSE: 21:10:35 - Checking deployment status in 5 seconds VERBOSE: 21:10:40 - Checking deployment status in 5 seconds VERBOSE: 21:10:45 - Checking deployment status in 5 seconds VERBOSE: 21:10:50 - Checking deployment status in 14 seconds VERBOSE: 21:11:04 - Checking deployment status in 5 seconds VERBOSE: 21:11:09 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE2/bginfo' provisioning status is running VERBOSE: 21:11:09 - Resource Microsoft.Compute/virtualMachines 'MSSQL-SRE2' provisioning status is succeeded VERBOSE: 21:11:09 - Checking deployment status in 16 seconds VERBOSE: 21:11:25 - Resource Microsoft.SqlVirtualMachine/SqlVirtualMachines 'MSSQL-SRE2' provisioning status is running VERBOSE: 21:11:25 - Checking deployment status in 5 seconds VERBOSE: 21:11:30 - Checking deployment status in 12 seconds VERBOSE: 21:11:43 - Checking deployment status in 5 seconds VERBOSE: 21:11:48 - Checking deployment status in 12 seconds VERBOSE: 21:12:00 - Checking deployment status in 15 seconds VERBOSE: 21:12:15 - Checking deployment status in 15 seconds VERBOSE: 21:12:30 - Checking deployment status in 16 seconds VERBOSE: 21:12:46 - Checking deployment status in 16 seconds VERBOSE: 21:13:02 - Checking deployment status in 16 seconds VERBOSE: 21:13:18 - Checking deployment status in 16 seconds VERBOSE: 21:13:34 - Checking deployment status in 16 seconds VERBOSE: 21:13:50 - Checking deployment status in 15 seconds VERBOSE: 21:14:05 - Checking deployment status in 16 seconds VERBOSE: 21:14:22 - Checking deployment status in 15 seconds VERBOSE: 21:14:37 - Checking deployment status in 16 seconds VERBOSE: 21:14:53 - Checking deployment status in 15 seconds VERBOSE: 21:15:08 - Checking deployment status in 15 seconds VERBOSE: 21:15:23 - Checking deployment status in 15 seconds VERBOSE: 21:15:38 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE2/joindomain' provisioning status is running VERBOSE: 21:15:38 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE2/bginfo' provisioning status is succeeded VERBOSE: 21:15:38 - Checking deployment status in 15 seconds VERBOSE: 21:15:53 - Resource Microsoft.SqlVirtualMachine/SqlVirtualMachines 'MSSQL-SRE2' provisioning status is succeeded VERBOSE: 21:15:53 - Checking deployment status in 5 seconds VERBOSE: 21:15:58 - Resource Microsoft.Compute/virtualMachines/extensions 'MSSQL-SRE2/joindomain' provisioning status is succeeded DeploymentName : sre-mssql2019-server-template ResourceGroupName : RG_SRE_SRE2_DATABASES ProvisioningState : Succeeded Timestamp : 10/07/2020 20:15:57 Mode : Incremental TemplateLink : Parameters : Name Type Value ============================== ========================= ========== administrator_Password SecureString administrator_User String sresre2admin bootDiagnostics_Account_Name String sresre2bootdiagsqiclwyxn data_Disk_Size String 1024 data_Disk_Type String Standard_LRS db_Admin_Password String RSET10DaOivBQneWU8Oa db_Admin_Username String sresre2dbadmin domain_Join_Password SecureString domain_Join_Username String decoviddatasrvrs domain_Name String decovid.turingsafehaven.ac.uk iP_Address String 10.151.3.4 oU_Path String OU=Secure Research Environment Data Servers,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk oS_Disk_Size String 128 oS_Disk_Type String Standard_LRS sql_Connection_Port String 1433 sql_Server_Name String MSSQL-SRE2 sql_Server_Edition String sqldev subnetResourceId String /subscriptions/9c379675-84a2-4b6e-8 25d-fb54b26ba17e/resourceGroups/RG_SRE_SRE2_NETWORKING/providers/Microsoft.Network/virtualNetw orks/VNET_SRE_SRE2/subnets/DatabasesSubnet vM_Size String Standard_DS2_v2 Outputs : DeploymentDebugLogLevel : ResponseContent 2020-07-10 21:16:00 [ INFO]: joindomain: ProvisioningState/succeeded Join completed for Domain 'decovid.turingsafehaven.ac.uk' 2020-07-10 21:16:00 [ INFO]: bginfo: ProvisioningState/succeeded Plugin enabled (handler name: Microsoft.Compute.bginfo, extension name: , version: 2.1). 2020-07-10 21:16:00 [SUCCESS]: [✔] Template deployment 'sre-mssql2019-server-template' succeeded 2020-07-10 21:16:00 [ INFO]: Updating MSSQL-SRE2... 2020-07-10 21:16:00 [ INFO]: [ ] Installing core Powershell modules on 'MSSQL-SRE2' 2020-07-10 21:19:30 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing NuGet... [o] NuGet 2.8.5.208 is installed Installing PackageManagement... [o] PackageManagement 1.4.7 is installed Installing PowerShellGet... [o] PowerShellGet 2.2.4.1 is installed Installing PSWindowsUpdate... [o] PSWindowsUpdate 2.2.0.2 is installed Newly installed modules: ... PSWindowsUpdate Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:20:10 [ INFO]: [ ] Installing additional Powershell modules on 'MSSQL-SRE2' 2020-07-10 21:22:11 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Installing SqlServer... [o] SqlServer 21.1.18226 is installed Newly installed modules: ... SqlServer Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:22:51 [ INFO]: [ ] Setting OS locale and installing updates on 'MSSQL-SRE2' 2020-07-10 21:24:22 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Setting locale and timezone... LanguageTag : en-GB Autonym : English (United Kingdom) EnglishName : English LocalizedName : English (United Kingdom) ScriptName : Latin InputMethodTips : {0809:00000809} Spellchecking : True Handwriting : False [o] Setting locale succeeded Installing 2 Windows updates: ... Microsoft Silverlight (KB4481252) ... 2020-01 Update for Windows Server 2019 for x64-based Systems (KB4494174) Reboot is required, but do it manually. [o] Installing Windows updates succeeded. Newly installed Windows updates: ... Microsoft Silverlight (KB4481252) Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:24:33 [ INFO]: [ ] (Re)starting VM 'MSSQL-SRE2' [PowerState/running] 2020-07-10 21:25:05 [SUCCESS]: [✔] Successfully (re)started 'MSSQL-SRE2' [PowerState/running] 2020-07-10 21:25:05 [ INFO]: [ ] Locking down MSSQL-SRE2... 2020-07-10 21:28:06 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring that SSIS services (SSISTELEMETRY150, MsDtsServer150) are enabled on: 'MSSQL-SRE2' [o] Successfully updated SSIS services state on: 'MSSQL-SRE2' Disable unused SQL server services on: 'MSSQL-SRE2'... [o] Successfully disabled unused services (SSASTELEMETRY, MSSQLServerOlapService, SQLBrowser) on: 'MSSQL-SRE2' Checking that the sresre2dbadmin user has admin permissions on: 'MSSQL-SRE2'... [o] sresre2dbadmin has admin privileges on: 'MSSQL-SRE2' Ensuring that 'DECOVID\SG SRE2 System Administrators' has SQL login access to: 'MSSQL-SRE2'... [o] Successfully gave 'DECOVID\SG SRE2 System Administrators' SQL login access to: 'MSSQL-SRE2' Ensuring that an SQL user exists for 'DECOVID\SG SRE2 System Administrators' on: 'MSSQL-SRE2'... [o] Ensured that 'DECOVID\SG SRE2 System Administrators' user exists on: 'MSSQL-SRE2' Ensuring that 'DECOVID\SG SRE2 Data Administrators' has SQL login access to: 'MSSQL-SRE2'... [o] Successfully gave 'DECOVID\SG SRE2 Data Administrators' SQL login access to: 'MSSQL-SRE2' Ensuring that an SQL user exists for 'DECOVID\SG SRE2 Data Administrators' on: 'MSSQL-SRE2'... [o] Ensured that 'DECOVID\SG SRE2 Data Administrators' user exists on: 'MSSQL-SRE2' Ensuring that 'DECOVID\SG SRE2 Research Users' has SQL login access to: 'MSSQL-SRE2'... [o] Successfully gave 'DECOVID\SG SRE2 Research Users' SQL login access to: 'MSSQL-SRE2' Ensuring that an SQL user exists for 'DECOVID\SG SRE2 Research Users' on: 'MSSQL-SRE2'... [o] Ensured that 'DECOVID\SG SRE2 Research Users' user exists on: 'MSSQL-SRE2' [o] Successfully ensured that 'data' schema exists on: 'MSSQL-SRE2' [o] Successfully ensured that 'dbopublic' schema exists on: 'MSSQL-SRE2' [o] Successfully gave 'DECOVID\SG SRE2 System Administrators' sysadmin permissions on: 'MSSQL-SRE2' [o] Successfully gave 'DECOVID\SG SRE2 Data Administrators' dataadmin permissions on: 'MSSQL-SRE2' [o] Successfully gave 'DECOVID\SG SRE2 Research Users' researchuser permissions on: 'MSSQL-SRE2' Running T-SQL lockdown script on: 'MSSQL-SRE2'... [o] Successfully ran T-SQL lockdown script on: 'MSSQL-SRE2' Removing database access from MSSQL-SRE2\sresre2admin on: 'MSSQL-SRE2'... [o] Successfully removed database access for MSSQL-SRE2\sresre2admin on: 'MSSQL-SRE2' Revoking sysadmin role from sresre2dbadmin on: 'MSSQL-SRE2'... [o] Successfully revoked sysadmin role on: 'MSSQL-SRE2' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:28:16 [ INFO]: Removing temporary outbound internet access from 10.151.3.4... 2020-07-10 21:28:21 [ INFO]: Ensuring that subnet 'DatabasesSubnet' exists... 2020-07-10 21:28:22 [SUCCESS]: [✔] Subnet 'DatabasesSubnet' already exists 2020-07-10 21:28:22 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_DATABASES' exists... 2020-07-10 21:28:23 [SUCCESS]: [✔] Network security group 'NSG_SRE_SRE2_DATABASES' already exists 2020-07-10 21:28:30 [ INFO]: Ensuring that NSG 'NSG_SRE_SRE2_DATABASES' is attached to subnet 'DatabasesSubnet'... 2020-07-10 21:28:32 [SUCCESS]: [✔] Set network security group on 'DatabasesSubnet' 2020-07-10 21:28:32 [WARNING]: Temporarily allowing outbound internet access from 10.151.3.5... 2020-07-10 21:28:38 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 21:28:43 [ INFO]: Preparing to create PostgreSQL database PSTGRS-SRE2... 2020-07-10 21:28:43 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 21:28:46 [ INFO]: Register 'SRE2 Postgres DB Service Account' (sre2dbpostgres) as a service principal for the database... 2020-07-10 21:29:51 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : [ ] Ensuring that account 'SRE2 Postgres DB Service Account' (sre2dbpostgres) exists [o] Found user 'SRE2 Postgres DB Service Account' (sre2dbpostgres) [ ] Ensuring that 'SRE2 Postgres DB Service Account' (sre2dbpostgres) is registered as a service principal [o] Registered 'SRE2 Postgres DB Service Account' (sre2dbpostgres) as 'POSTGRES/PSTGRS-SRE2.decovid.turingsafehaven.ac.uk' Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-07-10 21:30:03 [ INFO]: Ensuring that storage account 'sresre2bootdiagsqiclwyxn' exists in 'RG_SRE_SRE2_ARTIFACTS'... 2020-07-10 21:30:04 [SUCCESS]: [✔] Storage account 'sresre2bootdiagsqiclwyxn' already exists 2020-07-10 21:30:04 [ INFO]: Ensuring that VM network card 'PSTGRS-SRE2-NIC' exists... 2020-07-10 21:30:04 [ INFO]: [ ] Creating VM network card 'PSTGRS-SRE2-NIC' 2020-07-10 21:30:06 [SUCCESS]: [✔] Created VM network card 'PSTGRS-SRE2-NIC' 2020-07-10 21:30:06 [ INFO]: Ensuring that managed disk 'PSTGRS-SRE2-DATA-DISK' exists... 2020-07-10 21:30:07 [ INFO]: [ ] Creating 1024 GB managed disk 'PSTGRS-SRE2-DATA-DISK' 2020-07-10 21:30:10 [SUCCESS]: [✔] Created managed disk 'PSTGRS-SRE2-DATA-DISK' 2020-07-10 21:30:10 [ INFO]: Constructing cloud-init from template... 2020-07-10 21:30:11 [ INFO]: Ensuring that virtual machine 'PSTGRS-SRE2' exists... 2020-07-10 21:30:16 [ INFO]: [ ] Creating virtual machine 'PSTGRS-SRE2' 2020-07-10 21:30:35 [SUCCESS]: [✔] Created virtual machine 'PSTGRS-SRE2' 2020-07-10 21:31:05 [ INFO]: Waiting for cloud-init provisioning to finish for PSTGRS-SRE2... 2020-07-10 21:33:56 [SUCCESS]: [✔] Cloud-init provisioning is finished for PSTGRS-SRE2 2020-07-10 21:33:57 [ INFO]: [ ] (Re)starting VM 'PSTGRS-SRE2' [PowerState/stopped] 2020-07-10 21:34:08 [SUCCESS]: [✔] Successfully (re)started 'PSTGRS-SRE2' [PowerState/running] 2020-07-10 21:34:08 [ INFO]: Removing temporary outbound internet access from 10.151.3.5... PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Add_DSVM

```pwsh S /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Add_DSVM.ps1 -configId decovidsre2 -ipLastOctet 160 2020-07-10 21:40:43 [ INFO]: Getting image type from gallery... 2020-07-10 21:40:43 [SUCCESS]: [✔] Using image type ComputeVM-Ubuntu1804Base 2020-07-10 21:40:45 [ INFO]: Looking for image ComputeVM-Ubuntu1804Base version 0.2.2020062200... 2020-07-10 21:40:46 [SUCCESS]: [✔] Found image ComputeVM-Ubuntu1804Base version 0.2.2020062200 in gallery 2020-07-10 21:40:49 [ INFO]: Ensuring that resource group 'RG_SRE_SRE2_COMPUTE' exists... 2020-07-10 21:40:50 [ INFO]: [ ] Creating resource group 'RG_SRE_SRE2_COMPUTE' 2020-07-10 21:40:50 [SUCCESS]: [✔] Created resource group 'RG_SRE_SRE2_COMPUTE' 2020-07-10 21:40:50 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_COMPUTE' exists... 2020-07-10 21:40:51 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_COMPUTE' 2020-07-10 21:40:55 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_COMPUTE' 2020-07-10 21:41:00 [ INFO]: Ensuring that network security group 'NSG_SRE_SRE2_COMPUTE_DEPLOYMENT' exists... 2020-07-10 21:41:01 [ INFO]: [ ] Creating network security group 'NSG_SRE_SRE2_COMPUTE_DEPLOYMENT' 2020-07-10 21:41:05 [SUCCESS]: [✔] Created network security group 'NSG_SRE_SRE2_COMPUTE_DEPLOYMENT' 2020-07-10 21:41:28 [ INFO]: Looking for virtual network 'VNET_SRE_SRE2'... 2020-07-10 21:41:28 [SUCCESS]: [✔] Found virtual network 'VNET_SRE_SRE2' in RG_SRE_SRE2_NETWORKING 2020-07-10 21:41:28 [ INFO]: Looking for subnet 'SharedDataSubnet'... 2020-07-10 21:41:28 [SUCCESS]: [✔] Found subnet 'SharedDataSubnet' in VNET_SRE_SRE2 2020-07-10 21:41:28 [ INFO]: Determining correct URLs for package mirrors... 2020-07-10 21:41:28 [ INFO]: CRAN: 'http://10.20.3.21' 2020-07-10 21:41:28 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-07-10 21:41:28 [ INFO]: PyPI host: '10.20.3.20' 2020-07-10 21:41:28 [SUCCESS]: [✔] Successfully loaded package mirror URLs 2020-07-10 21:41:28 [ INFO]: Creating/retrieving secrets from key vault 'kv-decovid-sre-sre2'... 2020-07-10 21:41:35 [ INFO]: Constructing cloud-init from template... 2020-07-10 21:41:35 [ INFO]: Ensuring that VM network card 'SRE-SRE2-160-DSVM-0-2-2020062200-NIC' exists... 2020-07-10 21:41:36 [ INFO]: [ ] Creating VM network card 'SRE-SRE2-160-DSVM-0-2-2020062200-NIC' 2020-07-10 21:41:36 [SUCCESS]: [✔] Created VM network card 'SRE-SRE2-160-DSVM-0-2-2020062200-NIC' 2020-07-10 21:41:37 [ INFO]: Ensuring that managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-SCRATCH-DISK' exists... 2020-07-10 21:41:38 [ INFO]: [ ] Creating 512 GB managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-SCRATCH-DISK' 2020-07-10 21:41:42 [SUCCESS]: [✔] Created managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-SCRATCH-DISK' 2020-07-10 21:41:42 [ INFO]: Ensuring that managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-HOME-DISK' exists... 2020-07-10 21:41:43 [ INFO]: [ ] Creating 128 GB managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-HOME-DISK' 2020-07-10 21:41:46 [SUCCESS]: [✔] Created managed disk 'SRE-SRE2-160-DSVM-0-2-2020062200-HOME-DISK' 2020-07-10 21:41:46 [ INFO]: Ensuring that storage account 'sresre2bootdiagsqiclwyxn' exists in 'RG_SRE_SRE2_ARTIFACTS'... 2020-07-10 21:41:47 [SUCCESS]: [✔] Storage account 'sresre2bootdiagsqiclwyxn' already exists 2020-07-10 21:41:47 [ INFO]: Ensuring that virtual machine 'SRE-SRE2-160-DSVM-0-2-2020062200' exists... 2020-07-10 21:41:52 [ INFO]: [ ] Creating virtual machine 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:43:14 [SUCCESS]: [✔] Created virtual machine 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:43:44 [ INFO]: Waiting for cloud-init provisioning to finish for SRE-SRE2-160-DSVM-0-2-2020062200... 2020-07-10 21:53:43 [SUCCESS]: [✔] Cloud-init provisioning is finished for SRE-SRE2-160-DSVM-0-2-2020062200 2020-07-10 21:53:43 [ INFO]: Switching to secure NSG 'NSG_SRE_SRE2_COMPUTE'... 2020-07-10 21:53:43 [ INFO]: [ ] Associating SRE-SRE2-160-DSVM-0-2-2020062200 with NSG_SRE_SRE2_COMPUTE... 2020-07-10 21:53:57 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 21:54:07 [ INFO]: [ ] (Re)starting VM 'SRE-SRE2-160-DSVM-0-2-2020062200' [PowerState/stopped] 2020-07-10 21:54:18 [SUCCESS]: [✔] Successfully (re)started 'SRE-SRE2-160-DSVM-0-2-2020062200' [PowerState/running] 2020-07-10 21:54:18 [ INFO]: Creating smoke test package for the DSVM... 2020-07-10 21:54:19 [ INFO]: [ ] Creating zip file at /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup/smoke_tests.zip... 2020-07-10 21:54:21 [SUCCESS]: [✔] Zip file creation succeeded 2020-07-10 21:54:21 [ INFO]: Uploading smoke tests to the DSVM... 2020-07-10 21:54:21 [ INFO]: [ ] Uploading and extracting smoke tests on SRE-SRE2-160-DSVM-0-2-2020062200 2020-07-10 21:56:22 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] /opt/installation/smoke_tests/package_lists: total 40K drwxr-xr-x 2 root root 4.0K Jul 10 21:56 . drwxr-xr-x 4 root root 4.0K Jul 10 21:56 .. -rw-r--r-- 1 root root 565 Jun 11 00:56 conda-config.json -rw-r--r-- 1 root root 4.0K Jul 1 18:22 packages-apt.list -rw-r--r-- 1 root root 447 May 19 20:15 packages-julia.list -rw-r--r-- 1 root root 639 Jul 1 18:22 packages-python-pypi-27.list -rw-r--r-- 1 root root 721 Jun 11 00:56 packages-python-pypi-36.list -rw-r--r-- 1 root root 721 Jun 11 00:56 packages-python-pypi-37.list -rw-r--r-- 1 root root 583 Jun 11 00:56 packages-r-bioconductor.list -rw-r--r-- 1 root root 1.8K Jun 11 00:56 packages-r-cran.list /opt/installation/smoke_tests/tests: total 56K drwxr-xr-x 2 root root 4.0K Jul 10 21:56 . drwxr-xr-x 4 root root 4.0K Jul 10 21:56 .. -rw-r--r-- 1 root root 3.4K Apr 9 02:01 README.md -rwxr-xr-x 1 root root 6.3K May 19 20:15 run_all_tests.sh -rwxr-xr-x 1 root root 759 May 19 20:15 test_functionality_julia.jl -rwxr-xr-x 1 root root 1.2K May 19 20:15 test_functionality_python.py -rwxr-xr-x 1 root root 1.3K May 19 20:15 test_functionality_R.R -rwxr-xr-x 1 root root 810 Jul 7 22:01 test_mirrors_cran.sh -rwxr-xr-x 1 root root 904 Jul 7 22:01 test_mirrors_pypi.sh -rwxr-xr-x 1 root root 1.1K May 19 20:15 test_packages_installed_julia.jl -rwxr-xr-x 1 root root 4.2K Jun 28 17:10 test_packages_installed_python.py -rwxr-xr-x 1 root root 2.3K May 19 20:15 test_packages_installed_R.R [stderr] Time : 2020-07-10 21:56:43 [ INFO]: Running diagnostic scripts on VM SRE-SRE2-160-DSVM-0-2-2020062200... 2020-07-10 21:56:43 [ INFO]: [ ] Configuring LDAP connection (check_ldap_connection.sh) on compute VM 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:57:14 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking LDAP connectivity Testing LDAP search... [o] LDAP search succeeded: found user 'decovidlocaladsync'. LDAP SEARCH RESULT: dn: CN=DECOVID Local AD Sync Administrator,OU=Safe Haven Service Accounts,DC=d ecovid,DC=turingsafehaven,DC=ac,DC=uk objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: DECOVID Local AD Sync Administrator description: DECOVID Local AD Sync Administrator distinguishedName: CN=DECOVID Local AD Sync Administrator,OU=Safe Haven Servic e Accounts,DC=decovid,DC=turingsafehaven,DC=ac,DC=uk instanceType: 4 whenCreated: 20200710104142.0Z whenChanged: 20200710111237.0Z displayName: DECOVID Local AD Sync Administrator uSNCreated: 12898 uSNChanged: 16566 name: DECOVID Local AD Sync Administrator objectGUID:: j6p+rbPNckyuScHWx7W3XA== userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 132388880847194001 pwdLastSet: 132388513027946625 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAABC1s57nVR7b2y3AgUgQAAA== accountExpires: 9223372036854775807 logonCount: 437 sAMAccountName: decovidlocaladsync sAMAccountType: 805306368 userPrincipalName: decovidlocaladsync@decovid.turingsafehaven.ac.uk objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=decovid,DC=turingsafeh aven,DC=ac,DC=uk dSCorePropagationData: 20200710104154.0Z dSCorePropagationData: 16010101000001.0Z lastLogonTimestamp: 132388531574807849 [stderr] Time : 2020-07-10 21:57:24 [SUCCESS]: [✔] Configuring LDAP connection on SRE-SRE2-160-DSVM-0-2-2020062200 was successful 2020-07-10 21:57:24 [ INFO]: [ ] Configuring name resolution (restart_name_resolution_service.sh) on compute VM 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:57:55 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking name resolution Testing connectivity for 'DC1-SHM-DECOVID.decovid.turingsafehaven.ac.uk' NS LOOKUP RESULT: Server: 10.0.0.4 Address: 10.0.0.4#53 Name: DC1-SHM-DECOVID.decovid.turingsafehaven.ac.uk Address: 10.0.0.4 Name resolution working. Testing /etc/systemd/resolved.conf No updates needed Testing /etc/resolv.conf # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 10.0.0.4 nameserver 10.0.0.5 search decovid.turingsafehaven.ac.uk reddog.microsoft.com /etc/resolv.conf is currently pointing to /run/systemd/resolve/resolv.conf [stderr] Time : 2020-07-10 21:58:05 [SUCCESS]: [✔] Configuring name resolution on SRE-SRE2-160-DSVM-0-2-2020062200 was successful 2020-07-10 21:58:05 [ INFO]: [ ] Configuring realm join (rerun_realm_join.sh) on compute VM 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:58:36 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking realm membership Testing current realms... [o] Currently a member of realm: 'decovid.turingsafehaven.ac.uk'. No need to rejoin. REALM LIST RESULT: decovid.turingsafehaven.ac.uk type: kerberos realm-name: DECOVID.TURINGSAFEHAVEN.AC.UK domain-name: decovid.turingsafehaven.ac.uk configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-permitted-logins permitted-logins: permitted-groups: [stderr] Time : 2020-07-10 21:58:46 [SUCCESS]: [✔] Configuring realm join on SRE-SRE2-160-DSVM-0-2-2020062200 was successful 2020-07-10 21:58:46 [ INFO]: [ ] Configuring SSSD service (restart_sssd_service.sh) on compute VM 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:59:17 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking SSSD status Testing sssd status... [o] SSSD service is working. No need to restart. SSSD STATUS RESULT: ● sssd.service - System Security Services Daemon Loaded: loaded (/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 21:54:39 BST; 4min 11s ago Main PID: 1603 (sssd) Tasks: 4 (limit: 9463) CGroup: /system.slice/sssd.service ├─1603 /usr/sbin/sssd -i --logger=files ├─2178 /usr/lib/x86_64-linux-gnu/sssd/sssd_be --domain decovid.turingsafehaven.ac.uk --uid 0 --gid 0 --logger=files ├─2206 /usr/lib/x86_64-linux-gnu/sssd/sssd_nss --uid 0 --gid 0 --logger=files └─2207 /usr/lib/x86_64-linux-gnu/sssd/sssd_pam --uid 0 --gid 0 --logger=files Jul 10 21:54:38 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1603]: Starting up Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[be[2178]: Starting up Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2207]: Starting up Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2206]: Starting up Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started System Security Services Daemon. Jul 10 21:54:40 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1603]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 21:54:40 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1603]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 21:54:40 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1603]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 21:54:40 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[1603]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Server not found in Kerberos database. Jul 10 21:56:17 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk sssd[2206]: Enumeration requested but not enabled [stderr] Time : 2020-07-10 21:59:27 [SUCCESS]: [✔] Configuring SSSD service on SRE-SRE2-160-DSVM-0-2-2020062200 was successful 2020-07-10 21:59:27 [ INFO]: [ ] Configuring xrdp service (restart_xrdp_service.sh) on compute VM 'SRE-SRE2-160-DSVM-0-2-2020062200' 2020-07-10 21:59:58 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Checking xrdp status Testing xrdp status... [o] xrdp services are working. No need to restart. XRDP STATUS RESULT: ● xrdp.service - xrdp daemon Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 21:54:38 BST; 4min 58s ago Docs: man:xrdp(8) man:xrdp.ini(5) Process: 2058 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS) Process: 1998 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/SUCCESS) Main PID: 2090 (xrdp) Tasks: 1 (limit: 9463) CGroup: /system.slice/xrdp.service └─2090 /usr/sbin/xrdp Jul 10 21:54:37 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Starting xrdp daemon... Jul 10 21:54:37 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[2058]: (2058)(139689095407424)[DEBUG] Testing if xrdp can listen on 0.0.0.0 port 3389. Jul 10 21:54:38 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[2058]: (2058)(139689095407424)[DEBUG] Closed socket 7 (AF_INET6 :: port 3389) Jul 10 21:54:38 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: xrdp.service: Can't open PID file /var/run/xrdp/xrdp.pid (yet?) after start: No such file or directory Jul 10 21:54:38 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started xrdp daemon. Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[2090]: (2090)(139689095407424)[INFO ] starting xrdp with pid 2090 Jul 10 21:54:39 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp[2090]: (2090)(139689095407424)[INFO ] listening to port 3389 on 0.0.0.0 ● xrdp-sesman.service - xrdp session manager Loaded: loaded (/lib/systemd/system/xrdp-sesman.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2020-07-10 21:54:37 BST; 4min 59s ago Docs: man:xrdp-sesman(8) man:sesman.ini(5) Process: 1762 ExecStart=/usr/sbin/xrdp-sesman $SESMAN_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 1957 (xrdp-sesman) Tasks: 1 (limit: 9463) CGroup: /system.slice/xrdp-sesman.service └─1957 /usr/sbin/xrdp-sesman Jul 10 21:54:36 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Starting xrdp session manager... Jul 10 21:54:36 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1762]: (1762)(140444214449472)[DEBUG] libscp initialized Jul 10 21:54:36 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1762]: (1762)(140444214449472)[DEBUG] Testing if xrdp-sesman can listen on 127.0.0.1 port 3350. Jul 10 21:54:36 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1957]: (1957)(140444214449472)[INFO ] starting xrdp-sesman with pid 1957 Jul 10 21:54:37 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1762]: (1762)(140444214449472)[DEBUG] Closed socket 6 (AF_INET6 ::1 port 3350) Jul 10 21:54:37 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk systemd[1]: Started xrdp session manager. Jul 10 21:54:37 SRE-SRE2-160-DSVM-0-2-2020062200.decovid.turingsafehaven.ac.uk xrdp-sesman[1957]: (1957)(140444214449472)[INFO ] listening to port 3350 on 127.0.0.1 [stderr] Time : 2020-07-10 22:00:08 [SUCCESS]: [✔] Configuring xrdp service on SRE-SRE2-160-DSVM-0-2-2020062200 was successful 2020-07-10 22:01:43 [ INFO]: Deployment complete. This new VM can be accessed from the RDS at 10.151.2.160 PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Apply_SRE_Network_Configuration

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Apply_SRE_Network_Configuration.ps1 -configId decovidsre2 2020-07-10 22:09:59 [ INFO]: Applying network configuration for SRE 'sre2' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-07-10 22:09:59 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-07-10 22:09:59 [ INFO]: [ ] Associating RDG-SRE-SRE2 with NSG_SRE_SRE2_RDS_SERVER... 2020-07-10 22:10:02 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:10:13 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-07-10 22:10:13 [ INFO]: [ ] Associating APP-SRE-SRE2 with NSG_SRE_SRE2_RDS_SESSION_HOSTS... 2020-07-10 22:10:16 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:10:26 [ INFO]: Ensure data server is bound to correct NSG... 2020-07-10 22:10:26 [ INFO]: [ ] Associating DAT-SRE-SRE2 with NSG_SRE_SRE2_DATA... 2020-07-10 22:10:40 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:10:50 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-07-10 22:10:50 [ INFO]: [ ] Associating GITLAB-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-10 22:10:53 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:11:03 [ INFO]: [ ] Associating HACKMD-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-10 22:11:06 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:11:17 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-07-10 22:11:18 [ INFO]: [ ] Associating SRE-SRE2-160-DSVM-0-2-2020062200 with NSG_SRE_SRE2_COMPUTE... 2020-07-10 22:11:20 [SUCCESS]: [✔] NSG association succeeded 2020-07-10 22:11:32 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SESSION_HOSTS: 2020-07-10 22:11:32 [ INFO]: => APP-SRE-SRE2-NIC 2020-07-10 22:11:32 [ INFO]: NICs associated with NSG_SRE_SRE2_WEBAPPS: 2020-07-10 22:11:32 [ INFO]: => HACKMD-SRE-SRE2-NIC 2020-07-10 22:11:32 [ INFO]: => GITLAB-SRE-SRE2-NIC 2020-07-10 22:11:32 [ INFO]: NICs associated with NSG_SRE_SRE2_DATA: 2020-07-10 22:11:32 [ INFO]: => DAT-SRE-SRE2-NIC 2020-07-10 22:11:32 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SERVER: 2020-07-10 22:11:32 [ INFO]: => RDG-SRE-SRE2-NIC 2020-07-10 22:11:32 [ INFO]: NICs associated with NSG_SRE_SRE2_COMPUTE: 2020-07-10 22:11:32 [ INFO]: => SRE-SRE2-160-DSVM-0-2-2020062200-NIC 2020-07-10 22:11:32 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-07-10 22:11:32 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE2_RDS_SERVER' to 'Allow' access from '193.60.220.240 35.178.242.198 80.229.141.188 35.177.105.78 90.255.223.48 188.214.11.75' 2020-07-10 22:11:37 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE2_RDS_SERVER' will now 'Allow' access from '193.60.220.240 35.178.242.198 80.229.141.188 35.177.105.78 90.255.223.48 188.214.11.75' 2020-07-10 22:11:37 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-07-10 22:11:38 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_COMPUTE' to 'Deny' access to 'Internet' 2020-07-10 22:11:40 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_COMPUTE' will now 'Deny' access to 'Internet' 2020-07-10 22:11:40 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_WEBAPPS' to 'Deny' access to 'Internet' 2020-07-10 22:11:42 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_WEBAPPS' will now 'Deny' access to 'Internet' 2020-07-10 22:11:42 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-07-10 22:12:25 [ INFO]: Removing all existing mirror peerings... 2020-07-10 22:14:04 [ INFO]: Peering to the correct mirror network... 2020-07-10 22:14:08 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE2' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-07-10 22:14:19 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE2' succeeded 2020-07-10 22:14:22 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE2. 2020-07-10 22:14:43 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-07-10 22:14:43 [ INFO]: Determining correct URLs for package mirrors... 2020-07-10 22:14:43 [ INFO]: CRAN: 'http://10.20.3.21' 2020-07-10 22:14:43 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-07-10 22:14:43 [ INFO]: PyPI host: '10.20.3.20' 2020-07-10 22:14:45 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE2-160-DSVM-0-2-2020062200 2020-07-10 22:15:16 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ````

Setup_SRE_Firewall

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_Firewall.ps1 -configId decovidsre2 2020-07-10 22:23:01 [ INFO]: Ensuring that route table 'ROUTE-TABLE-SRE-SRE2' exists... 2020-07-10 22:23:01 [SUCCESS]: [✔] Route table 'ROUTE-TABLE-SRE-SRE2' already exists 2020-07-10 22:23:02 [ INFO]: Ensuring that route 'ViaFirewall' exists... 2020-07-10 22:23:03 [SUCCESS]: [✔] Route 'ViaFirewall' already exists 2020-07-10 22:23:04 [ INFO]: Ensuring that route 'ViaVpn' exists... 2020-07-10 22:23:04 [SUCCESS]: [✔] Route 'ViaVpn' already exists 2020-07-10 22:23:11 [ INFO]: Setting firewall application rules... 2020-07-10 22:23:11 [ INFO]: Removing existing 'sre-sre2-allow' rule collection. 2020-07-10 22:23:11 [ INFO]: Setting firewall application rules... 2020-07-10 22:23:11 [ INFO]: Ensuring that 'Allow' rule for 'WindowsUpdate' is set on FIREWALL-SHM-DECOVID... 2020-07-10 22:23:12 [ INFO]: [ ] Creating application rule collection 'sre-sre2-allow' 2020-07-10 22:23:13 [SUCCESS]: [✔] Created application rule collection 'sre-sre2-allow' 2020-07-10 22:23:13 [SUCCESS]: [✔] Ensured that application rule 'WindowsUpdate' exists on local firewall object only. 2020-07-10 22:23:13 [ INFO]: Ensuring that 'Allow' rule for 'ocsp.digicert.com crl3.digicert.com crl4.digicert.com crl.microsoft.com' is set on FIREWALL-SHM-DECOVID... 2020-07-10 22:23:13 [SUCCESS]: [✔] Application rule collection 'sre-sre2-allow' already exists 2020-07-10 22:23:13 [SUCCESS]: [✔] Ensured that application rule 'AllowCertificateStatusCheck' exists on local firewall object only. 2020-07-10 22:23:13 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 22:23:15 [SUCCESS]: [✔] Updated remote firewall with rule changes. 2020-07-10 22:23:15 [ INFO]: Setting firewall network rules... 2020-07-10 22:23:15 [ INFO]: Setting firewall network rules... 2020-07-10 22:23:15 [ INFO]: [ ] Updating remote firewall with rule changes... 2020-07-10 22:23:17 [SUCCESS]: [✔] Updated remote firewall with rule changes. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Setup_SRE_Logging

```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_Logging.ps1 -configId decovidsre2 2020-07-10 22:26:07 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'APP-SRE-SRE2'. 2020-07-10 22:28:08 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'APP-SRE-SRE2'. 2020-07-10 22:28:08 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'APP-SRE-SRE2'. 2020-07-10 22:29:40 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'APP-SRE-SRE2'. 2020-07-10 22:29:40 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'RDG-SRE-SRE2'. 2020-07-10 22:30:42 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'RDG-SRE-SRE2'. 2020-07-10 22:30:42 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'RDG-SRE-SRE2'. 2020-07-10 22:31:44 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'RDG-SRE-SRE2'. 2020-07-10 22:31:44 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 22:34:46 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'GITLAB-SRE-SRE2'! 2020-07-10 22:34:46 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 22:37:18 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'GITLAB-SRE-SRE2'. 2020-07-10 22:37:18 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 22:40:21 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'HACKMD-SRE-SRE2'! 2020-07-10 22:40:21 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 22:42:53 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'HACKMD-SRE-SRE2'. 2020-07-10 22:42:54 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DAT-SRE-SRE2'. 2020-07-10 22:45:26 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'DAT-SRE-SRE2'. 2020-07-10 22:45:26 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DAT-SRE-SRE2'. 2020-07-10 22:46:58 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'DAT-SRE-SRE2'. 2020-07-10 22:46:59 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'MSSQL-SRE2'. 2020-07-10 22:49:30 [SUCCESS]: [✔] Installed extension 'MicrosoftMonitoringAgent' on VM 'MSSQL-SRE2'. 2020-07-10 22:49:30 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'MSSQL-SRE2'. 2020-07-10 22:51:02 [SUCCESS]: [✔] Installed extension 'DependencyAgentWindows' on VM 'MSSQL-SRE2'. 2020-07-10 22:51:02 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'PSTGRS-SRE2'. 2020-07-10 22:54:04 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'PSTGRS-SRE2'! 2020-07-10 22:54:04 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'PSTGRS-SRE2'. 2020-07-10 22:57:06 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'PSTGRS-SRE2'. 2020-07-10 22:57:07 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. 2020-07-10 22:58:39 [FAILURE]: [x] Failed to install extension 'OmsAgentForLinux' on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'! 2020-07-10 22:58:39 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. 2020-07-10 22:59:40 [SUCCESS]: [✔] Installed extension 'DependencyAgentLinux' on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Setup_SRE_Logging.ps1 -configId decovidsre2 2020-07-10 23:00:11 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'APP-SRE-SRE2'. 2020-07-10 23:00:12 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'APP-SRE-SRE2'. 2020-07-10 23:00:12 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'APP-SRE-SRE2'. 2020-07-10 23:00:12 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'APP-SRE-SRE2'. 2020-07-10 23:00:12 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'RDG-SRE-SRE2'. 2020-07-10 23:00:13 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'RDG-SRE-SRE2'. 2020-07-10 23:00:13 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'RDG-SRE-SRE2'. 2020-07-10 23:00:14 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'RDG-SRE-SRE2'. 2020-07-10 23:00:14 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 23:00:15 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 23:00:15 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 23:00:16 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'GITLAB-SRE-SRE2'. 2020-07-10 23:00:16 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 23:00:16 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 23:00:16 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 23:00:17 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'HACKMD-SRE-SRE2'. 2020-07-10 23:00:17 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'DAT-SRE-SRE2'. 2020-07-10 23:00:18 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'DAT-SRE-SRE2'. 2020-07-10 23:00:18 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'DAT-SRE-SRE2'. 2020-07-10 23:00:19 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'DAT-SRE-SRE2'. 2020-07-10 23:00:19 [ INFO]: [ ] Ensuring extension 'MicrosoftMonitoringAgent' is installed on VM 'MSSQL-SRE2'. 2020-07-10 23:00:20 [SUCCESS]: [✔] Extension 'MicrosoftMonitoringAgent' is already installed on VM 'MSSQL-SRE2'. 2020-07-10 23:00:20 [ INFO]: [ ] Ensuring extension 'DependencyAgentWindows' is installed on VM 'MSSQL-SRE2'. 2020-07-10 23:00:20 [SUCCESS]: [✔] Extension 'DependencyAgentWindows' is already installed on VM 'MSSQL-SRE2'. 2020-07-10 23:00:20 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'PSTGRS-SRE2'. 2020-07-10 23:00:21 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'PSTGRS-SRE2'. 2020-07-10 23:00:21 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'PSTGRS-SRE2'. 2020-07-10 23:00:22 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'PSTGRS-SRE2'. 2020-07-10 23:00:22 [ INFO]: [ ] Ensuring extension 'OmsAgentForLinux' is installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. 2020-07-10 23:00:23 [SUCCESS]: [✔] Extension 'OmsAgentForLinux' is already installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. 2020-07-10 23:00:23 [ INFO]: [ ] Ensuring extension 'DependencyAgentLinux' is installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. 2020-07-10 23:00:24 [SUCCESS]: [✔] Extension 'DependencyAgentLinux' is already installed on VM 'SRE-SRE2-160-DSVM-0-2-2020062200'. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Smoke tests

- Package mirror errors are expected since tier-2 mirrors have not synchronised yet - R package failures are expected (these packages require R 4.0) ```bash martin.oreilly:~$ cd /opt/installation/smoke_tests/tests/ martin.oreilly:tests$ source run_all_tests.sh [ RUNNING ] julia_packages [ DEBUG ] Testing 48 Julia packages [ DEBUG ] [ Info: JavaCall could not determine javapath from `which java` [ DEBUG ] All packages are installed! [ OK ] julia_packages (360 s) [ RUNNING ] julia_functionality [ DEBUG ] All functionality tests passed [ OK ] julia_functionality (12 s) [ RUNNING ] python_27_packages [ DEBUG ] Python version 2.7.18 found [ DEBUG ] Testing 79 python packages [ DEBUG ] Tensorflow can see the following devices [u'/device:CPU:0', u'/device:XLA_CPU:0'] [ OK ] python_27_packages (129 s) [ RUNNING ] python_27_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_27_functionality (3 s) [ RUNNING ] python_27_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_27_mirrors_pypi (25 s) [ RUNNING ] python_36_packages [ DEBUG ] Python version 3.6.10 found [ DEBUG ] Testing 88 python packages [ DEBUG ] Tensorflow can see the following devices ['/device:CPU:0', '/device:XLA_CPU:0'] [ OK ] python_36_packages (142 s) [ RUNNING ] python_36_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_36_functionality (1 s) [ RUNNING ] python_36_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_36_mirrors_pypi (36 s) [ RUNNING ] python_37_packages [ DEBUG ] Python version 3.7.7 found [ DEBUG ] Testing 88 python packages [ DEBUG ] Tensorflow can see the following devices ['/device:CPU:0', '/device:XLA_CPU:0'] [ OK ] python_37_packages (116 s) [ RUNNING ] python_37_functionality [ DEBUG ] Logistic model ran OK [ DEBUG ] All functionality tests passed [ OK ] python_37_functionality (2 s) [ RUNNING ] python_37_mirrors_pypi [ DEBUG ] Attempting to install MarkupSafe [ DEBUG ] ... MarkupSafe installation succeeded [ DEBUG ] Attempting to install Fiona [ DEBUG ] ... Fiona installation succeeded [ DEBUG ] Attempting to install abed [ DEBUG ] ERROR: Could not find a version that satisfies the requirement abed (from versions: none) [ DEBUG ] ERROR: No matching distribution found for abed [ DEBUG ] ... abed installation failed [ DEBUG ] Attempting to install zope.interface [ DEBUG ] ERROR: Could not find a version that satisfies the requirement zope.interface (from versions: none) [ DEBUG ] ERROR: No matching distribution found for zope.interface [ DEBUG ] ... zope.interface installation failed [ DEBUG ] PyPI installation failed [ FAILED ] python_37_mirrors_pypi (23 s) [ RUNNING ] R_packages [ DEBUG ] Testing 241 CRAN packages [ DEBUG ] Testing 62 Bioconductor packages [ DEBUG ] The following 1 packages gave a warning: [ DEBUG ] BiocInstaller [ DEBUG ] The following 5 packages gave a error: [ DEBUG ] Scale [ DEBUG ] traj [ DEBUG ] FlowSOM [ DEBUG ] GO [ DEBUG ] moe430a Unexpected problem found with: BiocInstaller Unexpected problem found with: Scale Unexpected problem found with: traj Unexpected problem found with: FlowSOM Unexpected problem found with: GO Unexpected problem found with: moe430a [ FAILED ] R_packages (645 s) [ RUNNING ] R_functionality [ DEBUG ] Logistic regression ran OK [ DEBUG ] Clustering ran OK [ DEBUG ] All functionality tests passed [ OK ] R_functionality (1 s) [ RUNNING ] R_mirrors_cran also installing the dependencies ‘profileModel’, ‘rjags’, ‘entropy’, ‘moments’, ‘brglm’ [ DEBUG ] Attempting to install abn [ DEBUG ] ... abn installation succeeded [ DEBUG ] Attempting to install yum [ DEBUG ] ... yum installation succeeded [ DEBUG ] CRAN working OK [ OK ] R_mirrors_cran (122 s) [ SUMMARY ] Ran 14 tests. [ SUMMARY ] 10 / 14 [71%] passed martin.oreilly:tests$ ```

[martintoreilly]

Investigation of DSVM running slowly

The VMs in both SREs were running very slowly, while under very little load.

👉 TL;DR: If the DSVM is being slow, stop (de-allocate) and start the RDS App session host. 👈

Ruled out

• Disk speed (made OS and Home disks premium SSD)
• VM memory or processor (made VM E8s v3 with 8 cores + 64 GiB RAM and HTOPped as admin and very low utilisation)

Likely suspect is RDS App session host

• It looks under very little load as a D2 v3, but I can't see memory. However, I don't see the same issue with SRE1 in the MORTEST SHM I was using to test this week's developments, so I don't think it's this.
• Resizing or restarting this VM results in it being inaccessible
  • Via RDS Webclient get "Can't connect to remote server" after MFA prompt
  • Via VPN + RDP to internal IP it fails to prompt to trust connection
• Doing an explicit stop + start (i.e. de-allocate VM) in the portal fixes the connection issue and the DSVM slowness issue.
• I've resized the RDS App session hosts for both SREs to D4s v3s (16 GiB RAM) and stop + started them.
• The stop + start on its own seemed to me to fix the DSVM slowness issue even prior to resizing the SRE2 RDS App session host from D2 v3 to D4s v3
• I think further investigation is required.

[martintoreilly]

Pen test clean up

SRE configurations

• Block access from pen tester IP addresses (remove from inboundAccessFrom in SRE configs).
  • [x] Done in commit 47775b2
• Make both SREs Tier 3 (for restricted package mirrors only)
  • [x] Done in commit 47775b2
• Allow access from Tier 2 and Tier 3 Turing VPNs (DECOVID does not require managed devices for researchers)
  • [x] Done in commit 47775b2
• Regenerate full configs
  • [x] Done in commit 47775b2
• Re-apply network lockdown for SRE1 ✅

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup>git fetch;git pull;git status;git log -1 --pretty="At commit %h (%H)" Already up to date. On branch post-pen-test-cleanup Your branch is up to date with 'origin/post-pen-test-cleanup'. nothing to commit, working tree clean At commit 47775b2a (47775b2ac58d1bf76aae0c88fd7bdb1515d033eb) PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Apply_SRE_Network_Configuration.ps1 -configId decovidsre1 2020-07-14 18:58:08 [ INFO]: Applying network configuration for SRE 'sre1' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-07-14 18:58:08 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-07-14 18:58:08 [ INFO]: [ ] Associating RDG-SRE-SRE1 with NSG_SRE_SRE1_RDS_SERVER... 2020-07-14 18:58:11 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:58:22 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-07-14 18:58:22 [ INFO]: [ ] Associating APP-SRE-SRE1 with NSG_SRE_SRE1_RDS_SESSION_HOSTS... 2020-07-14 18:58:25 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:58:35 [ INFO]: Ensure data server is bound to correct NSG... 2020-07-14 18:58:35 [ INFO]: [ ] Associating DAT-SRE-SRE1 with NSG_SRE_SRE1_DATA... 2020-07-14 18:58:38 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:58:49 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-07-14 18:58:49 [ INFO]: [ ] Associating GITLAB-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-14 18:58:52 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:59:02 [ INFO]: [ ] Associating HACKMD-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-07-14 18:59:05 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:59:16 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-07-14 18:59:17 [ INFO]: [ ] Associating SRE-SRE1-160-DSVM-0-2-2020062200 with NSG_SRE_SRE1_COMPUTE... 2020-07-14 18:59:20 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 18:59:30 [ INFO]: NICs associated with NSG_SRE_SRE1_DATA: 2020-07-14 18:59:30 [ INFO]: => DAT-SRE-SRE1-NIC 2020-07-14 18:59:30 [ INFO]: NICs associated with NSG_SRE_SRE1_COMPUTE: 2020-07-14 18:59:30 [ INFO]: => SRE-SRE1-160-DSVM-0-2-2020062200-NIC 2020-07-14 18:59:30 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SESSION_HOSTS: 2020-07-14 18:59:30 [ INFO]: => APP-SRE-SRE1-NIC 2020-07-14 18:59:30 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SERVER: 2020-07-14 18:59:30 [ INFO]: => RDG-SRE-SRE1-NIC 2020-07-14 18:59:30 [ INFO]: NICs associated with NSG_SRE_SRE1_WEBAPPS: 2020-07-14 18:59:30 [ INFO]: => HACKMD-SRE-SRE1-NIC 2020-07-14 18:59:30 [ INFO]: => GITLAB-SRE-SRE1-NIC 2020-07-14 18:59:30 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-07-14 18:59:31 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE1_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240' 2020-07-14 18:59:37 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE1_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240' 2020-07-14 18:59:37 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-07-14 18:59:38 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_COMPUTE' to 'Deny' access to 'Internet' 2020-07-14 18:59:40 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_COMPUTE' will now 'Deny' access to 'Internet' 2020-07-14 18:59:40 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_WEBAPPS' to 'Deny' access to 'Internet' 2020-07-14 18:59:42 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_WEBAPPS' will now 'Deny' access to 'Internet' 2020-07-14 18:59:42 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-07-14 18:59:45 [ INFO]: Removing all existing mirror peerings... 2020-07-14 18:59:50 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE1: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2 -> VNET_SRE_SRE1 2020-07-14 19:00:10 [SUCCESS]: [✔] Peering removal succeeded 2020-07-14 19:00:13 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2: VNET_SRE_SRE1 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER2 2020-07-14 19:00:24 [SUCCESS]: [✔] Peering removal succeeded 2020-07-14 19:00:24 [ INFO]: Peering to the correct mirror network... 2020-07-14 19:00:28 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE1' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-07-14 19:00:39 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE1' succeeded 2020-07-14 19:00:42 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE1. 2020-07-14 19:01:03 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-07-14 19:01:03 [ INFO]: Determining correct URLs for package mirrors... 2020-07-14 19:01:03 [ INFO]: CRAN: 'http://10.20.3.21' 2020-07-14 19:01:03 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-07-14 19:01:03 [ INFO]: PyPI host: '10.20.3.20' 2020-07-14 19:01:06 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE1-160-DSVM-0-2-2020062200 2020-07-14 19:02:06 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```
• Re-apply network lockdown for SRE2 ✅

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup>git fetch;git pull;git status;git log -1 --pretty="At commit %h (%H)" Already up to date. On branch post-pen-test-cleanup Your branch is up to date with 'origin/post-pen-test-cleanup'. nothing to commit, working tree clean At commit 47775b2a (47775b2ac58d1bf76aae0c88fd7bdb1515d033eb) PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ./Apply_SRE_Network_Configuration.ps1 -configId decovidsre2 2020-07-14 19:34:54 [ INFO]: Applying network configuration for SRE 'sre2' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-07-14 19:34:54 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-07-14 19:34:54 [ INFO]: [ ] Associating RDG-SRE-SRE2 with NSG_SRE_SRE2_RDS_SERVER... 2020-07-14 19:34:56 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:35:07 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-07-14 19:35:07 [ INFO]: [ ] Associating APP-SRE-SRE2 with NSG_SRE_SRE2_RDS_SESSION_HOSTS... 2020-07-14 19:35:10 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:35:21 [ INFO]: Ensure data server is bound to correct NSG... 2020-07-14 19:35:21 [ INFO]: [ ] Associating DAT-SRE-SRE2 with NSG_SRE_SRE2_DATA... 2020-07-14 19:35:24 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:35:35 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-07-14 19:35:35 [ INFO]: [ ] Associating GITLAB-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-14 19:35:38 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:35:48 [ INFO]: [ ] Associating HACKMD-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-07-14 19:35:51 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:36:01 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-07-14 19:36:02 [ INFO]: [ ] Associating SRE-SRE2-160-DSVM-0-2-2020062200 with NSG_SRE_SRE2_COMPUTE... 2020-07-14 19:36:05 [SUCCESS]: [✔] NSG association succeeded 2020-07-14 19:36:15 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SESSION_HOSTS: 2020-07-14 19:36:15 [ INFO]: => APP-SRE-SRE2-NIC 2020-07-14 19:36:15 [ INFO]: NICs associated with NSG_SRE_SRE2_WEBAPPS: 2020-07-14 19:36:15 [ INFO]: => HACKMD-SRE-SRE2-NIC 2020-07-14 19:36:15 [ INFO]: => GITLAB-SRE-SRE2-NIC 2020-07-14 19:36:15 [ INFO]: NICs associated with NSG_SRE_SRE2_DATA: 2020-07-14 19:36:15 [ INFO]: => DAT-SRE-SRE2-NIC 2020-07-14 19:36:15 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SERVER: 2020-07-14 19:36:15 [ INFO]: => RDG-SRE-SRE2-NIC 2020-07-14 19:36:15 [ INFO]: NICs associated with NSG_SRE_SRE2_COMPUTE: 2020-07-14 19:36:15 [ INFO]: => SRE-SRE2-160-DSVM-0-2-2020062200-NIC 2020-07-14 19:36:15 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-07-14 19:36:16 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE2_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240' 2020-07-14 19:36:19 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE2_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240' 2020-07-14 19:36:19 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-07-14 19:36:20 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_COMPUTE' to 'Deny' access to 'Internet' 2020-07-14 19:36:21 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_COMPUTE' will now 'Deny' access to 'Internet' 2020-07-14 19:36:22 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_WEBAPPS' to 'Deny' access to 'Internet' 2020-07-14 19:36:23 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_WEBAPPS' will now 'Deny' access to 'Internet' 2020-07-14 19:36:23 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-07-14 19:36:26 [ INFO]: Removing all existing mirror peerings... 2020-07-14 19:36:31 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE2: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 -> VNET_SRE_SRE2 2020-07-14 19:36:52 [SUCCESS]: [✔] Peering removal succeeded 2020-07-14 19:36:54 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3: VNET_SRE_SRE2 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 2020-07-14 19:37:05 [SUCCESS]: [✔] Peering removal succeeded 2020-07-14 19:37:06 [ INFO]: Peering to the correct mirror network... 2020-07-14 19:37:10 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE2' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-07-14 19:37:21 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE2' succeeded 2020-07-14 19:37:23 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE2. 2020-07-14 19:37:44 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-07-14 19:37:44 [ INFO]: Determining correct URLs for package mirrors... 2020-07-14 19:37:44 [ INFO]: CRAN: 'http://10.20.3.21' 2020-07-14 19:37:44 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-07-14 19:37:44 [ INFO]: PyPI host: '10.20.3.20' 2020-07-14 19:37:48 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE2-160-DSVM-0-2-2020062200 2020-07-14 19:38:19 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

SHM user data

• [x] Remove pen tester accounts from SHM
  • Users deleted from SHM DC

    
  • Deletion synchronised to Azure AD

    

Shutdown Safe Haven

• Shut down all SRE1 VMs ✅

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ../../administration/SRE_Manage_VMs.ps1 -configId decovidsre1 -Action Stopped 2020-07-15 01:55:36 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_RDS' are stopped... 2020-07-15 01:55:37 [SUCCESS]: [✔] VM 'APP-SRE-SRE1' already stopped. 2020-07-15 01:55:38 [SUCCESS]: [✔] VM 'RDG-SRE-SRE1' already stopped. 2020-07-15 01:55:38 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_WEBAPPS' are stopped... 2020-07-15 01:55:38 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE1' already stopped. 2020-07-15 01:55:39 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE1' already stopped. 2020-07-15 01:55:39 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATA' are stopped... 2020-07-15 01:55:39 [SUCCESS]: [✔] VM 'DAT-SRE-SRE1' already stopped. 2020-07-15 01:55:39 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATABASES' are stopped... 2020-07-15 01:55:40 [SUCCESS]: [✔] VM 'MSSQL-SRE1' already stopped. 2020-07-15 01:55:41 [SUCCESS]: [✔] VM 'PSTGRS-SRE1' already stopped. 2020-07-15 01:55:41 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_COMPUTE' are stopped... 2020-07-15 01:55:41 [SUCCESS]: [✔] VM 'SRE-SRE1-160-DSVM-0-2-2020062200' already stopped. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```
• Shut down all SRE2 VMs ✅

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ../../administration/SRE_Manage_VMs.ps1 -configId decovidsre2 -Action EnsureStopped 2020-07-15 01:56:03 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_RDS' are stopped... 2020-07-15 01:56:04 [SUCCESS]: [✔] VM 'APP-SRE-SRE2' already stopped. 2020-07-15 01:56:04 [SUCCESS]: [✔] VM 'RDG-SRE-SRE2' already stopped. 2020-07-15 01:56:04 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_WEBAPPS' are stopped... 2020-07-15 01:56:05 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE2' already stopped. 2020-07-15 01:56:05 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE2' already stopped. 2020-07-15 01:56:05 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATA' are stopped... 2020-07-15 01:56:06 [SUCCESS]: [✔] VM 'DAT-SRE-SRE2' already stopped. 2020-07-15 01:56:06 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATABASES' are stopped... 2020-07-15 01:56:06 [SUCCESS]: [✔] VM 'MSSQL-SRE2' already stopped. 2020-07-15 01:56:07 [SUCCESS]: [✔] VM 'PSTGRS-SRE2' already stopped. 2020-07-15 01:56:07 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_COMPUTE' are stopped... 2020-07-15 01:56:08 [SUCCESS]: [✔] VM 'SRE-SRE2-160-DSVM-0-2-2020062200' already stopped. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```
• Shut down all SHM VMs ✅

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ../../administration/SHM_Manage_VMs.ps1 -shmId decovid -Action EnsureStopped -Group All 2020-07-15 02:01:17 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are stopped... 2020-07-15 02:01:18 [SUCCESS]: [✔] VM 'DC1-SHM-DECOVID' already stopped. 2020-07-15 02:01:18 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' already stopped. 2020-07-15 02:01:18 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_NPS' are stopped... 2020-07-15 02:01:19 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' already stopped. 2020-07-15 02:01:19 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are stopped... 2020-07-15 02:01:20 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-2' already stopped. 2020-07-15 02:01:21 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-3' already stopped. 2020-07-15 02:01:22 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-2' already stopped. 2020-07-15 02:01:23 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-3' already stopped. 2020-07-15 02:01:23 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-2' already stopped. 2020-07-15 02:01:24 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-3' already stopped. 2020-07-15 02:01:25 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-2' already stopped. 2020-07-15 02:01:26 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-3' already stopped. PS /Users/moreilly/Source/Turing/data-safe-haven/deployment/secure_research_environment/setup> ```

Restrict access to DECOVID subscription

• Restrict non-IT admins to Martin + James R ✅

  
• Lock subscription to prevent accidental changes ✅

  

[martintoreilly]

Disable Legacy TLS support and weak TLS cipher suites

Applies fix from PR #766 for issue #623, addressing the only non-low severity issue identified during the 13th July penetration test of this deployment by removing support for TLS 1.0 and 1.1, plus a related low severity issue by removing support for weak TLS cipher suites.

• Code version

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> exit MAC-ATI0132:data-safe-haven moreilly$ git fetch;git pull;git status;git log -1 --pretty="At commit %h (%H)" Already up to date. On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean At commit 4d7c9d96 (4d7c9d9622b873745a7afad8d3e910b8613ac778) MAC-ATI0132:data-safe-haven moreilly$ ```

• Temporarily allow connections to SRE RDS Gateways from SSL Labs IP ranges

  • SRE 1

    ```pwsh S /Users/moreilly/Source/Turing/data-safe-haven> Add-SreConfig -configId decovidsre1 2020-08-13 00:24:20 [ INFO]: Generating/updating config file for 'decovidsre1' 2020-08-13 00:24:25 [ INFO]: Wrote config file to '/Users/moreilly/Source/Turing/data-safe-haven/environment_configs/full/sre_decovidsre1_full_config.json' PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 -configId decovidsre1 2020-08-13 00:27:55 [ INFO]: Applying network configuration for SRE 'sre1' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-08-13 00:27:55 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-08-13 00:27:55 [ INFO]: [ ] Associating RDG-SRE-SRE1 with NSG_SRE_SRE1_RDS_SERVER... 2020-08-13 00:27:58 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:28:09 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-08-13 00:28:09 [ INFO]: [ ] Associating APP-SRE-SRE1 with NSG_SRE_SRE1_RDS_SESSION_HOSTS... 2020-08-13 00:28:14 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:28:25 [ INFO]: Ensure data server is bound to correct NSG... 2020-08-13 00:28:25 [ INFO]: [ ] Associating DAT-SRE-SRE1 with NSG_SRE_SRE1_DATA... 2020-08-13 00:28:29 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:28:40 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-08-13 00:28:40 [ INFO]: [ ] Associating GITLAB-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-08-13 00:28:43 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:28:53 [ INFO]: [ ] Associating HACKMD-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-08-13 00:28:56 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:29:07 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-08-13 00:29:08 [ INFO]: [ ] Associating SRE-SRE1-160-DSVM-0-2-2020062200 with NSG_SRE_SRE1_COMPUTE... 2020-08-13 00:29:11 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:29:22 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SESSION_HOSTS: 2020-08-13 00:29:22 [ INFO]: => APP-SRE-SRE1-NIC 2020-08-13 00:29:22 [ INFO]: NICs associated with NSG_SRE_SRE1_DATA: 2020-08-13 00:29:22 [ INFO]: => DAT-SRE-SRE1-NIC 2020-08-13 00:29:22 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SERVER: 2020-08-13 00:29:22 [ INFO]: => RDG-SRE-SRE1-NIC 2020-08-13 00:29:22 [ INFO]: NICs associated with NSG_SRE_SRE1_COMPUTE: 2020-08-13 00:29:22 [ INFO]: => SRE-SRE1-160-DSVM-0-2-2020062200-NIC 2020-08-13 00:29:22 [ INFO]: NICs associated with NSG_SRE_SRE1_WEBAPPS: 2020-08-13 00:29:22 [ INFO]: => HACKMD-SRE-SRE1-NIC 2020-08-13 00:29:22 [ INFO]: => GITLAB-SRE-SRE1-NIC 2020-08-13 00:29:22 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-08-13 00:29:23 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE1_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240 64.41.200.0/24' 2020-08-13 00:29:25 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE1_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240 64.41.200.0/24' 2020-08-13 00:29:25 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-08-13 00:29:25 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_COMPUTE' to 'Deny' access to 'Internet' 2020-08-13 00:29:28 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_COMPUTE' will now 'Deny' access to 'Internet' 2020-08-13 00:29:29 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_WEBAPPS' to 'Deny' access to 'Internet' 2020-08-13 00:29:31 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_WEBAPPS' will now 'Deny' access to 'Internet' 2020-08-13 00:29:31 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-08-13 00:29:37 [ INFO]: Removing all existing mirror peerings... 2020-08-13 00:29:43 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE1: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 -> VNET_SRE_SRE1 2020-08-13 00:30:04 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:30:07 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3: VNET_SRE_SRE1 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 2020-08-13 00:30:18 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:30:18 [ INFO]: Peering to the correct mirror network... 2020-08-13 00:30:23 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE1' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-08-13 00:30:34 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE1' succeeded 2020-08-13 00:30:37 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE1. 2020-08-13 00:30:58 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-08-13 00:30:58 [ INFO]: Determining correct URLs for package mirrors... 2020-08-13 00:30:58 [ INFO]: CRAN: 'http://10.20.3.21' 2020-08-13 00:30:58 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-08-13 00:30:58 [ INFO]: PyPI host: '10.20.3.20' 2020-08-13 00:31:02 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE1-160-DSVM-0-2-2020062200 2020-08-13 00:31:33 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven> ```
  • SRE2

    ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> Add-SreConfig -configId decovidsre2 2020-08-13 00:32:55 [ INFO]: Generating/updating config file for 'decovidsre2' 2020-08-13 00:33:00 [ INFO]: Wrote config file to '/Users/moreilly/Source/Turing/data-safe-haven/environment_configs/full/sre_decovidsre2_full_config.json' PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 -configId decovidsre2 2020-08-13 00:33:07 [ INFO]: Applying network configuration for SRE 'sre2' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-08-13 00:33:07 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-08-13 00:33:07 [ INFO]: [ ] Associating RDG-SRE-SRE2 with NSG_SRE_SRE2_RDS_SERVER... 2020-08-13 00:33:11 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:33:21 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-08-13 00:33:21 [ INFO]: [ ] Associating APP-SRE-SRE2 with NSG_SRE_SRE2_RDS_SESSION_HOSTS... 2020-08-13 00:33:23 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:33:34 [ INFO]: Ensure data server is bound to correct NSG... 2020-08-13 00:33:34 [ INFO]: [ ] Associating DAT-SRE-SRE2 with NSG_SRE_SRE2_DATA... 2020-08-13 00:33:37 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:33:48 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-08-13 00:33:48 [ INFO]: [ ] Associating GITLAB-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-08-13 00:33:51 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:34:01 [ INFO]: [ ] Associating HACKMD-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-08-13 00:34:03 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:34:14 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-08-13 00:34:14 [ INFO]: [ ] Associating SRE-SRE2-160-DSVM-0-2-2020062200 with NSG_SRE_SRE2_COMPUTE... 2020-08-13 00:34:18 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:34:29 [ INFO]: NICs associated with NSG_SRE_SRE2_COMPUTE: 2020-08-13 00:34:29 [ INFO]: => SRE-SRE2-160-DSVM-0-2-2020062200-NIC 2020-08-13 00:34:29 [ INFO]: NICs associated with NSG_SRE_SRE2_DATA: 2020-08-13 00:34:29 [ INFO]: => DAT-SRE-SRE2-NIC 2020-08-13 00:34:29 [ INFO]: NICs associated with NSG_SRE_SRE2_WEBAPPS: 2020-08-13 00:34:29 [ INFO]: => HACKMD-SRE-SRE2-NIC 2020-08-13 00:34:29 [ INFO]: => GITLAB-SRE-SRE2-NIC 2020-08-13 00:34:29 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SESSION_HOSTS: 2020-08-13 00:34:29 [ INFO]: => APP-SRE-SRE2-NIC 2020-08-13 00:34:29 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SERVER: 2020-08-13 00:34:29 [ INFO]: => RDG-SRE-SRE2-NIC 2020-08-13 00:34:29 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-08-13 00:34:29 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE2_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240 64.41.200.0/24' 2020-08-13 00:34:35 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE2_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240 64.41.200.0/24' 2020-08-13 00:34:35 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-08-13 00:34:35 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_COMPUTE' to 'Deny' access to 'Internet' 2020-08-13 00:34:37 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_COMPUTE' will now 'Deny' access to 'Internet' 2020-08-13 00:34:38 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_WEBAPPS' to 'Deny' access to 'Internet' 2020-08-13 00:34:40 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_WEBAPPS' will now 'Deny' access to 'Internet' 2020-08-13 00:34:40 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-08-13 00:34:43 [ INFO]: Removing all existing mirror peerings... 2020-08-13 00:34:51 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE2: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 -> VNET_SRE_SRE2 2020-08-13 00:35:12 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:35:16 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3: VNET_SRE_SRE2 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 2020-08-13 00:35:27 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:35:28 [ INFO]: Peering to the correct mirror network... 2020-08-13 00:35:32 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE2' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-08-13 00:35:43 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE2' succeeded 2020-08-13 00:35:46 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE2. 2020-08-13 00:36:27 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-08-13 00:36:27 [ INFO]: Determining correct URLs for package mirrors... 2020-08-13 00:36:27 [ INFO]: CRAN: 'http://10.20.3.21' 2020-08-13 00:36:27 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-08-13 00:36:27 [ INFO]: PyPI host: '10.20.3.20' 2020-08-13 00:36:30 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE2-160-DSVM-0-2-2020062200 2020-08-13 00:37:01 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Fix applied to SRE1

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Disable_Legacy_TLS.ps1 -configId decovidsre1 2020-08-13 00:10:03 [ INFO]: [ ] Disabling legacy SSL/TLS protocols on RDS Gateway 2020-08-13 00:10:34 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring 'SSL 2.0' is disabled... [o] 'SSL 2.0' protocol is disabled for 'Client' role. [o] 'SSL 2.0' protocol is disabled for 'Server' role. Ensuring 'SSL 3.0' is disabled... [o] 'SSL 3.0' protocol is disabled for 'Client' role. [o] 'SSL 3.0' protocol is disabled for 'Server' role. Ensuring 'TLS 1.0' is disabled... [o] 'TLS 1.0' protocol is disabled for 'Client' role. [o] 'TLS 1.0' protocol is disabled for 'Server' role. Ensuring 'TLS 1.1' is disabled... [o] 'TLS 1.1' protocol is disabled for 'Client' role. [o] 'TLS 1.1' protocol is disabled for 'Server' role. Ensuring weak TLS cipher suites are disabled... [o] Disabled 'TLS_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_NULL_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_NULL_SHA' suite. [o] Disabled 'TLS_PSK_WITH_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_PSK_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_PSK_WITH_NULL_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_NULL_SHA256' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_CBC_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' suite. Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-08-13 00:10:45 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE1' [PowerState/running] 2020-08-13 00:12:08 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE1' [PowerState/running] PS /Users/moreilly/Source/Turing/data-safe-haven> ``` Full SSL Labs report for SRE1
• Fix applied to SRE2

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Disable_Legacy_TLS.ps1 -configId decovidsre2 2020-08-13 00:47:30 [ INFO]: [ ] Disabling legacy SSL/TLS protocols on RDS Gateway 2020-08-13 00:48:01 [SUCCESS]: [✔] Remote script execution succeeded Code : ComponentStatus/StdOut/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Ensuring 'SSL 2.0' is disabled... [o] 'SSL 2.0' protocol is disabled for 'Client' role. [o] 'SSL 2.0' protocol is disabled for 'Server' role. Ensuring 'SSL 3.0' is disabled... [o] 'SSL 3.0' protocol is disabled for 'Client' role. [o] 'SSL 3.0' protocol is disabled for 'Server' role. Ensuring 'TLS 1.0' is disabled... [o] 'TLS 1.0' protocol is disabled for 'Client' role. [o] 'TLS 1.0' protocol is disabled for 'Server' role. Ensuring 'TLS 1.1' is disabled... [o] 'TLS 1.1' protocol is disabled for 'Client' role. [o] 'TLS 1.1' protocol is disabled for 'Server' role. Ensuring weak TLS cipher suites are disabled... [o] Disabled 'TLS_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_NULL_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_NULL_SHA' suite. [o] Disabled 'TLS_PSK_WITH_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_PSK_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_PSK_WITH_NULL_SHA384' suite. [o] Disabled 'TLS_PSK_WITH_NULL_SHA256' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_GCM_SHA384' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_GCM_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_CBC_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_CBC_SHA256' suite. [o] Disabled 'TLS_RSA_WITH_AES_256_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_AES_128_CBC_SHA' suite. [o] Disabled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' suite. Time : Code : ComponentStatus/StdErr/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Time : 2020-08-13 00:48:12 [ INFO]: [ ] (Re)starting VM 'RDG-SRE-SRE2' [PowerState/running] 2020-08-13 00:49:23 [SUCCESS]: [✔] Successfully (re)started 'RDG-SRE-SRE2' [PowerState/running] PS /Users/moreilly/Source/Turing/data-safe-haven> ``` Full SSL Labs report for SRE2

• Remove access to SRE RDS Gateways from SSL Labs IP range

  • SRE 1

    ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> Add-SreConfig -configId decovidsre1 2020-08-13 00:50:41 [ INFO]: Generating/updating config file for 'decovidsre1' 2020-08-13 00:50:46 [ INFO]: Wrote config file to '/Users/moreilly/Source/Turing/data-safe-haven/environment_configs/full/sre_decovidsre1_full_config.json' PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 -configId decovidsre1 2020-08-13 00:51:00 [ INFO]: Applying network configuration for SRE 'sre1' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-08-13 00:51:00 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-08-13 00:51:00 [ INFO]: [ ] Associating RDG-SRE-SRE1 with NSG_SRE_SRE1_RDS_SERVER... 2020-08-13 00:51:03 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:51:13 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-08-13 00:51:13 [ INFO]: [ ] Associating APP-SRE-SRE1 with NSG_SRE_SRE1_RDS_SESSION_HOSTS... 2020-08-13 00:51:17 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:51:27 [ INFO]: Ensure data server is bound to correct NSG... 2020-08-13 00:51:27 [ INFO]: [ ] Associating DAT-SRE-SRE1 with NSG_SRE_SRE1_DATA... 2020-08-13 00:51:30 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:51:41 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-08-13 00:51:41 [ INFO]: [ ] Associating GITLAB-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-08-13 00:51:44 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:51:54 [ INFO]: [ ] Associating HACKMD-SRE-SRE1 with NSG_SRE_SRE1_WEBAPPS... 2020-08-13 00:51:57 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:52:07 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-08-13 00:52:08 [ INFO]: [ ] Associating SRE-SRE1-160-DSVM-0-2-2020062200 with NSG_SRE_SRE1_COMPUTE... 2020-08-13 00:52:11 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:52:22 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SESSION_HOSTS: 2020-08-13 00:52:22 [ INFO]: => APP-SRE-SRE1-NIC 2020-08-13 00:52:22 [ INFO]: NICs associated with NSG_SRE_SRE1_DATA: 2020-08-13 00:52:22 [ INFO]: => DAT-SRE-SRE1-NIC 2020-08-13 00:52:22 [ INFO]: NICs associated with NSG_SRE_SRE1_RDS_SERVER: 2020-08-13 00:52:22 [ INFO]: => RDG-SRE-SRE1-NIC 2020-08-13 00:52:22 [ INFO]: NICs associated with NSG_SRE_SRE1_COMPUTE: 2020-08-13 00:52:22 [ INFO]: => SRE-SRE1-160-DSVM-0-2-2020062200-NIC 2020-08-13 00:52:22 [ INFO]: NICs associated with NSG_SRE_SRE1_WEBAPPS: 2020-08-13 00:52:22 [ INFO]: => HACKMD-SRE-SRE1-NIC 2020-08-13 00:52:22 [ INFO]: => GITLAB-SRE-SRE1-NIC 2020-08-13 00:52:22 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-08-13 00:52:22 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE1_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240' 2020-08-13 00:52:27 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE1_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240' 2020-08-13 00:52:27 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-08-13 00:52:28 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_COMPUTE' to 'Deny' access to 'Internet' 2020-08-13 00:52:30 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_COMPUTE' will now 'Deny' access to 'Internet' 2020-08-13 00:52:30 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE1_WEBAPPS' to 'Deny' access to 'Internet' 2020-08-13 00:52:32 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE1_WEBAPPS' will now 'Deny' access to 'Internet' 2020-08-13 00:52:32 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-08-13 00:52:36 [ INFO]: Removing all existing mirror peerings... 2020-08-13 00:52:41 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE1: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 -> VNET_SRE_SRE1 2020-08-13 00:53:02 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:53:05 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3: VNET_SRE_SRE1 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 2020-08-13 00:53:16 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:53:16 [ INFO]: Peering to the correct mirror network... 2020-08-13 00:53:22 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE1' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-08-13 00:53:32 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE1' succeeded 2020-08-13 00:53:35 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE1. 2020-08-13 00:53:56 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-08-13 00:53:56 [ INFO]: Determining correct URLs for package mirrors... 2020-08-13 00:53:56 [ INFO]: CRAN: 'http://10.20.3.21' 2020-08-13 00:53:56 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-08-13 00:53:56 [ INFO]: PyPI host: '10.20.3.20' 2020-08-13 00:53:59 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE1-160-DSVM-0-2-2020062200 2020-08-13 00:54:29 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven> ```
  • SRE 2

    ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> Add-SreConfig -configId decovidsre2 2020-08-13 00:55:46 [ INFO]: Generating/updating config file for 'decovidsre2' 2020-08-13 00:55:51 [ INFO]: Wrote config file to '/Users/moreilly/Source/Turing/data-safe-haven/environment_configs/full/sre_decovidsre2_full_config.json' PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/secure_research_environment/setup/Apply_SRE_Network_Configuration.ps1 -configId decovidsre2 2020-08-13 00:55:58 [ INFO]: Applying network configuration for SRE 'sre2' (Tier 3), hosted on subscription '[Prod] DECOVID Safe Haven' 2020-08-13 00:55:58 [ INFO]: Ensure RDS gateway is bound to correct NSG... 2020-08-13 00:55:58 [ INFO]: [ ] Associating RDG-SRE-SRE2 with NSG_SRE_SRE2_RDS_SERVER... 2020-08-13 00:56:02 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:56:12 [ INFO]: Ensure RDS session hosts are bound to correct NSG... 2020-08-13 00:56:12 [ INFO]: [ ] Associating APP-SRE-SRE2 with NSG_SRE_SRE2_RDS_SESSION_HOSTS... 2020-08-13 00:56:16 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:56:27 [ INFO]: Ensure data server is bound to correct NSG... 2020-08-13 00:56:27 [ INFO]: [ ] Associating DAT-SRE-SRE2 with NSG_SRE_SRE2_DATA... 2020-08-13 00:56:30 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:56:40 [ INFO]: Ensure webapp servers are bound to correct NSG... 2020-08-13 00:56:40 [ INFO]: [ ] Associating GITLAB-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-08-13 00:56:43 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:56:53 [ INFO]: [ ] Associating HACKMD-SRE-SRE2 with NSG_SRE_SRE2_WEBAPPS... 2020-08-13 00:56:56 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:57:07 [ INFO]: Ensure compute VMs are bound to correct NSG... 2020-08-13 00:57:07 [ INFO]: [ ] Associating SRE-SRE2-160-DSVM-0-2-2020062200 with NSG_SRE_SRE2_COMPUTE... 2020-08-13 00:57:10 [SUCCESS]: [✔] NSG association succeeded 2020-08-13 00:57:20 [ INFO]: NICs associated with NSG_SRE_SRE2_COMPUTE: 2020-08-13 00:57:20 [ INFO]: => SRE-SRE2-160-DSVM-0-2-2020062200-NIC 2020-08-13 00:57:20 [ INFO]: NICs associated with NSG_SRE_SRE2_DATA: 2020-08-13 00:57:21 [ INFO]: => DAT-SRE-SRE2-NIC 2020-08-13 00:57:21 [ INFO]: NICs associated with NSG_SRE_SRE2_WEBAPPS: 2020-08-13 00:57:21 [ INFO]: => HACKMD-SRE-SRE2-NIC 2020-08-13 00:57:21 [ INFO]: => GITLAB-SRE-SRE2-NIC 2020-08-13 00:57:21 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SESSION_HOSTS: 2020-08-13 00:57:21 [ INFO]: => APP-SRE-SRE2-NIC 2020-08-13 00:57:21 [ INFO]: NICs associated with NSG_SRE_SRE2_RDS_SERVER: 2020-08-13 00:57:21 [ INFO]: => RDG-SRE-SRE2-NIC 2020-08-13 00:57:21 [ INFO]: Setting inbound connection rules on RDS Gateway NSG... 2020-08-13 00:57:21 [ INFO]: [ ] Updating 'HttpsIn' rule on 'NSG_SRE_SRE2_RDS_SERVER' to 'Allow' access from '193.60.220.253 193.60.220.240' 2020-08-13 00:57:27 [SUCCESS]: [✔] 'HttpsIn' on 'NSG_SRE_SRE2_RDS_SERVER' will now 'Allow' access from '193.60.220.253 193.60.220.240' 2020-08-13 00:57:27 [ INFO]: Setting outbound internet rules on user-facing NSGs... 2020-08-13 00:57:28 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_COMPUTE' to 'Deny' access to 'Internet' 2020-08-13 00:57:30 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_COMPUTE' will now 'Deny' access to 'Internet' 2020-08-13 00:57:30 [ INFO]: [ ] Updating 'OutboundInternetAccess' rule on 'NSG_SRE_SRE2_WEBAPPS' to 'Deny' access to 'Internet' 2020-08-13 00:57:32 [SUCCESS]: [✔] 'OutboundInternetAccess' on 'NSG_SRE_SRE2_WEBAPPS' will now 'Deny' access to 'Internet' 2020-08-13 00:57:32 [ INFO]: Ensuring SRE is peered to correct mirror set... 2020-08-13 00:57:38 [ INFO]: Removing all existing mirror peerings... 2020-08-13 00:57:44 [ INFO]: [ ] Removing peering PEER_VNET_SRE_SRE2: VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 -> VNET_SRE_SRE2 2020-08-13 00:58:25 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:58:29 [ INFO]: [ ] Removing peering PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3: VNET_SRE_SRE2 -> VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3 2020-08-13 00:58:40 [SUCCESS]: [✔] Peering removal succeeded 2020-08-13 00:58:40 [ INFO]: Peering to the correct mirror network... 2020-08-13 00:58:44 [ INFO]: [ ] Adding peering 'PEER_VNET_SRE_SRE2' to mirror VNet VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3. 2020-08-13 00:58:55 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SRE_SRE2' succeeded 2020-08-13 00:58:58 [ INFO]: [ ] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' to SRE VNet VNET_SRE_SRE2. 2020-08-13 00:59:40 [SUCCESS]: [✔] Adding peering 'PEER_VNET_SHM_DECOVID_PACKAGE_MIRRORS_TIER3' succeeded 2020-08-13 00:59:40 [ INFO]: Determining correct URLs for package mirrors... 2020-08-13 00:59:40 [ INFO]: CRAN: 'http://10.20.3.21' 2020-08-13 00:59:40 [ INFO]: PyPI server: 'http://10.20.3.20:3128' 2020-08-13 00:59:40 [ INFO]: PyPI host: '10.20.3.20' 2020-08-13 00:59:44 [ INFO]: Setting PyPI and CRAN locations on compute VM: SRE-SRE2-160-DSVM-0-2-2020062200 2020-08-13 01:00:15 [SUCCESS]: [✔] Remote script execution succeeded Code : ProvisioningState/succeeded Level : Info DisplayStatus : Provisioning succeeded Message : Enable succeeded: [stdout] Updating PyPI mirror to point at '10.20.3.20' Updating CRAN mirror to point at 'http://10.20.3.21' [stderr] Time : PS /Users/moreilly/Source/Turing/data-safe-haven> ```

[martintoreilly]

Apply fix for DNS remote code execution vulnerability [CVE-2020-1350]

Addresses CVE-2020-1350 by applying KB4558998.

• Code version

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> exit MAC-ATI0132:data-safe-haven moreilly$ git fetch;git pull;git status;git log -1 --pretty="At commit %h (%H)" Already up to date. On branch master Your branch is up to date with 'origin/master'. nothing to commit, working tree clean At commit 4d7c9d96 (4d7c9d9622b873745a7afad8d3e910b8613ac778) MAC-ATI0132:data-safe-haven moreilly$ ```
• Applied to DC1

  
• Applied to DC2

  

[martintoreilly]

Stop all VMs and lock subscription

• SHM VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SHM_Manage_VMs.ps1 -shmId decovid -Group All -Action EnsureStopped 2020-08-13 01:04:22 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are stopped... 2020-08-13 01:04:23 [SUCCESS]: [✔] VM 'DC1-SHM-DECOVID' already deallocated. 2020-08-13 01:04:24 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' already deallocated. 2020-08-13 01:04:24 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_NPS' are stopped... 2020-08-13 01:04:25 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' already deallocated. 2020-08-13 01:04:25 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are stopped... 2020-08-13 01:04:25 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-13 01:04:26 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-13 01:04:27 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-13 01:04:27 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-13 01:04:28 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-13 01:04:28 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-13 01:04:29 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-13 01:04:30 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-3' already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• SRE1 VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre1 -Action EnsureStopped 2020-08-13 01:05:26 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_RDS' are stopped... 2020-08-13 01:05:26 [SUCCESS]: [✔] VM 'APP-SRE-SRE1' already deallocated. 2020-08-13 01:05:27 [SUCCESS]: [✔] VM 'RDG-SRE-SRE1' already deallocated. 2020-08-13 01:05:27 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_WEBAPPS' are stopped... 2020-08-13 01:05:27 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE1' already deallocated. 2020-08-13 01:05:28 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE1' already deallocated. 2020-08-13 01:05:28 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATA' are stopped... 2020-08-13 01:05:29 [SUCCESS]: [✔] VM 'DAT-SRE-SRE1' already deallocated. 2020-08-13 01:05:29 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATABASES' are stopped... 2020-08-13 01:05:29 [SUCCESS]: [✔] VM 'MSSQL-SRE1' already deallocated. 2020-08-13 01:05:30 [SUCCESS]: [✔] VM 'PSTGRS-SRE1' already deallocated. 2020-08-13 01:05:30 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_COMPUTE' are stopped... 2020-08-13 01:05:30 [SUCCESS]: [✔] VM 'SRE-SRE1-160-DSVM-0-2-2020062200' already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• SRE2 VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre2 -Action EnsureStopped 2020-08-13 01:06:56 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_RDS' are stopped... 2020-08-13 01:06:57 [SUCCESS]: [✔] VM 'APP-SRE-SRE2' already deallocated. 2020-08-13 01:06:57 [SUCCESS]: [✔] VM 'RDG-SRE-SRE2' already deallocated. 2020-08-13 01:06:57 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_WEBAPPS' are stopped... 2020-08-13 01:06:58 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE2' already deallocated. 2020-08-13 01:06:59 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE2' already deallocated. 2020-08-13 01:06:59 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATA' are stopped... 2020-08-13 01:06:59 [SUCCESS]: [✔] VM 'DAT-SRE-SRE2' already deallocated. 2020-08-13 01:06:59 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATABASES' are stopped... 2020-08-13 01:07:00 [SUCCESS]: [✔] VM 'MSSQL-SRE2' already deallocated. 2020-08-13 01:07:00 [SUCCESS]: [✔] VM 'PSTGRS-SRE2' already deallocated. 2020-08-13 01:07:00 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_COMPUTE' are stopped... 2020-08-13 01:07:01 [SUCCESS]: [✔] VM 'SRE-SRE2-160-DSVM-0-2-2020062200' already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Subscription lock

  

[martintoreilly]

Start all VMs to collect 24 hours of full firewall logs

• Start SHM VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SHM_Manage_VMs.ps1 -shmId decovid -Group All -Action EnsureStarted 2020-08-15 20:51:05 [ INFO]: Ensuring that firewall 'FIREWALL-SHM-DECOVID' is running... 2020-08-15 20:51:07 [SUCCESS]: [✔] Firewall 'FIREWALL-SHM-DECOVID' is already running. 2020-08-15 20:51:07 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are started... 2020-08-15 20:51:07 [ INFO]: Stopping Secondary DC and NPS as Primary DC is not running. 2020-08-15 20:51:08 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' already deallocated. 2020-08-15 20:51:10 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' already deallocated. 2020-08-15 20:51:11 [ INFO]: [ ] Starting VM 'DC1-SHM-DECOVID' 2020-08-15 20:52:44 [SUCCESS]: [✔] VM 'DC1-SHM-DECOVID' successfully (re)started. 2020-08-15 20:52:45 [ INFO]: [ ] Starting VM 'DC2-SHM-DECOVID' 2020-08-15 20:54:27 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' successfully (re)started. 2020-08-15 20:54:28 [ INFO]: [ ] Starting VM 'NPS-SHM-DECOVID' 2020-08-15 20:56:00 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' successfully (re)started. 2020-08-15 20:56:00 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are started... 2020-08-15 20:56:02 [ INFO]: [ ] Starting VM 'CRAN-EXTERNAL-MIRROR-TIER-2' 2020-08-15 20:57:16 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-2' successfully (re)started. 2020-08-15 20:57:17 [ INFO]: [ ] Starting VM 'CRAN-EXTERNAL-MIRROR-TIER-3' 2020-08-15 20:58:32 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-3' successfully (re)started. 2020-08-15 20:58:33 [ INFO]: [ ] Starting VM 'CRAN-INTERNAL-MIRROR-TIER-2' 2020-08-15 21:01:17 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-2' successfully (re)started. 2020-08-15 21:01:19 [ INFO]: [ ] Starting VM 'CRAN-INTERNAL-MIRROR-TIER-3' 2020-08-15 21:02:33 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-3' successfully (re)started. 2020-08-15 21:02:34 [ INFO]: [ ] Starting VM 'PYPI-EXTERNAL-MIRROR-TIER-2' 2020-08-15 21:03:57 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-2' successfully (re)started. 2020-08-15 21:03:59 [ INFO]: [ ] Starting VM 'PYPI-EXTERNAL-MIRROR-TIER-3' 2020-08-15 21:05:12 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-3' successfully (re)started. 2020-08-15 21:05:14 [ INFO]: [ ] Starting VM 'PYPI-INTERNAL-MIRROR-TIER-2' 2020-08-15 21:07:49 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-2' successfully (re)started. 2020-08-15 21:07:50 [ INFO]: [ ] Starting VM 'PYPI-INTERNAL-MIRROR-TIER-3' 2020-08-15 21:10:35 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-3' successfully (re)started. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Start SRE1 VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre1 -Action EnsureStarted 2020-08-15 21:11:29 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_WEBAPPS' are started... 2020-08-15 21:11:30 [ INFO]: [ ] Starting VM 'GITLAB-SRE-SRE1' 2020-08-15 21:16:48 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE1' successfully (re)started. 2020-08-15 21:16:49 [ INFO]: [ ] Starting VM 'HACKMD-SRE-SRE1' 2020-08-15 21:22:25 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE1' successfully (re)started. 2020-08-15 21:22:25 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATA' are started... 2020-08-15 21:22:26 [ INFO]: [ ] Starting VM 'DAT-SRE-SRE1' 2020-08-15 21:24:26 [SUCCESS]: [✔] VM 'DAT-SRE-SRE1' successfully (re)started. 2020-08-15 21:24:26 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATABASES' are started... 2020-08-15 21:24:27 [ INFO]: [ ] Starting VM 'MSSQL-SRE1' 2020-08-15 21:26:08 [SUCCESS]: [✔] VM 'MSSQL-SRE1' successfully (re)started. 2020-08-15 21:26:09 [ INFO]: [ ] Starting VM 'PSTGRS-SRE1' 2020-08-15 21:31:10 [SUCCESS]: [✔] VM 'PSTGRS-SRE1' successfully (re)started. 2020-08-15 21:31:10 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_COMPUTE' are started... 2020-08-15 21:31:11 [ INFO]: [ ] Starting VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-08-15 21:34:59 [SUCCESS]: [✔] VM 'SRE-SRE1-160-DSVM-0-2-2020062200' successfully (re)started. 2020-08-15 21:34:59 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_RDS' are started... 2020-08-15 21:35:00 [ INFO]: Stopping RDS session hosts as gateway is not running. 2020-08-15 21:35:00 [SUCCESS]: [✔] VM 'APP-SRE-SRE1' already deallocated. 2020-08-15 21:35:02 [ INFO]: [ ] Starting VM 'RDG-SRE-SRE1' 2020-08-15 21:36:07 [SUCCESS]: [✔] VM 'RDG-SRE-SRE1' successfully (re)started. 2020-08-15 21:36:08 [ INFO]: [ ] Starting VM 'APP-SRE-SRE1' 2020-08-15 21:37:31 [SUCCESS]: [✔] VM 'APP-SRE-SRE1' successfully (re)started. PS /Users/moreilly/Source/Turing/data-safe-haven> r ```
• Subscription lock

  

[martintoreilly]

Stop all VMs after collecting 24 hours of full firewall logs

• Stop SHM VMs (including deallocating Firewall)

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SHM_Manage_VMs.ps1 -shmId decovid -Group All -Action EnsureStopped 2020-08-17 01:51:01 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are stopped... 2020-08-17 01:51:01 [ INFO]: [ ] Deallocating VM 'DC1-SHM-DECOVID' 2020-08-17 01:51:02 [SUCCESS]: [✔] Request to deallocate VM 'DC1-SHM-DECOVID' accepted. 2020-08-17 01:51:03 [ INFO]: [ ] Deallocating VM 'DC2-SHM-DECOVID' 2020-08-17 01:51:03 [SUCCESS]: [✔] Request to deallocate VM 'DC2-SHM-DECOVID' accepted. 2020-08-17 01:51:04 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_NPS' are stopped... 2020-08-17 01:51:04 [ INFO]: [ ] Deallocating VM 'NPS-SHM-DECOVID' 2020-08-17 01:51:05 [SUCCESS]: [✔] Request to deallocate VM 'NPS-SHM-DECOVID' accepted. 2020-08-17 01:51:05 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are stopped... 2020-08-17 01:51:06 [ INFO]: [ ] Deallocating VM 'CRAN-EXTERNAL-MIRROR-TIER-2' 2020-08-17 01:51:06 [SUCCESS]: [✔] Request to deallocate VM 'CRAN-EXTERNAL-MIRROR-TIER-2' accepted. 2020-08-17 01:51:07 [ INFO]: [ ] Deallocating VM 'CRAN-EXTERNAL-MIRROR-TIER-3' 2020-08-17 01:51:08 [SUCCESS]: [✔] Request to deallocate VM 'CRAN-EXTERNAL-MIRROR-TIER-3' accepted. 2020-08-17 01:51:08 [ INFO]: [ ] Deallocating VM 'CRAN-INTERNAL-MIRROR-TIER-2' 2020-08-17 01:51:09 [SUCCESS]: [✔] Request to deallocate VM 'CRAN-INTERNAL-MIRROR-TIER-2' accepted. 2020-08-17 01:51:10 [ INFO]: [ ] Deallocating VM 'CRAN-INTERNAL-MIRROR-TIER-3' 2020-08-17 01:51:10 [SUCCESS]: [✔] Request to deallocate VM 'CRAN-INTERNAL-MIRROR-TIER-3' accepted. 2020-08-17 01:51:11 [ INFO]: [ ] Deallocating VM 'PYPI-EXTERNAL-MIRROR-TIER-2' 2020-08-17 01:51:11 [SUCCESS]: [✔] Request to deallocate VM 'PYPI-EXTERNAL-MIRROR-TIER-2' accepted. 2020-08-17 01:51:12 [ INFO]: [ ] Deallocating VM 'PYPI-EXTERNAL-MIRROR-TIER-3' 2020-08-17 01:51:13 [SUCCESS]: [✔] Request to deallocate VM 'PYPI-EXTERNAL-MIRROR-TIER-3' accepted. 2020-08-17 01:51:13 [ INFO]: [ ] Deallocating VM 'PYPI-INTERNAL-MIRROR-TIER-2' 2020-08-17 01:51:14 [SUCCESS]: [✔] Request to deallocate VM 'PYPI-INTERNAL-MIRROR-TIER-2' accepted. 2020-08-17 01:51:15 [ INFO]: [ ] Deallocating VM 'PYPI-INTERNAL-MIRROR-TIER-3' 2020-08-17 01:51:16 [SUCCESS]: [✔] Request to deallocate VM 'PYPI-INTERNAL-MIRROR-TIER-3' accepted. PS /Users/moreilly/Source/Turing/data-safe-haven> PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SHM_Manage_VMs.ps1 -shmId decovid -Group All -Action EnsureStopped -DeallocateFirewall 2020-08-17 01:55:47 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are stopped... 2020-08-17 01:55:48 [SUCCESS]: [✔] VM 'DC1-SHM-DECOVID' already deallocated. 2020-08-17 01:55:48 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' already deallocated. 2020-08-17 01:55:48 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_NPS' are stopped... 2020-08-17 01:55:49 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' already deallocated. 2020-08-17 01:55:49 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are stopped... 2020-08-17 01:55:49 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 01:55:50 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 01:55:51 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 01:55:51 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 01:55:52 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 01:55:53 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 01:55:53 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 01:55:54 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 01:55:54 [ INFO]: Ensuring that firewall 'FIREWALL-SHM-DECOVID' is deallocated... 2020-08-17 01:55:55 [ INFO]: [ ] Deallocating firewall 'FIREWALL-SHM-DECOVID'... 2020-08-17 02:03:57 [SUCCESS]: [✔] Firewall 'FIREWALL-SHM-DECOVID' successfully deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SHM_Manage_VMs.ps1 -shmId decovid -Group All -Action EnsureStopped -DeallocateFirewall 2020-08-17 02:06:22 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_DC' are stopped... 2020-08-17 02:06:22 [SUCCESS]: [✔] VM 'DC1-SHM-DECOVID' already deallocated. 2020-08-17 02:06:23 [SUCCESS]: [✔] VM 'DC2-SHM-DECOVID' already deallocated. 2020-08-17 02:06:23 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_NPS' are stopped... 2020-08-17 02:06:23 [SUCCESS]: [✔] VM 'NPS-SHM-DECOVID' already deallocated. 2020-08-17 02:06:23 [ INFO]: Ensuring VMs in resource group 'RG_SHM_DECOVID_PKG_MIRRORS' are stopped... 2020-08-17 02:06:24 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 02:06:25 [SUCCESS]: [✔] VM 'CRAN-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 02:06:25 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 02:06:26 [SUCCESS]: [✔] VM 'CRAN-INTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 02:06:26 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 02:06:27 [SUCCESS]: [✔] VM 'PYPI-EXTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 02:06:28 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-2' already deallocated. 2020-08-17 02:06:28 [SUCCESS]: [✔] VM 'PYPI-INTERNAL-MIRROR-TIER-3' already deallocated. 2020-08-17 02:06:28 [ INFO]: Ensuring that firewall 'FIREWALL-SHM-DECOVID' is deallocated... 2020-08-17 02:06:29 [SUCCESS]: [✔] Firewall 'FIREWALL-SHM-DECOVID' is already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Stop SRE1 VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre1 -Action EnsureStopped 2020-08-17 01:51:49 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_RDS' are stopped... 2020-08-17 01:51:49 [ INFO]: [ ] Deallocating VM 'APP-SRE-SRE1' 2020-08-17 01:51:50 [SUCCESS]: [✔] Request to deallocate VM 'APP-SRE-SRE1' accepted. 2020-08-17 01:51:51 [ INFO]: [ ] Deallocating VM 'RDG-SRE-SRE1' 2020-08-17 01:51:52 [SUCCESS]: [✔] Request to deallocate VM 'RDG-SRE-SRE1' accepted. 2020-08-17 01:51:52 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_WEBAPPS' are stopped... 2020-08-17 01:51:52 [ INFO]: [ ] Deallocating VM 'GITLAB-SRE-SRE1' 2020-08-17 01:51:53 [SUCCESS]: [✔] Request to deallocate VM 'GITLAB-SRE-SRE1' accepted. 2020-08-17 01:51:54 [ INFO]: [ ] Deallocating VM 'HACKMD-SRE-SRE1' 2020-08-17 01:51:54 [SUCCESS]: [✔] Request to deallocate VM 'HACKMD-SRE-SRE1' accepted. 2020-08-17 01:51:54 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATA' are stopped... 2020-08-17 01:51:55 [ INFO]: [ ] Deallocating VM 'DAT-SRE-SRE1' 2020-08-17 01:51:56 [SUCCESS]: [✔] Request to deallocate VM 'DAT-SRE-SRE1' accepted. 2020-08-17 01:51:56 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATABASES' are stopped... 2020-08-17 01:51:57 [ INFO]: [ ] Deallocating VM 'MSSQL-SRE1' 2020-08-17 01:51:58 [SUCCESS]: [✔] Request to deallocate VM 'MSSQL-SRE1' accepted. 2020-08-17 01:51:59 [ INFO]: [ ] Deallocating VM 'PSTGRS-SRE1' 2020-08-17 01:51:59 [SUCCESS]: [✔] Request to deallocate VM 'PSTGRS-SRE1' accepted. 2020-08-17 01:51:59 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_COMPUTE' are stopped... 2020-08-17 01:52:00 [ INFO]: [ ] Deallocating VM 'SRE-SRE1-160-DSVM-0-2-2020062200' 2020-08-17 01:52:01 [SUCCESS]: [✔] Request to deallocate VM 'SRE-SRE1-160-DSVM-0-2-2020062200' accepted. PS /Users/moreilly/Source/Turing/data-safe-haven> PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre1 -Action EnsureStopped 2020-08-17 01:54:59 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_RDS' are stopped... 2020-08-17 01:54:59 [SUCCESS]: [✔] VM 'APP-SRE-SRE1' already deallocated. 2020-08-17 01:55:00 [SUCCESS]: [✔] VM 'RDG-SRE-SRE1' already deallocated. 2020-08-17 01:55:00 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_WEBAPPS' are stopped... 2020-08-17 01:55:01 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE1' already deallocated. 2020-08-17 01:55:01 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE1' already deallocated. 2020-08-17 01:55:01 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATA' are stopped... 2020-08-17 01:55:02 [SUCCESS]: [✔] VM 'DAT-SRE-SRE1' already deallocated. 2020-08-17 01:55:02 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_DATABASES' are stopped... 2020-08-17 01:55:03 [SUCCESS]: [✔] VM 'MSSQL-SRE1' already deallocated. 2020-08-17 01:55:03 [SUCCESS]: [✔] VM 'PSTGRS-SRE1' already deallocated. 2020-08-17 01:55:03 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE1_COMPUTE' are stopped... 2020-08-17 01:55:04 [SUCCESS]: [✔] VM 'SRE-SRE1-160-DSVM-0-2-2020062200' already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Stop SRE2 VMs

  ```pwsh PS /Users/moreilly/Source/Turing/data-safe-haven> ./deployment/administration/SRE_Manage_VMs.ps1 -configId decovidsre2 -Action EnsureStopped 2020-08-17 01:52:43 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_RDS' are stopped... 2020-08-17 01:52:44 [SUCCESS]: [✔] VM 'APP-SRE-SRE2' already deallocated. 2020-08-17 01:52:45 [SUCCESS]: [✔] VM 'RDG-SRE-SRE2' already deallocated. 2020-08-17 01:52:45 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_WEBAPPS' are stopped... 2020-08-17 01:52:45 [SUCCESS]: [✔] VM 'GITLAB-SRE-SRE2' already deallocated. 2020-08-17 01:52:46 [SUCCESS]: [✔] VM 'HACKMD-SRE-SRE2' already deallocated. 2020-08-17 01:52:46 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATA' are stopped... 2020-08-17 01:52:47 [SUCCESS]: [✔] VM 'DAT-SRE-SRE2' already deallocated. 2020-08-17 01:52:47 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_DATABASES' are stopped... 2020-08-17 01:52:47 [SUCCESS]: [✔] VM 'MSSQL-SRE2' already deallocated. 2020-08-17 01:52:48 [SUCCESS]: [✔] VM 'PSTGRS-SRE2' already deallocated. 2020-08-17 01:52:48 [ INFO]: Ensuring VMs in resource group 'RG_SRE_SRE2_COMPUTE' are stopped... 2020-08-17 01:52:49 [SUCCESS]: [✔] VM 'SRE-SRE2-160-DSVM-0-2-2020062200' already deallocated. PS /Users/moreilly/Source/Turing/data-safe-haven> ```
• Subscription lock