Moving Marketplace images into existing resource groups

Not only Palo Alto, but alot of the templates hosted in the Azure Marketplace has restrictions to how we can deploy these resources. And it is mostly because the vendor wants to help you, but it doesn’t always fit with the existing infrastructure in Azure.

The two most annoying restrictions are:

1. Cannot be deployed to existing Resource Group.
2. Can only be deployed to an empty Resource Group.

My last challange was deploying two virtual appliances from Palo Alto using the BYOL image into an existing Resource Group and have them in the same Availability Set. For everyone that isn’t comfortable making all necessary changes to a copy of Palo Alto’s Github repository, we can use PowerShell to work around this challange.

Start by deploying the Palo Alto VMs using the Azure Marketplace image, and remember you can choose the vNet and Subnet from a different Resource Group.

It is possible to move resources using the Azure Portal, but this doesn’t apply to the virtual machine configuration it selves. Because it is connected to a plan, and throws an error when trying to move the virtual machines.

So in order to move all resources into your existing logical grouping of resources, we need to remove the VM configuration and configure all the resources back together after all of them have been moved.

To remove a VM configuration we use the Remove-AzureRmVM, and don’t worry, it doesn’t delete anything but the shell making all the resources into one VM:

Remove-AzureRmVM -ResourceGroupName ResourceGroupName -Name VmName
Example: Remove-AzureRmVM -ResourceGroupName DEMO-ROY-TEST -Name DEMO-ROY-TEST01

We can now move all the resources using the Move-AzureRmResources.

$Resource = Get-AzureRmResource -ResourceGroupName OldResourceGroupName -ResourceName ResourceName
$Resource1 = Get-AzureRmResource -ResourceGroupName OldResourceGroupName -ResourceName ResourceName
$Resource2 = Get-AzureRmResource -ResourceGroupName OldResourceGroupName -ResourceName ResourceName

Move-AzureRmResource -DestinationResourceGroupName NewResourceGroupName -ResourceId $Resource.ResourceId, $Resource1.ResourceId, $Resource2.ResourceId

Example:

$NIC0 = Get-AzureRmResource -ResourceGroupName DEMO-ROY-TEST -ResourceName demo-roy-test01617
$NIC1 = Get-AzureRmResource -ResourceGroupName DEMO-ROY-TEST -ResourceName demo-roy-test01618
$NIC2 = Get-AzureRmResource -ResourceGroupName DEMO-ROY-TEST -ResourceName demo-roy-test01619
$DiskStorageAccount = Get-AzureRmResources -ResourceGroupName DEMO-ROY-TEST -ResourceName demoroytestdisks767
$DiagStorageAccount = Get-AzureRmResources -ResourceGroupName DEMO-ROY-TEST -ResourceName demoroytestdiag833
$PIP = Get-AzureRmResources -ResourceGroupName DEMO-ROY-TEST -ResourceName DEMO-ROY-TEST01-ip
$NSG = Get-AzureRmResources -ResourceGroupName DEMO-ROY-TEST -ResourceName DEMO-ROY-TEST01-nsg

Move-AzureRmResource -DestinationResourceGroupName DEMO-ROY -ResourceId $NIC0.ResourceId, $NIC1.ResourceId, $NIC2.ResourceId, $DiskStorageAccount.ResourceId, $DiagStorageAccount.ResourceId, $PIP.ResourceId, $NSG.ResourceId

Now that we have removed the VM configuration and moved the resource to the right Resource Group, we can create the VM configuration again and have the VM up and running. You can also add the Virtual Machines to an Availability Set while we configure them, so be sure to create a suiteable Availability Set to

#Choose subscription
Select-AzureRmSubscription -SubscriptionId dc9b2339-0138-4de6-b2c2-c7e9408fdfa4
 
#Get Network Interface
$nic0 = Get-AzureRmNetworkInterface -ResourceGroupName DEMO-ROY -Name demo-roy-test01617
$nic1 = Get-AzureRmNetworkInterface -ResourceGroupName DEMO-ROY -Name demo-roy-test01618
$nic2 = Get-AzureRmNetworkInterface -ResourceGroupName DEMO-ROY -Name demo-roy-test01619

#Get Availability Set
$avset = Get-AzureRmAvailabilitySet -ResourceGroupName DEMO-ROY -Name DEMO-ROY-AV-PA

#Set VM name, size and availability set
$vmconfig = New-AzureRmVMConfig -VMName DEMO-ROY-TEST01 -VMSize "Standard_D3_V2" -AvailabilitySetId $avset.ID

#Set VM OS disk
$vmconfig = Set-AzureRmVMOSDisk -VM $vmconfig -Name DEMO-ROY-TEST01-vmseries1-byol.vhd -VhdUri https://demoroytestdisks767.blob.core.windows.net/vhds/DEMO-ROY-TEST01-vmseries1-byol.vhd -CreateOption attach -Linux
 
#Set VM data disk
#$vmconfig = Add-AzureRmVMDataDisk -VM $vmConfig -Name appdisk01 -VhdUri <Specify VHD URL> -Lun 0 -CreateOption attach -Caching none -DiskSizeInGB 500
 
#Set Network Interface
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic0.Id -Primary
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic1.Id
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic2.Id

#Set Publisher, Offer and Sku when VM was deployed from Marketplace image
Set-AzureRmVMPlan -VM $vmconfig -Publisher "paloaltonetworks" -Product "vmseries1" -Name "byol"

#Deploy VM
New-AzureRmVM -ResourceGroupName 002-AH-PaloAlto-RG -vm $vmconfig -Location "West Europe"

To get the Publisher, Offer and Sku read my former post on Windows Server 2016 SKUs.

$location = "West Europe"
Get-AzureRmVMImagePublisher -Location "West Europe" | Where-Object -Property PublisherName -Like Palo*

$publisherName = 'paloaltonetworks'
Get-AzureRmVMImageOffer -Location $location -PublisherName $publisherName

$offer = 'vmseries1'
Get-AzureRmVMImageSku -Location $location -PublisherName $publisherName -Offer $offer | Select-Object -Property 'Skus'