diff --git a/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1 b/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1
new file mode 100644
index 000000000..c6fc34013
--- /dev/null
+++ b/deploy/az/servicefabric/WindowsContainers/gen-keyvaultcert.ps1
@@ -0,0 +1,53 @@
+Param(
+ [parameter(Mandatory=$true)][string]$vaultName,
+ [parameter(Mandatory=$true)][string]$certName,
+ [parameter(Mandatory=$true)][string]$certPwd,
+ [parameter(Mandatory=$true)][string]$subjectName,
+ [parameter(Mandatory=$false)][string]$ValidityInMonths=12,
+ [parameter(Mandatory=$true)][string]$saveDir
+)
+
+
+#Log in Azure Account
+Login-AzureRmAccount
+
+
+# Create Cert in KeyVault
+Write-Host "Creating certificate in Azure KeyVault..." -ForegroundColor Yellow
+$policy = New-AzureKeyVaultCertificatePolicy -SubjectName $subjectName -IssuerName Self -ValidityInMonths $ValidityInMonths
+Add-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName -CertificatePolicy $policy
+
+# Downloading Certificate
+Write-Host "Downloading Certificate from KeyVault..." -ForegroundColor Yellow
+
+$Stoploop = $false
+$Retrycount = 0
+
+do {
+ try {
+
+ $kvSecret = Get-AzureKeyVaultSecret -VaultName $vaultName -Name $certName -ErrorAction SilentlyContinue
+ $kvSecretBytes = [System.Convert]::FromBase64String($kvSecret.SecretValueText)
+ $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
+ $certCollection.Import($kvSecretBytes,$null,[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
+ $protectedCertificateBytes = $certCollection.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pkcs12, $certPwd)
+ [System.IO.File]::WriteAllBytes($saveDir + "\" + $certName + ".pfx", $protectedCertificateBytes)
+
+ $Stoploop = $true
+ Write-Host "Finished!" -ForegroundColor Yellow
+ }
+ catch {
+ if ($Retrycount -gt 5){
+ $Stoploop = $true
+ Write-Host "Not possible to retrieve the certificate!" -ForegroundColor Yellow
+ }
+ else {
+ Start-Sleep -Seconds 20
+ $Retrycount = $Retrycount + 1
+ }
+ }
+}
+While ($Stoploop -eq $false)
+
+# Show Certificate Values
+Get-AzureKeyVaultCertificate -VaultName $vaultName -Name $certName
\ No newline at end of file
diff --git a/deploy/az/servicefabric/WindowsContainers/readme.md b/deploy/az/servicefabric/WindowsContainers/readme.md
index bbfe08bd1..9d8e7c486 100644
--- a/deploy/az/servicefabric/WindowsContainers/readme.md
+++ b/deploy/az/servicefabric/WindowsContainers/readme.md
@@ -1,4 +1,4 @@
-# Deploying Azure Service Fabric
+# Deploying Azure Service Fabric (No Secured)
The ARM template `servicefabricdeploy.json` and its parameter file (`servicefabricdeploy.parameters.json`) are used to create a service fabric cluster environment for windows containers.
@@ -31,6 +31,58 @@ create-resources.cmd servicefabric\WindowsContainers\servicefabricdeploy newReso
Alternatively, instead of using ARM templates, you can deploy eShop on service fabric directly by publishing the project eShopOnServiceFabric in eShopOnContainers-ServicesAndWebApps.sln with Visual Studio publish tool.
+# Deploying Azure Service Fabric (Secured)
+
+The ARM template `servicefabricdeploysecured.json` and its parameter file (`servicefabricdeploysecured.parameters.json`) are used to create a service fabric cluster environment for windows containers secured with a certificate.
+
+## Create Azure Keyvault service
+Go to PortalAzure and create a Keyvault service. Make sure Enable access for deployment checkboxes are selected.
+
+
+
+## Generate a certificate in Azure Keyvault
+Execute the gen-keyvaultcert.ps1 script to generate and download a certificate from Keyvault.
+
+```
+.\gen-cert.ps1 -vaultName -certName -certPwd -subjectName CN=.westeurope.cloudapp.azure.com -saveDir C:\Users\\Downloads
+
+```
+## Install the certificate
+Install the certificate under 'Current User' store location and check it as exportable.
+
+
+
+## Editing servicefabricdeploysecured.parameters.json file
+
+Edit the following params in `servicefabricdeploysecured.parameters.json` file to set your values:
+
+- clusterName: Name of your SF cluster
+- dnsName: Name assigned to your SF dns
+- adminUserName: user name for administration
+- adminPassword: user password for administration
+- sourceVaultValue: keyvault resource id (check azure keyvault properties)
+- certificateUrlValue: certificate url (check azure Keyvault certificate properties)
+- certificateThumbprint: certificate thumbprint (check azure Keyvault certificate properties)
+
+Optionally, you can modify which ports are opened in the LoadBalancer for accessing externally to the apps:
+
+- webMvcHttpPort: port externally exposed for the WebMVC app
+- webSpaHttpPort: port externally exposed for the WebSPA app
+- webStatusHttpPort: port externally exposed for the WebStatus app
+- IdSrvHttpRule: port externally exposed for the Identity app
+
+## Deploy the template
+
+Once parameter file is edited you can deploy it using [create-resources script](../readme.md).
+
+```
+create-resources.cmd servicefabric\WindowsContainers\servicefabricdeploysecured newResourceGroup -c westus
+```
+## Deploy eShopOnServiceFabric with Visual Studio.
+
+Modify the cloud.xml file of each Service Fabric application in PublishProfile directory and set your certificate settings to be able to deploy eshopOnContainers in the secured cluster:
+
+
diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json
new file mode 100644
index 000000000..b5bbfa55c
--- /dev/null
+++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.json
@@ -0,0 +1,824 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "clusterLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Location of the Cluster"
+ }
+ },
+ "clusterName": {
+ "type": "string",
+ "defaultValue": "Cluster",
+ "metadata": {
+ "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only"
+ }
+ },
+ "nt0applicationStartPort": {
+ "type": "int",
+ "defaultValue": 20000
+ },
+ "nt0applicationEndPort": {
+ "type": "int",
+ "defaultValue": 30000
+ },
+ "nt0ephemeralStartPort": {
+ "type": "int",
+ "defaultValue": 49152
+ },
+ "nt0ephemeralEndPort": {
+ "type": "int",
+ "defaultValue": 65534
+ },
+ "nt0fabricTcpGatewayPort": {
+ "type": "int",
+ "defaultValue": 19000
+ },
+ "nt0fabricHttpGatewayPort": {
+ "type": "int",
+ "defaultValue": 19080
+ },
+ "nt0reverseProxyEndpointPort": {
+ "type": "int",
+ "defaultValue": 19081
+ },
+ "webMvcHttpPort": {
+ "type": "int",
+ "defaultValue": 5100
+ },
+ "webSpaHttpPort": {
+ "type": "int",
+ "defaultValue": 5104
+ },
+ "webStatusHttpPort": {
+ "type": "int",
+ "defaultValue": 5107
+ },
+ "IdSrvHttpRule": {
+ "type": "int",
+ "defaultValue": 5105
+ },
+ "subnet0Name": {
+ "type": "string",
+ "defaultValue": "Subnet-0"
+ },
+ "subnet0Prefix": {
+ "type": "string",
+ "defaultValue": "10.0.0.0/24"
+ },
+ "computeLocation": {
+ "type": "string"
+ },
+ "publicIPAddressName": {
+ "type": "string",
+ "defaultValue": "PublicIP-VM"
+ },
+ "publicIPAddressType": {
+ "type": "string",
+ "allowedValues": [
+ "Dynamic"
+ ],
+ "defaultValue": "Dynamic"
+ },
+ "vmStorageAccountContainerName": {
+ "type": "string",
+ "defaultValue": "vhds"
+ },
+ "adminUserName": {
+ "type": "string",
+ "defaultValue": "testadm",
+ "metadata": {
+ "description": "Remote desktop user Id"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Remote desktop user password. Must be a strong password"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "defaultValue": "VNet"
+ },
+ "addressPrefix": {
+ "type": "string",
+ "defaultValue": "10.0.0.0/16"
+ },
+ "dnsName": {
+ "type": "string"
+ },
+ "nicName": {
+ "type": "string",
+ "defaultValue": "NIC"
+ },
+ "lbName": {
+ "type": "string",
+ "defaultValue": "LoadBalancer"
+ },
+ "lbIPName": {
+ "type": "string",
+ "defaultValue": "PublicIP-LB-FE"
+ },
+ "overProvision": {
+ "type": "string",
+ "defaultValue": "false"
+ },
+ "vmImagePublisher": {
+ "type": "string",
+ "defaultValue": "MicrosoftWindowsServer"
+ },
+ "vmImageOffer": {
+ "type": "string",
+ "defaultValue": "WindowsServer"
+ },
+ "vmImageSku": {
+ "type": "string",
+ "defaultValue": "2012-R2-Datacenter"
+ },
+ "vmImageVersion": {
+ "type": "string",
+ "defaultValue": "latest"
+ },
+ "clusterProtectionLevel": {
+ "type": "string",
+ "allowedValues": [
+ "None",
+ "Sign",
+ "EncryptAndSign"
+ ],
+ "defaultValue": "EncryptAndSign",
+ "metadata": {
+ "description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to"
+ }
+ },
+ "certificateStoreValue": {
+ "type": "string",
+ "allowedValues": [
+ "My"
+ ],
+ "defaultValue": "My",
+ "metadata": {
+ "description": "The store name where the cert will be deployed in the virtual machine"
+ }
+ },
+ "certificateThumbprint": {
+ "type": "string",
+ "metadata": {
+ "description": "Certificate Thumbprint"
+ }
+ },
+ "sourceVaultValue": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Id of the key vault, is should be in the format of /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/"
+ }
+ },
+ "certificateUrlValue": {
+ "type": "string",
+ "metadata": {
+ "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://.vault.azure.net:443/secrets/"
+ }
+ },
+ "storageAccountType": {
+ "type": "string",
+ "allowedValues": [
+ "Standard_LRS",
+ "Standard_GRS"
+ ],
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "Replication option for the VM image storage account"
+ }
+ },
+ "supportLogStorageAccountType": {
+ "type": "string",
+ "allowedValues": [
+ "Standard_LRS",
+ "Standard_GRS"
+ ],
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "Replication option for the support log storage account"
+ }
+ },
+ "supportLogStorageAccountName": {
+ "type": "string",
+ "defaultValue": "[toLower( concat('sflogs', uniqueString(resourceGroup().id),'2'))]",
+ "metadata": {
+ "description": "Name for the storage account that contains support logs from the cluster"
+ }
+ },
+ "applicationDiagnosticsStorageAccountType": {
+ "type": "string",
+ "allowedValues": [
+ "Standard_LRS",
+ "Standard_GRS"
+ ],
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "Replication option for the application diagnostics storage account"
+ }
+ },
+ "applicationDiagnosticsStorageAccountName": {
+ "type": "string",
+ "defaultValue": "[toLower(concat(uniqueString(resourceGroup().id), '3' ))]",
+ "metadata": {
+ "description": "Name for the storage account that contains application diagnostics data from the cluster"
+ }
+ },
+ "nt0InstanceCount": {
+ "type": "int",
+ "defaultValue": 5,
+ "metadata": {
+ "description": "Instance count for node type"
+ }
+ },
+ "vmNodeType0Name": {
+ "type": "string",
+ "defaultValue": "primary",
+ "maxLength": 9
+ },
+ "vmNodeType0Size": {
+ "type": "string",
+ "defaultValue": "Standard_D2_v2"
+ }
+ },
+ "variables": {
+ "vmssApiVersion": "2017-03-30",
+ "lbApiVersion": "2015-06-15",
+ "vNetApiVersion": "2015-06-15",
+ "storageApiVersion": "2016-01-01",
+ "publicIPApiVersion": "2015-06-15",
+ "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]",
+ "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet0Name'))]",
+ "lbID0": "[resourceId('Microsoft.Network/loadBalancers', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]",
+ "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]",
+ "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]",
+ "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]",
+ "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]",
+ "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]",
+ "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]",
+ "uniqueStringArray0": [
+ "[concat(variables('vmStorageAccountName0'), '0')]",
+ "[concat(variables('vmStorageAccountName0'), '1')]",
+ "[concat(variables('vmStorageAccountName0'), '2')]",
+ "[concat(variables('vmStorageAccountName0'), '3')]",
+ "[concat(variables('vmStorageAccountName0'), '4')]"
+ ]
+ },
+ "resources": [
+ {
+ "apiVersion": "[variables('storageApiVersion')]",
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[parameters('supportLogStorageAccountName')]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [],
+ "properties": {},
+ "kind": "Storage",
+ "sku": {
+ "name": "[parameters('supportLogStorageAccountType')]"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('storageApiVersion')]",
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[parameters('applicationDiagnosticsStorageAccountName')]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [],
+ "properties": {},
+ "kind": "Storage",
+ "sku": {
+ "name": "[parameters('applicationDiagnosticsStorageAccountType')]"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('vNetApiVersion')]",
+ "type": "Microsoft.Network/virtualNetworks",
+ "name": "[parameters('virtualNetworkName')]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [],
+ "properties": {
+ "addressSpace": {
+ "addressPrefixes": [
+ "[parameters('addressPrefix')]"
+ ]
+ },
+ "subnets": [
+ {
+ "name": "[parameters('subnet0Name')]",
+ "properties": {
+ "addressPrefix": "[parameters('subnet0Prefix')]"
+ }
+ }
+ ]
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('publicIPApiVersion')]",
+ "type": "Microsoft.Network/publicIPAddresses",
+ "name": "[concat(parameters('lbIPName'),'-','0')]",
+ "location": "[parameters('computeLocation')]",
+ "properties": {
+ "dnsSettings": {
+ "domainNameLabel": "[parameters('dnsName')]"
+ },
+ "publicIPAllocationMethod": "Dynamic"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('lbApiVersion')]",
+ "type": "Microsoft.Network/loadBalancers",
+ "name": "[concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name'))]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [
+ "[concat('Microsoft.Network/publicIPAddresses/',concat(parameters('lbIPName'),'-','0'))]"
+ ],
+ "properties": {
+ "frontendIPConfigurations": [
+ {
+ "name": "LoadBalancerIPConfig",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(parameters('lbIPName'),'-','0'))]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "LoadBalancerBEAddressPool",
+ "properties": {}
+ }
+ ],
+ "loadBalancingRules": [
+ {
+ "name": "LBRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('nt0fabricTcpGatewayPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('nt0fabricTcpGatewayPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "LBHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('nt0fabricHttpGatewayPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('nt0fabricHttpGatewayPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "ReverseProxyHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('nt0reverseProxyEndpointPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('nt0reverseProxyEndpointPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "WebMVCHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('webMvcHttpPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('webMvcHttpPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "WebSPAHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('webSpaHttpPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('webSpaHttpPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "WebStatusHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('webStatusHttpPort')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('webStatusHttpPort')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "IdSrvHttpRule",
+ "properties": {
+ "backendAddressPool": {
+ "id": "[variables('lbPoolID0')]"
+ },
+ "backendPort": "[parameters('IdSrvHttpRule')]",
+ "enableFloatingIP": "false",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPort": "[parameters('IdSrvHttpRule')]",
+ "idleTimeoutInMinutes": "5",
+ "probe": {
+ "id": "[variables('lbHttpProbeID0')]"
+ },
+ "protocol": "tcp"
+ }
+ }
+ ],
+ "probes": [
+ {
+ "name": "FabricGatewayProbe",
+ "properties": {
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2,
+ "port": "[parameters('nt0fabricTcpGatewayPort')]",
+ "protocol": "tcp"
+ }
+ },
+ {
+ "name": "FabricHttpGatewayProbe",
+ "properties": {
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2,
+ "port": "[parameters('nt0fabricHttpGatewayPort')]",
+ "protocol": "tcp"
+ }
+ }
+ ],
+ "inboundNatPools": [
+ {
+ "name": "LoadBalancerBEAddressNatPool",
+ "properties": {
+ "backendPort": "3389",
+ "frontendIPConfiguration": {
+ "id": "[variables('lbIPConfig0')]"
+ },
+ "frontendPortRangeEnd": "4500",
+ "frontendPortRangeStart": "3389",
+ "protocol": "tcp"
+ }
+ }
+ ]
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('storageApiVersion')]",
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('uniqueStringArray0')[copyIndex()]]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [],
+ "properties": {},
+ "copy": {
+ "name": "storageLoop",
+ "count": 5
+ },
+ "kind": "Storage",
+ "sku": {
+ "name": "[parameters('storageAccountType')]"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "[variables('vmssApiVersion')]",
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "name": "[parameters('vmNodeType0Name')]",
+ "location": "[parameters('computeLocation')]",
+ "dependsOn": [
+ "[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
+ "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[0])]",
+ "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[1])]",
+ "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[2])]",
+ "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[3])]",
+ "[concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[4])]",
+ "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',parameters('vmNodeType0Name')))]",
+ "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]",
+ "[concat('Microsoft.Storage/storageAccounts/', parameters('applicationDiagnosticsStorageAccountName'))]"
+ ],
+ "properties": {
+ "overprovision": "[parameters('overProvision')]",
+ "upgradePolicy": {
+ "mode": "Automatic"
+ },
+ "virtualMachineProfile": {
+ "extensionProfile": {
+ "extensions": [
+ {
+ "name": "[concat(parameters('vmNodeType0Name'),'_ServiceFabricNode')]",
+ "properties": {
+ "type": "ServiceFabricNode",
+ "autoUpgradeMinorVersion": true,
+ "protectedSettings": {
+ "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key1]",
+ "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('supportLogStorageAccountName')),'2015-05-01-preview').key2]"
+ },
+ "publisher": "Microsoft.Azure.ServiceFabric",
+ "settings": {
+ "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
+ "nodeTypeRef": "[parameters('vmNodeType0Name')]",
+ "dataPath": "D:\\\\SvcFab",
+ "durabilityLevel": "Bronze",
+ "enableParallelJobs": true,
+ "nicPrefixOverride": "[parameters('subnet0Prefix')]",
+ "certificate": {
+ "thumbprint": "[parameters('certificateThumbprint')]",
+ "x509StoreName": "[parameters('certificateStoreValue')]"
+ }
+ },
+ "typeHandlerVersion": "1.0"
+ }
+ },
+ {
+ "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]",
+ "properties": {
+ "type": "IaaSDiagnostics",
+ "autoUpgradeMinorVersion": true,
+ "protectedSettings": {
+ "storageAccountName": "[parameters('applicationDiagnosticsStorageAccountName')]",
+ "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]",
+ "storageAccountEndPoint": "https://core.windows.net/"
+ },
+ "publisher": "Microsoft.Azure.Diagnostics",
+ "settings": {
+ "WadCfg": {
+ "DiagnosticMonitorConfiguration": {
+ "overallQuotaInMB": "50000",
+ "EtwProviders": {
+ "EtwEventSourceProviderConfiguration": [
+ {
+ "provider": "Microsoft-ServiceFabric-Actors",
+ "scheduledTransferKeywordFilter": "1",
+ "scheduledTransferPeriod": "PT5M",
+ "DefaultEvents": {
+ "eventDestination": "ServiceFabricReliableActorEventTable"
+ }
+ },
+ {
+ "provider": "Microsoft-ServiceFabric-Services",
+ "scheduledTransferPeriod": "PT5M",
+ "DefaultEvents": {
+ "eventDestination": "ServiceFabricReliableServiceEventTable"
+ }
+ }
+ ],
+ "EtwManifestProviderConfiguration": [
+ {
+ "provider": "cbd93bc2-71e5-4566-b3a7-595d8eeca6e8",
+ "scheduledTransferLogLevelFilter": "Information",
+ "scheduledTransferKeywordFilter": "4611686018427387904",
+ "scheduledTransferPeriod": "PT5M",
+ "DefaultEvents": {
+ "eventDestination": "ServiceFabricSystemEventTable"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "StorageAccount": "[parameters('applicationDiagnosticsStorageAccountName')]"
+ },
+ "typeHandlerVersion": "1.5"
+ }
+ }
+ ]
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "[concat(parameters('nicName'), '-0')]",
+ "properties": {
+ "ipConfigurations": [
+ {
+ "name": "[concat(parameters('nicName'),'-',0)]",
+ "properties": {
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('lbPoolID0')]"
+ }
+ ],
+ "loadBalancerInboundNatPools": [
+ {
+ "id": "[variables('lbNatPoolID0')]"
+ }
+ ],
+ "subnet": {
+ "id": "[variables('subnet0Ref')]"
+ }
+ }
+ }
+ ],
+ "primary": true
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[parameters('adminUsername')]",
+ "computernamePrefix": "[parameters('vmNodeType0Name')]",
+ "secrets": [
+ {
+ "sourceVault": {
+ "id": "[parameters('sourceVaultValue')]"
+ },
+ "vaultCertificates": [
+ {
+ "certificateStore": "[parameters('certificateStoreValue')]",
+ "certificateUrl": "[parameters('certificateUrlValue')]"
+ }
+ ]
+ }
+ ]
+ },
+ "storageProfile": {
+ "imageReference": {
+ "publisher": "[parameters('vmImagePublisher')]",
+ "offer": "[parameters('vmImageOffer')]",
+ "sku": "[parameters('vmImageSku')]",
+ "version": "[parameters('vmImageVersion')]"
+ },
+ "osDisk": {
+ "caching": "ReadOnly",
+ "createOption": "FromImage",
+ "vhdContainers": [
+ "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[0]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]",
+ "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[1]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]",
+ "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[2]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]",
+ "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[3]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]",
+ "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('uniqueStringArray0')[4]), variables('storageApiVersion')).primaryEndpoints.blob, parameters('vmStorageAccountContainerName'))]"
+ ],
+ "name": "vmssosdisk"
+ }
+ }
+ }
+ },
+ "sku": {
+ "name": "[parameters('vmNodeType0Size')]",
+ "capacity": "[parameters('nt0InstanceCount')]",
+ "tier": "Standard"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ },
+ {
+ "apiVersion": "2017-07-01-preview",
+ "type": "Microsoft.ServiceFabric/clusters",
+ "name": "[parameters('clusterName')]",
+ "location": "[parameters('clusterLocation')]",
+ "dependsOn": [
+ "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]"
+ ],
+ "properties": {
+ "addonFeatures": [
+ "DnsService"
+ ],
+ "certificate": {
+ "thumbprint": "[parameters('certificateThumbprint')]",
+ "x509StoreName": "[parameters('certificateStoreValue')]"
+ },
+ "clientCertificateCommonNames": [],
+ "clientCertificateThumbprints": [],
+ "clusterCodeVersion": "5.7.207.9494",
+ "clusterState": "Default",
+ "diagnosticsStorageAccountConfig": {
+ "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
+ "protectedAccountKeyName": "StorageAccountKey1",
+ "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
+ "storageAccountName": "[parameters('supportLogStorageAccountName')]",
+ "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
+ },
+ "fabricSettings": [
+ {
+ "parameters": [
+ {
+ "name": "ClusterProtectionLevel",
+ "value": "[parameters('clusterProtectionLevel')]"
+ }
+ ],
+ "name": "Security"
+ }
+ ],
+ "managementEndpoint": "[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]",
+ "nodeTypes": [
+ {
+ "name": "[parameters('vmNodeType0Name')]",
+ "applicationPorts": {
+ "endPort": "[parameters('nt0applicationEndPort')]",
+ "startPort": "[parameters('nt0applicationStartPort')]"
+ },
+ "clientConnectionEndpointPort": "[parameters('nt0fabricTcpGatewayPort')]",
+ "durabilityLevel": "Bronze",
+ "ephemeralPorts": {
+ "endPort": "[parameters('nt0ephemeralEndPort')]",
+ "startPort": "[parameters('nt0ephemeralStartPort')]"
+ },
+ "httpGatewayEndpointPort": "[parameters('nt0fabricHttpGatewayPort')]",
+ "isPrimary": true,
+ "reverseProxyEndpointPort": "[parameters('nt0reverseProxyEndpointPort')]",
+ "vmInstanceCount": "[parameters('nt0InstanceCount')]"
+ }
+ ],
+ "provisioningState": "Default",
+ "reliabilityLevel": "Silver",
+ "upgradeMode": "Manual",
+ "vmImage": "Windows"
+ },
+ "tags": {
+ "resourceType": "Service Fabric",
+ "clusterName": "[parameters('clusterName')]"
+ }
+ }
+ ],
+ "outputs": {
+ "clusterProperties": {
+ "value": "[reference(parameters('clusterName'))]",
+ "type": "object"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json
new file mode 100644
index 000000000..22dd82265
--- /dev/null
+++ b/deploy/az/servicefabric/WindowsContainers/servicefabricdeploysecure.parameters.json
@@ -0,0 +1,91 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "clusterName": {
+ "value": "your_sf_name"
+ },
+ "clusterLocation": {
+ "value": "westeurope"
+ },
+ "computeLocation": {
+ "value": "westeurope"
+ },
+ "adminUserName": {
+ "value": "eshop"
+ },
+ "adminPassword": {
+ "value": "your_admin_password"
+ },
+ "nicName": {
+ "value": "NIC-eshopsfwin"
+ },
+ "publicIPAddressName": {
+ "value": "eshopsfwin-PubIP"
+ },
+ "dnsName": {
+ "value": "your_sf_dns"
+ },
+ "virtualNetworkName": {
+ "value": "VNet-eshopsfwin"
+ },
+ "lbName": {
+ "value": "LB-eshopsfwin"
+ },
+ "lbIPName": {
+ "value": "LBIP-eshopsfwin"
+ },
+ "applicationDiagnosticsStorageAccountName": {
+ "value": "sfdgeshopsfwin6744"
+ },
+ "supportLogStorageAccountName": {
+ "value": "sflogseshopsfwin3480"
+ },
+ "sourceVaultValue": {
+ "value": "/subscriptions/6c22bb55-0221-4ce4-9bf1-3c4a10a7294c/resourceGroups/eshop-sf-win/providers/Microsoft.KeyVault/vaults/eshoponsfkeyvault"
+ },
+ "certificateUrlValue": {
+ "value": "https://eshoponsfkeyvault.vault.azure.net:443/secrets/eshopsfwincert/b4ae55e3a549448c96088cd8dd96c369"
+ },
+ "certificateThumbprint": {
+ "value": ""
+ },
+ "vmImageSku": {
+ "value": "2016-Datacenter-with-Containers"
+ },
+ "nt0ephemeralStartPort": {
+ "value": 49152
+ },
+ "nt0ephemeralEndPort": {
+ "value": 65534
+ },
+ "nt0applicationStartPort": {
+ "value": 20000
+ },
+ "nt0applicationEndPort": {
+ "value": 30000
+ },
+ "nt0fabricTcpGatewayPort": {
+ "value": 19000
+ },
+ "nt0fabricHttpGatewayPort": {
+ "value": 19080
+ },
+ "nt0reverseProxyEndpointPort": {
+ "value": 19081
+ },
+ "webMvcHttpPort": {
+ "value": 5100
+ },
+ "webSpaHttpPort": {
+ "value": 5104
+ },
+ "webStatusHttpPort": {
+ "value": 5107
+ },
+ "IdSrvHttpRule": {
+ "value": 5105
+ }
+ }
+}
+
diff --git a/img/sf/cloud_publishProfile.PNG b/img/sf/cloud_publishProfile.PNG
new file mode 100644
index 000000000..edd5c53e5
Binary files /dev/null and b/img/sf/cloud_publishProfile.PNG differ
diff --git a/img/sf/create-kv.PNG b/img/sf/create-kv.PNG
new file mode 100644
index 000000000..f2c5f91c3
Binary files /dev/null and b/img/sf/create-kv.PNG differ
diff --git a/img/sf/install-cert.PNG b/img/sf/install-cert.PNG
new file mode 100644
index 000000000..f5c798199
Binary files /dev/null and b/img/sf/install-cert.PNG differ