From 84d5c1aaa581d4fd3ec6023a440b684154a97a42 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 9 Oct 2025 15:57:31 +0400 Subject: [PATCH 1/3] Remove Non-AZ VPN GW options (#2072) --- docs/wiki/Whats-new.md | 6 +++ eslzArm/eslz-portal.json | 86 +++------------------------------------- eslzArm/eslzArm.json | 4 +- 3 files changed, 14 insertions(+), 82 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 0ef176039f..9c20353663 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -59,6 +59,12 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: +### October 2025 + +#### Tooling + +- Update the portal accelerator to remove the option to select regional VPN gateways as these are being deprecated and all regions now support AZ aware VPN gateways. + ### September 2025 #### Tooling diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 6d221cee28..9724c70047 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -2228,7 +2228,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "Deploy zone redundant or regional VPN Gateway", "defaultValue": "Zone redundant (recommended)", - "visible": "[and(and(equals(steps('connectivity').enableVpnGw,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]", + "visible": false, "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.", "constraints": { "allowedValues": [ @@ -2308,7 +2308,7 @@ "selectAll": false, "filter": false, "multiLine": true, - "visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), equals(steps('connectivity').gwRegionalOrAz, 'Zone') ,contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]", + "visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').connectivityLocation))]", "toolTip": "Select the required SKU for the VPN gateway.", "constraints": { "allowedValues": [ @@ -2335,42 +2335,6 @@ ] } }, - { - "name": "gwRegionalSku", - "type": "Microsoft.Common.DropDown", - "label": "Select the VPN Gateway SKU", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(and(equals(steps('connectivity').enableVpnGw, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').enableVpnGw,'Yes'), equals(steps('connectivity').gwRegionalOrAz, 'Regional'))]", - "toolTip": "Select the required SKU for the VPN gateway.", - "constraints": { - "allowedValues": [ - { - "label": "VpnGw2", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", - "value": "VpnGw2" - }, - { - "label": "VpnGw3", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", - "value": "VpnGw3" - }, - { - "label": "VpnGw4", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", - "value": "VpnGw4" - }, - { - "label": "VpnGw5", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", - "value": "VpnGw5" - } - ] - } - }, { "name": "vpnGateWayScaleUnit", "type": "Microsoft.Common.DropDown", @@ -3353,7 +3317,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "Deploy zone redundant or regional VPN Gateway in your second region", "defaultValue": "Zone redundant (recommended)", - "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'),contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "visible": false, "toolTip": "If 'Yes' is selected when also adding a subscription for connectivity, ARM will deploy Virtual Gateway to the selected region and availability zones.", "constraints": { "allowedValues": [ @@ -3433,7 +3397,7 @@ "selectAll": false, "filter": false, "multiLine": true, - "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Zone') ,contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", + "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), contains(split('brazilsouth,canadacentral,centralus,eastus,eastus2,southcentralus,westus2,westus3,mexicocentral,francecentral,italynorth,germanywestcentral,norwayeast,northeurope,uksouth,westeurope,swedencentral,switzerlandnorth,polandcentral,spaincentral,qatarcentral,uaenorth,israelcentral,southafricanorth,australiaeast,centralindia,japaneast,japanwest,southeastasia,eastasia,koreacentral,newzealandnorth,taiwannorth', ','), steps('connectivity').esNetworkSecondarySubSection.connectivityLocationSecondary))]", "toolTip": "Select the required SKU for the VPN gateway.", "constraints": { "allowedValues": [ @@ -3460,42 +3424,6 @@ ] } }, - { - "name": "gwRegionalSkuSecondary", - "type": "Microsoft.Common.DropDown", - "label": "Select the VPN Gateway SKU for your second region", - "defaultValue": "", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": true, - "visible": "[and(and(equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary, 'Yes'), not(equals(steps('connectivity').enableHub, 'vwan'))), equals(steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary,'Yes'), equals(steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary, 'Regional'))]", - "toolTip": "Select the required SKU for the VPN gateway.", - "constraints": { - "allowedValues": [ - { - "label": "VpnGw2", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 500 IKEv2/OpenVPN connections, aggregate throughput is 1.25 Gbps", - "value": "VpnGw2" - }, - { - "label": "VpnGw3", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 1000 IKEv2/OpenVPN connections, aggregate throughput is 2.5 Gbps", - "value": "VpnGw3" - }, - { - "label": "VpnGw4", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 5000 IKEv2/OpenVPN connections, aggregate throughput is 5 Gbps", - "value": "VpnGw4" - }, - { - "label": "VpnGw5", - "description": "Supports BGP, max 30 S2S/VNet-VNet tunnels, max 128 P2S SSTP connections, max 10000 IKEv2/OpenVPN connections, aggregate throughput is 10 Gbps", - "value": "VpnGw5" - } - ] - } - }, { "name": "vpnGateWayScaleUnitSecondary", "type": "Microsoft.Common.DropDown", @@ -9917,9 +9845,8 @@ "enablePrivateDnsZones": "[steps('connectivity').enablePrivateDnsZones]", "privateDnsZonesToDeploy": "[steps('connectivity').privateDnsZones]", "enableVpnGw": "[steps('connectivity').enableVpnGw]", - "gwRegionalOrAz": "[steps('connectivity').gwRegionalOrAz]", + "gwRegionalOrAz": "Zone", "enableVpnActiveActive": "[steps('connectivity').enableVpnActiveActive]", - "gwRegionalSku": "[coalesce(steps('connectivity').gwRegionalSku, steps('connectivity').esGwNoAzSku)]", "gwAzSku": "[steps('connectivity').gwAzSku]", "vpnGateWayScaleUnit": "[steps('connectivity').vpnGateWayScaleUnit]", "subnetMaskForGw": "[steps('connectivity').subnetMaskForGw]", @@ -9946,9 +9873,8 @@ "enablePrivateDnsZonesSecondary": "No", "privateDnsZonesToDeploySecondary": null, "enableVpnGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnGwSecondary]", - "gwRegionalOrAzSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwRegionalOrAzSecondary]", + "gwRegionalOrAzSecondary": "Zone", "enableVpnActiveActiveSecondary": "[steps('connectivity').esNetworkSecondarySubSection.enableVpnActiveActiveSecondary]", - "gwRegionalSkuSecondary": "[coalesce(steps('connectivity').esNetworkSecondarySubSection.gwRegionalSkuSecondary, steps('connectivity').esNetworkSecondarySubSection.esGwNoAzSkuSecondary)]", "gwAzSkuSecondary": "[steps('connectivity').esNetworkSecondarySubSection.gwAzSkuSecondary]", "vpnGateWayScaleUnitSecondary": "[steps('connectivity').esNetworkSecondarySubSection.vpnGateWayScaleUnitSecondary]", "subnetMaskForGwSecondary": "[steps('connectivity').esNetworkSecondarySubSection.subnetMaskForGwSecondary]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index d6e74ac577..4941afcf17 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -442,7 +442,7 @@ }, "gwRegionalOrAz": { "type": "string", - "defaultValue": "" + "defaultValue": "Zone" }, "gwRegionalSku": { "type": "string", @@ -605,7 +605,7 @@ }, "gwRegionalOrAzSecondary": { "type": "string", - "defaultValue": "" + "defaultValue": "Zone" }, "gwRegionalSkuSecondary": { "type": "string", From a47390d76484cf90d18a0f2ecce337404167ea96 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 9 Oct 2025 22:02:33 +0400 Subject: [PATCH 2/3] Updated What's New text. --- docs/wiki/Whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 9c20353663..4bcf2dcb06 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -63,7 +63,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: #### Tooling -- Update the portal accelerator to remove the option to select regional VPN gateways as these are being deprecated and all regions now support AZ aware VPN gateways. +- Updated the ALZ portal accelerator to remove the option to select regional VPN gateways as these are being deprecated. All regions that support VPN gateways now support them deployed across availability zones by default. ### September 2025 From c35687135f74ed525767fc49dbb7319c35f6b597 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 9 Oct 2025 22:04:23 +0400 Subject: [PATCH 3/3] Minor text update --- docs/wiki/Whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 4bcf2dcb06..c170895374 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -63,7 +63,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: #### Tooling -- Updated the ALZ portal accelerator to remove the option to select regional VPN gateways as these are being deprecated. All regions that support VPN gateways now support them deployed across availability zones by default. +- Updated the ALZ portal accelerator to remove the option to select regional VPN gateways as these are being deprecated. All regions that support VPN gateways now deploy zone redundant VPN gateways by default. ### September 2025