Patch for Meraki vMX

* Created a directory for Time Trigger and moved the related files.

* Created a requirements.psd1 file to download the required modules.

* Added information on the following issue.

  No parameter defined in the script or function for the input binding 'Timer'.Stack: · Issue Azure#7 · Azure/ha-nva-fo
  Azure#7

* The Resoruce Group of Meraki vMX is created on a per-instance basis. Therefore, the variable FWRGNAME is divided into FW1RGNAME and FW2RGNAME.

* Added Meraki-specific supplementary information to README.

Author: myhomenwlab

function.json renamed to MyTimerTrigger/function.json

@@ -33,7 +33,7 @@
 #     AZURECLOUD = "AzureCloud" or "AzureUSGovernment"
 #
 #   - Set Firewall VM names and Resource Group in the Azure function app settings
-#     FW1NAME, FW2NAME, FWMONITOR, FW1FQDN, FW1PORT, FW2FQDN, FW2PORT, FWRGNAME, FWTRIES, FWDELAY, FWUDRTAG must be added
+#     FW1NAME, FW2NAME, FWMONITOR, FW1FQDN, FW1PORT, FW2FQDN, FW2PORT, FW1RGNAME, FW2RGNAME, FWTRIES, FWDELAY, FWUDRTAG must be added
 #     FWMONITOR = "VMStatus" or "TCPPort" - If using "TCPPort", then also set FW1FQDN, FW2FQDN, FW1PORT and FW2PORT values
 #
 #   - Set Timer Schedule where positions represent: Seconds - Minutes - Hours - Day - Month - DayofWeek
@@ -50,8 +50,8 @@ Write-Output -InputObject "HA NVA timer trigger function executed at:$(Get-Date)
 
 $VMFW1Name = $env:FW1NAME      # Set the Name of the primary NVA firewall
 $VMFW2Name = $env:FW2NAME      # Set the Name of the secondary NVA firewall
-$FW1RGName = $env:FWRGNAME     # Set the ResourceGroup that contains FW1
-$FW2RGName = $env:FWRGNAME     # Set the ResourceGroup that contains FW2
+$FW1RGName = $env:FW1RGNAME     # Set the ResourceGroup that contains FW1
+$FW2RGName = $env:FW2RGNAME     # Set the ResourceGroup that contains FW2
 $Monitor = $env:FWMONITOR      # "VMStatus" or "TCPPort" are valid values
 
 #--------------------------------------------------------------------------

run.ps1 renamed to MyTimerTrigger/run.ps1

@@ -1,5 +1,5 @@
 # Automated failover for network virtual appliances: 
-## Supporting high availability with user-defined route tables on Microsoft Azure
+## Supporting high availability with user-defined route tables on Microsoft Azure (Apply patch for Meraki vMX)
 
 This guide shows you how to implement high availability for network virtual appliance (NVA) firewalls using custom route tables that direct traffic through
 an active-passive NVA configuration. These user-defined routes (UDRs) override the Azure default system routes by directing traffic to the active NVA firewall in an active-passive pair. If the active NVA firewall fails for some reason, whether through a planned or unplanned outage, the route can failover to the secondary NVA firewall.
@@ -51,7 +51,10 @@ To set up the Azure resources:
 
 2.  Take note of the service principal application ID, key value, and Azure Active Directory tenant ID. You will need these to set up Azure Functions later.
 
-3.  [Assign RBAC permissions to the service principal](https://docs.microsoft.com/azure/active-directory/role-based-access-control-configure) for each Azure resource group. For the resource group containing the NVA firewall virtual machines, assign the **Reader** role. For the resource group(s) containing route table resources, assign the **Contributor** role.
+3.  [Assign RBAC permissions to the service principal](https://docs.microsoft.com/azure/active-directory/role-based-access-control-configure) for Azure **subscription** and **resource group**.  
+    1. For the **subscription** containing the NVA firewall virtual machines, assign the **Reader** role.
+       Meraki vMX's resource group has limited privileges to change the settings, so we will configure the settings for the higher level subscription.
+    2. For the **resource group(s)** containing route table resources, assign the **Contributor** role.
 
 4.  [Configure the resource tag name and value](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-using-tags#portal) for each route table resource managed by the function app using the following:
 
@@ -94,23 +97,25 @@ To create, configure, and deploy the function app:
 
 4.  Click [Application settings](https://docs.microsoft.com/azure/azure-functions/functions-how-to-use-azure-function-app-settings#settings) and add the following variables and values:
 
-| Variable       | Value                                                                                   |
-|----------------|-----------------------------------------------------------------------------------------|
-| SP\_USERNAME   | Application ID of the service principal                                                 |
-| SP\_PASSWORD   | Key value of the service principal                                                      |
-| TENANTID       | Azure Active Directory tenant ID                                                        |
-| SUBSCRIPTIONID | Azure subscription ID                                                                   |
-| AZURECLOUD     | Either *AzureCloud* or *AzureUSGovernment*                                              |
-| FW1NAME        | Name of the virtual machine hosting the first NVA firewall instance                     |
-| FW2NAME        | Name of the virtual machine hosting the second NVA firewall instance                    |
-| FWRGNAME       | Name of the resource group containing the NVA firewall virtual machines                 |
-| FWUDRTAG       | Resource tag value                                                                      |
-| FWTRIES        | *3* (enables three retries for checking firewall health before returning “Down” status) |
-| FWDELAY        | *2* (enables two seconds between retries)                                               |
-| FWMONITOR      | Either *VMStatus* or *TCPPort*                                                          |
-| FWMAILDOMAINMX | DNS domain name containing MX record for sending email alerts                           |
-| FWMAILFROM     | Email address to use as “From:” address on email alerts                                 |
-| FWMAILTO       | Email address to which email alerts should be sent                                      |
+| Variable                    | Value                                                                                   |
+|-----------------------------|-----------------------------------------------------------------------------------------|
+| FUNCTIONS_EXTENSION_VERSION | ~1 (Deal with [issue](https://github.com/Azure/ha-nva-fo/issues/7))                     |
+| SP\_USERNAME                | Application ID of the service principal                                                 |
+| SP\_PASSWORD                | Key value of the service principal                                                      |
+| TENANTID                    | Azure Active Directory tenant ID                                                        |
+| SUBSCRIPTIONID              | Azure subscription ID                                                                   |
+| AZURECLOUD                  | Either *AzureCloud* or *AzureUSGovernment*                                              |
+| FW1NAME                     | Name of the virtual machine hosting the first NVA firewall instance                     |
+| FW2NAME                     | Name of the virtual machine hosting the second NVA firewall instance                    |
+| FW1RGNAME                   | Name of the resource group containing the first NVA firewall virtual machines           |
+| FW2RGNAME                   | Name of the resource group containing the second NVA firewall virtual machines          |
+| FWUDRTAG                    | Resource tag value                                                                      |
+| FWTRIES                     | *3* (enables three retries for checking firewall health before returning “Down” status) |
+| FWDELAY                     | *2* (enables two seconds between retries)                                               |
+| FWMONITOR                   | Either *VMStatus* or *TCPPort*                                                          |
+| FWMAILDOMAINMX              | DNS domain name containing MX record for sending email alerts                           |
+| FWMAILFROM                  | Email address to use as “From:” address on email alerts                                 |
+| FWMAILTO                    | Email address to which email alerts should be sent                                      |
 
 5.  If you set FWMONITOR to *TCPPort*, add the following application setting variables and values:
 
@@ -128,9 +133,11 @@ To create, configure, and deploy the function app:
 
     1.  **Choose Source**: External Repository
 
-    2.  **Repository URL**: <https://github.com/[repo-name]/ha-nva-fo>
+    2.  **Repository URL**: <https://github.com/[repo-name]/ha-nva-fo>  
+        Please change it in the appropriate Repository URL.
 
-    3.  **Branch**: *master*
+    3.  **Branch**: *patch-meraki-vmx*  
+        Please change it in the appropriate Branch.
 
     4.  **Repository Type**: Git
 
@@ -183,3 +190,7 @@ This solution is basic by design so you can tailor it to your environment. How y
 * [Azure Functions documentation](https://docs.microsoft.com/azure/azure-functions/)
 
 * [Azure Virtual Network Appliances](https://azure.microsoft.com/solutions/network-appliances/)
+
+* [vMX Setup Guide for Microsoft Azure](https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure)
+
+* [Deploying Highly Available vMX in Azure](https://documentation.meraki.com/MX/Other_Topics/Deploying_Highly_Available_vMX_in_Azure)

README.md

@@ -0,0 +1,11 @@
+# This file enables modules to be automatically managed by the Functions service.
+# See https://aka.ms/functionsmanageddependency for additional information.
+#
+@{
+    # For latest supported version, go to 'https://www.powershellgallery.com/packages/Az'. 
+    # To use the Az module in your function app, please uncomment the line below.
+    'Az.Accounts' = '2.*'
+    'Az.Network' = '4.*'
+    'Az.Compute' = '4.*'
+    'Az.Resources' = '4.*'
+}