SDNExpress.ps1
# -------------------------------------------------------------- # Copyright © Microsoft Corporation. All Rights Reserved. # Microsoft Corporation (or based on where you live, one of its affiliates) licenses this sample code for your internal testing purposes only. # Microsoft provides the following sample code AS IS without warranty of any kind. The sample code arenot supported under any Microsoft standard support program or services. # Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. # The entire risk arising out of the use or performance of the sample code remains with you. # In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever # (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) # arising out of the use of or inability to use the sample code, even if Microsoft has been advised of the possibility of such damages. # --------------------------------------------------------------- <# .SYNOPSIS Deploys and configures the Microsoft SDN infrastructure, including creation of the network controller, Software Load Balancer MUX and gateway VMs. Then the VMs and Hyper-V hosts are configured to be used by the Network Controller. When this script completes the SDN infrastructure is ready to be fully used for workload deployments. .EXAMPLE .\SDNExpress.ps1 -ConfigurationDataFile .\MyConfig.psd1 Reads in the configuration from a PSD1 file that contains a hash table of settings data. .EXAMPLE .\SDNExpress -ConfigurationData $MyConfigurationData Uses the hash table that is passed in as the configuration data. This parameter set is useful when programatically generating the configuration data. .EXAMPLE .\SDNExpress Displays a user interface for interactively defining the configuraiton data. At the end you have the option to save as a configuration file before deploying. .NOTES Prerequisites: * All Hyper-V hosts must have Hyper-V enabled and the Virtual Switch already created. * All Hyper-V hosts must be joined to Active Directory. * The physical network must be preconfigured for the necessary subnets and VLANs as defined in the configuration data. * The VHD specified in the configuration data must be reachable from the computer where this script is run. #> [CmdletBinding(DefaultParameterSetName="NoParameters")] param( [Parameter(Mandatory=$true,ParameterSetName="ConfigurationFile")] [String] $ConfigurationDataFile=$null, [Parameter(Mandatory=$true,ParameterSetName="ConfigurationData")] [object] $ConfigurationData=$null, [Switch] $SkipValidation, [Switch] $SkipDeployment, [PSCredential] $DomainJoinCredential = $null, [PSCredential] $NCCredential = $null, [PSCredential] $LocalAdminCredential = $null ) # Script version, should be matched with the config files $ScriptVersion = "3.0" if ((get-wmiobject win32_operatingsystem).caption.Contains("Windows 10")) { get-windowscapability -name rsat.NetworkController.Tools* -online | Add-WindowsCapability -online } else { $feature = get-windowsfeature "RSAT-NetworkController" if ($null -eq $feature) { throw "SDN Express requires Windows Server 2016 or later." } if (!$feature.Installed) { add-windowsfeature "RSAT-NetworkController" } } import-module .\SDNExpress.psm1 -force write-SDNExpressLog "*** Begin SDN Express Deployment ***" write-SDNExpressLog "ParameterSet: $($psCmdlet.ParameterSetName)" write-SDNExpressLog " -ConfigurationDataFile: $ConfigurationDataFile" write-SDNExpressLog " -ConfigurationData: $ConfigurationData" write-SDNExpressLog " -SkipValidation: $SkipValidation" write-SDNExpressLog " -SkipDeployment: $SkipValidation" Write-SDNExpressLog "Version info follows: $($PSVersionTable | out-string)" if ($psCmdlet.ParameterSetName -eq "NoParameters") { write-sdnexpresslog "Begin interactive mode." import-module .\SDNExpressUI.psm1 -force $configData = SDNExpressUI if ($null -eq $configData) { # user cancelled exit } } elseif ($psCmdlet.ParameterSetName -eq "ConfigurationFile") { write-sdnexpresslog "Using configuration file passed in by parameter." $configdata = [hashtable] (Invoke-Expression (Get-Content $ConfigurationDataFile | out-string)) } elseif ($psCmdlet.ParameterSetName -eq "ConfigurationData") { write-sdnexpresslog "Using configuration data object passed in by parameter." $configdata = $configurationData } # if FCNC is enabled, load the modules if ($configdata.UseFCNC) { if(-not [string]::IsNullOrEmpty($Global:FCNC_MODULE_PATH_ROOT)) { ipmo (Join-Path $Global:FCNC_MODULE_PATH_ROOT -ChildPath NetworkControllerFc.psd1) -Force -Scope Global } else { import-Module NetworkControllerFc -ErrorAction SilentlyContinue if ($null -eq (Get-Module NetworkControllerFc)) { ipmo ..\NetworkControllerFc\NetworkControllerFc.psd1 -Force -Scope Global } } # rename and copy package if([string]::IsNullOrEmpty($configdata.FCNCPackage) -eq $false) { write-sdnexpresslog "looking for FCNC package $($configdata.FCNCPackage)" # check if the package exists if (Test-Path $configdata.FCNCPackage) { write-sdnexpresslog "FCNC package found" $configdata.FCNCBins = $configdata.FCNCPackage } else { write-sdnexpresslog "FCNC package not found" throw "FCNC package not found" } # copy the nuget to a temp file, rename to zip , decompress it and delete the temp file write-sdnexpresslog "copying FCNC package to $($configdata.FCNCBins)" Copy-Item $configdata.FCNCPackage "$($configdata.FCNCPackage).zip" -Verbose $configdata.FCNCBins = $configdata.FCNCPackage.Replace(".nupkg", ".zip") Copy-Item $configdata.FCNCPackage $configdata.FCNCBins -Force write-sdnexpresslog "unzipping FCNC package" Expand-Archive -Path $configdata.FCNCBins -DestinationPath $configdata.FCNCBins.Replace(".zip", "") -Force $configdata.FCNCBins = $configdata.FCNCBins.Replace(".zip", "") } } if ($Configdata.ScriptVersion -ne $scriptversion) { write-error "Configuration file version $($ConfigData.ScriptVersion) is not compatible with this version of SDN express. Please update your config file to match the version $scriptversion example." return } function GetPassword { param( [String] $SecurePasswordText, [PSCredential] $Credential, [String] $Message, [String] $UserName ) if ([String]::IsNullOrEmpty($SecurePasswordText) -and ($null -eq $Credential)) { write-sdnexpresslog "No credentials found on command line or in config file. Prompting." $Credential = get-Credential -Message $Message -UserName $UserName } if ($null -ne $Credential) { write-sdnexpresslog "Using credentials from the command line." return $Credential.GetNetworkCredential().Password } try { write-sdnexpresslog "Using credentials from config file." $securepassword = $SecurePasswordText | convertto-securestring -erroraction Ignore $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword) return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) } catch { write-sdnexpresslog "Unable to decrpypt credentials in config file. Could be from a different user or generated on different computer. Prompting instead." $Credential = get-Credential -Message $Message -UserName $UserName if ($null -eq $credential) { write-sdnexpresslog "User cancelled credential input. Exiting." exit } return $Credential.GetNetworkCredential().Password } } function GetNextMacAddress { param( [String] $MacAddress ) return ("{0:X12}" -f ([convert]::ToInt64($MacAddress.ToUpper().Replace(":", "").Replace("-", ""), 16) + 1)).Insert(2, "-").Insert(5, "-").Insert(8, "-").Insert(11, "-").Insert(14, "-") } function ValidateMacPools { $curInstallDirectory = $Global:installDirectory Import-Module Moc -ErrorAction SilentlyContinue if ($(Get-Module -Name Moc) -eq $null) { Write-SDNExpressLog "MOC Module not found. Skipping check for conflicting MOC and SDN resources." return } try { try { $mocNotInstalled = (Get-mocconfig -ErrorAction SilentlyContinue).installState -eq "NotInstalled" if ($mocnotInstalled) { Write-SDNExpressLog "No MOC installation found. Skipping check for conflicting MOC and SDN resources." return } } catch { Write-SDNExpressLog "No MOC installation found. Skipping check for conflicting MOC and SDN resources." return } $loc = get-moclocation -ErrorAction SilentlyContinue if (-not $loc) { Write-SDNExpressLog "No MOC location found. Skipping check for conflicting MOC and SDN resources." return } $sdnStart = $ConfigData.SDNMacPoolStart -Replace "-","" $sdnEnd = $ConfigData.SDNMacPoolEnd -Replace "-","" foreach($l in $loc) { $mocMacPool = Get-MocMacPool -location $l.Name if (-not $mocMacPool) { continue } try { $mocStart = $mocMacPool.Properties.range.startmacaddress -Replace ":","" $mocEnd = $mocMacPool.Properties.range.endmacaddress -Replace ":","" } catch { throw "Could not determine the MOC MAC pool start or end MAC address." } if ((IsMac1GreaterThanMac2 -mac1 $sdnStart -mac2 $mocStart) ` -and (IsMac1GreaterThanMac2 -mac1 $sdnStart -mac2 $mocEnd)) { continue } if ((IsMac1GreaterThanMac2 -mac1 $mocStart -mac2 $sdnEnd) ` -and (IsMac1GreaterThanMac2 -mac1 $mocEnd -mac2 $sdnEnd)) { continue } throw "The SDN MAC pool specified in the configuration file conflicts with the MOC MAC pools." } } finally { $Global:installDirectory = $curInstallDirectory } } function IsMac1GreaterThanMac2 { param( [string]$mac1, [string]$mac2 ) $mac1Bytes = [System.Net.NetworkInformation.PhysicalAddress]::Parse($mac1).GetAddressBytes() $mac2Bytes = [System.Net.NetworkInformation.PhysicalAddress]::Parse($mac2).GetAddressBytes() $i = 0 while ($i -lt $mac2Bytes.Count) { if ($mac1Bytes[$i] -gt $mac2Bytes[$i]) { return $true } if ($mac2Bytes[$i] -gt $mac1Bytes[$i]) { return $false } $i++ } return $false } try { $DomainJoinPassword = GetPassword $ConfigData.DomainJoinSecurePassword $DomainJoinCredential "Enter credentials for joining VMs to the AD domain." $configdata.DomainJoinUserName $NCPassword = GetPassword $ConfigData.NCSecurePassword $NCCredential "Enter credentials for the Network Controller to use." $configdata.NCUserName $LocalAdminPassword = GetPassword $ConfigData.LocalAdminSecurePassword $LocalAdminCredential "Enter the password for the local administrator of newly created VMs. Username is ignored." "Administrator" $NCSecurePassword = $NCPassword | convertto-securestring -AsPlainText -Force $credential = New-Object System.Management.Automation.PsCredential($ConfigData.NCUsername, $NCSecurePassword) if (![string]::IsNullOrEmpty($ConfigData.ManagementSubnet)) { $ManagementSubnetBits = $ConfigData.ManagementSubnet.Split("/")[1] } if ([string]::IsNullOrEmpty($ConfigData.PASubnet)) { if ($ConfigData.Muxes.Count -gt 0) { throw "Load Balancer Mux configuration requires a PA Subnet." } if ($ConfigData.Gateways.Count -gt 0) { throw "Gateway configuration requires a PA Subnet." } } foreach ($h in $ConfigData.hypervhosts) { try { $ncFc = Get-NetworkControllerOnFailoverCluster } catch {} if ($ncFc -ne $null) { $msg = "An existing Network Controller on failover clustering installation was found. Stopping the current install." throw $msg } try { $s = New-SdnExpressPsSession -ComputerName $h -credential $credential $connections = invoke-command -Session $s { (Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\NcHostAgent\Parameters" -Name "Connections").Connections } } catch {} if (-not [string]::IsNullOrEmpty($connections)) { foreach ($c in $connections) { if ($c -like "ssl:*") { $cSplit = $c -split ":" $NCIP = $cSplit[1] $port = $cSplit[2] break } } if (-not [string]::IsNullOrEmpty($NCIP)) { for($i = 0; $i -lt 5; $i++) { if ([bool]::Parse((Test-NetConnection $NCIP -Port $port -ErrorAction SilentlyContinue).TcpTestSucceeded)) { $msg = "Network Controller host agent SSL connection key found at HKLM:\SYSTEM\CurrentControlSet\Services\NcHostAgent\Parameters on host $h. ` If this key exists as a result of a previous failed Network Controller installation, please remove it. Otherwise please check ` for an existing Network Controller installation." throw $msg } } } } } if (($ConfigData.Muxes.count -gt 0) -or ($ConfigData.Gateways.count -gt 0)) { $PASubnetBits = $ConfigData.PASubnet.Split("/")[1] } ValidateMacPools $DomainJoinUserNameDomain = $ConfigData.DomainJoinUserName.Split("\")[0] $DomainJoinUserNameName = $ConfigData.DomainJoinUserName.Split("\")[1] $LocalAdminDomainUserDomain = $ConfigData.LocalAdminDomainUser.Split("\")[0] $LocalAdminDomainUserName = $ConfigData.LocalAdminDomainUser.Split("\")[1] if ($null -eq $ConfigData.VMProcessorCount) {$ConfigData.VMProcessorCount = 8} if ($null -eq $ConfigData.VMMemory) {$ConfigData.VMMemory = 8GB} if ($null -eq $ConfigData.DisableIPv6DHCP) {$ConfigData.DisableIPv6DHCP = $false} if ([string]::IsNullOrEmpty($ConfigData.PoolName)) {$ConfigData.PoolName = "DefaultAll"} write-SDNExpressLog "STAGE 1: Create VMs" $createparams = @{ 'ComputerName'=''; 'VMLocation'=$ConfigData.VMLocation; 'VMName'=''; 'VHDSrcPath'=$ConfigData.VHDPath; 'VHDName'=$ConfigData.VHDFile; 'VMMemory'=$ConfigData.VMMemory; 'VMProcessorCount'=$ConfigData.VMProcessorCount; 'Nics'=@(); 'CredentialDomain'=$DomainJoinUserNameDomain; 'CredentialUserName'=$DomainJoinUserNameName; 'CredentialPassword'=$DomainJoinPassword; 'JoinDomain'=$ConfigData.JoinDomain; 'LocalAdminPassword'=$LocalAdminPassword; 'DomainAdminDomain'=$LocalAdminDomainUserDomain; 'DomainAdminUserName'=$LocalAdminDomainUserName; 'SwitchName'=$ConfigData.SwitchName; 'DisableIPv6DHCP'=$ConfigData.DisableIPv6DHCP } if (![String]::IsNullOrEmpty($ConfigData.ProductKey)) { $createparams.ProductKey = $ConfigData.ProductKey } if (![String]::IsNullOrEmpty($ConfigData.Locale)) { $createparams.Locale = $ConfigData.Locale } if (![String]::IsNullOrEmpty($ConfigData.TimeZone)) { $createparams.TimeZone = $ConfigData.TimeZone } write-SDNExpressLog "STAGE 1.0.1: Enable VFP" foreach ($h in $ConfigData.hypervhosts) { write-SDNExpressLog "Adding net virt feature to $($h)" $s = New-SdnExpressPsSession -ComputerName $h $credential invoke-command -Session $s { add-windowsfeature NetworkVirtualization -IncludeAllSubFeature -IncludeManagementTools } write-SDNExpressLog "Enabling VFP on $($h) $($ConfigData.SwitchName)" $s = New-SdnExpressPsSession -ComputerName $h $credential invoke-command -Session $s { param( [String] $VirtualSwitchName ) Enable-VmSwitchExtension -VMSwitchName $VirtualSwitchName -Name "Microsoft Azure VFP Switch Extension" } -ArgumentList $ConfigData.SwitchName $s = New-SdnExpressPsSession -ComputerName $h $credential invoke-command -Session $s { Set-Service -Name NCHostAgent -StartupType Automatic; Start-Service -Name NCHostAgent } } $HostNameIter = 0 $useCertBySubject = $false if ($ConfigData.UseCertBySubject) { $useCertBySubject = $true } if (-not $ConfigData.UseFCNC) { foreach ($NC in $ConfigData.NCs) { if ([string]::IsNullOrEmpty($nc.macaddress)) { $nc.macaddress = $ConfigData.SDNMacPoolStart $configdata.SDNMacPoolStart = GetNextMacAddress($ConfigData.SDNMacPoolStart) } if ([string]::IsNullOrEmpty($nc.HostName)) { $nc.HostName = $ConfigData.HyperVHosts[$HostNameIter] $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count } } } foreach ($Mux in $ConfigData.Muxes) { if ([string]::IsNullOrEmpty($Mux.HostName)) { $Mux.HostName = $ConfigData.HyperVHosts[$HostNameIter] $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count } if ([string]::IsNullOrEmpty($Mux.PAIPAddress)) { $Mux.PAIPAddress = $ConfigData.PAPoolStart $ConfigData.PAPoolStart = Get-IPAddressInSubnet -Subnet $ConfigData.PAPoolStart -Offset 1 } } #Allocate GW management MACs from outside of SDN pool foreach ($gateway in $ConfigData.Gateways) { if ([string]::IsNullOrEmpty($Gateway.macaddress)) { $gateway.macaddress = $ConfigData.SDNMacPoolStart $configdata.SDNMacPoolStart = GetNextMacAddress($ConfigData.SDNMacPoolStart) } if ([string]::IsNullOrEmpty($Gateway.HostName)) { $Gateway.HostName = $ConfigData.HyperVHosts[$HostNameIter] $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count } } #Allocate GW FE & BE macs, FE IP from within SDN mac and PA pools $nextmac = $configdata.SDNMacPoolStart $PAOffset = 0 foreach ($gateway in $ConfigData.Gateways) { if ([string]::IsNullOrEmpty($Gateway.FrontEndMac)) { $gateway.FrontEndMac = $nextmac $nextmac = GetNextMacAddress($nextmac) } if ([string]::IsNullOrEmpty($Gateway.BackEndMac)) { $gateway.BackEndMac = $nextmac $nextmac = GetNextMacAddress($nextmac) } if ([string]::IsNullOrEmpty($Gateway.FrontEndIP)) { $Gateway.FrontEndIP = Get-IPAddressInSubnet -Subnet $ConfigData.PAPoolStart -Offset $PAOffset $PAOffset += 1 } } if (-not $ConfigData.UseFCNC) { write-SDNExpressLog "STAGE 1.1: Create NC VMs" foreach ($NC in $ConfigData.NCs) { $createparams.ComputerName=$NC.HostName; $createparams.VMName=$NC.ComputerName; if ([string]::IsNullOrEmpty($NC.ManagementIP)) { $createparams.Nics=@( @{Name="Management"; MacAddress=$NC.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$NC.ManagementSwitch} ) } else { $createparams.Nics=@( @{Name="Management"; MacAddress=$NC.MacAddress; IPAddress="$($NC.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$NC.ManagementSwitch} ) } $createparams.Roles=@("NetworkController","NetworkControllerTools") New-SDNExpressVM @createparams } } write-SDNExpressLog "STAGE 1.2: Create Mux VMs" foreach ($Mux in $ConfigData.Muxes) { $createparams.ComputerName=$mux.HostName; $createparams.VMName=$mux.ComputerName; if ([string]::IsNullOrEmpty($Mux.ManagementIP)) { $createparams.Nics=@( @{Name="Management"; MacAddress=$Mux.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch}, @{Name="HNVPA"; MacAddress=$Mux.PAMacAddress; IPAddress="$($Mux.PAIPAddress)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID; IsMuxPA=$true} ) } else { $createparams.Nics=@( @{Name="Management"; MacAddress=$Mux.MacAddress; IPAddress="$($Mux.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch}, @{Name="HNVPA"; MacAddress=$Mux.PAMacAddress; IPAddress="$($Mux.PAIPAddress)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID; IsMuxPA=$true} ) } $createparams.Roles=@("SoftwareLoadBalancer") New-SDNExpressVM @createparams } if ($ConfigData.NCs.count -gt 0 -or $ConfigData.UseFCNC) { write-SDNExpressLog "STAGE 2: Network Controller Configuration" $NCNodes = @() if ($ConfigData.UseFCNC) { if ([string]::IsNullOrEmpty($ConfigData.FCNCBins)) { $ConfigData.FCNCBins = "C:\Windows\NetworkController" } $NCNodes = $ConfigData.HyperVHosts $params = @{ 'Credential'=$Credential 'RestName'=$ConfigData.RestName 'RestIpAddress'=$ConfigData.RestIpAddress 'ComputerNames'=$NCNodes 'FCNCBins' = $ConfigData.FCNCBins 'FCNCDBs' = $ConfigData.FCNCDBs 'ClusterNetworkName' = $ConfigData.ClusterNetworkName 'UseCertBySubject' = $useCertBySubject } New-FCNCNetworkController @params } else { foreach ($NC in $ConfigData.NCs) { $NCNodes += $NC.ComputerName } WaitforComputerToBeReady -ComputerName $NCNodes -Credential $Credential $params = @{ 'Credential'=$Credential 'RestName'=$ConfigData.RestName 'RestIpAddress'=$ConfigData.RestIpAddress 'ComputerNames'=$NCNodes 'UseCertBySubject' = $useCertBySubject } if (![string]::IsNullOrEmpty($ConfigData.ManagementSecurityGroup)) { $params.ManagementSecurityGroupName = $ConfigData.ManagementSecurityGroup $params.ClientSecurityGroupName = $ConfigData.ClientSecurityGroup } New-SDNExpressNetworkController @params } write-SDNExpressLog "STAGE 2.1: Getting REST cert thumbprint in order to find it in local root store." # Check through nodes until we find a node that was originally set up with $NCHostCertThumb = $null $nodeIdx = 0 while ($null -eq $NCHostCertThumb -and $nodeIdx -lt $NCNodes.length) { $s = New-SdnExpressPsSession -ComputerName $NCNodes[$nodeIdx] $credential $NCHostCertThumb = invoke-command -Session $s { param( $RESTName, [String] $funcDefGetSdnCert ) . ([ScriptBlock]::Create($funcDefGetSdnCert)) $Cert = GetSdnCert -subjectName $RestName.ToUpper() return $cert.Thumbprint } -ArgumentList $ConfigData.RestName, $Global:fdGetSdnCert $nodeIdx++ } $NCHostCert = get-childitem "cert:\localmachine\root\$NCHostCertThumb" $params = @{ 'RestName' = $ConfigData.RestName; 'MacAddressPoolStart' = $ConfigData.SDNMacPoolStart; 'MacAddressPoolEnd' = $ConfigData.SDNMacPoolEnd; 'NCHostCert' = $NCHostCert 'NCUsername' = $ConfigData.NCUsername; 'NCPassword' = $NCPassword 'UseCertBySubject' = $useCertBySubject } New-SDNExpressVirtualNetworkManagerConfiguration @Params -Credential $Credential if (![string]::IsNullOrEmpty($ConfigData.PASubnet)) { $params = @{ 'RestName' = $ConfigData.RestName; 'AddressPrefix' = $ConfigData.PASubnet; 'VLANID' = $ConfigData.PAVLANID; 'DefaultGateways' = $ConfigData.PAGateway; 'IPPoolStart' = $ConfigData.PAPoolStart; 'IPPoolEnd' = $ConfigData.PAPoolEnd } Add-SDNExpressVirtualNetworkPASubnet @params -Credential $Credential } else { write-SDNExpressLog "PA subnets not specified in configuration, skipping Virtual Network PA configuration." } } else { $NCHostCert = GetSdnCert -subjectName $configdata.RestName -store "cert:\localmachine\root" if ($null -eq $NCHostCert) { $ErrorText = "Network Controller cert with CN=$($configdata.RestName) not found on $(hostname) in cert:\localmachine\root" write-SDNExpressLog $ErrorText throw $ErrorText } } $useFcNc = $false if ($ConfigData.UseFCNC) { $useFcNc = $true } if ($ConfigData.Muxes.Count -gt 0) { write-SDNExpressLog "STAGE 3: SLB Configuration" if (![string]::IsNullOrEmpty($ConfigData.PrivateVIPSubnet)) { $params = @{ 'RestName' = $ConfigData.RestName; 'PrivateVIPPrefix' = $ConfigData.PrivateVIPSubnet; 'PublicVIPPrefix' = $ConfigData.PublicVIPSubnet } New-SDNExpressLoadBalancerManagerConfiguration @Params -Credential $Credential } else { write-SDNExpressLog "VIP subnets not specified in configuration, skipping load balancer manager configuration." } WaitforComputerToBeReady -ComputerName $ConfigData.Muxes.ComputerName -Credential $Credential foreach ($Mux in $ConfigData.muxes) { Add-SDNExpressMux -ComputerName $Mux.ComputerName -PAMacAddress $Mux.PAMacAddress -PAGateway $ConfigData.PAGateway -LocalPeerIP $Mux.PAIPAddress -MuxASN $ConfigData.SDNASN -Routers $ConfigData.Routers -RestName $ConfigData.RestName -NCHostCert $NCHostCert -Credential $Credential -IsFC $useFcNc } } write-SDNExpressLog "STAGE 4: Host Configuration" $params = @{} if (![string]::IsNullOREmpty($ConfigData.PASubnet)) { $params.HostPASubnetPrefix = $ConfigData.PASubnet; } foreach ($h in $ConfigData.hypervhosts) { if($ConfigData.Port -ne $null -and $ConfigData.Port -ne 0) { write-SDNExpressLog "Using port $($ConfigData.Port) for host $h" $params.Port = $ConfigData.Port } Add-SDNExpressHost @params -ComputerName $h ` -RestName $ConfigData.RestName ` -NCHostCert $NCHostCert ` -Credential $Credential ` -VirtualSwitchName $ConfigData.SwitchName ` -IsFC $useFcNc ` -AddToFcCluster $false } if ($ConfigData.Gateways.Count -gt 0) { write-SDNExpressLog "STAGE 5.1: Create Gateway VMs" foreach ($Gateway in $ConfigData.Gateways) { $params = @{ 'RestName'=$ConfigData.RestName 'ComputerName'=$gateway.computername 'HostName'=$gateway.Hostname 'JoinDomain'=$ConfigData.JoinDomain 'FrontEndLogicalNetworkName'='HNVPA' 'FrontEndAddressPrefix'=$ConfigData.PASubnet } $Result = Initialize-SDNExpressGateway @params -Credential $Credential $Gateway.FrontEndMac = $Result.FrontEndMac $Gateway.FrontEndIP = $Result.FrontEndIP $Gateway.BackEndMac = $Result.BackEndMac $createparams.ComputerName=$Gateway.HostName; $createparams.VMName=$Gateway.ComputerName; if ([string]::IsNullOrEmpty($Gateway.ManagementIP)) { $createparams.Nics=@( @{Name="Management"; MacAddress=$Gateway.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch} @{Name="FrontEnd"; MacAddress=$Gateway.FrontEndMac; IPAddress="$($Gateway.FrontEndIp)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID}, @{Name="BackEnd"; MacAddress=$Gateway.BackEndMac; VLANID=$ConfigData.PAVLANID} ); } else { $createparams.Nics=@( @{Name="Management"; MacAddress=$Gateway.MacAddress; IPAddress="$($Gateway.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch} @{Name="FrontEnd"; MacAddress=$Gateway.FrontEndMac; IPAddress="$($Gateway.FrontEndIp)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID}, @{Name="BackEnd"; MacAddress=$Gateway.BackEndMac; VLANID=$ConfigData.PAVLANID} ); } $createparams.Roles=@("RemoteAccess", "RemoteAccessServer", "RemoteAccessMgmtTools", "RemoteAccessPowerShell", "RasRoutingProtocols", "Web-Application-Proxy") New-SDNExpressVM @createparams } write-SDNExpressLog "STAGE 5.3: Configure Gateways" if ([String]::IsNullOrEmpty($ConfigData.RedundantCount)) { $ConfigData.RedundantCount = 1 } if ([string]::IsNullOrEmpty($configdata.GatewayPoolType) -or ($configdata.GatewayPoolType -eq "All")) { write-SDNExpressLog "Gateway pool type is All." New-SDNExpressGatewayPool -IsTypeAll -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -GreSubnetAddressPrefix $ConfigData.GreSubnet -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount } elseif ($configdata.GatewayPoolType -eq "GRE") { write-SDNExpressLog "Gateway pool type is GRE." New-SDNExpressGatewayPool -IsTypeGRE -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -GreSubnetAddressPrefix $ConfigData.GreSubnet -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount } elseif ($configdata.GatewayPoolType -eq "Forwarding") { write-SDNExpressLog "Gateway pool type is Forwarding." New-SDNExpressGatewayPool -IsTypeForwarding -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount } elseif ($configdata.GatewayPoolType -eq "IPSec") { write-SDNExpressLog "Gateway pool type is IPSec." New-SDNExpressGatewayPool -IsTypeIPSec -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount } else { write-SDNExpressLog "Gateway pool type is Invalid." throw "Invalid GatewayPoolType specified in config file." } WaitforComputerToBeReady -ComputerName $ConfigData.Gateways.ComputerName -Credential $Credential foreach ($G in $ConfigData.Gateways) { $params = @{ 'RestName'=$ConfigData.RestName 'ComputerName'=$g.computername 'HostName'=$g.Hostname 'NCHostCert'= $NCHostCert 'PoolName'=$ConfigData.PoolName 'FrontEndIp'=$G.FrontEndIP 'FrontEndLogicalNetworkName'='HNVPA' 'FrontEndAddressPrefix'=$ConfigData.PASubnet 'FrontEndMac'=$G.FrontEndMac 'BackEndMac'=$G.BackEndMac 'Routers'=$ConfigData.Routers 'PAGateway'=$ConfigData.PAGateway 'ManagementRoutes'=$ConfigData.ManagementRoutes 'LocalASN'=$ConfigData.SDNASN } if ($ConfigData.UseGatewayFastPath -eq $true) { New-SDNExpressGateway @params -Credential $Credential -UseFastPath -IsFC $useFcNc } else { New-SDNExpressGateway @params -Credential $Credential -IsFC $useFcNc } } } test-sdnexpresshealth -restname $ConfigData.RestName -Credential $Credential } catch { $pscmdlet.throwterminatingerror($PSItem) } write-SDNExpressLog "SDN Express deployment complete." # SIG # Begin signature block # MIIoKgYJKoZIhvcNAQcCoIIoGzCCKBcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC03L2zk8pYymKE # NvEJ9trNXjOFFytvKy9ho7HBgS55AaCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGgowghoGAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIMbs+2IKYF2Kyh2WuXf1hdST # 3M7uy2rtAQoueM7Obl+zMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAd1KbARgnxYuPdim7KhxDcvYHwv1rcmjcAVJvWbeTHQgjiXgrbMS1wVHD # rNz1TqOEQnhEPmjSsF1rQcw47a3sj/u9JeS4xh8Pqsj6Yx/wYlVPIVl4LZYbjqvg # WjU5FVbZk+Y8dt+URMlRMtlnIOHZhkkN/umM0L1JKIxclZYUgiVxiKIfeV5SXmDK # +HpysQd4BzpU68ksDC2Ei6mPH5ayJew/lHmNm1V5LB94MaQyNpkp/tIrwdByJaos # aEbaITWqtZzvcHJYblNl+fbvkgSNafrDCREo3nZBjW0AqTOAuG0/f+V3EKM+Bhe4 # AgHmPCmKzDzTFokdYbdyXiZwm/i3YKGCF5QwgheQBgorBgEEAYI3AwMBMYIXgDCC # F3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCaz6kDvMsJmTpd2iT6BgPxe7vpFXHKGPCHoAFpS35CjQIGZmr57Vy4 # GBMyMDI0MDYyNDIyMjMyNy41OTdaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046ODYwMy0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHqMIIHIDCCBQigAwIBAgITMwAAAfGzRfUn6MAW1gABAAAB8TANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMzEyMDYxODQ1 # NTVaFw0yNTAzMDUxODQ1NTVaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046ODYwMy0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCxulCZttIf8X97rW9/J+Q4Vg9PiugB1ya1/DRxxLW2 # hwy4QgtU3j5fV75ZKa6XTTQhW5ClkGl6gp1nd5VBsx4Jb+oU4PsMA2foe8gP9bQN # PVxIHMJu6TYcrrn39Hddet2xkdqUhzzySXaPFqFMk2VifEfj+HR6JheNs2LLzm8F # DJm+pBddPDLag/R+APIWHyftq9itwM0WP5Z0dfQyI4WlVeUS+votsPbWm+RKsH4F # QNhzb0t/D4iutcfCK3/LK+xLmS6dmAh7AMKuEUl8i2kdWBDRcc+JWa21SCefx5SP # hJEFgYhdGPAop3G1l8T33cqrbLtcFJqww4TQiYiCkdysCcnIF0ZqSNAHcfI9SAv3 # gfkyxqQNJJ3sTsg5GPRF95mqgbfQbkFnU17iYbRIPJqwgSLhyB833ZDgmzxbKmJm # dDabbzS0yGhngHa6+gwVaOUqcHf9w6kwxMo+OqG3QZIcwd5wHECs5rAJZ6PIyFM7 # Ad2hRUFHRTi353I7V4xEgYGuZb6qFx6Pf44i7AjXbptUolDcVzYEdgLQSWiuFajS # 6Xg3k7Cy8TiM5HPUK9LZInloTxuULSxJmJ7nTjUjOj5xwRmC7x2S/mxql8nvHSCN # 1OED2/wECOot6MEe9bL3nzoKwO8TNlEStq5scd25GA0gMQO+qNXV/xTDOBTJ8zBc # GQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFLy2xe59sCE0SjycqE5Erb4YrS1gMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQDhSEjSBFSCbJyl3U/QmFMW2eLPBknnlsfI # D/7gTMvANEnhq08I9HHbbqiwqDEHSvARvKtL7j0znICYBbMrVSmvgDxU8jAGqMyi # LoM80788So3+T6IZV//UZRJqBl4oM3bCIQgFGo0VTeQ6RzYL+t1zCUXmmpPmM4xc # ScVFATXj5Tx7By4ShWUC7Vhm7picDiU5igGjuivRhxPvbpflbh/bsiE5tx5cuOJE # JSG+uWcqByR7TC4cGvuavHSjk1iRXT/QjaOEeJoOnfesbOdvJrJdbm+leYLRI67N # 3cd8B/suU21tRdgwOnTk2hOuZKs/kLwaX6NsAbUy9pKsDmTyoWnGmyTWBPiTb2rp # 5ogo8Y8hMU1YQs7rHR5hqilEq88jF+9H8Kccb/1ismJTGnBnRMv68Ud2l5LFhOZ4 # nRtl4lHri+N1L8EBg7aE8EvPe8Ca9gz8sh2F4COTYd1PHce1ugLvvWW1+aOSpd8N # nwEid4zgD79ZQxisJqyO4lMWMzAgEeFhUm40FshtzXudAsX5LoCil4rLbHfwYtGO # pw9DVX3jXAV90tG9iRbcqjtt3vhW9T+L3fAZlMeraWfh7eUmPltMU8lEQOMelo/1 # ehkIGO7YZOHxUqeKpmF9QaW8LXTT090AHZ4k6g+tdpZFfCMotyG+E4XqN6ZWtKEB # QiE3xL27BDCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNN # MIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjg2MDMtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQD7 # n7Bk4gsM2tbU/i+M3BtRnLj096CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6iP4BjAiGA8yMDI0MDYyNDEzNDk1 # OFoYDzIwMjQwNjI1MTM0OTU4WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDqI/gG # AgEAMAcCAQACAgZsMAcCAQACAhOwMAoCBQDqJUmGAgEAMDYGCisGAQQBhFkKBAIx # KDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJKoZI # hvcNAQELBQADggEBAKyoqWoC3X31USsslK+V+MmvNkCMLFJVw16sCXe3tZr2wyKK # 6HxrEoal5Xgn0DOt27rWynJeDXqv9C0rOYqZbZXr298YFb0WMFnZaVVnePV1hU4N # NkfTGungEjOAJtrVE8ljP6i1kiD7WnuTTfGbn3stX/9BXat8O8ck5hzmxGSn1Auy # SBRAo6GqbO43NUuTjxrgTU2JkyUrWlnU6D/L5ki79IV+8/XECXIdneDfGLt8rt+m # VA36jAsuxXfUvK525sb0DttgIcpcK2EmU7L8zjrqDtP7plQRj94rX2ofEAkJGyAj # K6c+iCOdUibWJipmpm9pRw/zMRVq8ljtzJxMJQcxggQNMIIECQIBATCBkzB8MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy # b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAfGzRfUn6MAW1gABAAAB8TAN # BglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8G # CSqGSIb3DQEJBDEiBCBG2kMh2aC6m7K5bQENrkQCKnpOj4QftJtoRe3pzraG5TCB # +gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EINV3/T5hS7ijwao466RosB7wwEib # t0a1P5EqIwEj9hF4MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTACEzMAAAHxs0X1J+jAFtYAAQAAAfEwIgQggBKIIzmuENCIjk61FdfpQppvoNTx # CnY8GtVYk4B0BKwwDQYJKoZIhvcNAQELBQAEggIAjgXAi8tiz3E1I/AfQdK52FEh # cDnH1J9c/O/Es5o2iWX8NoAn3itOwBq8Mt40NWTrbiA8QRSReX6uk+qQ38bp5Lkl # JoNrs9/EzXHaUnwEnXgjnZRFxUKGBm1S91dO86Ybx8B56/b+l3EWir7tmfxCXI4J # uElWxq/fTiLtkqVVyGa2wGeS0CC/p0YEv30kCAhC91kBi2IcrYY5DUDQp5k51iRs # fIwhTcuPpXGqHzEajzXEplSoZbFpyuvpElaBdpg3zRt4NDXPKZUZfxI3/+Vyv0+u # bW9G2NtlzK3/Os/r0kw8NEoScS1rO5nC356z6e3IqdvbU90x+EdZvlhO235LbxXD # Ec3vab7LnIkcGSUKlvBR7J0UNwnmJDEH1JvAZx/U2TQOB7qCfsDeiWBAiD6r5x/Z # GhAODSGAnXf5ri3zARe3LJbbyOeV59aVw9D0+8F5aMdoDcm/bgzkJGb+2olux3NH # U9lTvk37RhvcK9LVl9gz2ECLb1dDy4eXF/vgYxtuf4HmIbf5xUSAFBpZUwdjPKLI # deqe4EW3RKZaKuT8yDvioRwVX287rHQZCjWyuCyISQ5hrDoIn0WngdsLEVtOz9EP # qSZnrBIOuWHlglahiJXVNXAKksN/Fa5RjbGHvJbCzWauFCYbU1C4htHd4xfibeZ/ # JT5LJjDOflG129cKCNQ= # SIG # End signature block |