SDNExpress.ps1

# --------------------------------------------------------------
# Copyright © Microsoft Corporation. All Rights Reserved.
# Microsoft Corporation (or based on where you live, one of its affiliates) licenses this sample code for your internal testing purposes only.
# Microsoft provides the following sample code AS IS without warranty of any kind. The sample code arenot supported under any Microsoft standard support program or services.
# Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose.
# The entire risk arising out of the use or performance of the sample code remains with you.
# In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever
# (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss)
# arising out of the use of or inability to use the sample code, even if Microsoft has been advised of the possibility of such damages.
# ---------------------------------------------------------------
<#
.SYNOPSIS
    Deploys and configures the Microsoft SDN infrastructure,
    including creation of the network controller, Software Load Balancer MUX
    and gateway VMs. Then the VMs and Hyper-V hosts are configured to be
    used by the Network Controller. When this script completes the SDN
    infrastructure is ready to be fully used for workload deployments.
.EXAMPLE
    .\SDNExpress.ps1 -ConfigurationDataFile .\MyConfig.psd1
    Reads in the configuration from a PSD1 file that contains a hash table
    of settings data.
.EXAMPLE
    .\SDNExpress -ConfigurationData $MyConfigurationData
    Uses the hash table that is passed in as the configuration data. This
    parameter set is useful when programatically generating the
    configuration data.
.EXAMPLE
    .\SDNExpress
    Displays a user interface for interactively defining the configuraiton
    data. At the end you have the option to save as a configuration file
    before deploying.
.NOTES
    Prerequisites:
    * All Hyper-V hosts must have Hyper-V enabled and the Virtual Switch
    already created.
    * All Hyper-V hosts must be joined to Active Directory.
    * The physical network must be preconfigured for the necessary subnets and
    VLANs as defined in the configuration data.
    * The VHD specified in the configuration data must be reachable from the
    computer where this script is run.
#>


[CmdletBinding(DefaultParameterSetName="NoParameters")]
param(
    [Parameter(Mandatory=$true,ParameterSetName="ConfigurationFile")]
    [String] $ConfigurationDataFile=$null,
    [Parameter(Mandatory=$true,ParameterSetName="ConfigurationData")]
    [object] $ConfigurationData=$null,
    [Switch] $SkipValidation,
    [Switch] $SkipDeployment,
    [PSCredential] $DomainJoinCredential = $null,
    [PSCredential] $NCCredential = $null,
    [PSCredential] $LocalAdminCredential = $null
    )    


# Script version, should be matched with the config files
$ScriptVersion = "3.0"


if ((get-wmiobject win32_operatingsystem).caption.Contains("Windows 10")) {
    get-windowscapability -name rsat.NetworkController.Tools* -online | Add-WindowsCapability -online
} else {
    $feature = get-windowsfeature "RSAT-NetworkController"
    if ($null -eq $feature) {
        throw "SDN Express requires Windows Server 2016 or later."
    }
    if (!$feature.Installed) {
        add-windowsfeature "RSAT-NetworkController"
    }
}


import-module .\SDNExpress.psm1 -force

write-SDNExpressLog "*** Begin SDN Express Deployment ***"
write-SDNExpressLog "ParameterSet: $($psCmdlet.ParameterSetName)" 
write-SDNExpressLog " -ConfigurationDataFile: $ConfigurationDataFile"
write-SDNExpressLog " -ConfigurationData: $ConfigurationData"
write-SDNExpressLog " -SkipValidation: $SkipValidation"
write-SDNExpressLog " -SkipDeployment: $SkipValidation"
Write-SDNExpressLog "Version info follows: $($PSVersionTable | out-string)"

if ($psCmdlet.ParameterSetName -eq "NoParameters") {
    write-sdnexpresslog "Begin interactive mode."    

    import-module .\SDNExpressUI.psm1 -force
    $configData = SDNExpressUI  
    if ($null -eq $configData)
    {
        # user cancelled
        exit
    }

} elseif ($psCmdlet.ParameterSetName -eq "ConfigurationFile") {
    write-sdnexpresslog "Using configuration file passed in by parameter."    
    $configdata = [hashtable] (Invoke-Expression (Get-Content $ConfigurationDataFile | out-string))
} elseif ($psCmdlet.ParameterSetName -eq "ConfigurationData") {
    write-sdnexpresslog "Using configuration data object passed in by parameter."    
    $configdata = $configurationData 
}

# if FCNC is enabled, load the modules
if ($configdata.UseFCNC) {
  if(-not [string]::IsNullOrEmpty($Global:FCNC_MODULE_PATH_ROOT)) {
    ipmo  (Join-Path $Global:FCNC_MODULE_PATH_ROOT -ChildPath NetworkControllerFc.psd1) -Force -Scope Global
  } else {
    import-Module NetworkControllerFc -ErrorAction SilentlyContinue
    if ($null -eq (Get-Module NetworkControllerFc)) {
      ipmo ..\NetworkControllerFc\NetworkControllerFc.psd1 -Force -Scope Global
    }
  }  

  # rename and copy package
  if([string]::IsNullOrEmpty($configdata.FCNCPackage) -eq $false) {    
    write-sdnexpresslog "looking for FCNC package $($configdata.FCNCPackage)"
    # check if the package exists
    if (Test-Path $configdata.FCNCPackage) {
      write-sdnexpresslog "FCNC package found"
      $configdata.FCNCBins = $configdata.FCNCPackage
    } else {
      write-sdnexpresslog "FCNC package not found"
      throw "FCNC package not found"
    }

    # copy the nuget to a temp file, rename to zip , decompress it and delete the temp file
    write-sdnexpresslog "copying FCNC package to $($configdata.FCNCBins)"
    Copy-Item $configdata.FCNCPackage "$($configdata.FCNCPackage).zip" -Verbose
    $configdata.FCNCBins = $configdata.FCNCPackage.Replace(".nupkg", ".zip")
        
    Copy-Item $configdata.FCNCPackage $configdata.FCNCBins -Force
    write-sdnexpresslog "unzipping FCNC package"
    Expand-Archive -Path $configdata.FCNCBins -DestinationPath $configdata.FCNCBins.Replace(".zip", "") -Force
    $configdata.FCNCBins = $configdata.FCNCBins.Replace(".zip", "")
  }
}

if ($Configdata.ScriptVersion -ne $scriptversion) {
    write-error "Configuration file version $($ConfigData.ScriptVersion) is not compatible with this version of SDN express. Please update your config file to match the version $scriptversion example."
    return
}

function GetPassword 
{
    param(
        [String] $SecurePasswordText,
        [PSCredential] $Credential,
        [String] $Message,
        [String] $UserName
    )
    if ([String]::IsNullOrEmpty($SecurePasswordText) -and ($null -eq $Credential)) {
        write-sdnexpresslog "No credentials found on command line or in config file. Prompting."    
        $Credential = get-Credential -Message $Message -UserName $UserName
    }

    if ($null -ne $Credential) {
        write-sdnexpresslog "Using credentials from the command line."    
        return $Credential.GetNetworkCredential().Password
    }

    try {
        write-sdnexpresslog "Using credentials from config file."    
        $securepassword = $SecurePasswordText | convertto-securestring -erroraction Ignore
        $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
        return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
    } catch {
        write-sdnexpresslog "Unable to decrpypt credentials in config file. Could be from a different user or generated on different computer. Prompting instead."    
        $Credential = get-Credential -Message $Message -UserName $UserName
        if ($null -eq $credential) {
            write-sdnexpresslog "User cancelled credential input. Exiting."    
            exit
        }
        return $Credential.GetNetworkCredential().Password
    }

}
function GetNextMacAddress
{
    param(
        [String] $MacAddress
    )

    return ("{0:X12}" -f ([convert]::ToInt64($MacAddress.ToUpper().Replace(":", "").Replace("-", ""), 16) + 1)).Insert(2, "-").Insert(5, "-").Insert(8, "-").Insert(11, "-").Insert(14, "-")
}

function ValidateMacPools
{

    $curInstallDirectory = $Global:installDirectory

    Import-Module Moc -ErrorAction SilentlyContinue
    if ($(Get-Module -Name Moc) -eq $null) 
    {
        Write-SDNExpressLog "MOC Module not found. Skipping check for conflicting MOC and SDN resources."
        return
    }

    try 
    {
        try 
        {
            $mocNotInstalled = (Get-mocconfig -ErrorAction SilentlyContinue).installState -eq "NotInstalled"
            if ($mocnotInstalled)
            {
                Write-SDNExpressLog "No MOC installation found. Skipping check for conflicting MOC and SDN resources."
                return
            }
        }
        catch
        {
            Write-SDNExpressLog "No MOC installation found. Skipping check for conflicting MOC and SDN resources."
            return
        }

        $loc = get-moclocation -ErrorAction SilentlyContinue
        if (-not $loc)
        {
            Write-SDNExpressLog "No MOC location found. Skipping check for conflicting MOC and SDN resources."
            return
        }
        
        $sdnStart = $ConfigData.SDNMacPoolStart -Replace "-",""
        $sdnEnd = $ConfigData.SDNMacPoolEnd -Replace "-",""

        foreach($l in $loc) 
        {
            $mocMacPool = Get-MocMacPool -location $l.Name
            if (-not $mocMacPool)
            {
                continue
            }

            try 
            {
                $mocStart = $mocMacPool.Properties.range.startmacaddress -Replace ":",""
                $mocEnd = $mocMacPool.Properties.range.endmacaddress -Replace ":",""
            }
            catch 
            {
                throw "Could not determine the MOC MAC pool start or end MAC address."
            }
            
            
            if ((IsMac1GreaterThanMac2 -mac1 $sdnStart -mac2 $mocStart) `
                    -and (IsMac1GreaterThanMac2 -mac1 $sdnStart -mac2 $mocEnd))
            {
                continue
            }
            if ((IsMac1GreaterThanMac2 -mac1 $mocStart -mac2 $sdnEnd) `
                    -and (IsMac1GreaterThanMac2 -mac1 $mocEnd -mac2 $sdnEnd))
            {
                continue
            }
            throw "The SDN MAC pool specified in the configuration file conflicts with the MOC MAC pools."
        }
    } 
    finally 
    {
        $Global:installDirectory = $curInstallDirectory
    }
}

function IsMac1GreaterThanMac2
{
    param(
        [string]$mac1,
        [string]$mac2
    )

    $mac1Bytes = [System.Net.NetworkInformation.PhysicalAddress]::Parse($mac1).GetAddressBytes()
    $mac2Bytes = [System.Net.NetworkInformation.PhysicalAddress]::Parse($mac2).GetAddressBytes()

    $i = 0
    while ($i -lt $mac2Bytes.Count)
    {
        if ($mac1Bytes[$i] -gt $mac2Bytes[$i])
        {
            return $true
        }
        if ($mac2Bytes[$i] -gt $mac1Bytes[$i])
        {
            return $false
        }
        $i++
    }
    return $false
}

try {
    $DomainJoinPassword = GetPassword $ConfigData.DomainJoinSecurePassword $DomainJoinCredential "Enter credentials for joining VMs to the AD domain." $configdata.DomainJoinUserName
    $NCPassword = GetPassword $ConfigData.NCSecurePassword $NCCredential "Enter credentials for the Network Controller to use." $configdata.NCUserName
    $LocalAdminPassword = GetPassword $ConfigData.LocalAdminSecurePassword $LocalAdminCredential "Enter the password for the local administrator of newly created VMs. Username is ignored." "Administrator"

    $NCSecurePassword = $NCPassword | convertto-securestring -AsPlainText -Force

    $credential = New-Object System.Management.Automation.PsCredential($ConfigData.NCUsername, $NCSecurePassword)

    if (![string]::IsNullOrEmpty($ConfigData.ManagementSubnet)) {
        $ManagementSubnetBits = $ConfigData.ManagementSubnet.Split("/")[1]
    }

    if ([string]::IsNullOrEmpty($ConfigData.PASubnet)) {
        if ($ConfigData.Muxes.Count -gt 0) {
            throw "Load Balancer Mux configuration requires a PA Subnet."
        }
        if ($ConfigData.Gateways.Count -gt 0) {
            throw "Gateway configuration requires a PA Subnet."
        }
    }

    foreach ($h in $ConfigData.hypervhosts) 
    {
        try 
        {
            $ncFc = Get-NetworkControllerOnFailoverCluster
        }
        catch {}
        if ($ncFc -ne $null)
        {
            $msg = "An existing Network Controller on failover clustering installation was found. Stopping the current install."
            throw $msg
        }
        try 
        {
            $s = New-SdnExpressPsSession -ComputerName $h -credential $credential
            $connections = invoke-command -Session $s {
                (Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\NcHostAgent\Parameters" -Name "Connections").Connections
            }
        }
        catch {}

        if (-not [string]::IsNullOrEmpty($connections))
        {
            foreach ($c in $connections)
            {
                if ($c -like "ssl:*")
                {
                    $cSplit = $c -split ":"
                    $NCIP = $cSplit[1]
                    $port = $cSplit[2]
                    break
                }
            }
            if (-not [string]::IsNullOrEmpty($NCIP))
            {
                for($i = 0; $i -lt 5; $i++)
                {
                    if ([bool]::Parse((Test-NetConnection $NCIP -Port $port -ErrorAction SilentlyContinue).TcpTestSucceeded))
                    {
                        $msg = "Network Controller host agent SSL connection key found at HKLM:\SYSTEM\CurrentControlSet\Services\NcHostAgent\Parameters on host $h. `
                            If this key exists as a result of a previous failed Network Controller installation, please remove it. Otherwise please check `
                            for an existing Network Controller installation."

                        throw $msg
                    }
                }
            }
        }
    }


    if (($ConfigData.Muxes.count -gt 0) -or ($ConfigData.Gateways.count -gt 0)) {
        $PASubnetBits = $ConfigData.PASubnet.Split("/")[1]
    }

    ValidateMacPools

    $DomainJoinUserNameDomain = $ConfigData.DomainJoinUserName.Split("\")[0]
    $DomainJoinUserNameName = $ConfigData.DomainJoinUserName.Split("\")[1]
    $LocalAdminDomainUserDomain = $ConfigData.LocalAdminDomainUser.Split("\")[0]
    $LocalAdminDomainUserName = $ConfigData.LocalAdminDomainUser.Split("\")[1]

    if ($null -eq $ConfigData.VMProcessorCount) {$ConfigData.VMProcessorCount = 8}
    if ($null -eq $ConfigData.VMMemory) {$ConfigData.VMMemory = 8GB}
    if ($null -eq $ConfigData.DisableIPv6DHCP) {$ConfigData.DisableIPv6DHCP = $false}
    if ([string]::IsNullOrEmpty($ConfigData.PoolName)) {$ConfigData.PoolName = "DefaultAll"}

    write-SDNExpressLog "STAGE 1: Create VMs"

    $createparams = @{
        'ComputerName'='';
        'VMLocation'=$ConfigData.VMLocation;
        'VMName'='';
        'VHDSrcPath'=$ConfigData.VHDPath;
        'VHDName'=$ConfigData.VHDFile;
        'VMMemory'=$ConfigData.VMMemory;
        'VMProcessorCount'=$ConfigData.VMProcessorCount;
        'Nics'=@();
        'CredentialDomain'=$DomainJoinUserNameDomain;
        'CredentialUserName'=$DomainJoinUserNameName;
        'CredentialPassword'=$DomainJoinPassword;
        'JoinDomain'=$ConfigData.JoinDomain;
        'LocalAdminPassword'=$LocalAdminPassword;
        'DomainAdminDomain'=$LocalAdminDomainUserDomain;
        'DomainAdminUserName'=$LocalAdminDomainUserName;
        'SwitchName'=$ConfigData.SwitchName;
        'DisableIPv6DHCP'=$ConfigData.DisableIPv6DHCP
    }

    if (![String]::IsNullOrEmpty($ConfigData.ProductKey)) {
        $createparams.ProductKey = $ConfigData.ProductKey
    }
    if (![String]::IsNullOrEmpty($ConfigData.Locale)) {
        $createparams.Locale = $ConfigData.Locale
    }
    if (![String]::IsNullOrEmpty($ConfigData.TimeZone)) {
        $createparams.TimeZone = $ConfigData.TimeZone
    }

    write-SDNExpressLog "STAGE 1.0.1: Enable VFP"
    foreach ($h in $ConfigData.hypervhosts) {

        write-SDNExpressLog "Adding net virt feature to $($h)"
        $s = New-SdnExpressPsSession -ComputerName $h $credential
        invoke-command -Session $s {
            add-windowsfeature NetworkVirtualization -IncludeAllSubFeature -IncludeManagementTools
        }
     
        write-SDNExpressLog "Enabling VFP on $($h) $($ConfigData.SwitchName)"
        $s = New-SdnExpressPsSession -ComputerName $h $credential
        invoke-command -Session $s {
            param(
                [String] $VirtualSwitchName
                )
            Enable-VmSwitchExtension -VMSwitchName $VirtualSwitchName -Name "Microsoft Azure VFP Switch Extension"
        } -ArgumentList $ConfigData.SwitchName

        $s = New-SdnExpressPsSession -ComputerName $h $credential
        invoke-command -Session $s {
          Set-Service -Name NCHostAgent  -StartupType Automatic; Start-Service -Name NCHostAgent 
        }
    }

    $HostNameIter = 0
    
    $useCertBySubject = $false

    if ($ConfigData.UseCertBySubject) { 
        $useCertBySubject = $true
    }

    if (-not $ConfigData.UseFCNC) {
        foreach ($NC in $ConfigData.NCs) {
            if ([string]::IsNullOrEmpty($nc.macaddress)) {
                $nc.macaddress = $ConfigData.SDNMacPoolStart
                $configdata.SDNMacPoolStart = GetNextMacAddress($ConfigData.SDNMacPoolStart)
            }

            if ([string]::IsNullOrEmpty($nc.HostName)) {
                $nc.HostName = $ConfigData.HyperVHosts[$HostNameIter]
                $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count
            }
        }
    }


    foreach ($Mux in $ConfigData.Muxes) {
        if ([string]::IsNullOrEmpty($Mux.HostName)) {
            $Mux.HostName = $ConfigData.HyperVHosts[$HostNameIter]
            $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count
        }
        if ([string]::IsNullOrEmpty($Mux.PAIPAddress)) {
            $Mux.PAIPAddress = $ConfigData.PAPoolStart
            $ConfigData.PAPoolStart = Get-IPAddressInSubnet -Subnet $ConfigData.PAPoolStart -Offset 1
        }
    }
    #Allocate GW management MACs from outside of SDN pool
    foreach ($gateway in $ConfigData.Gateways) {
        if ([string]::IsNullOrEmpty($Gateway.macaddress)) {
            $gateway.macaddress = $ConfigData.SDNMacPoolStart
            $configdata.SDNMacPoolStart = GetNextMacAddress($ConfigData.SDNMacPoolStart)
        }
        if ([string]::IsNullOrEmpty($Gateway.HostName)) {
            $Gateway.HostName = $ConfigData.HyperVHosts[$HostNameIter]
            $HostNameIter = ($HostNameIter + 1) % $ConfigData.HyperVHosts.Count
        }        
    }
    #Allocate GW FE & BE macs, FE IP from within SDN mac and PA pools
    $nextmac = $configdata.SDNMacPoolStart
    $PAOffset = 0
    foreach ($gateway in $ConfigData.Gateways) {
        if ([string]::IsNullOrEmpty($Gateway.FrontEndMac)) {
            $gateway.FrontEndMac = $nextmac
            $nextmac = GetNextMacAddress($nextmac)
        }
        if ([string]::IsNullOrEmpty($Gateway.BackEndMac)) {
            $gateway.BackEndMac = $nextmac
            $nextmac = GetNextMacAddress($nextmac)
        }
        if ([string]::IsNullOrEmpty($Gateway.FrontEndIP)) {
            $Gateway.FrontEndIP = Get-IPAddressInSubnet -Subnet $ConfigData.PAPoolStart -Offset $PAOffset
            $PAOffset += 1
        }
    }


    if (-not $ConfigData.UseFCNC) {
        write-SDNExpressLog "STAGE 1.1: Create NC VMs"
        foreach ($NC in $ConfigData.NCs) {
            $createparams.ComputerName=$NC.HostName;
            $createparams.VMName=$NC.ComputerName;
            if ([string]::IsNullOrEmpty($NC.ManagementIP)) {
                $createparams.Nics=@(
                    @{Name="Management"; MacAddress=$NC.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$NC.ManagementSwitch}
                )
            } else {
                $createparams.Nics=@(
                    @{Name="Management"; MacAddress=$NC.MacAddress; IPAddress="$($NC.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$NC.ManagementSwitch}
                )
            }
            $createparams.Roles=@("NetworkController","NetworkControllerTools")
            New-SDNExpressVM @createparams
        }
    }


    write-SDNExpressLog "STAGE 1.2: Create Mux VMs"

    foreach ($Mux in $ConfigData.Muxes) {
        $createparams.ComputerName=$mux.HostName;
        $createparams.VMName=$mux.ComputerName;
        if ([string]::IsNullOrEmpty($Mux.ManagementIP)) {
            $createparams.Nics=@(
                @{Name="Management"; MacAddress=$Mux.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch},
                @{Name="HNVPA"; MacAddress=$Mux.PAMacAddress; IPAddress="$($Mux.PAIPAddress)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID; IsMuxPA=$true}
            )
        } else {
            $createparams.Nics=@(
                @{Name="Management"; MacAddress=$Mux.MacAddress; IPAddress="$($Mux.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch},
                @{Name="HNVPA"; MacAddress=$Mux.PAMacAddress; IPAddress="$($Mux.PAIPAddress)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID; IsMuxPA=$true}
            )
        }
        $createparams.Roles=@("SoftwareLoadBalancer")

        New-SDNExpressVM @createparams
    }


    if ($ConfigData.NCs.count -gt 0 -or $ConfigData.UseFCNC) {
        write-SDNExpressLog "STAGE 2: Network Controller Configuration"
        $NCNodes = @()

        
        if ($ConfigData.UseFCNC) {

            if ([string]::IsNullOrEmpty($ConfigData.FCNCBins))
            {
                $ConfigData.FCNCBins = "C:\Windows\NetworkController"
            }

            $NCNodes = $ConfigData.HyperVHosts

            $params = @{
                'Credential'=$Credential
                'RestName'=$ConfigData.RestName
                'RestIpAddress'=$ConfigData.RestIpAddress
                'ComputerNames'=$NCNodes
                'FCNCBins' = $ConfigData.FCNCBins
                'FCNCDBs' = $ConfigData.FCNCDBs
                'ClusterNetworkName' = $ConfigData.ClusterNetworkName
                'UseCertBySubject' = $useCertBySubject
            }
            
            New-FCNCNetworkController @params

        } else {
            foreach ($NC in $ConfigData.NCs) {
                $NCNodes += $NC.ComputerName
            }

            WaitforComputerToBeReady -ComputerName $NCNodes -Credential $Credential

            $params = @{
                'Credential'=$Credential
                'RestName'=$ConfigData.RestName
                'RestIpAddress'=$ConfigData.RestIpAddress
                'ComputerNames'=$NCNodes
                'UseCertBySubject' = $useCertBySubject
            }

            if (![string]::IsNullOrEmpty($ConfigData.ManagementSecurityGroup)) {
                $params.ManagementSecurityGroupName = $ConfigData.ManagementSecurityGroup
                $params.ClientSecurityGroupName = $ConfigData.ClientSecurityGroup
            }
            New-SDNExpressNetworkController @params
        }


        write-SDNExpressLog "STAGE 2.1: Getting REST cert thumbprint in order to find it in local root store."

        # Check through nodes until we find a node that was originally set up with
        $NCHostCertThumb = $null
        $nodeIdx = 0
        while ($null -eq $NCHostCertThumb -and $nodeIdx -lt $NCNodes.length) {
            $s = New-SdnExpressPsSession -ComputerName $NCNodes[$nodeIdx] $credential
            $NCHostCertThumb = invoke-command -Session $s {
                param(
                    $RESTName,
                    [String] $funcDefGetSdnCert
                )
                . ([ScriptBlock]::Create($funcDefGetSdnCert))
                $Cert = GetSdnCert -subjectName $RestName.ToUpper()
                return $cert.Thumbprint        
            } -ArgumentList $ConfigData.RestName, $Global:fdGetSdnCert

            $nodeIdx++
        }

        $NCHostCert = get-childitem "cert:\localmachine\root\$NCHostCertThumb"

        $params = @{
            'RestName' = $ConfigData.RestName;
            'MacAddressPoolStart' = $ConfigData.SDNMacPoolStart;
            'MacAddressPoolEnd' = $ConfigData.SDNMacPoolEnd;
            'NCHostCert' = $NCHostCert
            'NCUsername' = $ConfigData.NCUsername;
            'NCPassword' = $NCPassword
            'UseCertBySubject' = $useCertBySubject
        }
        New-SDNExpressVirtualNetworkManagerConfiguration @Params -Credential $Credential

        if (![string]::IsNullOrEmpty($ConfigData.PASubnet)) {
            $params = @{
                'RestName' = $ConfigData.RestName;
                'AddressPrefix' = $ConfigData.PASubnet;
                'VLANID' = $ConfigData.PAVLANID;
                'DefaultGateways' = $ConfigData.PAGateway;
                'IPPoolStart' = $ConfigData.PAPoolStart;
                'IPPoolEnd' = $ConfigData.PAPoolEnd
            }
            Add-SDNExpressVirtualNetworkPASubnet @params -Credential $Credential
        } else {
            write-SDNExpressLog "PA subnets not specified in configuration, skipping Virtual Network PA configuration."
        }
    } 
    else 
    {
        $NCHostCert = GetSdnCert -subjectName $configdata.RestName -store "cert:\localmachine\root" 

        if ($null -eq $NCHostCert) {
            $ErrorText = "Network Controller cert with CN=$($configdata.RestName) not found on $(hostname) in cert:\localmachine\root"
            write-SDNExpressLog $ErrorText
            throw $ErrorText
        }        
    }

    $useFcNc = $false
    if ($ConfigData.UseFCNC)
    { 
        $useFcNc = $true
    } 

    if ($ConfigData.Muxes.Count -gt 0) {
        write-SDNExpressLog "STAGE 3: SLB Configuration"

        if (![string]::IsNullOrEmpty($ConfigData.PrivateVIPSubnet)) {
            $params = @{
                'RestName' = $ConfigData.RestName;
                'PrivateVIPPrefix' = $ConfigData.PrivateVIPSubnet;
                'PublicVIPPrefix' = $ConfigData.PublicVIPSubnet
            }

            New-SDNExpressLoadBalancerManagerConfiguration @Params -Credential $Credential
        } else {
            write-SDNExpressLog "VIP subnets not specified in configuration, skipping load balancer manager configuration."
        }

        WaitforComputerToBeReady -ComputerName $ConfigData.Muxes.ComputerName -Credential $Credential

        foreach ($Mux in $ConfigData.muxes) {
            Add-SDNExpressMux -ComputerName $Mux.ComputerName -PAMacAddress $Mux.PAMacAddress -PAGateway $ConfigData.PAGateway -LocalPeerIP $Mux.PAIPAddress -MuxASN $ConfigData.SDNASN -Routers $ConfigData.Routers -RestName $ConfigData.RestName -NCHostCert $NCHostCert -Credential $Credential -IsFC $useFcNc
        }
    }


    write-SDNExpressLog "STAGE 4: Host Configuration"
    $params = @{}

    if (![string]::IsNullOREmpty($ConfigData.PASubnet)) {
        $params.HostPASubnetPrefix = $ConfigData.PASubnet;
    }

    foreach ($h in $ConfigData.hypervhosts) {
        if($ConfigData.Port -ne $null -and $ConfigData.Port -ne 0) {
            write-SDNExpressLog "Using port $($ConfigData.Port) for host $h"
            $params.Port = $ConfigData.Port
        }

        Add-SDNExpressHost @params -ComputerName $h `
                                -RestName $ConfigData.RestName `
                                -NCHostCert $NCHostCert `
                                -Credential $Credential `
                                -VirtualSwitchName $ConfigData.SwitchName `
                                -IsFC $useFcNc `
                                -AddToFcCluster $false 
    }

    if ($ConfigData.Gateways.Count -gt 0) {
        write-SDNExpressLog "STAGE 5.1: Create Gateway VMs"

        foreach ($Gateway in $ConfigData.Gateways) {
            $params = @{
                'RestName'=$ConfigData.RestName
                'ComputerName'=$gateway.computername
                'HostName'=$gateway.Hostname
                'JoinDomain'=$ConfigData.JoinDomain
                'FrontEndLogicalNetworkName'='HNVPA'
                'FrontEndAddressPrefix'=$ConfigData.PASubnet
            }
    
            $Result = Initialize-SDNExpressGateway @params -Credential $Credential
    
            $Gateway.FrontEndMac = $Result.FrontEndMac
            $Gateway.FrontEndIP = $Result.FrontEndIP
            $Gateway.BackEndMac = $Result.BackEndMac

            $createparams.ComputerName=$Gateway.HostName;
            $createparams.VMName=$Gateway.ComputerName;
            if ([string]::IsNullOrEmpty($Gateway.ManagementIP)) {
                $createparams.Nics=@(
                    @{Name="Management"; MacAddress=$Gateway.MacAddress; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch}
                    @{Name="FrontEnd"; MacAddress=$Gateway.FrontEndMac; IPAddress="$($Gateway.FrontEndIp)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID},
                    @{Name="BackEnd"; MacAddress=$Gateway.BackEndMac; VLANID=$ConfigData.PAVLANID}
                );
            } else {
                $createparams.Nics=@(
                    @{Name="Management"; MacAddress=$Gateway.MacAddress; IPAddress="$($Gateway.ManagementIP)/$ManagementSubnetBits"; Gateway=$ConfigData.ManagementGateway; DNS=$ConfigData.ManagementDNS; VLANID=$ConfigData.ManagementVLANID; SwitchName=$Mux.ManagementSwitch}
                    @{Name="FrontEnd"; MacAddress=$Gateway.FrontEndMac; IPAddress="$($Gateway.FrontEndIp)/$PASubnetBits"; VLANID=$ConfigData.PAVLANID},
                    @{Name="BackEnd"; MacAddress=$Gateway.BackEndMac; VLANID=$ConfigData.PAVLANID}
                );
            }
            $createparams.Roles=@("RemoteAccess", "RemoteAccessServer", "RemoteAccessMgmtTools", "RemoteAccessPowerShell", "RasRoutingProtocols", "Web-Application-Proxy")
    
            New-SDNExpressVM @createparams
        }
    
        write-SDNExpressLog "STAGE 5.3: Configure Gateways"

        if ([String]::IsNullOrEmpty($ConfigData.RedundantCount)) {
            $ConfigData.RedundantCount = 1
        } 

        if ([string]::IsNullOrEmpty($configdata.GatewayPoolType) -or ($configdata.GatewayPoolType -eq "All")) {
            write-SDNExpressLog "Gateway pool type is All."
            New-SDNExpressGatewayPool -IsTypeAll -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -GreSubnetAddressPrefix $ConfigData.GreSubnet -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount
        } elseif ($configdata.GatewayPoolType -eq "GRE") {
            write-SDNExpressLog "Gateway pool type is GRE."
            New-SDNExpressGatewayPool -IsTypeGRE -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -GreSubnetAddressPrefix $ConfigData.GreSubnet -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount
        } elseif ($configdata.GatewayPoolType -eq "Forwarding") {
            write-SDNExpressLog "Gateway pool type is Forwarding."
            New-SDNExpressGatewayPool -IsTypeForwarding -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount
        } elseif ($configdata.GatewayPoolType -eq "IPSec") {
            write-SDNExpressLog "Gateway pool type is IPSec."
            New-SDNExpressGatewayPool -IsTypeIPSec -PoolName $ConfigData.PoolName -Capacity $ConfigData.Capacity -RestName $ConfigData.RestName -Credential $Credential -RedundantCount $ConfigData.RedundantCount
        } else {
            write-SDNExpressLog "Gateway pool type is Invalid."
            throw "Invalid GatewayPoolType specified in config file."
        } 

        WaitforComputerToBeReady -ComputerName $ConfigData.Gateways.ComputerName -Credential $Credential

        foreach ($G in $ConfigData.Gateways) {
            $params = @{
                'RestName'=$ConfigData.RestName
                'ComputerName'=$g.computername
                'HostName'=$g.Hostname
                'NCHostCert'= $NCHostCert
                'PoolName'=$ConfigData.PoolName
                'FrontEndIp'=$G.FrontEndIP
                'FrontEndLogicalNetworkName'='HNVPA'
                'FrontEndAddressPrefix'=$ConfigData.PASubnet
                'FrontEndMac'=$G.FrontEndMac
                'BackEndMac'=$G.BackEndMac
                'Routers'=$ConfigData.Routers 
                'PAGateway'=$ConfigData.PAGateway
                'ManagementRoutes'=$ConfigData.ManagementRoutes
                'LocalASN'=$ConfigData.SDNASN
            }

            if ($ConfigData.UseGatewayFastPath -eq $true) {
                New-SDNExpressGateway @params  -Credential $Credential -UseFastPath -IsFC $useFcNc
            } else {
                New-SDNExpressGateway @params  -Credential $Credential -IsFC $useFcNc
            }
        }

    }

    test-sdnexpresshealth -restname $ConfigData.RestName -Credential $Credential
}
catch
{
    $pscmdlet.throwterminatingerror($PSItem)
}

write-SDNExpressLog "SDN Express deployment complete."

# SIG # Begin signature block
# MIIoKgYJKoZIhvcNAQcCoIIoGzCCKBcCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC03L2zk8pYymKE
# NvEJ9trNXjOFFytvKy9ho7HBgS55AaCCDXYwggX0MIID3KADAgECAhMzAAADrzBA
# DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
# AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA
# hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG
# 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN
# xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL
# go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB
# tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE
# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw
# RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW
# MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci
# tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG
# CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu
# Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0
# MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd
# mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ
# 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY
# 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp
# XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn
# TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT
# e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG
# OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O
# PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk
# ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx
# HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt
# CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq
# hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
# bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
# IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG
# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg
# Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
# CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03
# a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr
# rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg
# OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy
# 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9
# sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh
# dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k
# A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB
# w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn
# Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90
# lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w
# ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o
# ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD
# VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa
# BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny
# bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG
# AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t
# L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV
# HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3
# dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG
# AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl
# AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb
# C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l
# hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6
# I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0
# wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560
# STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam
# ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa
# J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah
# XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA
# 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt
# Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr
# /Xmfwb1tbWrJUnMTDXpQzTGCGgowghoGAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw
# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN
# aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp
# Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB
# BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO
# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIMbs+2IKYF2Kyh2WuXf1hdST
# 3M7uy2rtAQoueM7Obl+zMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A
# cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB
# BQAEggEAd1KbARgnxYuPdim7KhxDcvYHwv1rcmjcAVJvWbeTHQgjiXgrbMS1wVHD
# rNz1TqOEQnhEPmjSsF1rQcw47a3sj/u9JeS4xh8Pqsj6Yx/wYlVPIVl4LZYbjqvg
# WjU5FVbZk+Y8dt+URMlRMtlnIOHZhkkN/umM0L1JKIxclZYUgiVxiKIfeV5SXmDK
# +HpysQd4BzpU68ksDC2Ei6mPH5ayJew/lHmNm1V5LB94MaQyNpkp/tIrwdByJaos
# aEbaITWqtZzvcHJYblNl+fbvkgSNafrDCREo3nZBjW0AqTOAuG0/f+V3EKM+Bhe4
# AgHmPCmKzDzTFokdYbdyXiZwm/i3YKGCF5QwgheQBgorBgEEAYI3AwMBMYIXgDCC
# F3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq
# hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl
# AwQCAQUABCCaz6kDvMsJmTpd2iT6BgPxe7vpFXHKGPCHoAFpS35CjQIGZmr57Vy4
# GBMyMDI0MDYyNDIyMjMyNy41OTdaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV
# UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE
# ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l
# cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046ODYwMy0w
# NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg
# ghHqMIIHIDCCBQigAwIBAgITMwAAAfGzRfUn6MAW1gABAAAB8TANBgkqhkiG9w0B
# AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD
# VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMzEyMDYxODQ1
# NTVaFw0yNTAzMDUxODQ1NTVaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
# cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z
# MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046ODYwMy0wNUUwLUQ5NDcxJTAjBgNV
# BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB
# AQUAA4ICDwAwggIKAoICAQCxulCZttIf8X97rW9/J+Q4Vg9PiugB1ya1/DRxxLW2
# hwy4QgtU3j5fV75ZKa6XTTQhW5ClkGl6gp1nd5VBsx4Jb+oU4PsMA2foe8gP9bQN
# PVxIHMJu6TYcrrn39Hddet2xkdqUhzzySXaPFqFMk2VifEfj+HR6JheNs2LLzm8F
# DJm+pBddPDLag/R+APIWHyftq9itwM0WP5Z0dfQyI4WlVeUS+votsPbWm+RKsH4F
# QNhzb0t/D4iutcfCK3/LK+xLmS6dmAh7AMKuEUl8i2kdWBDRcc+JWa21SCefx5SP
# hJEFgYhdGPAop3G1l8T33cqrbLtcFJqww4TQiYiCkdysCcnIF0ZqSNAHcfI9SAv3
# gfkyxqQNJJ3sTsg5GPRF95mqgbfQbkFnU17iYbRIPJqwgSLhyB833ZDgmzxbKmJm
# dDabbzS0yGhngHa6+gwVaOUqcHf9w6kwxMo+OqG3QZIcwd5wHECs5rAJZ6PIyFM7
# Ad2hRUFHRTi353I7V4xEgYGuZb6qFx6Pf44i7AjXbptUolDcVzYEdgLQSWiuFajS
# 6Xg3k7Cy8TiM5HPUK9LZInloTxuULSxJmJ7nTjUjOj5xwRmC7x2S/mxql8nvHSCN
# 1OED2/wECOot6MEe9bL3nzoKwO8TNlEStq5scd25GA0gMQO+qNXV/xTDOBTJ8zBc
# GQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFLy2xe59sCE0SjycqE5Erb4YrS1gMB8G
# A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG
# Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy
# MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w
# XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy
# dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG
# A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD
# AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQDhSEjSBFSCbJyl3U/QmFMW2eLPBknnlsfI
# D/7gTMvANEnhq08I9HHbbqiwqDEHSvARvKtL7j0znICYBbMrVSmvgDxU8jAGqMyi
# LoM80788So3+T6IZV//UZRJqBl4oM3bCIQgFGo0VTeQ6RzYL+t1zCUXmmpPmM4xc
# ScVFATXj5Tx7By4ShWUC7Vhm7picDiU5igGjuivRhxPvbpflbh/bsiE5tx5cuOJE
# JSG+uWcqByR7TC4cGvuavHSjk1iRXT/QjaOEeJoOnfesbOdvJrJdbm+leYLRI67N
# 3cd8B/suU21tRdgwOnTk2hOuZKs/kLwaX6NsAbUy9pKsDmTyoWnGmyTWBPiTb2rp
# 5ogo8Y8hMU1YQs7rHR5hqilEq88jF+9H8Kccb/1ismJTGnBnRMv68Ud2l5LFhOZ4
# nRtl4lHri+N1L8EBg7aE8EvPe8Ca9gz8sh2F4COTYd1PHce1ugLvvWW1+aOSpd8N
# nwEid4zgD79ZQxisJqyO4lMWMzAgEeFhUm40FshtzXudAsX5LoCil4rLbHfwYtGO
# pw9DVX3jXAV90tG9iRbcqjtt3vhW9T+L3fAZlMeraWfh7eUmPltMU8lEQOMelo/1
# ehkIGO7YZOHxUqeKpmF9QaW8LXTT090AHZ4k6g+tdpZFfCMotyG+E4XqN6ZWtKEB
# QiE3xL27BDCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI
# hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw
# DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
# MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy
# MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC
# VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
# BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp
# bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
# AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg
# M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF
# dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6
# GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp
# Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu
# yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E
# XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0
# lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q
# GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ
# +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA
# PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw
# EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG
# NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV
# MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj
# cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK
# BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC
# AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX
# zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v
# cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI
# KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG
# 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x
# M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC
# VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449
# xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM
# nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS
# PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d
# Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn
# GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs
# QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL
# jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL
# 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNN
# MIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp
# bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw
# b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn
# MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjg2MDMtMDVFMC1EOTQ3MSUwIwYDVQQD
# ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQD7
# n7Bk4gsM2tbU/i+M3BtRnLj096CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w
# IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6iP4BjAiGA8yMDI0MDYyNDEzNDk1
# OFoYDzIwMjQwNjI1MTM0OTU4WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDqI/gG
# AgEAMAcCAQACAgZsMAcCAQACAhOwMAoCBQDqJUmGAgEAMDYGCisGAQQBhFkKBAIx
# KDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJKoZI
# hvcNAQELBQADggEBAKyoqWoC3X31USsslK+V+MmvNkCMLFJVw16sCXe3tZr2wyKK
# 6HxrEoal5Xgn0DOt27rWynJeDXqv9C0rOYqZbZXr298YFb0WMFnZaVVnePV1hU4N
# NkfTGungEjOAJtrVE8ljP6i1kiD7WnuTTfGbn3stX/9BXat8O8ck5hzmxGSn1Auy
# SBRAo6GqbO43NUuTjxrgTU2JkyUrWlnU6D/L5ki79IV+8/XECXIdneDfGLt8rt+m
# VA36jAsuxXfUvK525sb0DttgIcpcK2EmU7L8zjrqDtP7plQRj94rX2ofEAkJGyAj
# K6c+iCOdUibWJipmpm9pRw/zMRVq8ljtzJxMJQcxggQNMIIECQIBATCBkzB8MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy
# b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAfGzRfUn6MAW1gABAAAB8TAN
# BglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8G
# CSqGSIb3DQEJBDEiBCBG2kMh2aC6m7K5bQENrkQCKnpOj4QftJtoRe3pzraG5TCB
# +gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EINV3/T5hS7ijwao466RosB7wwEib
# t0a1P5EqIwEj9hF4MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
# c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
# b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw
# MTACEzMAAAHxs0X1J+jAFtYAAQAAAfEwIgQggBKIIzmuENCIjk61FdfpQppvoNTx
# CnY8GtVYk4B0BKwwDQYJKoZIhvcNAQELBQAEggIAjgXAi8tiz3E1I/AfQdK52FEh
# cDnH1J9c/O/Es5o2iWX8NoAn3itOwBq8Mt40NWTrbiA8QRSReX6uk+qQ38bp5Lkl
# JoNrs9/EzXHaUnwEnXgjnZRFxUKGBm1S91dO86Ybx8B56/b+l3EWir7tmfxCXI4J
# uElWxq/fTiLtkqVVyGa2wGeS0CC/p0YEv30kCAhC91kBi2IcrYY5DUDQp5k51iRs
# fIwhTcuPpXGqHzEajzXEplSoZbFpyuvpElaBdpg3zRt4NDXPKZUZfxI3/+Vyv0+u
# bW9G2NtlzK3/Os/r0kw8NEoScS1rO5nC356z6e3IqdvbU90x+EdZvlhO235LbxXD
# Ec3vab7LnIkcGSUKlvBR7J0UNwnmJDEH1JvAZx/U2TQOB7qCfsDeiWBAiD6r5x/Z
# GhAODSGAnXf5ri3zARe3LJbbyOeV59aVw9D0+8F5aMdoDcm/bgzkJGb+2olux3NH
# U9lTvk37RhvcK9LVl9gz2ECLb1dDy4eXF/vgYxtuf4HmIbf5xUSAFBpZUwdjPKLI
# deqe4EW3RKZaKuT8yDvioRwVX287rHQZCjWyuCyISQ5hrDoIn0WngdsLEVtOz9EP
# qSZnrBIOuWHlglahiJXVNXAKksN/Fa5RjbGHvJbCzWauFCYbU1C4htHd4xfibeZ/
# JT5LJjDOflG129cKCNQ=
# SIG # End signature block