public void CreateVMWithNetworkSecurityGroupOnNIC() { using (var undoContext = UndoContext.Current) { undoContext.Start(); using (NetworkTestBase _testFixture = new NetworkTestBase()) { // setup bool storageAccountCreated = false; bool hostedServiceCreated = false; string serviceName = _testFixture.GenerateRandomName(); string deploymentName = _testFixture.GenerateRandomName(); string roleName = _testFixture.GenerateRandomName(); string networkInterfaceName = _testFixture.GenerateRandomName(); string location = _testFixture.ManagementClient.GetDefaultLocation("Storage", "Compute", "PersistentVMRole"); string virtualNetworkName = "virtualNetworkSiteName"; string subnetName = "FrontEndSubnet5"; string storageAccountName = _testFixture.GenerateRandomName().ToLower(); // create Network Security Group string securityGroupName = _testFixture.GenerateRandomNetworkSecurityGroupName(); string securityGroupLabel = _testFixture.GenerateRandomName(); string securityGroupLocation = "North Central US"; _testFixture.CreateNetworkSecurityGroup(securityGroupName, securityGroupLabel, securityGroupLocation); _testFixture.CreateStorageAccount(location, storageAccountName, out storageAccountCreated); _testFixture.SetSimpleVirtualNetwork(); _testFixture.CreateHostedService(location, serviceName, out hostedServiceCreated); var multiNICVMDeployment = _testFixture.CreateMultiNICIaaSDeploymentParameters( serviceName, deploymentName, roleName, networkInterfaceName, storageAccountName, virtualNetworkName, subnetName); var configurationSets = multiNICVMDeployment.Roles.Single( r => string.Equals(r.RoleName, roleName)).ConfigurationSets; configurationSets .Single( cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration)) .NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName)) .NetworkSecurityGroup = securityGroupName; try { // action 1: create Deployment with NSG _testFixture.ComputeClient.VirtualMachines.CreateDeployment( serviceName, multiNICVMDeployment); // assert 1 NetworkSecurityGroupGetAssociationResponse response = _testFixture.NetworkClient.NetworkSecurityGroups.GetForNetworkInterface( serviceName, deploymentName, roleName, networkInterfaceName); Assert.Equal(securityGroupName, response.Name); var deployment = _testFixture.ComputeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production); Assert.Equal( securityGroupName, deployment.Roles.Single(r => string.Equals(r.RoleName, roleName)) .ConfigurationSets.Single( cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration)) .NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName)) .NetworkSecurityGroup); // action 2: update deployment without NSG configurationSets .Single( cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration)) .NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName)) .NetworkSecurityGroup = null; _testFixture.ComputeClient.VirtualMachines.Update(serviceName, deploymentName, roleName, new VirtualMachineUpdateParameters() { RoleName = roleName, ConfigurationSets = configurationSets, OSVirtualHardDisk = _testFixture.GetOSVirtualHardDisk(storageAccountName, serviceName) }); // assert 2 deployment = _testFixture.ComputeClient.Deployments.GetBySlot(serviceName, DeploymentSlot.Production); Assert.Null( deployment.Roles.Single(r => string.Equals(r.RoleName, roleName)) .ConfigurationSets.Single( cs => string.Equals(cs.ConfigurationSetType, ConfigurationSetTypes.NetworkConfiguration)) .NetworkInterfaces.Single(nic => string.Equals(nic.Name, networkInterfaceName)) .NetworkSecurityGroup); } finally { if (hostedServiceCreated) { _testFixture.ComputeClient.HostedServices.DeleteAll(serviceName); } } } } }