diff --git a/eng/terraform/.terraform.lock.hcl b/eng/terraform/.terraform.lock.hcl
index 7d25ac9c..f1b6eff8 100644
--- a/eng/terraform/.terraform.lock.hcl
+++ b/eng/terraform/.terraform.lock.hcl
@@ -2,41 +2,41 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/azurerm" {
-  version     = "3.26.0"
-  constraints = "3.26.0"
+  version     = "3.32.0"
+  constraints = "3.32.0"
   hashes = [
-    "h1:cRnV/gpcbggYTsOvgS+S4Cn3ao3xfpreREuTaUurYeA=",
-    "zh:11784141689220aaaee89dac9db45b8748b392965869e5799bb9e551f45db079",
-    "zh:2ca41fd26d81b6e5acab176e54ee5242adc99e7ea83dff7ffb2505a6a73851a9",
-    "zh:3e421bb1ea731031fcedb1e27eb3a156028e9a62a11f2fcd9df9ba121c5dbbb3",
-    "zh:58f5b1f692ffd81717f0bf892fcfc2110287afea3c279a31c94ea4e498ca85a1",
-    "zh:5e3262d16663327c000f7a0a9021b25c1b2458ceed3bce3621a1f05fbe51ec5d",
-    "zh:a08e0e944676533ab90d26727dbfc0bcf1d5c1c3c73761b434bb68214679733f",
-    "zh:a493fcf967467ca8a6659fff4dc3c55971f2cd86db79d9cdfa23927c0d0c7c4e",
-    "zh:bb0549ef26b6d62a3c95943d9daa34d09b3a9a4eb8ad91b45c2422138bc07da7",
-    "zh:e5370070500e50207e7a3feccfb64fe5395da76564db4ccccd21ee2788097877",
+    "h1:dfbqrKzCN4csxin1abdn8KJXHv89R4skhkUglCI4poY=",
+    "zh:3ee1992144e6bf9801c44df0ed1e10413fa83ad605e3ce751cb342dd46904c41",
+    "zh:4f083079909f929b76c0cb2819b107803ecbf26c761832aaa1e7b4a667025665",
+    "zh:52ad565c4bd37c2b4f0bba78639277ef98caaebf2c4c00c67a2659561079c21c",
+    "zh:5ecf7a8470e066cc27b837a8fbc9a02629bb85797007475539983496bcccbc53",
+    "zh:6348154495cd838862b27a9bc0a2714e8f76cd2919df55fce8da0f64ce240ab1",
+    "zh:8325c4f5f65e30bba2537c7df702c80ae29999fba6194c258b075b3cbde5a709",
+    "zh:8b4d33aa76474a9fac9a6859e759c03ffeadb787abf7a9ba5a05b4ca3914c008",
+    "zh:95ccd31450909582ebcf01548ee20df658049783530d79adcb53a601bb163597",
+    "zh:c104f977b96c6402276c82a8d9d6fee14381511e832e9c3593e589e5ee4e708c",
+    "zh:e12372a41a981c24323a467f6c54b0a17e26c85a0fb569e4b733b2a76c9ba6b6",
+    "zh:e80bf9b674914f91ed00984758288b7266ba5772fad728cd1b4cd2f776851ed8",
     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
-    "zh:f66453ac739685b8421f57a6aa820f59a6a4386672eecbe93e4ad22cb370ad0e",
-    "zh:f690d62dc42b20764344efebbacc89dc660f79fb87f8031583a36e4de1418582",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/random" {
-  version     = "3.4.3"
+  version     = "3.6.3"
   constraints = "~> 3.4"
   hashes = [
-    "h1:hXUPrH8igYBhatzatkp80RCeeUJGu9lQFDyKemOlsTo=",
-    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
-    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
-    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "h1:zG9uFP8l9u+yGZZvi5Te7PV62j50azpgwPunq2vTm1E=",
+    "zh:04ceb65210251339f07cd4611885d242cd4d0c7306e86dda9785396807c00451",
+    "zh:448f56199f3e99ff75d5c0afacae867ee795e4dfda6cb5f8e3b2a72ec3583dd8",
+    "zh:4b4c11ccfba7319e901df2dac836b1ae8f12185e37249e8d870ee10bb87a13fe",
+    "zh:4fa45c44c0de582c2edb8a2e054f55124520c16a39b2dfc0355929063b6395b1",
+    "zh:588508280501a06259e023b0695f6a18149a3816d259655c424d068982cbdd36",
+    "zh:737c4d99a87d2a4d1ac0a54a73d2cb62974ccb2edbd234f333abd079a32ebc9e",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
-    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
-    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
-    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
-    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
-    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
-    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
-    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+    "zh:a357ab512e5ebc6d1fda1382503109766e21bbfdfaa9ccda43d313c122069b30",
+    "zh:c51bfb15e7d52cc1a2eaec2a903ac2aff15d162c172b1b4c17675190e8147615",
+    "zh:e0951ee6fa9df90433728b96381fb867e3db98f66f735e0c3e24f8f16903f0ad",
+    "zh:e3cdcb4e73740621dabd82ee6a37d6cfce7fee2a03d8074df65086760f5cf556",
+    "zh:eff58323099f1bd9a0bec7cb04f717e7f1b2774c7d612bf7581797e1622613a0",
   ]
 }
diff --git a/eng/terraform/install-db-server-prerequisites.ps1 b/eng/terraform/install-db-server-prerequisites.ps1
new file mode 100644
index 00000000..55914deb
--- /dev/null
+++ b/eng/terraform/install-db-server-prerequisites.ps1
@@ -0,0 +1,94 @@
+# SPDX-License-Identifier: Apache-2.0
+# Licensed to the Ed-Fi Alliance under one or more agreements.
+# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+# See the LICENSE and NOTICES files in the project root for more information.
+function Install-PowerShellTools {
+    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
+    Install-PackageProvider -Name NuGet -Force
+    Install-Module SqlServer -AllowClobber -Force
+}
+####### Tools-Helper.psm1
+function Invoke-RefreshPath {
+    # Some of the installs in this process do not set the immediate path correctly.
+    # This function simply reads the global path settings and reloads them. Useful
+    # when you can't even get to chocolatey's `refreshenv` command.
+
+    $env:Path=(
+        [System.Environment]::GetEnvironmentVariable("Path","Machine"),
+        [System.Environment]::GetEnvironmentVariable("Path","User")
+    ) -match '.' -join ';'
+}
+
+function Test-ExitCode {
+    if ($LASTEXITCODE -ne 0) {
+
+        throw @"
+The last task failed with exit code $LASTEXITCODE
+$(Get-PSCallStack)
+"@
+    }
+}
+####### Configure-Windows.psm1
+function Set-TLS12Support {
+    Write-Host "Enabling TLS 1.2"
+
+    if (-not [Net.ServicePointManager]::SecurityProtocol.HasFlag([Net.SecurityProtocolType]::Tls12)) {
+        [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
+    }
+}
+
+function Enable-LongFileNames {
+    Write-Host "Enabling long file name support"
+
+    if (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem') {
+        Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -name "LongPathsEnabled" -Value 1 -Verbose -Force
+    }
+}
+###### Install-Applications.psm1
+$common_args = @(
+    "--execution-timeout=$installTimeout",
+    "-y",
+    "--ignore-pending-reboot"
+)
+
+$installTimeout = 14400 # Set to 0 for infinite
+
+function Install-Choco {
+    if (Get-Command "choco.exe" -ErrorAction SilentlyContinue) {
+        Write-Output "Chocolatey is already installed. Setting choco command."
+    }
+    else {
+        Write-Output "Installing Chocolatey..."
+        $uri = "https://chocolatey.org/install.ps1"
+        Invoke-Expression ((New-Object System.Net.WebClient).DownloadString($uri))
+
+        &refreshenv
+    }
+    &choco feature disable --name showDownloadProgress --execution-timeout=$installTimeout
+    Test-ExitCode
+
+    return Get-Command "choco.exe" -ErrorAction SilentlyContinue
+}
+function Install-DotNet {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$True)]
+        [string]
+        $LogFile
+    )
+    Start-Transcript -Path $LogFile -Append
+    &choco install dotnet-8.0-sdk @common_args
+    Stop-Transcript
+    Restart-Computer -Force
+}
+###### Run
+Set-NetFirewallProfile -Enabled False
+$ConfirmPreference="high"
+$ErrorActionPreference = "Stop"
+Set-TLS12Support
+Invoke-RefreshPath
+Enable-LongFileNames
+Install-Choco
+Install-PowerShellTools
+$applicationSetupLog = "$PSScriptRoot/application-setup.log"
+Install-DotNet -LogFile $applicationSetupLog
diff --git a/eng/terraform/install-test-runner-prerequisites.ps1 b/eng/terraform/install-test-runner-prerequisites.ps1
new file mode 100644
index 00000000..f0078f7f
--- /dev/null
+++ b/eng/terraform/install-test-runner-prerequisites.ps1
@@ -0,0 +1,129 @@
+# SPDX-License-Identifier: Apache-2.0
+# Licensed to the Ed-Fi Alliance under one or more agreements.
+# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+# See the LICENSE and NOTICES files in the project root for more information.
+function Add-Path {
+    param(
+      [Parameter(Mandatory, Position=0)]
+      [string] $LiteralPath,
+      [ValidateSet('User', 'CurrentUser', 'Machine', 'LocalMachine')]
+      [string] $Scope
+    )
+    Set-StrictMode -Version 1; $ErrorActionPreference = 'Stop'
+    $isMachineLevel = $Scope -in 'Machine', 'LocalMachine'
+    if ($isMachineLevel -and -not $($ErrorActionPreference = 'Continue'; net session 2>$null)) { throw "You must run AS ADMIN to update the machine-level Path environment variable." }
+    $regPath = 'registry::' + ('HKEY_CURRENT_USER\Environment', 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment')[$isMachineLevel]
+    $currDirs = (Get-Item -LiteralPath $regPath).GetValue('Path', '', 'DoNotExpandEnvironmentNames') -split ';' -ne ''
+    if ($LiteralPath -in $currDirs) {
+      Write-Verbose "Already present in the persistent $(('user', 'machine')[$isMachineLevel])-level Path: $LiteralPath"
+      return
+    }
+    $newValue = ($currDirs + $LiteralPath) -join ';'
+    Set-ItemProperty -Type ExpandString -LiteralPath $regPath Path $newValue
+    $dummyName = [guid]::NewGuid().ToString()
+    [Environment]::SetEnvironmentVariable($dummyName, 'foo', 'User')
+    [Environment]::SetEnvironmentVariable($dummyName, [NullString]::value, 'User')
+    $env:Path = ($env:Path -replace ';$') + ';' + $LiteralPath
+    Write-Verbose "`"$LiteralPath`" successfully appended to the persistent $(('user', 'machine')[$isMachineLevel])-level Path and also the current-process value."
+  }
+function Test-ExitCode {
+    if ($LASTEXITCODE -ne 0) {
+        throw @"
+The last task failed with exit code $LASTEXITCODE
+$(Get-PSCallStack)
+"@
+    }
+}
+####### Configure-Windows.psm1
+function Set-TLS12Support {
+    Write-Host "Enabling TLS 1.2"
+
+    if (-not [Net.ServicePointManager]::SecurityProtocol.HasFlag([Net.SecurityProtocolType]::Tls12)) {
+        [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
+    }
+}
+function Invoke-RefreshPath {
+    # Some of the installs in this process do not set the immediate path correctly.
+    # This function simply reads the global path settings and reloads them. Useful
+    # when you can't even get to chocolatey's `refreshenv` command.
+    $env:Path=(
+        [System.Environment]::GetEnvironmentVariable("Path","Machine"),
+        [System.Environment]::GetEnvironmentVariable("Path","User")
+    ) -match '.' -join ';'
+}
+function Enable-LongFileNames {
+    Write-Host "Enabling long file name support"
+    if (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem') {
+        Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -name "LongPathsEnabled" -Value 1 -Verbose -Force
+    }
+}
+function Install-PowerShellTools {
+    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
+    Install-PackageProvider -Name NuGet -Force
+    Install-Module CredentialManager -AllowClobber -Force
+    Install-Module SqlServer -AllowClobber -Force
+}
+function Update-Path {
+    $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") +
+                ";" +
+                [System.Environment]::GetEnvironmentVariable("Path","User")
+}
+###### Install-Applications.psm1
+$common_args = @(
+    "--execution-timeout=$installTimeout",
+    "-y",
+    "--ignore-pending-reboot"
+)
+$installTimeout = 14400 # Set to 0 for infinite
+function Install-Chocolatey {
+    if (! (Get-Command choco.exe -ErrorAction SilentlyContinue )) {
+        Set-ExecutionPolicy Bypass -Scope Process -Force
+        Invoke-WebRequest https://chocolatey.org/install.ps1 -UseBasicParsing | Invoke-Expression
+        $env:ChocolateyInstall = Convert-Path "$((Get-Command choco).path)\..\.."
+        Import-Module "$env:ChocolateyInstall\helpers\chocolateyProfile.psm1"
+        refreshenv
+    }
+}
+function Install-Pyenv {
+    #$pyenvVersion = cmd /c pyenv --version
+    if(!(Test-Path "C:\.pyenv\pyenv-win\bin")){
+        &choco install pyenv-win @common_args
+        refreshenv
+        # refreshenv doesn't appear to be sufficient to recognize user environment variable changes
+        Update-Path
+        Copy-Item "C:\Windows\System32\config\systemprofile\.pyenv" "C:\.pyenv" -Recurse
+        Add-Path "C:\.pyenv\pyenv-win\bin" -Scope Machine
+        Add-Path "C:\.pyenv\pyenv-win\shims" -Scope Machine
+    }
+}
+function Install-Python {
+    pyenv install 3.9.4
+    pyenv rehash
+    pyenv local 3.9.4
+    pyenv global 3.9.4
+}
+function Install-Poetry {
+    # Ensure pip is on the latest version
+    python -m pip install --upgrade pip
+    # Update local and global PATH variables
+    $addition = "C:\.pyenv\pyenv-win\versions\3.9.4\Scripts"
+    Add-Path $addition -Scope Machine
+    refreshenv
+    # Install poetry
+    # Poetry's native installation process encounters SSL errors
+    # in some environments. `pip install` is a reasonable alternative
+    # that has been shown to work in our situation.
+    pip install poetry
+}
+Set-NetFirewallProfile -Enabled False
+$ConfirmPreference="high"
+$ErrorActionPreference = "Stop"
+Set-TLS12Support
+Invoke-RefreshPath
+Enable-LongFileNames
+Install-PowerShellTools
+Install-Chocolatey
+Install-Pyenv
+Invoke-RefreshPath
+Install-Python
+Install-Poetry
diff --git a/eng/terraform/install-web-server-prerequisites.ps1 b/eng/terraform/install-web-server-prerequisites.ps1
new file mode 100644
index 00000000..5f528f08
--- /dev/null
+++ b/eng/terraform/install-web-server-prerequisites.ps1
@@ -0,0 +1,136 @@
+# SPDX-License-Identifier: Apache-2.0
+# Licensed to the Ed-Fi Alliance under one or more agreements.
+# The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+# See the LICENSE and NOTICES files in the project root for more information.
+
+# Run this script as an administrator to install Chocolatey, Pyenv, Python 3.9.4, and Poetry.
+# This script should be run should be run once for environments that do not
+# already have these prerequisites set up.
+
+#### PowerShell Tools
+function Install-PowerShellTools {
+    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
+    Install-PackageProvider -Name NuGet -Force
+    Install-Module SqlServer -AllowClobber -Force
+}
+
+####### Tools-Helper.psm1
+function Invoke-RefreshPath {
+    # Some of the installs in this process do not set the immediate path correctly.
+    # This function simply reads the global path settings and reloads them. Useful
+    # when you can't even get to chocolatey's `refreshenv` command.
+
+    $env:Path=(
+        [System.Environment]::GetEnvironmentVariable("Path","Machine"),
+        [System.Environment]::GetEnvironmentVariable("Path","User")
+    ) -match '.' -join ';'
+}
+
+function Test-ExitCode {
+    if ($LASTEXITCODE -ne 0) {
+
+        throw @"
+The last task failed with exit code $LASTEXITCODE
+$(Get-PSCallStack)
+"@
+    }
+}
+####### Configure-Windows.psm1
+function Set-TLS12Support {
+    Write-Host "Enabling TLS 1.2"
+
+    if (-not [Net.ServicePointManager]::SecurityProtocol.HasFlag([Net.SecurityProtocolType]::Tls12)) {
+        [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
+    }
+}
+
+function Enable-LongFileNames {
+    Write-Host "Enabling long file name support"
+
+    if (Test-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem') {
+        Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -name "LongPathsEnabled" -Value 1 -Verbose -Force
+    }
+}
+###### Install-Applications.psm1
+$common_args = @(
+    "--execution-timeout=$installTimeout",
+    "-y",
+    "--ignore-pending-reboot"
+)
+
+$installTimeout = 14400 # Set to 0 for infinite
+
+function Install-Choco {
+    if (Get-Command "choco.exe" -ErrorAction SilentlyContinue) {
+        Write-Output "Chocolatey is already installed. Setting choco command."
+    }
+    else {
+        Write-Output "Installing Chocolatey..."
+        $uri = "https://chocolatey.org/install.ps1"
+        Invoke-Expression ((New-Object System.Net.WebClient).DownloadString($uri))
+
+        &refreshenv
+    }
+    &choco feature disable --name showDownloadProgress --execution-timeout=$installTimeout
+    Test-ExitCode
+
+    return Get-Command "choco.exe" -ErrorAction SilentlyContinue
+}
+
+function Install-DotNetHosting {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $True)]
+        [string] $LogFile
+    )
+
+    Start-Transcript -Path $LogFile -Append
+
+    # Install IIS Web Server Role
+    Write-Host "Installing IIS Web Server Role..."
+    Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole -NoRestart | Out-Null
+
+    # Check if IIS was installed successfully
+    if ($?) {
+        Write-Host "IIS installed successfully."
+    } else {
+        Write-Error "Failed to install IIS."
+        Stop-Transcript
+        exit 1
+    }
+
+    # Install .NET 8.0 Hosting Bundle via Chocolatey
+    Write-Host "Installing .NET 8.0 Hosting Bundle..."
+    $common_args = @('-y', '--no-progress')
+    choco install dotnet-8.0-windowshosting @common_args
+
+    # Check if .NET Hosting Bundle was installed successfully
+    if ($LASTEXITCODE -ne 0) {
+        Write-Error "Installation of .NET 8.0 Hosting Bundle failed."
+        Stop-Transcript
+        exit $LASTEXITCODE
+    } else {
+        Write-Host ".NET 8.0 Hosting Bundle installed successfully."
+    }
+
+    # Refresh environment variables
+    & refreshenv
+
+    Stop-Transcript
+}
+
+###### Run
+Set-NetFirewallProfile -Enabled False
+$ConfirmPreference="high"
+$ErrorActionPreference = "Stop"
+Set-TLS12Support
+Invoke-RefreshPath
+Enable-LongFileNames
+Install-Choco
+Install-PowerShellTools
+$applicationSetupLog = "$PSScriptRoot/application-setup.log"
+Install-DotNetHosting -LogFile $applicationSetupLog
+&choco install vcredist140 @common_args
+
+# Restart the computer to complete the installation
+Restart-Computer -Force
diff --git a/eng/terraform/main.tf b/eng/terraform/main.tf
index 8677c56a..5be290ea 100644
--- a/eng/terraform/main.tf
+++ b/eng/terraform/main.tf
@@ -59,6 +59,16 @@ module "sql_vm" {
   admin_username = var.sql_admin_username
   admin_password = var.sql_admin_password
 }
+# DB VM Config
+module "sql_config" {
+  source           = "./modules/vm_scripts"
+  vm_computer_name = module.sql_vm.vm_computer_name
+  vm_id            = module.sql_vm.vm_id
+  script_filename  = "install-db-server-prerequisites.ps1"
+  depends_on = [
+    module.sql_vm
+  ]
+}
 
 # Web VM
 module "web_vm" {
@@ -80,9 +90,17 @@ module "web_vm" {
   admin_username = var.web_admin_username
   admin_password = var.web_admin_password
 }
-
-# Test Runner VM
-
+# Web VM Config
+module "web_config" {
+  source           = "./modules/vm_scripts"
+  vm_computer_name = module.web_vm.vm_computer_name
+  vm_id            = module.web_vm.vm_id
+  script_filename  = "install-web-server-prerequisites.ps1"
+  depends_on = [
+    module.web_vm
+  ]
+}
+# # Test Runner VM
 module "runner_vm" {
   source              = "./modules/vm"
   resource_group_name = azurerm_resource_group.base_rg.name
@@ -102,7 +120,18 @@ module "runner_vm" {
   admin_username = var.runner_admin_username
   admin_password = var.runner_admin_password
 }
+# Runner VM Config
+module "runner_config" {
+  source           = "./modules/vm_scripts"
+  vm_computer_name = module.runner_vm.vm_computer_name
+  vm_id            = module.runner_vm.vm_id
+  script_filename  = "install-test-runner-prerequisites.ps1"
+  depends_on = [
+    module.runner_vm
+  ]
+}
 
+### Terraform state Buckets
 resource "random_id" "rand_storage" {
   byte_length = 3
 }
@@ -114,6 +143,6 @@ resource "azurerm_storage_account" "tf_state" {
   account_replication_type = "LRS"
 }
 resource "azurerm_storage_container" "tf_state" {
-  name                  = "tfstate"
-  storage_account_name  = azurerm_storage_account.tf_state.name
+  name                 = "tfstate"
+  storage_account_name = azurerm_storage_account.tf_state.name
 }
diff --git a/eng/terraform/modules/network/main.tf b/eng/terraform/modules/network/main.tf
index 1235930a..3a6a2f5e 100644
--- a/eng/terraform/modules/network/main.tf
+++ b/eng/terraform/modules/network/main.tf
@@ -22,6 +22,32 @@ resource "azurerm_network_security_rule" "rdp_rule" {
   destination_address_prefix  = "*"
   network_security_group_name = azurerm_network_security_group.vm_sg.name
 }
+resource "azurerm_network_security_rule" "http_rule" {
+  name                        = "HTTP"
+  resource_group_name         = var.resource_group_name
+  priority                    = 1100
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = 80
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  network_security_group_name = azurerm_network_security_group.vm_sg.name
+}
+resource "azurerm_network_security_rule" "https_rule" {
+  name                        = "HTTPS"
+  resource_group_name         = var.resource_group_name
+  priority                    = 1200
+  direction                   = "Inbound"
+  access                      = "Allow"
+  protocol                    = "Tcp"
+  source_port_range           = "*"
+  destination_port_range      = 443
+  source_address_prefix       = "*"
+  destination_address_prefix  = "*"
+  network_security_group_name = azurerm_network_security_group.vm_sg.name
+}
 resource "azurerm_network_security_group" "sql_sg" {
   name                = "${var.prefix}-sql-nsg"
   location            = var.location
diff --git a/eng/terraform/modules/network/versions.tf b/eng/terraform/modules/network/versions.tf
index 564aab81..0e0e46c7 100644
--- a/eng/terraform/modules/network/versions.tf
+++ b/eng/terraform/modules/network/versions.tf
@@ -10,7 +10,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.26.0"
+      version = "3.32.0"
     }
   }
 }
diff --git a/eng/terraform/modules/vm/main.tf b/eng/terraform/modules/vm/main.tf
index 4beb3d39..1fd28c01 100644
--- a/eng/terraform/modules/vm/main.tf
+++ b/eng/terraform/modules/vm/main.tf
@@ -45,7 +45,7 @@ resource "azurerm_windows_virtual_machine" "vm" {
 
   os_disk {
     caching              = "ReadWrite"
-    storage_account_type = "Standard_LRS"
+    storage_account_type = "StandardSSD_LRS"
     #disk_size_gb         = var.os_disk_size
   }
 
@@ -60,7 +60,7 @@ resource "azurerm_managed_disk" "vm_data" {
   name                 = "${local.base_vm_name}-VM_Data_0"
   location             = var.location
   resource_group_name  = var.resource_group_name
-  storage_account_type = "Standard_LRS"
+  storage_account_type = "StandardSSD_LRS"
   create_option        = "Empty"
   disk_size_gb         = var.data_disk_size
 }
@@ -70,3 +70,16 @@ resource "azurerm_virtual_machine_data_disk_attachment" "vm_data" {
   lun                = "1"
   caching            = "ReadOnly"
 }
+
+# Shutdown at 7:00pm daily
+resource "azurerm_dev_test_global_vm_shutdown_schedule" "shutdown_7pm" {
+  virtual_machine_id = azurerm_windows_virtual_machine.vm.id
+  location           = var.location
+  enabled            = true
+
+  daily_recurrence_time = "1900"
+  timezone              = "Central Standard Time"
+  notification_settings {
+    enabled = false
+  }
+}
diff --git a/eng/terraform/modules/vm/versions.tf b/eng/terraform/modules/vm/versions.tf
index 564aab81..0e0e46c7 100644
--- a/eng/terraform/modules/vm/versions.tf
+++ b/eng/terraform/modules/vm/versions.tf
@@ -10,7 +10,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.26.0"
+      version = "3.32.0"
     }
   }
 }
diff --git a/eng/terraform/modules/vm_scripts/.terraform.lock.hcl b/eng/terraform/modules/vm_scripts/.terraform.lock.hcl
new file mode 100644
index 00000000..69224c75
--- /dev/null
+++ b/eng/terraform/modules/vm_scripts/.terraform.lock.hcl
@@ -0,0 +1,40 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.32.0"
+  constraints = "3.32.0"
+  hashes = [
+    "h1:Rl31vGl2LBhpmFRaZ3bTq21VG8W1eZOuP90VpwNw9fM=",
+    "zh:3ee1992144e6bf9801c44df0ed1e10413fa83ad605e3ce751cb342dd46904c41",
+    "zh:4f083079909f929b76c0cb2819b107803ecbf26c761832aaa1e7b4a667025665",
+    "zh:52ad565c4bd37c2b4f0bba78639277ef98caaebf2c4c00c67a2659561079c21c",
+    "zh:5ecf7a8470e066cc27b837a8fbc9a02629bb85797007475539983496bcccbc53",
+    "zh:6348154495cd838862b27a9bc0a2714e8f76cd2919df55fce8da0f64ce240ab1",
+    "zh:8325c4f5f65e30bba2537c7df702c80ae29999fba6194c258b075b3cbde5a709",
+    "zh:8b4d33aa76474a9fac9a6859e759c03ffeadb787abf7a9ba5a05b4ca3914c008",
+    "zh:95ccd31450909582ebcf01548ee20df658049783530d79adcb53a601bb163597",
+    "zh:c104f977b96c6402276c82a8d9d6fee14381511e832e9c3593e589e5ee4e708c",
+    "zh:e12372a41a981c24323a467f6c54b0a17e26c85a0fb569e4b733b2a76c9ba6b6",
+    "zh:e80bf9b674914f91ed00984758288b7266ba5772fad728cd1b4cd2f776851ed8",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version     = "2.2.0"
+  constraints = "~> 2.2.0"
+  hashes = [
+    "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
diff --git a/eng/terraform/modules/vm_scripts/main.tf b/eng/terraform/modules/vm_scripts/main.tf
new file mode 100644
index 00000000..a1b0fb90
--- /dev/null
+++ b/eng/terraform/modules/vm_scripts/main.tf
@@ -0,0 +1,14 @@
+resource "azurerm_virtual_machine_extension" "script_install" {
+  name                        = var.vm_computer_name
+  virtual_machine_id          = var.vm_id
+  publisher                   = "Microsoft.Compute"
+  type                        = "CustomScriptExtension"
+  type_handler_version        = "1.9"
+  failure_suppression_enabled = false
+
+  settings = <<SETTINGS
+{
+  "commandToExecute": "powershell -command \"[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('${base64encode(file("./${var.script_filename}"))}')) | Out-File -filepath ${var.script_filename}\" && powershell -ExecutionPolicy Unrestricted -File ${var.script_filename}"
+}
+SETTINGS
+}
diff --git a/eng/terraform/modules/vm_scripts/outputs.tf b/eng/terraform/modules/vm_scripts/outputs.tf
new file mode 100644
index 00000000..bab77ca8
--- /dev/null
+++ b/eng/terraform/modules/vm_scripts/outputs.tf
@@ -0,0 +1,4 @@
+output "vm_extension_id" {
+  description = "The azure ID of the custom script extension."
+  value       = azurerm_virtual_machine_extension.script_install.id
+}
diff --git a/eng/terraform/modules/vm_scripts/variables.tf b/eng/terraform/modules/vm_scripts/variables.tf
new file mode 100644
index 00000000..7d6b3b0d
--- /dev/null
+++ b/eng/terraform/modules/vm_scripts/variables.tf
@@ -0,0 +1,12 @@
+variable "vm_computer_name" {
+  type        = string
+  description = "VM computer name, names the custom script extension."
+}
+variable "vm_id" {
+  type        = string
+  description = "VM ID, to specify which VM to install to."
+}
+variable "script_filename" {
+  type        = string
+  description = "Filename of the script to install on the vm. Must be in the same directory as the top-level main.tf"
+}
diff --git a/eng/terraform/modules/vm_scripts/versions.tf b/eng/terraform/modules/vm_scripts/versions.tf
new file mode 100644
index 00000000..0e0e46c7
--- /dev/null
+++ b/eng/terraform/modules/vm_scripts/versions.tf
@@ -0,0 +1,16 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ * Licensed to the Ed-Fi Alliance under one or more agreements.
+ * The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+ * See the LICENSE and NOTICES files in the project root for more information.
+ */
+
+terraform {
+  required_version = "~> 1.2"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.32.0"
+    }
+  }
+}
diff --git a/eng/terraform/outputs.tf b/eng/terraform/outputs.tf
index 58d5ea70..c06d8fca 100644
--- a/eng/terraform/outputs.tf
+++ b/eng/terraform/outputs.tf
@@ -35,6 +35,7 @@ output "sql_vm" {
     vm_computer_name = module.sql_vm.vm_computer_name
     vm_private_ip    = module.sql_vm.vm_private_ip
     vm_public_ip     = module.sql_vm.vm_public_ip
+    vm_extension_id  = module.sql_config.vm_extension_id
   }
   description = "SQL VM values"
 }
@@ -44,6 +45,7 @@ output "web_vm" {
     vm_computer_name = module.web_vm.vm_computer_name
     vm_private_ip    = module.web_vm.vm_private_ip
     vm_public_ip     = module.web_vm.vm_public_ip
+    vm_extension_id  = module.web_config.vm_extension_id
   }
   description = "Web VM values"
 }
@@ -54,6 +56,7 @@ output "runner_vm" {
     vm_computer_name = module.runner_vm.vm_computer_name
     vm_private_ip    = module.runner_vm.vm_private_ip
     vm_public_ip     = module.runner_vm.vm_public_ip
+    vm_extension_id  = module.runner_config.vm_extension_id
   }
   description = "Runner VM values"
 }
diff --git a/eng/terraform/terraform.tfvars.example b/eng/terraform/terraform.tfvars.example
index 223dcccb..1ddbb344 100644
--- a/eng/terraform/terraform.tfvars.example
+++ b/eng/terraform/terraform.tfvars.example
@@ -11,13 +11,17 @@ base_subnet="default"
 
 #base_vnet="tools-di-perf-test"
 
-web_vm_size="Standard_D2s_v3"
-runner_vm_size="Standard_D2s_v3"
-web_vm_image_publisher="MicrosoftWindowsServer"
-web_vm_image_offer="WindowsServer"
+# Updated Nov 2024
+web_vm_size="Standard_B4ms"
+runner_vm_size="Standard_B4ms"
+
+# Updated Nov 2024
+web_vm_image_publisher="microsoftwindowsserver"
+web_vm_image_offer="windowsserver"
 web_vm_image_sku="2022-datacenter-azure-edition"
 
-sql_vm_size="Standard_DS11_v2"
+# Updated Nov 2024
+sql_vm_size="Standard_E4ds_v4"
 sql_vm_image_publisher="microsoftsqlserver"
 sql_vm_image_offer="sql2022-ws2022"
 sql_vm_image_sku="sqldev-gen2"
diff --git a/eng/terraform/versions.tf b/eng/terraform/versions.tf
index 81654ae0..142356bb 100644
--- a/eng/terraform/versions.tf
+++ b/eng/terraform/versions.tf
@@ -11,7 +11,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "3.26.0"
+      version = "3.32.0"
     }
     random = {
       version = "~> 3.4"