Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The privateClouds resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AVS/privateClouds resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AVS/privateClouds@2024-09-01' = {
identity: {
type: 'string'
}
location: 'string'
name: 'string'
properties: {
availability: {
secondaryZone: int
strategy: 'string'
zone: int
}
circuit: {}
dnsZoneType: 'string'
encryption: {
keyVaultProperties: {
keyName: 'string'
keyVaultUrl: 'string'
keyVersion: 'string'
}
status: 'string'
}
extendedNetworkBlocks: [
'string'
]
identitySources: [
{
alias: 'string'
baseGroupDN: 'string'
baseUserDN: 'string'
domain: 'string'
name: 'string'
password: 'string'
primaryServer: 'string'
secondaryServer: 'string'
ssl: 'string'
username: 'string'
}
]
internet: 'string'
managementCluster: {
clusterSize: int
hosts: [
'string'
]
vsanDatastoreName: 'string'
}
networkBlock: 'string'
nsxtPassword: 'string'
secondaryCircuit: {}
vcenterPassword: 'string'
virtualNetworkId: 'string'
}
sku: {
capacity: int
family: 'string'
name: 'string'
size: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
Property Values
Microsoft.AVS/privateClouds
| Name | Description | Value |
|---|---|---|
| identity | The managed service identities assigned to this resource. | SystemAssignedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[-\w\._]+$ (required) |
| properties | The resource-specific properties for this resource. | PrivateCloudProperties |
| sku | The SKU (Stock Keeping Unit) assigned to this resource. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| zones | The availability zones. | string[] |
AvailabilityProperties
| Name | Description | Value |
|---|---|---|
| secondaryZone | The secondary availability zone for the private cloud | int |
| strategy | The availability strategy for the private cloud | 'DualZone' 'SingleZone' |
| zone | The primary availability zone for the private cloud | int |
Circuit
| Name | Description | Value |
|---|
Encryption
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault where the encryption key is stored | EncryptionKeyVaultProperties |
| status | Status of customer managed encryption key | 'Disabled' 'Enabled' |
EncryptionKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of the key. | string |
| keyVaultUrl | The URL of the vault. | string |
| keyVersion | The version of the key. | string |
IdentitySource
| Name | Description | Value |
|---|---|---|
| alias | The domain's NetBIOS name | string |
| baseGroupDN | The base distinguished name for groups | string |
| baseUserDN | The base distinguished name for users | string |
| domain | The domain's DNS name | string |
| name | The name of the identity source | string |
| password | The password of the Active Directory user with a minimum of read-only access to Base DN for users and groups. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| primaryServer | Primary server URL | string |
| secondaryServer | Secondary server URL | string |
| ssl | Protect LDAP communication using SSL certificate (LDAPS) | 'Disabled' 'Enabled' |
| username | The ID of an Active Directory user with a minimum of read-only access to Base DN for users and group |
string |
ManagementCluster
| Name | Description | Value |
|---|---|---|
| clusterSize | The cluster size | int |
| hosts | The hosts | string[] |
| vsanDatastoreName | Name of the vsan datastore associated with the cluster | string |
PrivateCloudProperties
| Name | Description | Value |
|---|---|---|
| availability | Properties describing how the cloud is distributed across availability zones | AvailabilityProperties |
| circuit | An ExpressRoute Circuit | Circuit |
| dnsZoneType | The type of DNS zone to use. | 'Private' 'Public' |
| encryption | Customer managed key encryption, can be enabled or disabled | Encryption |
| extendedNetworkBlocks | Array of additional networks noncontiguous with networkBlock. Networks must be unique and non-overlapping across VNet in your subscription, on-premise, and this privateCloud networkBlock attribute. Make sure the CIDR format conforms to (A.B.C.D/X). |
string[] |
| identitySources | vCenter Single Sign On Identity Sources | IdentitySource[] |
| internet | Connectivity to internet is enabled or disabled | 'Disabled' 'Enabled' |
| managementCluster | The default cluster used for management | ManagementCluster (required) |
| networkBlock | The block of addresses should be unique across VNet in your subscription as well as on-premise. Make sure the CIDR format is conformed to (A.B.C.D/X) where A,B,C,D are between 0 and 255, and X is between 0 and 22 |
string (required) |
| nsxtPassword | Optionally, set the NSX-T Manager password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| secondaryCircuit | A secondary expressRoute circuit from a separate AZ. Only present in a stretched private cloud |
Circuit |
| vcenterPassword | Optionally, set the vCenter admin password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| virtualNetworkId | Azure resource ID of the virtual network | string |
Sku
| Name | Description | Value |
|---|---|---|
| capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
| family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
| name | The name of the SKU. E.g. P3. It is typically a letter+number code | string (required) |
| size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
| tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SystemAssignedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (either system assigned, or none). | 'None' 'SystemAssigned' (required) |
TrackedResourceTags
| Name | Description | Value |
|---|
ARM template resource definition
The privateClouds resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AVS/privateClouds resource, add the following JSON to your template.
{
"type": "Microsoft.AVS/privateClouds",
"apiVersion": "2024-09-01",
"name": "string",
"identity": {
"type": "string"
},
"location": "string",
"properties": {
"availability": {
"secondaryZone": "int",
"strategy": "string",
"zone": "int"
},
"circuit": {
},
"dnsZoneType": "string",
"encryption": {
"keyVaultProperties": {
"keyName": "string",
"keyVaultUrl": "string",
"keyVersion": "string"
},
"status": "string"
},
"extendedNetworkBlocks": [ "string" ],
"identitySources": [
{
"alias": "string",
"baseGroupDN": "string",
"baseUserDN": "string",
"domain": "string",
"name": "string",
"password": "string",
"primaryServer": "string",
"secondaryServer": "string",
"ssl": "string",
"username": "string"
}
],
"internet": "string",
"managementCluster": {
"clusterSize": "int",
"hosts": [ "string" ],
"vsanDatastoreName": "string"
},
"networkBlock": "string",
"nsxtPassword": "string",
"secondaryCircuit": {
},
"vcenterPassword": "string",
"virtualNetworkId": "string"
},
"sku": {
"capacity": "int",
"family": "string",
"name": "string",
"size": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
}
Property Values
Microsoft.AVS/privateClouds
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-09-01' |
| identity | The managed service identities assigned to this resource. | SystemAssignedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[-\w\._]+$ (required) |
| properties | The resource-specific properties for this resource. | PrivateCloudProperties |
| sku | The SKU (Stock Keeping Unit) assigned to this resource. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.AVS/privateClouds' |
| zones | The availability zones. | string[] |
AvailabilityProperties
| Name | Description | Value |
|---|---|---|
| secondaryZone | The secondary availability zone for the private cloud | int |
| strategy | The availability strategy for the private cloud | 'DualZone' 'SingleZone' |
| zone | The primary availability zone for the private cloud | int |
Circuit
| Name | Description | Value |
|---|
Encryption
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault where the encryption key is stored | EncryptionKeyVaultProperties |
| status | Status of customer managed encryption key | 'Disabled' 'Enabled' |
EncryptionKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of the key. | string |
| keyVaultUrl | The URL of the vault. | string |
| keyVersion | The version of the key. | string |
IdentitySource
| Name | Description | Value |
|---|---|---|
| alias | The domain's NetBIOS name | string |
| baseGroupDN | The base distinguished name for groups | string |
| baseUserDN | The base distinguished name for users | string |
| domain | The domain's DNS name | string |
| name | The name of the identity source | string |
| password | The password of the Active Directory user with a minimum of read-only access to Base DN for users and groups. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| primaryServer | Primary server URL | string |
| secondaryServer | Secondary server URL | string |
| ssl | Protect LDAP communication using SSL certificate (LDAPS) | 'Disabled' 'Enabled' |
| username | The ID of an Active Directory user with a minimum of read-only access to Base DN for users and group |
string |
ManagementCluster
| Name | Description | Value |
|---|---|---|
| clusterSize | The cluster size | int |
| hosts | The hosts | string[] |
| vsanDatastoreName | Name of the vsan datastore associated with the cluster | string |
PrivateCloudProperties
| Name | Description | Value |
|---|---|---|
| availability | Properties describing how the cloud is distributed across availability zones | AvailabilityProperties |
| circuit | An ExpressRoute Circuit | Circuit |
| dnsZoneType | The type of DNS zone to use. | 'Private' 'Public' |
| encryption | Customer managed key encryption, can be enabled or disabled | Encryption |
| extendedNetworkBlocks | Array of additional networks noncontiguous with networkBlock. Networks must be unique and non-overlapping across VNet in your subscription, on-premise, and this privateCloud networkBlock attribute. Make sure the CIDR format conforms to (A.B.C.D/X). |
string[] |
| identitySources | vCenter Single Sign On Identity Sources | IdentitySource[] |
| internet | Connectivity to internet is enabled or disabled | 'Disabled' 'Enabled' |
| managementCluster | The default cluster used for management | ManagementCluster (required) |
| networkBlock | The block of addresses should be unique across VNet in your subscription as well as on-premise. Make sure the CIDR format is conformed to (A.B.C.D/X) where A,B,C,D are between 0 and 255, and X is between 0 and 22 |
string (required) |
| nsxtPassword | Optionally, set the NSX-T Manager password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| secondaryCircuit | A secondary expressRoute circuit from a separate AZ. Only present in a stretched private cloud |
Circuit |
| vcenterPassword | Optionally, set the vCenter admin password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| virtualNetworkId | Azure resource ID of the virtual network | string |
Sku
| Name | Description | Value |
|---|---|---|
| capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
| family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
| name | The name of the SKU. E.g. P3. It is typically a letter+number code | string (required) |
| size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
| tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SystemAssignedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (either system assigned, or none). | 'None' 'SystemAssigned' (required) |
TrackedResourceTags
| Name | Description | Value |
|---|
Usage Examples
Terraform (AzAPI provider) resource definition
The privateClouds resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AVS/privateClouds resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AVS/privateClouds@2024-09-01"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
availability = {
secondaryZone = int
strategy = "string"
zone = int
}
circuit = {
}
dnsZoneType = "string"
encryption = {
keyVaultProperties = {
keyName = "string"
keyVaultUrl = "string"
keyVersion = "string"
}
status = "string"
}
extendedNetworkBlocks = [
"string"
]
identitySources = [
{
alias = "string"
baseGroupDN = "string"
baseUserDN = "string"
domain = "string"
name = "string"
password = "string"
primaryServer = "string"
secondaryServer = "string"
ssl = "string"
username = "string"
}
]
internet = "string"
managementCluster = {
clusterSize = int
hosts = [
"string"
]
vsanDatastoreName = "string"
}
networkBlock = "string"
nsxtPassword = "string"
secondaryCircuit = {
}
vcenterPassword = "string"
virtualNetworkId = "string"
}
sku = {
capacity = int
family = "string"
name = "string"
size = "string"
tier = "string"
}
zones = [
"string"
]
}
}
Property Values
Microsoft.AVS/privateClouds
| Name | Description | Value |
|---|---|---|
| identity | The managed service identities assigned to this resource. | SystemAssignedServiceIdentity |
| location | The geo-location where the resource lives | string (required) |
| name | The resource name | string Constraints: Pattern = ^[-\w\._]+$ (required) |
| properties | The resource-specific properties for this resource. | PrivateCloudProperties |
| sku | The SKU (Stock Keeping Unit) assigned to this resource. | Sku (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.AVS/privateClouds@2024-09-01" |
| zones | The availability zones. | string[] |
AvailabilityProperties
| Name | Description | Value |
|---|---|---|
| secondaryZone | The secondary availability zone for the private cloud | int |
| strategy | The availability strategy for the private cloud | 'DualZone' 'SingleZone' |
| zone | The primary availability zone for the private cloud | int |
Circuit
| Name | Description | Value |
|---|
Encryption
| Name | Description | Value |
|---|---|---|
| keyVaultProperties | The key vault where the encryption key is stored | EncryptionKeyVaultProperties |
| status | Status of customer managed encryption key | 'Disabled' 'Enabled' |
EncryptionKeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of the key. | string |
| keyVaultUrl | The URL of the vault. | string |
| keyVersion | The version of the key. | string |
IdentitySource
| Name | Description | Value |
|---|---|---|
| alias | The domain's NetBIOS name | string |
| baseGroupDN | The base distinguished name for groups | string |
| baseUserDN | The base distinguished name for users | string |
| domain | The domain's DNS name | string |
| name | The name of the identity source | string |
| password | The password of the Active Directory user with a minimum of read-only access to Base DN for users and groups. |
string Constraints: Sensitive value. Pass in as a secure parameter. |
| primaryServer | Primary server URL | string |
| secondaryServer | Secondary server URL | string |
| ssl | Protect LDAP communication using SSL certificate (LDAPS) | 'Disabled' 'Enabled' |
| username | The ID of an Active Directory user with a minimum of read-only access to Base DN for users and group |
string |
ManagementCluster
| Name | Description | Value |
|---|---|---|
| clusterSize | The cluster size | int |
| hosts | The hosts | string[] |
| vsanDatastoreName | Name of the vsan datastore associated with the cluster | string |
PrivateCloudProperties
| Name | Description | Value |
|---|---|---|
| availability | Properties describing how the cloud is distributed across availability zones | AvailabilityProperties |
| circuit | An ExpressRoute Circuit | Circuit |
| dnsZoneType | The type of DNS zone to use. | 'Private' 'Public' |
| encryption | Customer managed key encryption, can be enabled or disabled | Encryption |
| extendedNetworkBlocks | Array of additional networks noncontiguous with networkBlock. Networks must be unique and non-overlapping across VNet in your subscription, on-premise, and this privateCloud networkBlock attribute. Make sure the CIDR format conforms to (A.B.C.D/X). |
string[] |
| identitySources | vCenter Single Sign On Identity Sources | IdentitySource[] |
| internet | Connectivity to internet is enabled or disabled | 'Disabled' 'Enabled' |
| managementCluster | The default cluster used for management | ManagementCluster (required) |
| networkBlock | The block of addresses should be unique across VNet in your subscription as well as on-premise. Make sure the CIDR format is conformed to (A.B.C.D/X) where A,B,C,D are between 0 and 255, and X is between 0 and 22 |
string (required) |
| nsxtPassword | Optionally, set the NSX-T Manager password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| secondaryCircuit | A secondary expressRoute circuit from a separate AZ. Only present in a stretched private cloud |
Circuit |
| vcenterPassword | Optionally, set the vCenter admin password when the private cloud is created | string Constraints: Sensitive value. Pass in as a secure parameter. |
| virtualNetworkId | Azure resource ID of the virtual network | string |
Sku
| Name | Description | Value |
|---|---|---|
| capacity | If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted. | int |
| family | If the service has different generations of hardware, for the same SKU, then that can be captured here. | string |
| name | The name of the SKU. E.g. P3. It is typically a letter+number code | string (required) |
| size | The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code. | string |
| tier | This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT. | 'Basic' 'Free' 'Premium' 'Standard' |
SystemAssignedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (either system assigned, or none). | 'None' 'SystemAssigned' (required) |
TrackedResourceTags
| Name | Description | Value |
|---|
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| AVS Private Cloud | AVM Resource Module for AVS Private Cloud |