Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The clusters/deploymentSettings resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2026-04-01-preview' = {
parent: resourceSymbolicName
name: 'string'
properties: {
arcNodeResourceIds: [
'string'
]
deploymentConfiguration: {
scaleUnits: [
{
deploymentData: {
adouPath: 'string'
assemblyInfo: {}
cluster: {
azureServiceEndpoint: 'string'
cloudAccountName: 'string'
clusterPattern: 'string'
name: 'string'
witnessPath: 'string'
witnessType: 'string'
}
domainFqdn: 'string'
hostNetwork: {
enableStorageAutoIp: bool
intents: [
{
adapter: [
'string'
]
adapterPropertyOverrides: {
jumboPacket: 'string'
networkDirect: 'string'
networkDirectTechnology: 'string'
}
name: 'string'
overrideAdapterProperty: bool
overrideQosPolicy: bool
overrideVirtualSwitchConfiguration: bool
qosPolicyOverrides: {
bandwidthPercentage_SMB: 'string'
priorityValue8021Action_Cluster: 'string'
priorityValue8021Action_SMB: 'string'
}
trafficType: [
'string'
]
virtualSwitchConfigurationOverrides: {
enableIov: 'string'
loadBalancingAlgorithm: 'string'
}
}
]
sanNetworks: {
clusterNetworkConfig: {
adapterIPConfig: [
{
addressPrefix: 'string'
name: 'string'
networkAdapterName: 'string'
vlanId: int
}
]
adapterProperties: {
bandwidthPercentageSmb: int
jumboPacket: int
priorityValue8021ActionCluster: int
priorityValue8021ActionSmb: int
}
}
}
storageConnectivitySwitchless: bool
storageNetworks: [
{
name: 'string'
networkAdapterName: 'string'
storageAdapterIPInfo: [
{
ipv4Address: 'string'
physicalNode: 'string'
subnetMask: 'string'
}
]
vlanId: 'string'
}
]
}
identityProvider: 'string'
infrastructureNetwork: [
{
dnsServerConfig: 'string'
dnsServers: [
'string'
]
dnsZones: [
{
dnsForwarder: [
'string'
]
dnsZoneName: 'string'
}
]
gateway: 'string'
ipPools: [
{
endingAddress: 'string'
startingAddress: 'string'
}
]
subnetMask: 'string'
useDhcp: bool
}
]
isManagementCluster: bool
localAvailabilityZones: [
{
localAvailabilityZoneName: 'string'
nodes: [
'string'
]
}
]
namingPrefix: 'string'
observability: {
episodicDataUpload: bool
euLocation: bool
streamingDataClient: bool
}
optionalServices: {
customLocation: 'string'
}
physicalNodes: [
{
ipv4Address: 'string'
name: 'string'
}
]
sdnIntegration: {
networkController: {
macAddressPoolStart: 'string'
macAddressPoolStop: 'string'
networkVirtualizationEnabled: bool
}
}
secrets: [
{
eceSecretName: 'string'
secretLocation: 'string'
secretName: 'string'
}
]
secretsLocation: 'string'
securitySettings: {
bitlockerBootVolume: bool
bitlockerDataVolumes: bool
credentialGuardEnforced: bool
driftControlEnforced: bool
drtmProtection: bool
hvciProtection: bool
sideChannelMitigationEnforced: bool
smbClusterEncryption: bool
smbSigningEnforced: bool
wdacEnforced: bool
}
storage: {
configurationMode: 'string'
s2d: {
overprovisioningRatio: 'string'
volumeType: 'string'
}
san: {
infraPerfLunId: 'string'
infraVolLunId: 'string'
}
storageType: 'string'
}
}
sbePartnerInfo: {
credentialList: [
{
eceSecretName: 'string'
secretLocation: 'string'
secretName: 'string'
}
]
partnerProperties: [
{
name: 'string'
value: 'string'
}
]
sbeDeploymentInfo: {
family: 'string'
publisher: 'string'
sbeManifestCreationDate: 'string'
sbeManifestSource: 'string'
version: 'string'
}
}
}
]
version: 'string'
}
deploymentMode: 'string'
operationType: 'string'
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: clusters |
| properties | The resource-specific properties for this resource. | DeploymentSettingsProperties |
AssemblyInfo
| Name | Description | Value |
|---|
DeploymentCluster
| Name | Description | Value |
|---|---|---|
| azureServiceEndpoint | For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. | string |
| cloudAccountName | Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. | string |
| clusterPattern | Cluster Pattern supported. | 'RackAware' 'Standard' |
| name | The cluster name provided when preparing Active Directory. | string |
| witnessPath | Specify the fileshare path for the local witness for your Azure Stack HCI cluster. | string |
| witnessType | Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. | string |
DeploymentConfiguration
| Name | Description | Value |
|---|---|---|
| scaleUnits | Scale units will contains list of deployment data | ScaleUnits[] (required) |
| version | deployment template version | string |
DeploymentData
| Name | Description | Value |
|---|---|---|
| adouPath | The path to the Active Directory Organizational Unit container object prepared for the deployment. | string |
| assemblyInfo | Assembly Package details for Validated Solution Recipe for AzureStackHCI Cluster | AssemblyInfo |
| cluster | Observability config to deploy AzureStackHCI Cluster. | DeploymentCluster |
| domainFqdn | FQDN to deploy cluster | string |
| hostNetwork | HostNetwork config to deploy AzureStackHCI Cluster. | DeploymentSettingHostNetwork |
| identityProvider | Identity Provider for the cluster | 'ActiveDirectory' 'LocalIdentity' |
| infrastructureNetwork | InfrastructureNetwork config to deploy AzureStackHCI Cluster. | InfrastructureNetwork[] |
| isManagementCluster | Is Management Cluster, when true indicates that the cluster is used for managing other clusters | bool |
| localAvailabilityZones | Local Availability Zone information for HCI cluster | LocalAvailabilityZones[] |
| namingPrefix | naming prefix to deploy cluster. | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability | Observability config to deploy AzureStackHCI Cluster. | Observability |
| optionalServices | OptionalServices config to deploy AzureStackHCI Cluster. | OptionalServices |
| physicalNodes | list of physical nodes config to deploy AzureStackHCI Cluster. | PhysicalNodes[] |
| sdnIntegration | SDN Integration config to deploy AzureStackHCI Cluster. | SdnIntegration |
| secrets | secrets used for cloud deployment. | EceDeploymentSecrets[] |
| secretsLocation | Azure key vault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. | string |
| securitySettings | SecuritySettings to deploy AzureStackHCI Cluster. | DeploymentSecuritySettings |
| storage | Storage config to deploy AzureStackHCI Cluster. | Storage |
DeploymentSecuritySettings
| Name | Description | Value |
|---|---|---|
| bitlockerBootVolume | When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. | bool |
| bitlockerDataVolumes | When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. | bool |
| credentialGuardEnforced | When set to true, Credential Guard is enabled. | bool |
| driftControlEnforced | When set to true, the security baseline is re-applied regularly. | bool |
| drtmProtection | By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. | bool |
| hvciProtection | By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. | bool |
| sideChannelMitigationEnforced | When set to true, all the side channel mitigations are enabled | bool |
| smbClusterEncryption | When set to true, cluster east-west traffic is encrypted. | bool |
| smbSigningEnforced | When set to true, the SMB default instance requires sign in for the client and server services. | bool |
| wdacEnforced | WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. | bool |
DeploymentSettingAdapterPropertyOverrides
| Name | Description | Value |
|---|---|---|
| jumboPacket | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirect | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirectTechnology | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' | string |
DeploymentSettingHostNetwork
| Name | Description | Value |
|---|---|---|
| enableStorageAutoIp | Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. | bool |
| intents | The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. | DeploymentSettingIntents[] |
| sanNetworks | SAN network configuration for the host network. Applicable when StorageType is 'SAN' or 'SANS2D'. | SanNetworks |
| storageConnectivitySwitchless | Defines how the storage adapters between nodes are connected either switch or switch less.. | bool |
| storageNetworks | List of StorageNetworks config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageNetworks[] |
DeploymentSettingIntents
| Name | Description | Value |
|---|---|---|
| adapter | Array of network interfaces used for the network intent. | string[] |
| adapterPropertyOverrides | Set Adapter PropertyOverrides for cluster. | DeploymentSettingAdapterPropertyOverrides |
| name | Name of the network intent you wish to create. | string |
| overrideAdapterProperty | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideQosPolicy | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideVirtualSwitchConfiguration | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| qosPolicyOverrides | Set QoS PolicyOverrides for cluster. | QosPolicyOverrides |
| trafficType | List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. | string[] |
| virtualSwitchConfigurationOverrides | Set virtualSwitch ConfigurationOverrides for cluster. | DeploymentSettingVirtualSwitchConfigurationOverrides |
DeploymentSettingsProperties
| Name | Description | Value |
|---|---|---|
| arcNodeResourceIds | Azure resource ids of Arc machines to be part of cluster. | string[] (required) |
| deploymentConfiguration | Scale units will contains list of deployment data | DeploymentConfiguration (required) |
| deploymentMode | The deployment mode for cluster deployment. | 'Deploy' 'Validate' (required) |
| operationType | The intended operation for a cluster. | 'ClusterProvisioning' 'ClusterUpgrade' |
DeploymentSettingStorageAdapterIPInfo
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
| physicalNode | storage adapter physical node name. | string |
| subnetMask | The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
DeploymentSettingStorageNetworks
| Name | Description | Value |
|---|---|---|
| name | Name of the storage network. | string |
| networkAdapterName | Name of the storage network adapter. | string |
| storageAdapterIPInfo | List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageAdapterIPInfo[] |
| vlanId | ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. | string |
DeploymentSettingVirtualSwitchConfigurationOverrides
| Name | Description | Value |
|---|---|---|
| enableIov | Enable IoV for Virtual Switch | string |
| loadBalancingAlgorithm | Load Balancing Algorithm for Virtual Switch | string |
DnsZones
| Name | Description | Value |
|---|---|---|
| dnsForwarder | Forwarder details of the DNS Zone to be configured. | string[] |
| dnsZoneName | Name of the DNS Zone to be configured. | string |
EceDeploymentSecrets
| Name | Description | Value |
|---|---|---|
| eceSecretName | Secret name expected for Enterprise Cloud Engine (ECE) deployment. | 'AzureStackLCMUserCredential' 'DefaultARBApplication' 'LocalAdminCredential' 'WitnessStorageKey' |
| secretLocation | Secret URI stored in keyvault. | string |
| secretName | Secret name stored in keyvault. | string |
InfrastructureNetwork
| Name | Description | Value |
|---|---|---|
| dnsServerConfig | Specifies how DNS servers are configured for the infrastructure network. Allowed values are 'UseDnsServer' to use the provided DNS servers, and 'UseForwarder' to use DNS forwarders. | 'UseDnsServer' 'UseForwarder' |
| dnsServers | IPv4 address of the DNS servers in your environment. | string[] |
| dnsZones | Details of the DNS Zones to be configured. | DnsZones[] |
| gateway | Default gateway that should be used for the provided IP address space. | string |
| ipPools | Range of IP addresses from which addresses are allocated for nodes within a subnet. | IpPools[] |
| subnetMask | Subnet mask that matches the provided IP address space. | string |
| useDhcp | Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required | bool |
IpPools
| Name | Description | Value |
|---|---|---|
| endingAddress | Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
| startingAddress | Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
LocalAvailabilityZones
| Name | Description | Value |
|---|---|---|
| localAvailabilityZoneName | Local Availability Zone name for HCI cluster | string |
| nodes | Nodes belonging to a particular zone | string[] |
NetworkController
| Name | Description | Value |
|---|---|---|
| macAddressPoolStart | macAddressPoolStart of network controller used for SDN Integration. | string |
| macAddressPoolStop | macAddressPoolStop of network controller used for SDN Integration. | string |
| networkVirtualizationEnabled | NetworkVirtualizationEnabled of network controller used for SDN Integration. | bool |
Observability
| Name | Description | Value |
|---|---|---|
| episodicDataUpload | When set to true, collects log data to facilitate quicker issue resolution. | bool |
| euLocation | Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. | bool |
| streamingDataClient | Enables telemetry data to be sent to Microsoft | bool |
OptionalServices
| Name | Description | Value |
|---|---|---|
| customLocation | The name of custom location. | string |
PhysicalNodes
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. | string |
| name | NETBIOS name of each physical server on your Azure Stack HCI cluster. | string |
QosPolicyOverrides
| Name | Description | Value |
|---|---|---|
| bandwidthPercentage_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_Cluster | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
SanAdapterIPConfig
| Name | Description | Value |
|---|---|---|
| addressPrefix | Subnet address prefix in CIDR notation (e.g., 10.10.30.0/24). | string |
| name | Logical name of the adapter IP configuration (e.g., clusterNetwork-A). | string |
| networkAdapterName | Physical NIC name (e.g., ethernet 3). | string |
| vlanId | VLAN ID (0-4095). Value of 0 or omitted means untagged. | int |
SanAdapterProperties
| Name | Description | Value |
|---|---|---|
| bandwidthPercentageSmb | SMB bandwidth percentage (1-97). | int |
| jumboPacket | Jumbo frame size in bytes. | int |
| priorityValue8021ActionCluster | 802.1p priority value for cluster traffic. | int |
| priorityValue8021ActionSmb | 802.1p priority value for SMB traffic. | int |
SanClusterNetworkConfig
| Name | Description | Value |
|---|---|---|
| adapterIPConfig | Per-adapter IP configuration for the cluster network. | SanAdapterIPConfig[] |
| adapterProperties | QoS and adapter overrides for the cluster network. | SanAdapterProperties |
SanNetworks
| Name | Description | Value |
|---|---|---|
| clusterNetworkConfig | Cluster (CSV/LiveMig) network configuration for SAN deployments. | SanClusterNetworkConfig |
SbeCredentials
| Name | Description | Value |
|---|---|---|
| eceSecretName | secret name expected for Enterprise Cloud Engine (ECE). | string |
| secretLocation | secret URI stored in keyvault. | string |
| secretName | secret name stored in keyvault. | string |
SbeDeploymentInfo
| Name | Description | Value |
|---|---|---|
| family | SBE family name. | string |
| publisher | SBE manifest publisher. | string |
| sbeManifestCreationDate | SBE Manifest Creation Date. | string |
| sbeManifestSource | SBE Manifest Source. | string |
| version | SBE package version. | string |
SbePartnerInfo
| Name | Description | Value |
|---|---|---|
| credentialList | SBE credentials list for AzureStackHCI cluster deployment. | SbeCredentials[] |
| partnerProperties | List of SBE partner properties for AzureStackHCI cluster deployment. | SbePartnerProperties[] |
| sbeDeploymentInfo | SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. | SbeDeploymentInfo |
SbePartnerProperties
| Name | Description | Value |
|---|---|---|
| name | SBE partner property name. | string |
| value | SBE partner property value. | string |
ScaleUnits
| Name | Description | Value |
|---|---|---|
| deploymentData | Deployment Data to deploy AzureStackHCI Cluster. | DeploymentData (required) |
| sbePartnerInfo | Solution builder extension (SBE) partner properties | SbePartnerInfo |
SdnIntegration
| Name | Description | Value |
|---|---|---|
| networkController | network controller config for SDN Integration to deploy AzureStackHCI Cluster. | NetworkController |
Storage
| Name | Description | Value |
|---|---|---|
| configurationMode | By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' | string |
| s2d | S2D (Storage Spaces Direct) configuration. Applicable when StorageType is 'S2D' or 'SANS2D'. | StorageS2DConfig |
| san | SAN (Storage Area Network) configuration. Applicable when StorageType is 'SAN' or 'SANS2D'. | StorageSanConfig |
| storageType | Storage type for the HCI Cluster. Allowed values are 'S2D', 'SAN', 'SANS2D'. | 'S2D' 'SAN' 'SANS2D' |
StorageS2DConfig
| Name | Description | Value |
|---|---|---|
| overprovisioningRatio | Overprovisioning ratio for S2D storage. Allowed values are '0', '1', '2'. | '0' '1' '2' |
| volumeType | Volume provisioning type. Allowed values are 'Fixed', 'ThinProvisioned'. | 'Fixed' 'ThinProvisioned' |
StorageSanConfig
| Name | Description | Value |
|---|---|---|
| infraPerfLunId | Infrastructure performance LUN ID. | string |
| infraVolLunId | Infrastructure volume LUN ID (e.g. PURE1234567890ABCDEF). | string |
ARM template resource definition
The clusters/deploymentSettings resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following JSON to your template.
{
"type": "Microsoft.AzureStackHCI/clusters/deploymentSettings",
"apiVersion": "2026-04-01-preview",
"name": "string",
"properties": {
"arcNodeResourceIds": [ "string" ],
"deploymentConfiguration": {
"scaleUnits": [
{
"deploymentData": {
"adouPath": "string",
"assemblyInfo": {
},
"cluster": {
"azureServiceEndpoint": "string",
"cloudAccountName": "string",
"clusterPattern": "string",
"name": "string",
"witnessPath": "string",
"witnessType": "string"
},
"domainFqdn": "string",
"hostNetwork": {
"enableStorageAutoIp": "bool",
"intents": [
{
"adapter": [ "string" ],
"adapterPropertyOverrides": {
"jumboPacket": "string",
"networkDirect": "string",
"networkDirectTechnology": "string"
},
"name": "string",
"overrideAdapterProperty": "bool",
"overrideQosPolicy": "bool",
"overrideVirtualSwitchConfiguration": "bool",
"qosPolicyOverrides": {
"bandwidthPercentage_SMB": "string",
"priorityValue8021Action_Cluster": "string",
"priorityValue8021Action_SMB": "string"
},
"trafficType": [ "string" ],
"virtualSwitchConfigurationOverrides": {
"enableIov": "string",
"loadBalancingAlgorithm": "string"
}
}
],
"sanNetworks": {
"clusterNetworkConfig": {
"adapterIPConfig": [
{
"addressPrefix": "string",
"name": "string",
"networkAdapterName": "string",
"vlanId": "int"
}
],
"adapterProperties": {
"bandwidthPercentageSmb": "int",
"jumboPacket": "int",
"priorityValue8021ActionCluster": "int",
"priorityValue8021ActionSmb": "int"
}
}
},
"storageConnectivitySwitchless": "bool",
"storageNetworks": [
{
"name": "string",
"networkAdapterName": "string",
"storageAdapterIPInfo": [
{
"ipv4Address": "string",
"physicalNode": "string",
"subnetMask": "string"
}
],
"vlanId": "string"
}
]
},
"identityProvider": "string",
"infrastructureNetwork": [
{
"dnsServerConfig": "string",
"dnsServers": [ "string" ],
"dnsZones": [
{
"dnsForwarder": [ "string" ],
"dnsZoneName": "string"
}
],
"gateway": "string",
"ipPools": [
{
"endingAddress": "string",
"startingAddress": "string"
}
],
"subnetMask": "string",
"useDhcp": "bool"
}
],
"isManagementCluster": "bool",
"localAvailabilityZones": [
{
"localAvailabilityZoneName": "string",
"nodes": [ "string" ]
}
],
"namingPrefix": "string",
"observability": {
"episodicDataUpload": "bool",
"euLocation": "bool",
"streamingDataClient": "bool"
},
"optionalServices": {
"customLocation": "string"
},
"physicalNodes": [
{
"ipv4Address": "string",
"name": "string"
}
],
"sdnIntegration": {
"networkController": {
"macAddressPoolStart": "string",
"macAddressPoolStop": "string",
"networkVirtualizationEnabled": "bool"
}
},
"secrets": [
{
"eceSecretName": "string",
"secretLocation": "string",
"secretName": "string"
}
],
"secretsLocation": "string",
"securitySettings": {
"bitlockerBootVolume": "bool",
"bitlockerDataVolumes": "bool",
"credentialGuardEnforced": "bool",
"driftControlEnforced": "bool",
"drtmProtection": "bool",
"hvciProtection": "bool",
"sideChannelMitigationEnforced": "bool",
"smbClusterEncryption": "bool",
"smbSigningEnforced": "bool",
"wdacEnforced": "bool"
},
"storage": {
"configurationMode": "string",
"s2d": {
"overprovisioningRatio": "string",
"volumeType": "string"
},
"san": {
"infraPerfLunId": "string",
"infraVolLunId": "string"
},
"storageType": "string"
}
},
"sbePartnerInfo": {
"credentialList": [
{
"eceSecretName": "string",
"secretLocation": "string",
"secretName": "string"
}
],
"partnerProperties": [
{
"name": "string",
"value": "string"
}
],
"sbeDeploymentInfo": {
"family": "string",
"publisher": "string",
"sbeManifestCreationDate": "string",
"sbeManifestSource": "string",
"version": "string"
}
}
}
],
"version": "string"
},
"deploymentMode": "string",
"operationType": "string"
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2026-04-01-preview' |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| properties | The resource-specific properties for this resource. | DeploymentSettingsProperties |
| type | The resource type | 'Microsoft.AzureStackHCI/clusters/deploymentSettings' |
AssemblyInfo
| Name | Description | Value |
|---|
DeploymentCluster
| Name | Description | Value |
|---|---|---|
| azureServiceEndpoint | For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. | string |
| cloudAccountName | Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. | string |
| clusterPattern | Cluster Pattern supported. | 'RackAware' 'Standard' |
| name | The cluster name provided when preparing Active Directory. | string |
| witnessPath | Specify the fileshare path for the local witness for your Azure Stack HCI cluster. | string |
| witnessType | Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. | string |
DeploymentConfiguration
| Name | Description | Value |
|---|---|---|
| scaleUnits | Scale units will contains list of deployment data | ScaleUnits[] (required) |
| version | deployment template version | string |
DeploymentData
| Name | Description | Value |
|---|---|---|
| adouPath | The path to the Active Directory Organizational Unit container object prepared for the deployment. | string |
| assemblyInfo | Assembly Package details for Validated Solution Recipe for AzureStackHCI Cluster | AssemblyInfo |
| cluster | Observability config to deploy AzureStackHCI Cluster. | DeploymentCluster |
| domainFqdn | FQDN to deploy cluster | string |
| hostNetwork | HostNetwork config to deploy AzureStackHCI Cluster. | DeploymentSettingHostNetwork |
| identityProvider | Identity Provider for the cluster | 'ActiveDirectory' 'LocalIdentity' |
| infrastructureNetwork | InfrastructureNetwork config to deploy AzureStackHCI Cluster. | InfrastructureNetwork[] |
| isManagementCluster | Is Management Cluster, when true indicates that the cluster is used for managing other clusters | bool |
| localAvailabilityZones | Local Availability Zone information for HCI cluster | LocalAvailabilityZones[] |
| namingPrefix | naming prefix to deploy cluster. | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability | Observability config to deploy AzureStackHCI Cluster. | Observability |
| optionalServices | OptionalServices config to deploy AzureStackHCI Cluster. | OptionalServices |
| physicalNodes | list of physical nodes config to deploy AzureStackHCI Cluster. | PhysicalNodes[] |
| sdnIntegration | SDN Integration config to deploy AzureStackHCI Cluster. | SdnIntegration |
| secrets | secrets used for cloud deployment. | EceDeploymentSecrets[] |
| secretsLocation | Azure key vault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. | string |
| securitySettings | SecuritySettings to deploy AzureStackHCI Cluster. | DeploymentSecuritySettings |
| storage | Storage config to deploy AzureStackHCI Cluster. | Storage |
DeploymentSecuritySettings
| Name | Description | Value |
|---|---|---|
| bitlockerBootVolume | When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. | bool |
| bitlockerDataVolumes | When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. | bool |
| credentialGuardEnforced | When set to true, Credential Guard is enabled. | bool |
| driftControlEnforced | When set to true, the security baseline is re-applied regularly. | bool |
| drtmProtection | By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. | bool |
| hvciProtection | By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. | bool |
| sideChannelMitigationEnforced | When set to true, all the side channel mitigations are enabled | bool |
| smbClusterEncryption | When set to true, cluster east-west traffic is encrypted. | bool |
| smbSigningEnforced | When set to true, the SMB default instance requires sign in for the client and server services. | bool |
| wdacEnforced | WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. | bool |
DeploymentSettingAdapterPropertyOverrides
| Name | Description | Value |
|---|---|---|
| jumboPacket | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirect | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirectTechnology | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' | string |
DeploymentSettingHostNetwork
| Name | Description | Value |
|---|---|---|
| enableStorageAutoIp | Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. | bool |
| intents | The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. | DeploymentSettingIntents[] |
| sanNetworks | SAN network configuration for the host network. Applicable when StorageType is 'SAN' or 'SANS2D'. | SanNetworks |
| storageConnectivitySwitchless | Defines how the storage adapters between nodes are connected either switch or switch less.. | bool |
| storageNetworks | List of StorageNetworks config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageNetworks[] |
DeploymentSettingIntents
| Name | Description | Value |
|---|---|---|
| adapter | Array of network interfaces used for the network intent. | string[] |
| adapterPropertyOverrides | Set Adapter PropertyOverrides for cluster. | DeploymentSettingAdapterPropertyOverrides |
| name | Name of the network intent you wish to create. | string |
| overrideAdapterProperty | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideQosPolicy | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideVirtualSwitchConfiguration | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| qosPolicyOverrides | Set QoS PolicyOverrides for cluster. | QosPolicyOverrides |
| trafficType | List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. | string[] |
| virtualSwitchConfigurationOverrides | Set virtualSwitch ConfigurationOverrides for cluster. | DeploymentSettingVirtualSwitchConfigurationOverrides |
DeploymentSettingsProperties
| Name | Description | Value |
|---|---|---|
| arcNodeResourceIds | Azure resource ids of Arc machines to be part of cluster. | string[] (required) |
| deploymentConfiguration | Scale units will contains list of deployment data | DeploymentConfiguration (required) |
| deploymentMode | The deployment mode for cluster deployment. | 'Deploy' 'Validate' (required) |
| operationType | The intended operation for a cluster. | 'ClusterProvisioning' 'ClusterUpgrade' |
DeploymentSettingStorageAdapterIPInfo
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
| physicalNode | storage adapter physical node name. | string |
| subnetMask | The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
DeploymentSettingStorageNetworks
| Name | Description | Value |
|---|---|---|
| name | Name of the storage network. | string |
| networkAdapterName | Name of the storage network adapter. | string |
| storageAdapterIPInfo | List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageAdapterIPInfo[] |
| vlanId | ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. | string |
DeploymentSettingVirtualSwitchConfigurationOverrides
| Name | Description | Value |
|---|---|---|
| enableIov | Enable IoV for Virtual Switch | string |
| loadBalancingAlgorithm | Load Balancing Algorithm for Virtual Switch | string |
DnsZones
| Name | Description | Value |
|---|---|---|
| dnsForwarder | Forwarder details of the DNS Zone to be configured. | string[] |
| dnsZoneName | Name of the DNS Zone to be configured. | string |
EceDeploymentSecrets
| Name | Description | Value |
|---|---|---|
| eceSecretName | Secret name expected for Enterprise Cloud Engine (ECE) deployment. | 'AzureStackLCMUserCredential' 'DefaultARBApplication' 'LocalAdminCredential' 'WitnessStorageKey' |
| secretLocation | Secret URI stored in keyvault. | string |
| secretName | Secret name stored in keyvault. | string |
InfrastructureNetwork
| Name | Description | Value |
|---|---|---|
| dnsServerConfig | Specifies how DNS servers are configured for the infrastructure network. Allowed values are 'UseDnsServer' to use the provided DNS servers, and 'UseForwarder' to use DNS forwarders. | 'UseDnsServer' 'UseForwarder' |
| dnsServers | IPv4 address of the DNS servers in your environment. | string[] |
| dnsZones | Details of the DNS Zones to be configured. | DnsZones[] |
| gateway | Default gateway that should be used for the provided IP address space. | string |
| ipPools | Range of IP addresses from which addresses are allocated for nodes within a subnet. | IpPools[] |
| subnetMask | Subnet mask that matches the provided IP address space. | string |
| useDhcp | Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required | bool |
IpPools
| Name | Description | Value |
|---|---|---|
| endingAddress | Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
| startingAddress | Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
LocalAvailabilityZones
| Name | Description | Value |
|---|---|---|
| localAvailabilityZoneName | Local Availability Zone name for HCI cluster | string |
| nodes | Nodes belonging to a particular zone | string[] |
NetworkController
| Name | Description | Value |
|---|---|---|
| macAddressPoolStart | macAddressPoolStart of network controller used for SDN Integration. | string |
| macAddressPoolStop | macAddressPoolStop of network controller used for SDN Integration. | string |
| networkVirtualizationEnabled | NetworkVirtualizationEnabled of network controller used for SDN Integration. | bool |
Observability
| Name | Description | Value |
|---|---|---|
| episodicDataUpload | When set to true, collects log data to facilitate quicker issue resolution. | bool |
| euLocation | Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. | bool |
| streamingDataClient | Enables telemetry data to be sent to Microsoft | bool |
OptionalServices
| Name | Description | Value |
|---|---|---|
| customLocation | The name of custom location. | string |
PhysicalNodes
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. | string |
| name | NETBIOS name of each physical server on your Azure Stack HCI cluster. | string |
QosPolicyOverrides
| Name | Description | Value |
|---|---|---|
| bandwidthPercentage_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_Cluster | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
SanAdapterIPConfig
| Name | Description | Value |
|---|---|---|
| addressPrefix | Subnet address prefix in CIDR notation (e.g., 10.10.30.0/24). | string |
| name | Logical name of the adapter IP configuration (e.g., clusterNetwork-A). | string |
| networkAdapterName | Physical NIC name (e.g., ethernet 3). | string |
| vlanId | VLAN ID (0-4095). Value of 0 or omitted means untagged. | int |
SanAdapterProperties
| Name | Description | Value |
|---|---|---|
| bandwidthPercentageSmb | SMB bandwidth percentage (1-97). | int |
| jumboPacket | Jumbo frame size in bytes. | int |
| priorityValue8021ActionCluster | 802.1p priority value for cluster traffic. | int |
| priorityValue8021ActionSmb | 802.1p priority value for SMB traffic. | int |
SanClusterNetworkConfig
| Name | Description | Value |
|---|---|---|
| adapterIPConfig | Per-adapter IP configuration for the cluster network. | SanAdapterIPConfig[] |
| adapterProperties | QoS and adapter overrides for the cluster network. | SanAdapterProperties |
SanNetworks
| Name | Description | Value |
|---|---|---|
| clusterNetworkConfig | Cluster (CSV/LiveMig) network configuration for SAN deployments. | SanClusterNetworkConfig |
SbeCredentials
| Name | Description | Value |
|---|---|---|
| eceSecretName | secret name expected for Enterprise Cloud Engine (ECE). | string |
| secretLocation | secret URI stored in keyvault. | string |
| secretName | secret name stored in keyvault. | string |
SbeDeploymentInfo
| Name | Description | Value |
|---|---|---|
| family | SBE family name. | string |
| publisher | SBE manifest publisher. | string |
| sbeManifestCreationDate | SBE Manifest Creation Date. | string |
| sbeManifestSource | SBE Manifest Source. | string |
| version | SBE package version. | string |
SbePartnerInfo
| Name | Description | Value |
|---|---|---|
| credentialList | SBE credentials list for AzureStackHCI cluster deployment. | SbeCredentials[] |
| partnerProperties | List of SBE partner properties for AzureStackHCI cluster deployment. | SbePartnerProperties[] |
| sbeDeploymentInfo | SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. | SbeDeploymentInfo |
SbePartnerProperties
| Name | Description | Value |
|---|---|---|
| name | SBE partner property name. | string |
| value | SBE partner property value. | string |
ScaleUnits
| Name | Description | Value |
|---|---|---|
| deploymentData | Deployment Data to deploy AzureStackHCI Cluster. | DeploymentData (required) |
| sbePartnerInfo | Solution builder extension (SBE) partner properties | SbePartnerInfo |
SdnIntegration
| Name | Description | Value |
|---|---|---|
| networkController | network controller config for SDN Integration to deploy AzureStackHCI Cluster. | NetworkController |
Storage
| Name | Description | Value |
|---|---|---|
| configurationMode | By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' | string |
| s2d | S2D (Storage Spaces Direct) configuration. Applicable when StorageType is 'S2D' or 'SANS2D'. | StorageS2DConfig |
| san | SAN (Storage Area Network) configuration. Applicable when StorageType is 'SAN' or 'SANS2D'. | StorageSanConfig |
| storageType | Storage type for the HCI Cluster. Allowed values are 'S2D', 'SAN', 'SANS2D'. | 'S2D' 'SAN' 'SANS2D' |
StorageS2DConfig
| Name | Description | Value |
|---|---|---|
| overprovisioningRatio | Overprovisioning ratio for S2D storage. Allowed values are '0', '1', '2'. | '0' '1' '2' |
| volumeType | Volume provisioning type. Allowed values are 'Fixed', 'ThinProvisioned'. | 'Fixed' 'ThinProvisioned' |
StorageSanConfig
| Name | Description | Value |
|---|---|---|
| infraPerfLunId | Infrastructure performance LUN ID. | string |
| infraVolLunId | Infrastructure volume LUN ID (e.g. PURE1234567890ABCDEF). | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The clusters/deploymentSettings resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AzureStackHCI/clusters/deploymentSettings@2026-04-01-preview"
name = "string"
parent_id = "string"
body = {
properties = {
arcNodeResourceIds = [
"string"
]
deploymentConfiguration = {
scaleUnits = [
{
deploymentData = {
adouPath = "string"
assemblyInfo = {
}
cluster = {
azureServiceEndpoint = "string"
cloudAccountName = "string"
clusterPattern = "string"
name = "string"
witnessPath = "string"
witnessType = "string"
}
domainFqdn = "string"
hostNetwork = {
enableStorageAutoIp = bool
intents = [
{
adapter = [
"string"
]
adapterPropertyOverrides = {
jumboPacket = "string"
networkDirect = "string"
networkDirectTechnology = "string"
}
name = "string"
overrideAdapterProperty = bool
overrideQosPolicy = bool
overrideVirtualSwitchConfiguration = bool
qosPolicyOverrides = {
bandwidthPercentage_SMB = "string"
priorityValue8021Action_Cluster = "string"
priorityValue8021Action_SMB = "string"
}
trafficType = [
"string"
]
virtualSwitchConfigurationOverrides = {
enableIov = "string"
loadBalancingAlgorithm = "string"
}
}
]
sanNetworks = {
clusterNetworkConfig = {
adapterIPConfig = [
{
addressPrefix = "string"
name = "string"
networkAdapterName = "string"
vlanId = int
}
]
adapterProperties = {
bandwidthPercentageSmb = int
jumboPacket = int
priorityValue8021ActionCluster = int
priorityValue8021ActionSmb = int
}
}
}
storageConnectivitySwitchless = bool
storageNetworks = [
{
name = "string"
networkAdapterName = "string"
storageAdapterIPInfo = [
{
ipv4Address = "string"
physicalNode = "string"
subnetMask = "string"
}
]
vlanId = "string"
}
]
}
identityProvider = "string"
infrastructureNetwork = [
{
dnsServerConfig = "string"
dnsServers = [
"string"
]
dnsZones = [
{
dnsForwarder = [
"string"
]
dnsZoneName = "string"
}
]
gateway = "string"
ipPools = [
{
endingAddress = "string"
startingAddress = "string"
}
]
subnetMask = "string"
useDhcp = bool
}
]
isManagementCluster = bool
localAvailabilityZones = [
{
localAvailabilityZoneName = "string"
nodes = [
"string"
]
}
]
namingPrefix = "string"
observability = {
episodicDataUpload = bool
euLocation = bool
streamingDataClient = bool
}
optionalServices = {
customLocation = "string"
}
physicalNodes = [
{
ipv4Address = "string"
name = "string"
}
]
sdnIntegration = {
networkController = {
macAddressPoolStart = "string"
macAddressPoolStop = "string"
networkVirtualizationEnabled = bool
}
}
secrets = [
{
eceSecretName = "string"
secretLocation = "string"
secretName = "string"
}
]
secretsLocation = "string"
securitySettings = {
bitlockerBootVolume = bool
bitlockerDataVolumes = bool
credentialGuardEnforced = bool
driftControlEnforced = bool
drtmProtection = bool
hvciProtection = bool
sideChannelMitigationEnforced = bool
smbClusterEncryption = bool
smbSigningEnforced = bool
wdacEnforced = bool
}
storage = {
configurationMode = "string"
s2d = {
overprovisioningRatio = "string"
volumeType = "string"
}
san = {
infraPerfLunId = "string"
infraVolLunId = "string"
}
storageType = "string"
}
}
sbePartnerInfo = {
credentialList = [
{
eceSecretName = "string"
secretLocation = "string"
secretName = "string"
}
]
partnerProperties = [
{
name = "string"
value = "string"
}
]
sbeDeploymentInfo = {
family = "string"
publisher = "string"
sbeManifestCreationDate = "string"
sbeManifestSource = "string"
version = "string"
}
}
}
]
version = "string"
}
deploymentMode = "string"
operationType = "string"
}
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: clusters |
| properties | The resource-specific properties for this resource. | DeploymentSettingsProperties |
| type | The resource type | "Microsoft.AzureStackHCI/clusters/deploymentSettings@2026-04-01-preview" |
AssemblyInfo
| Name | Description | Value |
|---|
DeploymentCluster
| Name | Description | Value |
|---|---|---|
| azureServiceEndpoint | For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. | string |
| cloudAccountName | Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. | string |
| clusterPattern | Cluster Pattern supported. | 'RackAware' 'Standard' |
| name | The cluster name provided when preparing Active Directory. | string |
| witnessPath | Specify the fileshare path for the local witness for your Azure Stack HCI cluster. | string |
| witnessType | Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. | string |
DeploymentConfiguration
| Name | Description | Value |
|---|---|---|
| scaleUnits | Scale units will contains list of deployment data | ScaleUnits[] (required) |
| version | deployment template version | string |
DeploymentData
| Name | Description | Value |
|---|---|---|
| adouPath | The path to the Active Directory Organizational Unit container object prepared for the deployment. | string |
| assemblyInfo | Assembly Package details for Validated Solution Recipe for AzureStackHCI Cluster | AssemblyInfo |
| cluster | Observability config to deploy AzureStackHCI Cluster. | DeploymentCluster |
| domainFqdn | FQDN to deploy cluster | string |
| hostNetwork | HostNetwork config to deploy AzureStackHCI Cluster. | DeploymentSettingHostNetwork |
| identityProvider | Identity Provider for the cluster | 'ActiveDirectory' 'LocalIdentity' |
| infrastructureNetwork | InfrastructureNetwork config to deploy AzureStackHCI Cluster. | InfrastructureNetwork[] |
| isManagementCluster | Is Management Cluster, when true indicates that the cluster is used for managing other clusters | bool |
| localAvailabilityZones | Local Availability Zone information for HCI cluster | LocalAvailabilityZones[] |
| namingPrefix | naming prefix to deploy cluster. | string Constraints: Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability | Observability config to deploy AzureStackHCI Cluster. | Observability |
| optionalServices | OptionalServices config to deploy AzureStackHCI Cluster. | OptionalServices |
| physicalNodes | list of physical nodes config to deploy AzureStackHCI Cluster. | PhysicalNodes[] |
| sdnIntegration | SDN Integration config to deploy AzureStackHCI Cluster. | SdnIntegration |
| secrets | secrets used for cloud deployment. | EceDeploymentSecrets[] |
| secretsLocation | Azure key vault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. | string |
| securitySettings | SecuritySettings to deploy AzureStackHCI Cluster. | DeploymentSecuritySettings |
| storage | Storage config to deploy AzureStackHCI Cluster. | Storage |
DeploymentSecuritySettings
| Name | Description | Value |
|---|---|---|
| bitlockerBootVolume | When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. | bool |
| bitlockerDataVolumes | When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. | bool |
| credentialGuardEnforced | When set to true, Credential Guard is enabled. | bool |
| driftControlEnforced | When set to true, the security baseline is re-applied regularly. | bool |
| drtmProtection | By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. | bool |
| hvciProtection | By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. | bool |
| sideChannelMitigationEnforced | When set to true, all the side channel mitigations are enabled | bool |
| smbClusterEncryption | When set to true, cluster east-west traffic is encrypted. | bool |
| smbSigningEnforced | When set to true, the SMB default instance requires sign in for the client and server services. | bool |
| wdacEnforced | WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. | bool |
DeploymentSettingAdapterPropertyOverrides
| Name | Description | Value |
|---|---|---|
| jumboPacket | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirect | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| networkDirectTechnology | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' | string |
DeploymentSettingHostNetwork
| Name | Description | Value |
|---|---|---|
| enableStorageAutoIp | Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. | bool |
| intents | The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. | DeploymentSettingIntents[] |
| sanNetworks | SAN network configuration for the host network. Applicable when StorageType is 'SAN' or 'SANS2D'. | SanNetworks |
| storageConnectivitySwitchless | Defines how the storage adapters between nodes are connected either switch or switch less.. | bool |
| storageNetworks | List of StorageNetworks config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageNetworks[] |
DeploymentSettingIntents
| Name | Description | Value |
|---|---|---|
| adapter | Array of network interfaces used for the network intent. | string[] |
| adapterPropertyOverrides | Set Adapter PropertyOverrides for cluster. | DeploymentSettingAdapterPropertyOverrides |
| name | Name of the network intent you wish to create. | string |
| overrideAdapterProperty | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideQosPolicy | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| overrideVirtualSwitchConfiguration | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | bool |
| qosPolicyOverrides | Set QoS PolicyOverrides for cluster. | QosPolicyOverrides |
| trafficType | List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. | string[] |
| virtualSwitchConfigurationOverrides | Set virtualSwitch ConfigurationOverrides for cluster. | DeploymentSettingVirtualSwitchConfigurationOverrides |
DeploymentSettingsProperties
| Name | Description | Value |
|---|---|---|
| arcNodeResourceIds | Azure resource ids of Arc machines to be part of cluster. | string[] (required) |
| deploymentConfiguration | Scale units will contains list of deployment data | DeploymentConfiguration (required) |
| deploymentMode | The deployment mode for cluster deployment. | 'Deploy' 'Validate' (required) |
| operationType | The intended operation for a cluster. | 'ClusterProvisioning' 'ClusterUpgrade' |
DeploymentSettingStorageAdapterIPInfo
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
| physicalNode | storage adapter physical node name. | string |
| subnetMask | The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. | string |
DeploymentSettingStorageNetworks
| Name | Description | Value |
|---|---|---|
| name | Name of the storage network. | string |
| networkAdapterName | Name of the storage network adapter. | string |
| storageAdapterIPInfo | List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. | DeploymentSettingStorageAdapterIPInfo[] |
| vlanId | ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. | string |
DeploymentSettingVirtualSwitchConfigurationOverrides
| Name | Description | Value |
|---|---|---|
| enableIov | Enable IoV for Virtual Switch | string |
| loadBalancingAlgorithm | Load Balancing Algorithm for Virtual Switch | string |
DnsZones
| Name | Description | Value |
|---|---|---|
| dnsForwarder | Forwarder details of the DNS Zone to be configured. | string[] |
| dnsZoneName | Name of the DNS Zone to be configured. | string |
EceDeploymentSecrets
| Name | Description | Value |
|---|---|---|
| eceSecretName | Secret name expected for Enterprise Cloud Engine (ECE) deployment. | 'AzureStackLCMUserCredential' 'DefaultARBApplication' 'LocalAdminCredential' 'WitnessStorageKey' |
| secretLocation | Secret URI stored in keyvault. | string |
| secretName | Secret name stored in keyvault. | string |
InfrastructureNetwork
| Name | Description | Value |
|---|---|---|
| dnsServerConfig | Specifies how DNS servers are configured for the infrastructure network. Allowed values are 'UseDnsServer' to use the provided DNS servers, and 'UseForwarder' to use DNS forwarders. | 'UseDnsServer' 'UseForwarder' |
| dnsServers | IPv4 address of the DNS servers in your environment. | string[] |
| dnsZones | Details of the DNS Zones to be configured. | DnsZones[] |
| gateway | Default gateway that should be used for the provided IP address space. | string |
| ipPools | Range of IP addresses from which addresses are allocated for nodes within a subnet. | IpPools[] |
| subnetMask | Subnet mask that matches the provided IP address space. | string |
| useDhcp | Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required | bool |
IpPools
| Name | Description | Value |
|---|---|---|
| endingAddress | Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
| startingAddress | Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. | string |
LocalAvailabilityZones
| Name | Description | Value |
|---|---|---|
| localAvailabilityZoneName | Local Availability Zone name for HCI cluster | string |
| nodes | Nodes belonging to a particular zone | string[] |
NetworkController
| Name | Description | Value |
|---|---|---|
| macAddressPoolStart | macAddressPoolStart of network controller used for SDN Integration. | string |
| macAddressPoolStop | macAddressPoolStop of network controller used for SDN Integration. | string |
| networkVirtualizationEnabled | NetworkVirtualizationEnabled of network controller used for SDN Integration. | bool |
Observability
| Name | Description | Value |
|---|---|---|
| episodicDataUpload | When set to true, collects log data to facilitate quicker issue resolution. | bool |
| euLocation | Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. | bool |
| streamingDataClient | Enables telemetry data to be sent to Microsoft | bool |
OptionalServices
| Name | Description | Value |
|---|---|---|
| customLocation | The name of custom location. | string |
PhysicalNodes
| Name | Description | Value |
|---|---|---|
| ipv4Address | The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. | string |
| name | NETBIOS name of each physical server on your Azure Stack HCI cluster. | string |
QosPolicyOverrides
| Name | Description | Value |
|---|---|---|
| bandwidthPercentage_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_Cluster | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
| priorityValue8021Action_SMB | This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. | string |
SanAdapterIPConfig
| Name | Description | Value |
|---|---|---|
| addressPrefix | Subnet address prefix in CIDR notation (e.g., 10.10.30.0/24). | string |
| name | Logical name of the adapter IP configuration (e.g., clusterNetwork-A). | string |
| networkAdapterName | Physical NIC name (e.g., ethernet 3). | string |
| vlanId | VLAN ID (0-4095). Value of 0 or omitted means untagged. | int |
SanAdapterProperties
| Name | Description | Value |
|---|---|---|
| bandwidthPercentageSmb | SMB bandwidth percentage (1-97). | int |
| jumboPacket | Jumbo frame size in bytes. | int |
| priorityValue8021ActionCluster | 802.1p priority value for cluster traffic. | int |
| priorityValue8021ActionSmb | 802.1p priority value for SMB traffic. | int |
SanClusterNetworkConfig
| Name | Description | Value |
|---|---|---|
| adapterIPConfig | Per-adapter IP configuration for the cluster network. | SanAdapterIPConfig[] |
| adapterProperties | QoS and adapter overrides for the cluster network. | SanAdapterProperties |
SanNetworks
| Name | Description | Value |
|---|---|---|
| clusterNetworkConfig | Cluster (CSV/LiveMig) network configuration for SAN deployments. | SanClusterNetworkConfig |
SbeCredentials
| Name | Description | Value |
|---|---|---|
| eceSecretName | secret name expected for Enterprise Cloud Engine (ECE). | string |
| secretLocation | secret URI stored in keyvault. | string |
| secretName | secret name stored in keyvault. | string |
SbeDeploymentInfo
| Name | Description | Value |
|---|---|---|
| family | SBE family name. | string |
| publisher | SBE manifest publisher. | string |
| sbeManifestCreationDate | SBE Manifest Creation Date. | string |
| sbeManifestSource | SBE Manifest Source. | string |
| version | SBE package version. | string |
SbePartnerInfo
| Name | Description | Value |
|---|---|---|
| credentialList | SBE credentials list for AzureStackHCI cluster deployment. | SbeCredentials[] |
| partnerProperties | List of SBE partner properties for AzureStackHCI cluster deployment. | SbePartnerProperties[] |
| sbeDeploymentInfo | SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. | SbeDeploymentInfo |
SbePartnerProperties
| Name | Description | Value |
|---|---|---|
| name | SBE partner property name. | string |
| value | SBE partner property value. | string |
ScaleUnits
| Name | Description | Value |
|---|---|---|
| deploymentData | Deployment Data to deploy AzureStackHCI Cluster. | DeploymentData (required) |
| sbePartnerInfo | Solution builder extension (SBE) partner properties | SbePartnerInfo |
SdnIntegration
| Name | Description | Value |
|---|---|---|
| networkController | network controller config for SDN Integration to deploy AzureStackHCI Cluster. | NetworkController |
Storage
| Name | Description | Value |
|---|---|---|
| configurationMode | By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' | string |
| s2d | S2D (Storage Spaces Direct) configuration. Applicable when StorageType is 'S2D' or 'SANS2D'. | StorageS2DConfig |
| san | SAN (Storage Area Network) configuration. Applicable when StorageType is 'SAN' or 'SANS2D'. | StorageSanConfig |
| storageType | Storage type for the HCI Cluster. Allowed values are 'S2D', 'SAN', 'SANS2D'. | 'S2D' 'SAN' 'SANS2D' |
StorageS2DConfig
| Name | Description | Value |
|---|---|---|
| overprovisioningRatio | Overprovisioning ratio for S2D storage. Allowed values are '0', '1', '2'. | '0' '1' '2' |
| volumeType | Volume provisioning type. Allowed values are 'Fixed', 'ThinProvisioned'. | 'Fixed' 'ThinProvisioned' |
StorageSanConfig
| Name | Description | Value |
|---|---|---|
| infraPerfLunId | Infrastructure performance LUN ID. | string |
| infraVolLunId | Infrastructure volume LUN ID (e.g. PURE1234567890ABCDEF). | string |