Bicep resource definition
The clusters/deploymentSettings resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-02-15-preview' = {
parent: resourceSymbolicName
name: 'string'
properties: {
arcNodeResourceIds: [
'string'
]
deploymentConfiguration: {
scaleUnits: [
{
deploymentData: {
adouPath: 'string'
cluster: {
azureServiceEndpoint: 'string'
cloudAccountName: 'string'
name: 'string'
witnessPath: 'string'
witnessType: 'string'
}
domainFqdn: 'string'
hostNetwork: {
enableStorageAutoIp: bool
intents: [
{
adapter: [
'string'
]
adapterPropertyOverrides: {
jumboPacket: 'string'
networkDirect: 'string'
networkDirectTechnology: 'string'
}
name: 'string'
overrideAdapterProperty: bool
overrideQosPolicy: bool
overrideVirtualSwitchConfiguration: bool
qosPolicyOverrides: {
bandwidthPercentage_SMB: 'string'
priorityValue8021Action_Cluster: 'string'
priorityValue8021Action_SMB: 'string'
}
trafficType: [
'string'
]
virtualSwitchConfigurationOverrides: {
enableIov: 'string'
loadBalancingAlgorithm: 'string'
}
}
]
storageConnectivitySwitchless: bool
storageNetworks: [
{
name: 'string'
networkAdapterName: 'string'
storageAdapterIPInfo: [
{
ipv4Address: 'string'
physicalNode: 'string'
subnetMask: 'string'
}
]
vlanId: 'string'
}
]
}
infrastructureNetwork: [
{
dnsServers: [
'string'
]
gateway: 'string'
ipPools: [
{
endingAddress: 'string'
startingAddress: 'string'
}
]
subnetMask: 'string'
useDhcp: bool
}
]
namingPrefix: 'string'
observability: {
episodicDataUpload: bool
euLocation: bool
streamingDataClient: bool
}
optionalServices: {
customLocation: 'string'
}
physicalNodes: [
{
ipv4Address: 'string'
name: 'string'
}
]
sdnIntegration: {
networkController: {
macAddressPoolStart: 'string'
macAddressPoolStop: 'string'
networkVirtualizationEnabled: bool
}
}
secrets: [
{
eceSecretName: 'string'
secretLocation: 'string'
secretName: 'string'
}
]
secretsLocation: 'string'
securitySettings: {
bitlockerBootVolume: bool
bitlockerDataVolumes: bool
credentialGuardEnforced: bool
driftControlEnforced: bool
drtmProtection: bool
hvciProtection: bool
sideChannelMitigationEnforced: bool
smbClusterEncryption: bool
smbSigningEnforced: bool
wdacEnforced: bool
}
storage: {
configurationMode: 'string'
}
}
sbePartnerInfo: {
credentialList: [
{
eceSecretName: 'string'
secretLocation: 'string'
secretName: 'string'
}
]
partnerProperties: [
{
name: 'string'
value: 'string'
}
]
sbeDeploymentInfo: {
family: 'string'
publisher: 'string'
sbeManifestCreationDate: 'string'
sbeManifestSource: 'string'
version: 'string'
}
}
}
]
version: 'string'
}
deploymentMode: 'string'
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name |
Description |
Value |
| name |
The resource name |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| parent |
In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.
For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: clusters |
| properties |
The resource-specific properties for this resource. |
DeploymentSettingsProperties |
AdapterPropertyOverrides
| Name |
Description |
Value |
| jumboPacket |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirect |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirectTechnology |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' |
string |
DeploymentCluster
| Name |
Description |
Value |
| azureServiceEndpoint |
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. |
string |
| cloudAccountName |
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. |
string |
| name |
The cluster name provided when preparing Active Directory. |
string |
| witnessPath |
Specify the fileshare path for the local witness for your Azure Stack HCI cluster. |
string |
| witnessType |
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. |
string |
DeploymentConfiguration
| Name |
Description |
Value |
| scaleUnits |
Scale units will contains list of deployment data |
ScaleUnits[] (required) |
| version |
deployment template version |
string |
DeploymentData
| Name |
Description |
Value |
| adouPath |
The path to the Active Directory Organizational Unit container object prepared for the deployment. |
string |
| cluster |
Observability config to deploy AzureStackHCI Cluster. |
DeploymentCluster |
| domainFqdn |
FQDN to deploy cluster |
string |
| hostNetwork |
HostNetwork config to deploy AzureStackHCI Cluster. |
HostNetwork |
| infrastructureNetwork |
InfrastructureNetwork config to deploy AzureStackHCI Cluster. |
InfrastructureNetwork[] |
| namingPrefix |
naming prefix to deploy cluster. |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability |
Observability config to deploy AzureStackHCI Cluster. |
Observability |
| optionalServices |
OptionalServices config to deploy AzureStackHCI Cluster. |
OptionalServices |
| physicalNodes |
list of physical nodes config to deploy AzureStackHCI Cluster. |
PhysicalNodes[] |
| sdnIntegration |
SDN Integration config to deploy AzureStackHCI Cluster. |
SdnIntegration |
| secrets |
secrets used for cloud deployment. |
EceDeploymentSecrets[] |
| secretsLocation |
Azure keyvault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. |
string |
| securitySettings |
SecuritySettings to deploy AzureStackHCI Cluster. |
DeploymentSecuritySettings |
| storage |
Storage config to deploy AzureStackHCI Cluster. |
Storage |
DeploymentSecuritySettings
| Name |
Description |
Value |
| bitlockerBootVolume |
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. |
bool |
| bitlockerDataVolumes |
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. |
bool |
| credentialGuardEnforced |
When set to true, Credential Guard is enabled. |
bool |
| driftControlEnforced |
When set to true, the security baseline is re-applied regularly. |
bool |
| drtmProtection |
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. |
bool |
| hvciProtection |
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. |
bool |
| sideChannelMitigationEnforced |
When set to true, all the side channel mitigations are enabled |
bool |
| smbClusterEncryption |
When set to true, cluster east-west traffic is encrypted. |
bool |
| smbSigningEnforced |
When set to true, the SMB default instance requires sign in for the client and server services. |
bool |
| wdacEnforced |
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. |
bool |
DeploymentSettingsProperties
| Name |
Description |
Value |
| arcNodeResourceIds |
Azure resource ids of Arc machines to be part of cluster. |
string[] (required) |
| deploymentConfiguration |
Scale units will contains list of deployment data |
DeploymentConfiguration (required) |
| deploymentMode |
The deployment mode for cluster deployment. |
'Deploy'
'Validate' (required) |
EceDeploymentSecrets
| Name |
Description |
Value |
| eceSecretName |
Secret name expected for Enterprise Cloud Engine (ECE) deployment. |
'AzureStackLCMUserCredential'
'DefaultARBApplication'
'LocalAdminCredential'
'WitnessStorageKey' |
| secretLocation |
Secret URI stored in keyvault. |
string |
| secretName |
Secret name stored in keyvault. |
string |
HostNetwork
| Name |
Description |
Value |
| enableStorageAutoIp |
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. |
bool |
| intents |
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. |
Intents[] |
| storageConnectivitySwitchless |
Defines how the storage adapters between nodes are connected either switch or switch less.. |
bool |
| storageNetworks |
List of StorageNetworks config to deploy AzureStackHCI Cluster. |
StorageNetworks[] |
InfrastructureNetwork
| Name |
Description |
Value |
| dnsServers |
IPv4 address of the DNS servers in your environment. |
string[] |
| gateway |
Default gateway that should be used for the provided IP address space. |
string |
| ipPools |
Range of IP addresses from which addresses are allocated for nodes within a subnet. |
IpPools[] |
| subnetMask |
Subnet mask that matches the provided IP address space. |
string |
| useDhcp |
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required |
bool |
Intents
| Name |
Description |
Value |
| adapter |
Array of network interfaces used for the network intent. |
string[] |
| adapterPropertyOverrides |
Set Adapter PropertyOverrides for cluster. |
AdapterPropertyOverrides |
| name |
Name of the network intent you wish to create. |
string |
| overrideAdapterProperty |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideQosPolicy |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideVirtualSwitchConfiguration |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| qosPolicyOverrides |
Set QoS PolicyOverrides for cluster. |
QosPolicyOverrides |
| trafficType |
List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. |
string[] |
| virtualSwitchConfigurationOverrides |
Set virtualSwitch ConfigurationOverrides for cluster. |
VirtualSwitchConfigurationOverrides |
IpPools
| Name |
Description |
Value |
| endingAddress |
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
| startingAddress |
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
NetworkController
| Name |
Description |
Value |
| macAddressPoolStart |
macAddressPoolStart of network controller used for SDN Integration. |
string |
| macAddressPoolStop |
macAddressPoolStop of network controller used for SDN Integration. |
string |
| networkVirtualizationEnabled |
NetworkVirtualizationEnabled of network controller used for SDN Integration. |
bool |
Observability
| Name |
Description |
Value |
| episodicDataUpload |
When set to true, collects log data to facilitate quicker issue resolution. |
bool |
| euLocation |
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. |
bool |
| streamingDataClient |
Enables telemetry data to be sent to Microsoft |
bool |
OptionalServices
| Name |
Description |
Value |
| customLocation |
The name of custom location. |
string |
PhysicalNodes
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. |
string |
| name |
NETBIOS name of each physical server on your Azure Stack HCI cluster. |
string |
QosPolicyOverrides
| Name |
Description |
Value |
| bandwidthPercentage_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_Cluster |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
SbeCredentials
| Name |
Description |
Value |
| eceSecretName |
secret name expected for Enterprise Cloud Engine (ECE). |
string |
| secretLocation |
secret URI stored in keyvault. |
string |
| secretName |
secret name stored in keyvault. |
string |
SbeDeploymentInfo
| Name |
Description |
Value |
| family |
SBE family name. |
string |
| publisher |
SBE manifest publisher. |
string |
| sbeManifestCreationDate |
SBE Manifest Creation Date. |
string |
| sbeManifestSource |
SBE Manifest Source. |
string |
| version |
SBE package version. |
string |
SbePartnerInfo
| Name |
Description |
Value |
| credentialList |
SBE credentials list for AzureStackHCI cluster deployment. |
SbeCredentials[] |
| partnerProperties |
List of SBE partner properties for AzureStackHCI cluster deployment. |
SbePartnerProperties[] |
| sbeDeploymentInfo |
SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. |
SbeDeploymentInfo |
SbePartnerProperties
| Name |
Description |
Value |
| name |
SBE partner property name. |
string |
| value |
SBE partner property value. |
string |
ScaleUnits
| Name |
Description |
Value |
| deploymentData |
Deployment Data to deploy AzureStackHCI Cluster. |
DeploymentData (required) |
| sbePartnerInfo |
Solution builder extension (SBE) partner properties |
SbePartnerInfo |
SdnIntegration
| Name |
Description |
Value |
| networkController |
network controller config for SDN Integration to deploy AzureStackHCI Cluster. |
NetworkController |
Storage
| Name |
Description |
Value |
| configurationMode |
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' |
string |
StorageAdapterIPInfo
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
| physicalNode |
storage adapter physical node name. |
string |
| subnetMask |
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
StorageNetworks
| Name |
Description |
Value |
| name |
Name of the storage network. |
string |
| networkAdapterName |
Name of the storage network adapter. |
string |
| storageAdapterIPInfo |
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. |
StorageAdapterIPInfo[] |
| vlanId |
ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. |
string |
VirtualSwitchConfigurationOverrides
| Name |
Description |
Value |
| enableIov |
Enable IoV for Virtual Switch |
string |
| loadBalancingAlgorithm |
Load Balancing Algorithm for Virtual Switch |
string |
ARM template resource definition
The clusters/deploymentSettings resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following JSON to your template.
{
"type": "Microsoft.AzureStackHCI/clusters/deploymentSettings",
"apiVersion": "2024-02-15-preview",
"name": "string",
"properties": {
"arcNodeResourceIds": [ "string" ],
"deploymentConfiguration": {
"scaleUnits": [
{
"deploymentData": {
"adouPath": "string",
"cluster": {
"azureServiceEndpoint": "string",
"cloudAccountName": "string",
"name": "string",
"witnessPath": "string",
"witnessType": "string"
},
"domainFqdn": "string",
"hostNetwork": {
"enableStorageAutoIp": "bool",
"intents": [
{
"adapter": [ "string" ],
"adapterPropertyOverrides": {
"jumboPacket": "string",
"networkDirect": "string",
"networkDirectTechnology": "string"
},
"name": "string",
"overrideAdapterProperty": "bool",
"overrideQosPolicy": "bool",
"overrideVirtualSwitchConfiguration": "bool",
"qosPolicyOverrides": {
"bandwidthPercentage_SMB": "string",
"priorityValue8021Action_Cluster": "string",
"priorityValue8021Action_SMB": "string"
},
"trafficType": [ "string" ],
"virtualSwitchConfigurationOverrides": {
"enableIov": "string",
"loadBalancingAlgorithm": "string"
}
}
],
"storageConnectivitySwitchless": "bool",
"storageNetworks": [
{
"name": "string",
"networkAdapterName": "string",
"storageAdapterIPInfo": [
{
"ipv4Address": "string",
"physicalNode": "string",
"subnetMask": "string"
}
],
"vlanId": "string"
}
]
},
"infrastructureNetwork": [
{
"dnsServers": [ "string" ],
"gateway": "string",
"ipPools": [
{
"endingAddress": "string",
"startingAddress": "string"
}
],
"subnetMask": "string",
"useDhcp": "bool"
}
],
"namingPrefix": "string",
"observability": {
"episodicDataUpload": "bool",
"euLocation": "bool",
"streamingDataClient": "bool"
},
"optionalServices": {
"customLocation": "string"
},
"physicalNodes": [
{
"ipv4Address": "string",
"name": "string"
}
],
"sdnIntegration": {
"networkController": {
"macAddressPoolStart": "string",
"macAddressPoolStop": "string",
"networkVirtualizationEnabled": "bool"
}
},
"secrets": [
{
"eceSecretName": "string",
"secretLocation": "string",
"secretName": "string"
}
],
"secretsLocation": "string",
"securitySettings": {
"bitlockerBootVolume": "bool",
"bitlockerDataVolumes": "bool",
"credentialGuardEnforced": "bool",
"driftControlEnforced": "bool",
"drtmProtection": "bool",
"hvciProtection": "bool",
"sideChannelMitigationEnforced": "bool",
"smbClusterEncryption": "bool",
"smbSigningEnforced": "bool",
"wdacEnforced": "bool"
},
"storage": {
"configurationMode": "string"
}
},
"sbePartnerInfo": {
"credentialList": [
{
"eceSecretName": "string",
"secretLocation": "string",
"secretName": "string"
}
],
"partnerProperties": [
{
"name": "string",
"value": "string"
}
],
"sbeDeploymentInfo": {
"family": "string",
"publisher": "string",
"sbeManifestCreationDate": "string",
"sbeManifestSource": "string",
"version": "string"
}
}
}
],
"version": "string"
},
"deploymentMode": "string"
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name |
Description |
Value |
| apiVersion |
The api version |
'2024-02-15-preview' |
| name |
The resource name |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| properties |
The resource-specific properties for this resource. |
DeploymentSettingsProperties |
| type |
The resource type |
'Microsoft.AzureStackHCI/clusters/deploymentSettings' |
AdapterPropertyOverrides
| Name |
Description |
Value |
| jumboPacket |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirect |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirectTechnology |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' |
string |
DeploymentCluster
| Name |
Description |
Value |
| azureServiceEndpoint |
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. |
string |
| cloudAccountName |
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. |
string |
| name |
The cluster name provided when preparing Active Directory. |
string |
| witnessPath |
Specify the fileshare path for the local witness for your Azure Stack HCI cluster. |
string |
| witnessType |
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. |
string |
DeploymentConfiguration
| Name |
Description |
Value |
| scaleUnits |
Scale units will contains list of deployment data |
ScaleUnits[] (required) |
| version |
deployment template version |
string |
DeploymentData
| Name |
Description |
Value |
| adouPath |
The path to the Active Directory Organizational Unit container object prepared for the deployment. |
string |
| cluster |
Observability config to deploy AzureStackHCI Cluster. |
DeploymentCluster |
| domainFqdn |
FQDN to deploy cluster |
string |
| hostNetwork |
HostNetwork config to deploy AzureStackHCI Cluster. |
HostNetwork |
| infrastructureNetwork |
InfrastructureNetwork config to deploy AzureStackHCI Cluster. |
InfrastructureNetwork[] |
| namingPrefix |
naming prefix to deploy cluster. |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability |
Observability config to deploy AzureStackHCI Cluster. |
Observability |
| optionalServices |
OptionalServices config to deploy AzureStackHCI Cluster. |
OptionalServices |
| physicalNodes |
list of physical nodes config to deploy AzureStackHCI Cluster. |
PhysicalNodes[] |
| sdnIntegration |
SDN Integration config to deploy AzureStackHCI Cluster. |
SdnIntegration |
| secrets |
secrets used for cloud deployment. |
EceDeploymentSecrets[] |
| secretsLocation |
Azure keyvault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. |
string |
| securitySettings |
SecuritySettings to deploy AzureStackHCI Cluster. |
DeploymentSecuritySettings |
| storage |
Storage config to deploy AzureStackHCI Cluster. |
Storage |
DeploymentSecuritySettings
| Name |
Description |
Value |
| bitlockerBootVolume |
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. |
bool |
| bitlockerDataVolumes |
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. |
bool |
| credentialGuardEnforced |
When set to true, Credential Guard is enabled. |
bool |
| driftControlEnforced |
When set to true, the security baseline is re-applied regularly. |
bool |
| drtmProtection |
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. |
bool |
| hvciProtection |
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. |
bool |
| sideChannelMitigationEnforced |
When set to true, all the side channel mitigations are enabled |
bool |
| smbClusterEncryption |
When set to true, cluster east-west traffic is encrypted. |
bool |
| smbSigningEnforced |
When set to true, the SMB default instance requires sign in for the client and server services. |
bool |
| wdacEnforced |
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. |
bool |
DeploymentSettingsProperties
| Name |
Description |
Value |
| arcNodeResourceIds |
Azure resource ids of Arc machines to be part of cluster. |
string[] (required) |
| deploymentConfiguration |
Scale units will contains list of deployment data |
DeploymentConfiguration (required) |
| deploymentMode |
The deployment mode for cluster deployment. |
'Deploy'
'Validate' (required) |
EceDeploymentSecrets
| Name |
Description |
Value |
| eceSecretName |
Secret name expected for Enterprise Cloud Engine (ECE) deployment. |
'AzureStackLCMUserCredential'
'DefaultARBApplication'
'LocalAdminCredential'
'WitnessStorageKey' |
| secretLocation |
Secret URI stored in keyvault. |
string |
| secretName |
Secret name stored in keyvault. |
string |
HostNetwork
| Name |
Description |
Value |
| enableStorageAutoIp |
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. |
bool |
| intents |
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. |
Intents[] |
| storageConnectivitySwitchless |
Defines how the storage adapters between nodes are connected either switch or switch less.. |
bool |
| storageNetworks |
List of StorageNetworks config to deploy AzureStackHCI Cluster. |
StorageNetworks[] |
InfrastructureNetwork
| Name |
Description |
Value |
| dnsServers |
IPv4 address of the DNS servers in your environment. |
string[] |
| gateway |
Default gateway that should be used for the provided IP address space. |
string |
| ipPools |
Range of IP addresses from which addresses are allocated for nodes within a subnet. |
IpPools[] |
| subnetMask |
Subnet mask that matches the provided IP address space. |
string |
| useDhcp |
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required |
bool |
Intents
| Name |
Description |
Value |
| adapter |
Array of network interfaces used for the network intent. |
string[] |
| adapterPropertyOverrides |
Set Adapter PropertyOverrides for cluster. |
AdapterPropertyOverrides |
| name |
Name of the network intent you wish to create. |
string |
| overrideAdapterProperty |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideQosPolicy |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideVirtualSwitchConfiguration |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| qosPolicyOverrides |
Set QoS PolicyOverrides for cluster. |
QosPolicyOverrides |
| trafficType |
List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. |
string[] |
| virtualSwitchConfigurationOverrides |
Set virtualSwitch ConfigurationOverrides for cluster. |
VirtualSwitchConfigurationOverrides |
IpPools
| Name |
Description |
Value |
| endingAddress |
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
| startingAddress |
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
NetworkController
| Name |
Description |
Value |
| macAddressPoolStart |
macAddressPoolStart of network controller used for SDN Integration. |
string |
| macAddressPoolStop |
macAddressPoolStop of network controller used for SDN Integration. |
string |
| networkVirtualizationEnabled |
NetworkVirtualizationEnabled of network controller used for SDN Integration. |
bool |
Observability
| Name |
Description |
Value |
| episodicDataUpload |
When set to true, collects log data to facilitate quicker issue resolution. |
bool |
| euLocation |
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. |
bool |
| streamingDataClient |
Enables telemetry data to be sent to Microsoft |
bool |
OptionalServices
| Name |
Description |
Value |
| customLocation |
The name of custom location. |
string |
PhysicalNodes
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. |
string |
| name |
NETBIOS name of each physical server on your Azure Stack HCI cluster. |
string |
QosPolicyOverrides
| Name |
Description |
Value |
| bandwidthPercentage_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_Cluster |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
SbeCredentials
| Name |
Description |
Value |
| eceSecretName |
secret name expected for Enterprise Cloud Engine (ECE). |
string |
| secretLocation |
secret URI stored in keyvault. |
string |
| secretName |
secret name stored in keyvault. |
string |
SbeDeploymentInfo
| Name |
Description |
Value |
| family |
SBE family name. |
string |
| publisher |
SBE manifest publisher. |
string |
| sbeManifestCreationDate |
SBE Manifest Creation Date. |
string |
| sbeManifestSource |
SBE Manifest Source. |
string |
| version |
SBE package version. |
string |
SbePartnerInfo
| Name |
Description |
Value |
| credentialList |
SBE credentials list for AzureStackHCI cluster deployment. |
SbeCredentials[] |
| partnerProperties |
List of SBE partner properties for AzureStackHCI cluster deployment. |
SbePartnerProperties[] |
| sbeDeploymentInfo |
SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. |
SbeDeploymentInfo |
SbePartnerProperties
| Name |
Description |
Value |
| name |
SBE partner property name. |
string |
| value |
SBE partner property value. |
string |
ScaleUnits
| Name |
Description |
Value |
| deploymentData |
Deployment Data to deploy AzureStackHCI Cluster. |
DeploymentData (required) |
| sbePartnerInfo |
Solution builder extension (SBE) partner properties |
SbePartnerInfo |
SdnIntegration
| Name |
Description |
Value |
| networkController |
network controller config for SDN Integration to deploy AzureStackHCI Cluster. |
NetworkController |
Storage
| Name |
Description |
Value |
| configurationMode |
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' |
string |
StorageAdapterIPInfo
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
| physicalNode |
storage adapter physical node name. |
string |
| subnetMask |
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
StorageNetworks
| Name |
Description |
Value |
| name |
Name of the storage network. |
string |
| networkAdapterName |
Name of the storage network adapter. |
string |
| storageAdapterIPInfo |
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. |
StorageAdapterIPInfo[] |
| vlanId |
ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. |
string |
VirtualSwitchConfigurationOverrides
| Name |
Description |
Value |
| enableIov |
Enable IoV for Virtual Switch |
string |
| loadBalancingAlgorithm |
Load Balancing Algorithm for Virtual Switch |
string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
The clusters/deploymentSettings resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.AzureStackHCI/clusters/deploymentSettings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-02-15-preview"
name = "string"
parent_id = "string"
body = {
properties = {
arcNodeResourceIds = [
"string"
]
deploymentConfiguration = {
scaleUnits = [
{
deploymentData = {
adouPath = "string"
cluster = {
azureServiceEndpoint = "string"
cloudAccountName = "string"
name = "string"
witnessPath = "string"
witnessType = "string"
}
domainFqdn = "string"
hostNetwork = {
enableStorageAutoIp = bool
intents = [
{
adapter = [
"string"
]
adapterPropertyOverrides = {
jumboPacket = "string"
networkDirect = "string"
networkDirectTechnology = "string"
}
name = "string"
overrideAdapterProperty = bool
overrideQosPolicy = bool
overrideVirtualSwitchConfiguration = bool
qosPolicyOverrides = {
bandwidthPercentage_SMB = "string"
priorityValue8021Action_Cluster = "string"
priorityValue8021Action_SMB = "string"
}
trafficType = [
"string"
]
virtualSwitchConfigurationOverrides = {
enableIov = "string"
loadBalancingAlgorithm = "string"
}
}
]
storageConnectivitySwitchless = bool
storageNetworks = [
{
name = "string"
networkAdapterName = "string"
storageAdapterIPInfo = [
{
ipv4Address = "string"
physicalNode = "string"
subnetMask = "string"
}
]
vlanId = "string"
}
]
}
infrastructureNetwork = [
{
dnsServers = [
"string"
]
gateway = "string"
ipPools = [
{
endingAddress = "string"
startingAddress = "string"
}
]
subnetMask = "string"
useDhcp = bool
}
]
namingPrefix = "string"
observability = {
episodicDataUpload = bool
euLocation = bool
streamingDataClient = bool
}
optionalServices = {
customLocation = "string"
}
physicalNodes = [
{
ipv4Address = "string"
name = "string"
}
]
sdnIntegration = {
networkController = {
macAddressPoolStart = "string"
macAddressPoolStop = "string"
networkVirtualizationEnabled = bool
}
}
secrets = [
{
eceSecretName = "string"
secretLocation = "string"
secretName = "string"
}
]
secretsLocation = "string"
securitySettings = {
bitlockerBootVolume = bool
bitlockerDataVolumes = bool
credentialGuardEnforced = bool
driftControlEnforced = bool
drtmProtection = bool
hvciProtection = bool
sideChannelMitigationEnforced = bool
smbClusterEncryption = bool
smbSigningEnforced = bool
wdacEnforced = bool
}
storage = {
configurationMode = "string"
}
}
sbePartnerInfo = {
credentialList = [
{
eceSecretName = "string"
secretLocation = "string"
secretName = "string"
}
]
partnerProperties = [
{
name = "string"
value = "string"
}
]
sbeDeploymentInfo = {
family = "string"
publisher = "string"
sbeManifestCreationDate = "string"
sbeManifestSource = "string"
version = "string"
}
}
}
]
version = "string"
}
deploymentMode = "string"
}
}
}
Property Values
Microsoft.AzureStackHCI/clusters/deploymentSettings
| Name |
Description |
Value |
| name |
The resource name |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{3,24}$ (required) |
| parent_id |
The ID of the resource that is the parent for this resource. |
ID for resource of type: clusters |
| properties |
The resource-specific properties for this resource. |
DeploymentSettingsProperties |
| type |
The resource type |
"Microsoft.AzureStackHCI/clusters/deploymentSettings@2024-02-15-preview" |
AdapterPropertyOverrides
| Name |
Description |
Value |
| jumboPacket |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirect |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| networkDirectTechnology |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE' |
string |
DeploymentCluster
| Name |
Description |
Value |
| azureServiceEndpoint |
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net. |
string |
| cloudAccountName |
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster. |
string |
| name |
The cluster name provided when preparing Active Directory. |
string |
| witnessPath |
Specify the fileshare path for the local witness for your Azure Stack HCI cluster. |
string |
| witnessType |
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'. |
string |
DeploymentConfiguration
| Name |
Description |
Value |
| scaleUnits |
Scale units will contains list of deployment data |
ScaleUnits[] (required) |
| version |
deployment template version |
string |
DeploymentData
| Name |
Description |
Value |
| adouPath |
The path to the Active Directory Organizational Unit container object prepared for the deployment. |
string |
| cluster |
Observability config to deploy AzureStackHCI Cluster. |
DeploymentCluster |
| domainFqdn |
FQDN to deploy cluster |
string |
| hostNetwork |
HostNetwork config to deploy AzureStackHCI Cluster. |
HostNetwork |
| infrastructureNetwork |
InfrastructureNetwork config to deploy AzureStackHCI Cluster. |
InfrastructureNetwork[] |
| namingPrefix |
naming prefix to deploy cluster. |
string
Constraints:
Pattern = ^[a-zA-Z0-9-]{1,8}$ |
| observability |
Observability config to deploy AzureStackHCI Cluster. |
Observability |
| optionalServices |
OptionalServices config to deploy AzureStackHCI Cluster. |
OptionalServices |
| physicalNodes |
list of physical nodes config to deploy AzureStackHCI Cluster. |
PhysicalNodes[] |
| sdnIntegration |
SDN Integration config to deploy AzureStackHCI Cluster. |
SdnIntegration |
| secrets |
secrets used for cloud deployment. |
EceDeploymentSecrets[] |
| secretsLocation |
Azure keyvault endpoint. This property is deprecated from 2023-12-01-preview. Please use secrets property instead. |
string |
| securitySettings |
SecuritySettings to deploy AzureStackHCI Cluster. |
DeploymentSecuritySettings |
| storage |
Storage config to deploy AzureStackHCI Cluster. |
Storage |
DeploymentSecuritySettings
| Name |
Description |
Value |
| bitlockerBootVolume |
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent. |
bool |
| bitlockerDataVolumes |
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes. |
bool |
| credentialGuardEnforced |
When set to true, Credential Guard is enabled. |
bool |
| driftControlEnforced |
When set to true, the security baseline is re-applied regularly. |
bool |
| drtmProtection |
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent. |
bool |
| hvciProtection |
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster. |
bool |
| sideChannelMitigationEnforced |
When set to true, all the side channel mitigations are enabled |
bool |
| smbClusterEncryption |
When set to true, cluster east-west traffic is encrypted. |
bool |
| smbSigningEnforced |
When set to true, the SMB default instance requires sign in for the client and server services. |
bool |
| wdacEnforced |
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster. |
bool |
DeploymentSettingsProperties
| Name |
Description |
Value |
| arcNodeResourceIds |
Azure resource ids of Arc machines to be part of cluster. |
string[] (required) |
| deploymentConfiguration |
Scale units will contains list of deployment data |
DeploymentConfiguration (required) |
| deploymentMode |
The deployment mode for cluster deployment. |
'Deploy'
'Validate' (required) |
EceDeploymentSecrets
| Name |
Description |
Value |
| eceSecretName |
Secret name expected for Enterprise Cloud Engine (ECE) deployment. |
'AzureStackLCMUserCredential'
'DefaultARBApplication'
'LocalAdminCredential'
'WitnessStorageKey' |
| secretLocation |
Secret URI stored in keyvault. |
string |
| secretName |
Secret name stored in keyvault. |
string |
HostNetwork
| Name |
Description |
Value |
| enableStorageAutoIp |
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically. |
bool |
| intents |
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM. |
Intents[] |
| storageConnectivitySwitchless |
Defines how the storage adapters between nodes are connected either switch or switch less.. |
bool |
| storageNetworks |
List of StorageNetworks config to deploy AzureStackHCI Cluster. |
StorageNetworks[] |
InfrastructureNetwork
| Name |
Description |
Value |
| dnsServers |
IPv4 address of the DNS servers in your environment. |
string[] |
| gateway |
Default gateway that should be used for the provided IP address space. |
string |
| ipPools |
Range of IP addresses from which addresses are allocated for nodes within a subnet. |
IpPools[] |
| subnetMask |
Subnet mask that matches the provided IP address space. |
string |
| useDhcp |
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required |
bool |
Intents
| Name |
Description |
Value |
| adapter |
Array of network interfaces used for the network intent. |
string[] |
| adapterPropertyOverrides |
Set Adapter PropertyOverrides for cluster. |
AdapterPropertyOverrides |
| name |
Name of the network intent you wish to create. |
string |
| overrideAdapterProperty |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideQosPolicy |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| overrideVirtualSwitchConfiguration |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
bool |
| qosPolicyOverrides |
Set QoS PolicyOverrides for cluster. |
QosPolicyOverrides |
| trafficType |
List of network traffic types. Only allowed values are 'Compute', 'Storage', 'Management'. |
string[] |
| virtualSwitchConfigurationOverrides |
Set virtualSwitch ConfigurationOverrides for cluster. |
VirtualSwitchConfigurationOverrides |
IpPools
| Name |
Description |
Value |
| endingAddress |
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
| startingAddress |
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering. |
string |
NetworkController
| Name |
Description |
Value |
| macAddressPoolStart |
macAddressPoolStart of network controller used for SDN Integration. |
string |
| macAddressPoolStop |
macAddressPoolStop of network controller used for SDN Integration. |
string |
| networkVirtualizationEnabled |
NetworkVirtualizationEnabled of network controller used for SDN Integration. |
bool |
Observability
| Name |
Description |
Value |
| episodicDataUpload |
When set to true, collects log data to facilitate quicker issue resolution. |
bool |
| euLocation |
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU. |
bool |
| streamingDataClient |
Enables telemetry data to be sent to Microsoft |
bool |
OptionalServices
| Name |
Description |
Value |
| customLocation |
The name of custom location. |
string |
PhysicalNodes
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster. |
string |
| name |
NETBIOS name of each physical server on your Azure Stack HCI cluster. |
string |
QosPolicyOverrides
| Name |
Description |
Value |
| bandwidthPercentage_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_Cluster |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
| priorityValue8021Action_SMB |
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. |
string |
SbeCredentials
| Name |
Description |
Value |
| eceSecretName |
secret name expected for Enterprise Cloud Engine (ECE). |
string |
| secretLocation |
secret URI stored in keyvault. |
string |
| secretName |
secret name stored in keyvault. |
string |
SbeDeploymentInfo
| Name |
Description |
Value |
| family |
SBE family name. |
string |
| publisher |
SBE manifest publisher. |
string |
| sbeManifestCreationDate |
SBE Manifest Creation Date. |
string |
| sbeManifestSource |
SBE Manifest Source. |
string |
| version |
SBE package version. |
string |
SbePartnerInfo
| Name |
Description |
Value |
| credentialList |
SBE credentials list for AzureStackHCI cluster deployment. |
SbeCredentials[] |
| partnerProperties |
List of SBE partner properties for AzureStackHCI cluster deployment. |
SbePartnerProperties[] |
| sbeDeploymentInfo |
SBE package and manifest information for the solution Builder Extension staged for AzureStackHCI cluster deployment. |
SbeDeploymentInfo |
SbePartnerProperties
| Name |
Description |
Value |
| name |
SBE partner property name. |
string |
| value |
SBE partner property value. |
string |
ScaleUnits
| Name |
Description |
Value |
| deploymentData |
Deployment Data to deploy AzureStackHCI Cluster. |
DeploymentData (required) |
| sbePartnerInfo |
Solution builder extension (SBE) partner properties |
SbePartnerInfo |
SdnIntegration
| Name |
Description |
Value |
| networkController |
network controller config for SDN Integration to deploy AzureStackHCI Cluster. |
NetworkController |
Storage
| Name |
Description |
Value |
| configurationMode |
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage' |
string |
StorageAdapterIPInfo
| Name |
Description |
Value |
| ipv4Address |
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
| physicalNode |
storage adapter physical node name. |
string |
| subnetMask |
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster. |
string |
StorageNetworks
| Name |
Description |
Value |
| name |
Name of the storage network. |
string |
| networkAdapterName |
Name of the storage network adapter. |
string |
| storageAdapterIPInfo |
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster. |
StorageAdapterIPInfo[] |
| vlanId |
ID specified for the VLAN storage network. This setting is applied to the network interfaces that route the storage and VM migration traffic. |
string |
VirtualSwitchConfigurationOverrides
| Name |
Description |
Value |
| enableIov |
Enable IoV for Virtual Switch |
string |
| loadBalancingAlgorithm |
Load Balancing Algorithm for Virtual Switch |
string |
