Edit

Use a Terraform plan to deploy a VMware Windows virtual machine and connect it to Azure Arc

  • Article

This article provides guidance for using the provided Terraform plan to deploy a Windows Server, VMware vSphere virtual machine and connect it as an Azure Arc-enabled server resource.

Prerequisites

  1. Clone the Azure Arc Jumpstart repository.

    git clone https://github.com/microsoft/azure_arc.git

  2. Install or update Azure CLI to version 2.7 and above. Use the following command to check your current installed version.

    az --version

  3. Install Terraform >= 0.12

  4. A VMware vCenter Server user with permissions to deploy a virtual machine from a template in the vSphere web client.

  5. Create an Azure service principal.

    To connect the VMware vSphere virtual machine to Azure Arc, an Azure service principal assigned with the Contributor role is required. To create it, sign in to your Azure account and run the following command. You can also run this command in Azure Cloud Shell.

    az login
az account set -s <Your Subscription ID>
az ad sp create-for-rbac -n "<Unique SP Name>" --role contributor --scopes "/subscriptions/<Your Subscription ID>"

    For example:

    az ad sp create-for-rbac -n "http://AzureArcServers" --role contributor --scopes "/subscriptions/00000000-0000-0000-0000-000000000000"

    The output should look like this:

    {
  "appId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "displayName": "http://AzureArcServers",
  "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "tenant": "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

    Note

    We highly recommend that you scope the service principal to a specific Azure subscription and resource group.

Prepare a Windows Server VMware vSphere VM template

Before using this guidance to deploy a Windows Server VM and connect it to Azure Arc, a VMware vSphere template is required. You can easily create such a template using VMware vSphere 6.5 and above.

The Terraform plan used the remote-exec provisioner which uses the WinRM protocol to copy and execute the required Azure Arc script. To allow WinRM connectivity to the VM, run the allow_winrm PowerShell script on your VM before converting it to template.

Note

If you already have a Windows Server VM template, you should still use the guide as a reference.

Deployment

Before executing the Terraform plan, you must set the environment variables which will be used by the plan. These variables are based on the Azure service principal you've just created, your Azure subscription and tenant, and your VMware vSphere credentials.

  1. Retrieve your Azure subscription ID and tenant ID using the az account list command.

  2. The Terraform plan creates resources in both Microsoft Azure and VMware vSphere. It then executes a script on the virtual machine to install the Azure Arc agent and all necessary artifacts. This script requires certain information about your VMware vSphere and Azure environments. Edit scripts/vars.sh and update each of the variables with the appropriate values.

    • TF_VAR_subscription_id = your Azure subscription ID
    • TF_VAR_client_id = your Azure service principal name
    • TF_VAR_client_secret = your Azure service principal password
    • TF_VAR_tenant_id = your Azure tenant ID
    • TF_VAR_resourceGroup = Azure resource group name
    • TF_VAR_location = Azure region
    • TF_VAR_vsphere_user = vCenter admin username
    • TF_VAR_vsphere_password = vCenter admin password
    • TF_VAR_vsphere_server = vCenter Server FQDN/IP
    • TF_VAR_admin_user = OS admin username
    • TF_VAR_admin_password = OS admin password

  3. From CLI, navigate to the azure_arc_servers_jumpstart/vmware/winsrv/terraform directory of the cloned repo.

  4. Export the environment variables you edited by running scripts/vars.sh with the source command as shown below. Terraform requires these to be set for the plan to execute properly. Note that this script will also be automatically executed remotely on the virtual machine as part of the Terraform deployment.

    source ./scripts/vars.sh

  5. In addition to the TF_VAR environment variables you've just exported, edit the Terraform variables in the terraform.tfvars to match your VMware vSphere environment.

    A screenshot of the TF_VAR environment variables

  6. Run the terraform init command which will download the Terraform AzureRM, local and vSphere providers.

    A screenshot of the terraform init command.

  7. Run the terraform apply --auto-approve command and wait for the plan to finish. Once the Terraform deployment is completed, a new Windows Server VM will be up and running and will be projected as an Azure Arc server resource in a newly created Azure resource group.

    A screenshot of terraform apply completed.

    A screenshot of a new VMware vSphere Windows Server virtual machine.

    A screenshot of an Azure Arc-enabled server in an Azure resource group.

    Another screenshot of an Azure Arc-enabled server in an Azure resource group.

Delete the deployment

  • The most straightforward way is to delete the Azure Arc resource via the Azure portal, just select the resource and delete it. In addition, delete the VMware vSphere VM.

    A screenshot of an Azure Arc-enabled server being deleted.

  • If you delete the instance manually, then you should also delete install_arc_agent.ps1, which is created by the Terraform plan.

  • If you want to tear down the entire environment, use the terraform destroy --auto-approve command as shown below.

    A screenshot of the terraform destroy command.