This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirect
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirectTechnology
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE'
string
DeploymentCluster
Name
Description
Value
azureServiceEndpoint
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net.
string
cloudAccountName
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster.
string
name
The cluster name provided when preparing Active Directory.
string
witnessPath
Specify the fileshare path for the local witness for your Azure Stack HCI cluster.
string
witnessType
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'.
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.
bool
bitlockerDataVolumes
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.
bool
credentialGuardEnforced
When set to true, Credential Guard is enabled.
bool
driftControlEnforced
When set to true, the security baseline is re-applied regularly.
bool
drtmProtection
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.
bool
hvciProtection
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.
bool
sideChannelMitigationEnforced
When set to true, all the side channel mitigations are enabled
bool
smbClusterEncryption
When set to true, cluster east-west traffic is encrypted.
bool
smbSigningEnforced
When set to true, the SMB default instance requires sign in for the client and server services.
bool
wdacEnforced
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.
bool
DeploymentSettingsProperties
Name
Description
Value
arcNodeResourceIds
Azure resource ids of Arc machines to be part of cluster.
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically.
bool
intents
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM.
Subnet mask that matches the provided IP address space.
string
useDhcp
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required
bool
Intents
Name
Description
Value
adapter
Array of network interfaces used for the network intent.
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
string
startingAddress
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.
macAddressPoolStart of network controller used for SDN Integration.
string
macAddressPoolStop
macAddressPoolStop of network controller used for SDN Integration.
string
networkVirtualizationEnabled
NetworkVirtualizationEnabled of network controller used for SDN Integration.
bool
Observability
Name
Description
Value
episodicDataUpload
When set to true, collects log data to facilitate quicker issue resolution.
bool
euLocation
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU.
bool
streamingDataClient
Enables telemetry data to be sent to Microsoft
bool
OptionalServices
Name
Description
Value
customLocation
The name of custom location.
string
PhysicalNodes
Name
Description
Value
ipv4Address
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster.
string
name
NETBIOS name of each physical server on your Azure Stack HCI cluster.
string
QosPolicyOverrides
Name
Description
Value
bandwidthPercentage_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_Cluster
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
SbeCredentials
Name
Description
Value
eceSecretName
secret name expected for Enterprise Cloud Engine (ECE).
string
secretLocation
secret URI stored in keyvault.
string
secretName
secret name stored in keyvault.
string
SbeDeploymentInfo
Name
Description
Value
family
SBE family name.
string
publisher
SBE manifest publisher.
string
sbeManifestCreationDate
SBE Manifest Creation Date.
string
sbeManifestSource
SBE Manifest Source.
string
version
SBE package version.
string
SbePartnerInfo
Name
Description
Value
credentialList
SBE credentials list for AzureStackHCI cluster deployment.
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage'
string
StorageAdapterIPInfo
Name
Description
Value
ipv4Address
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
physicalNode
storage adapter physical node name.
string
subnetMask
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
StorageNetworks
Name
Description
Value
name
Name of the storage network.
string
networkAdapterName
Name of the storage network adapter.
string
storageAdapterIPInfo
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster.
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirect
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirectTechnology
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE'
string
DeploymentCluster
Name
Description
Value
azureServiceEndpoint
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net.
string
cloudAccountName
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster.
string
name
The cluster name provided when preparing Active Directory.
string
witnessPath
Specify the fileshare path for the local witness for your Azure Stack HCI cluster.
string
witnessType
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'.
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.
bool
bitlockerDataVolumes
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.
bool
credentialGuardEnforced
When set to true, Credential Guard is enabled.
bool
driftControlEnforced
When set to true, the security baseline is re-applied regularly.
bool
drtmProtection
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.
bool
hvciProtection
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.
bool
sideChannelMitigationEnforced
When set to true, all the side channel mitigations are enabled
bool
smbClusterEncryption
When set to true, cluster east-west traffic is encrypted.
bool
smbSigningEnforced
When set to true, the SMB default instance requires sign in for the client and server services.
bool
wdacEnforced
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.
bool
DeploymentSettingsProperties
Name
Description
Value
arcNodeResourceIds
Azure resource ids of Arc machines to be part of cluster.
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically.
bool
intents
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM.
Subnet mask that matches the provided IP address space.
string
useDhcp
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required
bool
Intents
Name
Description
Value
adapter
Array of network interfaces used for the network intent.
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
string
startingAddress
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
macAddressPoolStart of network controller used for SDN Integration.
string
macAddressPoolStop
macAddressPoolStop of network controller used for SDN Integration.
string
networkVirtualizationEnabled
NetworkVirtualizationEnabled of network controller used for SDN Integration.
bool
Observability
Name
Description
Value
episodicDataUpload
When set to true, collects log data to facilitate quicker issue resolution.
bool
euLocation
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU.
bool
streamingDataClient
Enables telemetry data to be sent to Microsoft
bool
OptionalServices
Name
Description
Value
customLocation
The name of custom location.
string
PhysicalNodes
Name
Description
Value
ipv4Address
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster.
string
name
NETBIOS name of each physical server on your Azure Stack HCI cluster.
string
QosPolicyOverrides
Name
Description
Value
bandwidthPercentage_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_Cluster
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
SbeCredentials
Name
Description
Value
eceSecretName
secret name expected for Enterprise Cloud Engine (ECE).
string
secretLocation
secret URI stored in keyvault.
string
secretName
secret name stored in keyvault.
string
SbeDeploymentInfo
Name
Description
Value
family
SBE family name.
string
publisher
SBE manifest publisher.
string
sbeManifestCreationDate
SBE Manifest Creation Date.
string
sbeManifestSource
SBE Manifest Source.
string
version
SBE package version.
string
SbePartnerInfo
Name
Description
Value
credentialList
SBE credentials list for AzureStackHCI cluster deployment.
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage'
string
StorageAdapterIPInfo
Name
Description
Value
ipv4Address
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
physicalNode
storage adapter physical node name.
string
subnetMask
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
StorageNetworks
Name
Description
Value
name
Name of the storage network.
string
networkAdapterName
Name of the storage network adapter.
string
storageAdapterIPInfo
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster.
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirect
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
networkDirectTechnology
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation. Expected values are 'iWARP', 'RoCEv2', 'RoCE'
string
DeploymentCluster
Name
Description
Value
azureServiceEndpoint
For Azure blob service endpoint type, select either Default or Custom domain. If you selected **Custom domain, enter the domain for the blob service in this format core.windows.net.
string
cloudAccountName
Specify the Azure Storage account name for cloud witness for your Azure Stack HCI cluster.
string
name
The cluster name provided when preparing Active Directory.
string
witnessPath
Specify the fileshare path for the local witness for your Azure Stack HCI cluster.
string
witnessType
Use a cloud witness if you have internet access and if you use an Azure Storage account to provide a vote on cluster quorum. A cloud witness uses Azure Blob Storage to read or write a blob file and then uses it to arbitrate in split-brain resolution. Only allowed values are 'Cloud', 'FileShare'.
When set to true, BitLocker XTS_AES 256-bit encryption is enabled for all data-at-rest on the OS volume of your Azure Stack HCI cluster. This setting is TPM-hardware dependent.
bool
bitlockerDataVolumes
When set to true, BitLocker XTS-AES 256-bit encryption is enabled for all data-at-rest on your Azure Stack HCI cluster shared volumes.
bool
credentialGuardEnforced
When set to true, Credential Guard is enabled.
bool
driftControlEnforced
When set to true, the security baseline is re-applied regularly.
bool
drtmProtection
By default, Secure Boot is enabled on your Azure HCI cluster. This setting is hardware dependent.
bool
hvciProtection
By default, Hypervisor-protected Code Integrity is enabled on your Azure HCI cluster.
bool
sideChannelMitigationEnforced
When set to true, all the side channel mitigations are enabled
bool
smbClusterEncryption
When set to true, cluster east-west traffic is encrypted.
bool
smbSigningEnforced
When set to true, the SMB default instance requires sign in for the client and server services.
bool
wdacEnforced
WDAC is enabled by default and limits the applications and the code that you can run on your Azure Stack HCI cluster.
bool
DeploymentSettingsProperties
Name
Description
Value
arcNodeResourceIds
Azure resource ids of Arc machines to be part of cluster.
Optional parameter required only for 3 Nodes Switchless deployments. This allows users to specify IPs and Mask for Storage NICs when Network ATC is not assigning the IPs for storage automatically.
bool
intents
The network intents assigned to the network reference pattern used for the deployment. Each intent will define its own name, traffic type, adapter names, and overrides as recommended by your OEM.
Subnet mask that matches the provided IP address space.
string
useDhcp
Allows customers to use DHCP for Hosts and Cluster IPs. If not declared, the deployment will default to static IPs. When true, GW and DNS servers are not required
bool
Intents
Name
Description
Value
adapter
Array of network interfaces used for the network intent.
Ending IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
string
startingAddress
Starting IP address for the management network. A minimum of six free, contiguous IPv4 addresses (excluding your host IPs) are needed for infrastructure services such as clustering.
macAddressPoolStart of network controller used for SDN Integration.
string
macAddressPoolStop
macAddressPoolStop of network controller used for SDN Integration.
string
networkVirtualizationEnabled
NetworkVirtualizationEnabled of network controller used for SDN Integration.
bool
Observability
Name
Description
Value
episodicDataUpload
When set to true, collects log data to facilitate quicker issue resolution.
bool
euLocation
Location of your cluster. The log and diagnostic data is sent to the appropriate diagnostics servers depending upon where your cluster resides. Setting this to false results in all data sent to Microsoft to be stored outside of the EU.
bool
streamingDataClient
Enables telemetry data to be sent to Microsoft
bool
OptionalServices
Name
Description
Value
customLocation
The name of custom location.
string
PhysicalNodes
Name
Description
Value
ipv4Address
The IPv4 address assigned to each physical server on your Azure Stack HCI cluster.
string
name
NETBIOS name of each physical server on your Azure Stack HCI cluster.
string
QosPolicyOverrides
Name
Description
Value
bandwidthPercentage_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_Cluster
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
priorityValue8021Action_SMB
This parameter should only be modified based on your OEM guidance. Do not modify this parameter without OEM validation.
string
SbeCredentials
Name
Description
Value
eceSecretName
secret name expected for Enterprise Cloud Engine (ECE).
string
secretLocation
secret URI stored in keyvault.
string
secretName
secret name stored in keyvault.
string
SbeDeploymentInfo
Name
Description
Value
family
SBE family name.
string
publisher
SBE manifest publisher.
string
sbeManifestCreationDate
SBE Manifest Creation Date.
string
sbeManifestSource
SBE Manifest Source.
string
version
SBE package version.
string
SbePartnerInfo
Name
Description
Value
credentialList
SBE credentials list for AzureStackHCI cluster deployment.
By default, this mode is set to Express and your storage is configured as per best practices based on the number of nodes in the cluster. Allowed values are 'Express','InfraOnly', 'KeepStorage'
string
StorageAdapterIPInfo
Name
Description
Value
ipv4Address
The IPv4 address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
physicalNode
storage adapter physical node name.
string
subnetMask
The SubnetMask address assigned to each storage adapter physical node on your Azure Stack HCI cluster.
string
StorageNetworks
Name
Description
Value
name
Name of the storage network.
string
networkAdapterName
Name of the storage network adapter.
string
storageAdapterIPInfo
List of Storage adapter physical nodes config to deploy AzureStackHCI Cluster.
