common-workload-config.adoc

Shared workload parameters

These parameters are used by workload archetype configuration files.

Tip	See the sample PaaS workload archetype for an example.

On-premises parameters

Parameter name	Type	Description
address-range	CIDR range	CIDR range for the on-premises network.
primaryDC-IP	IPV4 address	IP address of on-premises domain controller.
allow-rdp-address-range	IPV4 address/CIDR range	Allowed IP address or range authorized to connect to the shared services management VMs from on-premises.

Shared services parameters

Parameter name	Type	Description
subscription-id	Subscription ID (GUID)	ID of the subscription that share resources are deployed to.
vnet-rg	String	Name of the resource group containing the shared services virtual network.
vnet-name	String	Name of the shared services virtual network.
app-gateway-subnet-name	String	Name of the shared services network subnet hosting the application gateway.
app-gateway-name	String	Name of the shared services network’s application gateway.
gw-udr-name	String	Name of the shared services network’s gateway User Defined Route (UDR).
kv-rg	String	Name of the resource group containing the shared services Key Vault.
kv-name	String	Name of the shared services Key Vault.
azure-firewall-private-ip-address	IPV4 address	IP address assigned to the shared services Azure Firewall.
azure-firewall-name	IPV4 address	Name of the Azure Firewall controlling access to the Internet.
ubuntu-nva-lb-ip-address	IPV4 address	IP address assigned to the Linux VM-based firewall controlling access to the Internet. Optional. Used when deploying Ubuntu VM for firewall purposes.
ubuntu-nva-address-start	IPV4 address	IP address assigned to the Linux VM-based firewall controlling access to the Internet. Optional. Used when deploying Ubuntu VM for firewall purposes.
squid-nva-address-start	IPV4 address	IP address assigned to the Squid proxy NVA. Optional. Used when deploying a Squid NVA for proxy services.
deployment-name	String	Name of the shared services deployment.
adds-address-start	IPV4 address	IP address for the first ADDS server deployed to the shared services shared services subnet. Additional servers use an IP address incremented from this starting address.
domain-name	String	Domain name used by your on-premises network.
domain-admin-user	String	Domain user with rights to add trust relationship between on-premises domain and hosted domain controllers.

Note that to prevent conflicts when Key Vault stores this user information as a secret, domain-admin-user must be different than local-admin-user.

Workload parameters

Parameter name	Type	Description
subscription-id	Subscription ID (GUID)	ID of the subscription that workload resources are deployed to.
deployment-name	String	Shorthand name of the workload. Used as a secondary naming prefix when provisioning resources. This must be unique among your organization’s deployments. If you use a duplicate name, the deployment will overwrite existing deployments or not complete successfully. This value should not contain spaces but may contain dashes and underscores.
domain-name	String	Domain name used by your on-premises network.
region	String	The Azure region where shared services resources are deployed (for example, West US or France South). View the full list of regions.
ancillary-region	String	Alternate Azure region where the operations and monitoring resources are deployed. This should not be the same as the region where the workload environment is hosted to ensure redundancy. View the full list of regions.
log-analytics-region	String	Azure region where log analytics instance is hosted.
enable-encryption	Boolean	Determines if virtual disks are automatically encrypted on creation. Only Windows VM encryption is supported. When this value is set to true, the toolkit will use the values from encryption-keys-for to create certificates in Key Vault.
enable-ddos-protection	String	Specifies if Azure DDoS Protection is enabled on the workload virtual network automatically on creation.
local-admin-user	String	User account to create as local admin on VMs created within the workload. Note that to prevent conflicts when Key Vault stores this user information as a secret, domain-admin-user must be different than local-admin-user.
vnet-address-prefix	CIDR range	A CIDR range definition for the workload virtual network. This range must not overlap with the on-premises network, the shared services network, or any other workload network ranges.
network	Network object	The configuration for the shared services virtual network.
encryption-keys-for	String[Array]	Lists the module names that need encryption keys to be generated in Key Vault. If modules are specified, the toolkit will create certificates in Key Vault. These certificates are passed to a VM deployment to provide BitLocker encryption (only Windows encryption VMs are supported). This parameter is only used by the toolkit when enable-encryption is set to true.
module-dependencies	Module Dependencies object	This object defines the locations, dependencies, and behavior of resource modules used for a deployment.

Next steps

Learn how to validate an archetype configuration before deploying.