Create Arc virtual machines on Azure Stack HCI
Applies to: Azure Stack HCI, version 23H2
This article describes how to create an Arc VM starting with the VM images that you've created on your Azure Stack HCI cluster. You can create Arc VMs using the Azure CLI, Azure portal, or Azure Resource Manager template.
About Azure Stack HCI cluster resource
Use the Azure Stack HCI cluster resource page for the following operations:
- Create and manage Arc VM resources such as VM images, disks, network interfaces.
- View and access Azure Arc Resource Bridge and Custom Location associated with the Azure Stack HCI cluster.
- Provision and manage Arc VMs.
The procedure to create Arc VMs is described in the next section.
Prerequisites
Before you create an Azure Arc-enabled VM, make sure that the following prerequisites are completed.
- Access to an Azure subscription with the appropriate RBAC role and permissions assigned. For more information, see RBAC roles for Azure Stack HCI Arc VM management.
- Access to a resource group where you want to provision the VM.
- Access to one or more VM images on your Azure Stack HCI cluster. These VM images could be created by one of the following procedures:
- A custom location for your Azure Stack HCI cluster that you'll use to provision VMs. The custom location will also show up in the Overview page for Azure Stack HCI cluster.
If using a client to connect to your Azure Stack HCI cluster, see Connect to Azure Stack HCI via Azure CLI client.
Access to a network interface that you have created on a logical network associated with your Azure Stack HCI cluster. You can choose a network interface with static IP or one with a dynamic IP allocation. For more information, see how to Create network interfaces.
Create Arc VMs
Follow these steps to create an Arc VM on your Azure Stack HCI cluster.
Follow these steps on the client running az CLI that is connected to your Azure Stack HCI cluster.
Sign in and set subscription
Connect to a server on your Azure Stack HCI system.
Sign in. Type:
az login --use-device-code
Set your subscription.
az account set --subscription <Subscription ID>
Create a Windows VM
Depending on the type of the network interface that you created, you can create a VM that has network interface with static IP or one with a dynamic IP allocation.
Note
If you need more than one network interface with static IPs for your VM, create the interface(s) now before you create the VM. Adding a network interface with static IP, after the VM is provisioned, is not supported.
Here we create a VM that uses specific memory and processor counts on a specified storage path.
Set some parameters.
$vmName ="myhci-vm" $subscription = "<Subscription ID>" $resource_group = "myhci-rg" $customLocationName = "myhci-cl" $customLocationID ="/subscriptions/$subscription/resourceGroups/$resource_group/providers/Microsoft.ExtendedLocation/customLocations/$customLocationName" $location = "eastus" $computerName = "mycomputer" $userName = "myhci-user" $password = "<Password for the VM>" $imageName ="ws22server" $nicName ="myhci-vnic" $storagePathName = "myhci-sp" $storagePathId = "/subscriptions/<Subscription ID>/resourceGroups/myhci-rg/providers/Microsoft.AzureStackHCI/storagecontainers/myhci-sp"
The parameters for VM creation are tabulated as follows:
Parameters Description name Name for the VM that you create for your Azure Stack HCI cluster. Make sure to provide a name that follows the Rules for Azure resources. admin-username Username for the user on the VM you're deploying on your Azure Stack HCI cluster. admin-password Password for the user on the VM you're deploying on your Azure Stack HCI cluster. image-name Name of the VM image used to provision the VM. location Azure regions as specified by az locations
. For example, this could beeastus
,westeurope
.resource-group Name of the resource group where you create the VM. For ease of management, we recommend that you use the same resource group as your Azure Stack HCI cluster. subscription Name or ID of the subscription where your Azure Stack HCI is deployed. This could be another subscription you use for VM on your Azure Stack HCI cluster. custom-location Use this to provide the custom location associated with your Azure Stack HCI cluster where you're creating this VM. authentication-type Type of authentication to use with the VM. The accepted values are all
,password
, andssh
. Default is password for Windows and SSH public key for Linux. Useall
to enable bothssh
andpassword
authentication.nics Names or the IDs of the network interfaces associated with your VM. You must have atleast one network interface when you create a VM, to enable guest management. memory-mb Memory in Megabytes allocated to your VM. If not specified, defaults are used. processors The number of processors allocated to your VM. If not specified, defaults are used. storage-path-id The associated storage path where the VM configuration and the data are saved. proxy-configuration Use this optional parameter to configure a proxy server for your VM. For more information, see Create a VM with proxy configured. Run the following command to create a VM.
az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId
The VM is successfully created when the provisioningState
shows as succeeded
in the output.
Note
The VM created has guest management enabled by default. If for any reason guest management fails during VM creation, you can follow the steps in Enable guest management on Arc VM to enable it after the VM creation.
In this example, the storage path was specified using the --storage-path-id
flag and that ensured that the workload data (including the VM, VM image, non-OS data disk) is placed in the specified storage path.
If the flag isn't specified, the workload (VM, VM image, non-OS data disk) is automatically placed in a high availability storage path.
Create a Linux VM
To create a Linux VM, use the same command that you used to create the Windows VM.
- The gallery image specified should be a Linux image.
- The username and password works with the
authentication-type-all
parameter. - For SSH keys, you need to pass the
ssh-key-values
parameters along with theauthentication-type-all
.
Important
Setting the proxy server during VM creation is not supported for Linux VMs.
Create a VM with proxy configured
Use this optional parameter proxy-configuration to configure a proxy server for your VM.
If creating a VM behind a proxy server, run the following command:
az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId --proxy-configuration http_proxy="<Http URL of proxy server>" https_proxy="<Https URL of proxy server>" no_proxy="<URLs which bypass proxy>" cert_file_path="<Certificate file path for your server>"
You can input the following parameters for proxy-server-configuration
:
Parameters | Description |
---|---|
http_proxy | HTTP URLs for proxy server. An example URL is:http://proxy.example.com:3128 . |
https_proxy | HTTPS URLs for proxy server. The server may still use an HTTP address as shown in this example: http://proxy.example.com:3128 . |
no_proxy | URLs, which can bypass proxy. Typical examples would be localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.0.0.0/8 . |
cert_file_path | Name of the certificate file path for your proxy server. An example is: C:\Users\Palomino\proxycert.crt . |
Here's a sample command:
az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId --proxy-configuration http_proxy="http://ubuntu:ubuntu@192.168.200.200:3128" https_proxy="http://ubuntu:ubuntu@192.168.200.200:3128" no_proxy="localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.0.0.0/8,s-cluster.test.contoso.com" cert_file_path="C:\ClusterStorage\UserStorage_1\server.crt"
For proxy authentication, you can pass the username and password combined in a URL as follows:"http://username:password@proxyserver.contoso.com:3128"
.
Depending on the PowerShell version you're running on your VM, you may need to enable the proxy settings for your VM.
For Windows VMs running PowerShell version 5.1 or earlier, sign in to the VM after the creation. Run the following command to enable proxy:
netsh winhttp set proxy proxy-server="http=myproxy;https=sproxy:88" bypass-list="*.foo.com"
After the proxy is enabled, you can then Enable guest management.
For Windows VMs running PowerShell version later than 5.1, proxy settings passed during VM creation are only used for enabling Arc guest management. After the VM is created, sign in to the VM and run the above command to enable proxy for other applications.
Use managed identity to authenticate Arc VMs
When the Arc VMs are created on your Azure Stack HCI system via Azure CLI or Azure portal, a system-assigned managed identity is also created that lasts for the lifetime of the Arc VMs.
The Arc VMs on Azure Stack HCI are extended from Arc-enabled servers and can use system-assigned managed identity to access other Azure resources that support Microsoft Entra ID-based authentication. For example, the Arc VMs can use a system-assigned managed identity to access the Azure Key Vault.
For more information, see System-assigned managed identities and Authenticate against Azure resource with Azure Arc-enabled servers.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for