Create Arc virtual machines on Azure Stack HCI

Applies to: Azure Stack HCI, version 23H2

This article describes how to create an Arc VM starting with the VM images that you've created on your Azure Stack HCI cluster. You can create Arc VMs using the Azure CLI, Azure portal, or Azure Resource Manager template.

About Azure Stack HCI cluster resource

Use the Azure Stack HCI cluster resource page for the following operations:

  • Create and manage Arc VM resources such as VM images, disks, network interfaces.
  • View and access Azure Arc Resource Bridge and Custom Location associated with the Azure Stack HCI cluster.
  • Provision and manage Arc VMs.

The procedure to create Arc VMs is described in the next section.

Prerequisites

Before you create an Azure Arc-enabled VM, make sure that the following prerequisites are completed.

  • If using a client to connect to your Azure Stack HCI cluster, see Connect to Azure Stack HCI via Azure CLI client.

  • Access to a network interface that you have created on a logical network associated with your Azure Stack HCI cluster. You can choose a network interface with static IP or one with a dynamic IP allocation. For more information, see how to Create network interfaces.

Create Arc VMs

Follow these steps to create an Arc VM on your Azure Stack HCI cluster.

Follow these steps on the client running az CLI that is connected to your Azure Stack HCI cluster.

Sign in and set subscription

  1. Connect to a server on your Azure Stack HCI system.

  2. Sign in. Type:

    az login --use-device-code
    
  3. Set your subscription.

    az account set --subscription <Subscription ID>
    

Create a Windows VM

Depending on the type of the network interface that you created, you can create a VM that has network interface with static IP or one with a dynamic IP allocation.

Note

If you need more than one network interface with static IPs for your VM, create the interface(s) now before you create the VM. Adding a network interface with static IP, after the VM is provisioned, is not supported.

Here we create a VM that uses specific memory and processor counts on a specified storage path.

  1. Set some parameters.

    $vmName ="myhci-vm"
    $subscription =  "<Subscription ID>"
    $resource_group = "myhci-rg"
    $customLocationName = "myhci-cl"
    $customLocationID ="/subscriptions/$subscription/resourceGroups/$resource_group/providers/Microsoft.ExtendedLocation/customLocations/$customLocationName"
    $location = "eastus"
    $computerName = "mycomputer"
    $userName = "myhci-user"
    $password = "<Password for the VM>"
    $imageName ="ws22server"
    $nicName ="myhci-vnic" 
    $storagePathName = "myhci-sp" 
    $storagePathId = "/subscriptions/<Subscription ID>/resourceGroups/myhci-rg/providers/Microsoft.AzureStackHCI/storagecontainers/myhci-sp" 
    

    The parameters for VM creation are tabulated as follows:

    Parameters Description
    name Name for the VM that you create for your Azure Stack HCI cluster. Make sure to provide a name that follows the Rules for Azure resources.
    admin-username Username for the user on the VM you're deploying on your Azure Stack HCI cluster.
    admin-password Password for the user on the VM you're deploying on your Azure Stack HCI cluster.
    image-name Name of the VM image used to provision the VM.
    location Azure regions as specified by az locations. For example, this could be eastus, westeurope.
    resource-group Name of the resource group where you create the VM. For ease of management, we recommend that you use the same resource group as your Azure Stack HCI cluster.
    subscription Name or ID of the subscription where your Azure Stack HCI is deployed. This could be another subscription you use for VM on your Azure Stack HCI cluster.
    custom-location Use this to provide the custom location associated with your Azure Stack HCI cluster where you're creating this VM.
    authentication-type Type of authentication to use with the VM. The accepted values are all, password, and ssh. Default is password for Windows and SSH public key for Linux. Use all to enable both ssh and password authentication.
    nics Names or the IDs of the network interfaces associated with your VM. You must have atleast one network interface when you create a VM, to enable guest management.
    memory-mb Memory in Megabytes allocated to your VM. If not specified, defaults are used.
    processors The number of processors allocated to your VM. If not specified, defaults are used.
    storage-path-id The associated storage path where the VM configuration and the data are saved.
    proxy-configuration Use this optional parameter to configure a proxy server for your VM. For more information, see Create a VM with proxy configured.
  2. Run the following command to create a VM.

     az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId 
    

The VM is successfully created when the provisioningState shows as succeededin the output.

Note

The VM created has guest management enabled by default. If for any reason guest management fails during VM creation, you can follow the steps in Enable guest management on Arc VM to enable it after the VM creation.

In this example, the storage path was specified using the --storage-path-id flag and that ensured that the workload data (including the VM, VM image, non-OS data disk) is placed in the specified storage path.

If the flag isn't specified, the workload (VM, VM image, non-OS data disk) is automatically placed in a high availability storage path.

Create a Linux VM

To create a Linux VM, use the same command that you used to create the Windows VM.

  • The gallery image specified should be a Linux image.
  • The username and password works with the authentication-type-all parameter.
  • For SSH keys, you need to pass the ssh-key-values parameters along with the authentication-type-all.

Important

Setting the proxy server during VM creation is not supported for Linux VMs.

Create a VM with proxy configured

Use this optional parameter proxy-configuration to configure a proxy server for your VM.

If creating a VM behind a proxy server, run the following command:

az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId --proxy-configuration http_proxy="<Http URL of proxy server>" https_proxy="<Https URL of proxy server>" no_proxy="<URLs which bypass proxy>" cert_file_path="<Certificate file path for your server>" 

You can input the following parameters for proxy-server-configuration:

Parameters Description
http_proxy HTTP URLs for proxy server. An example URL is:http://proxy.example.com:3128.
https_proxy HTTPS URLs for proxy server. The server may still use an HTTP address as shown in this example: http://proxy.example.com:3128.
no_proxy URLs, which can bypass proxy. Typical examples would be localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.0.0.0/8.
cert_file_path Name of the certificate file path for your proxy server. An example is: C:\Users\Palomino\proxycert.crt.

Here's a sample command:

az stack-hci-vm create --name $vmName --resource-group $resource_group --admin-username $userName --admin-password $password --computer-name $computerName --image $imageName --location $location --authentication-type all --nics $nicName --custom-location $customLocationID --hardware-profile memory-mb="8192" processors="4" --storage-path-id $storagePathId --proxy-configuration http_proxy="http://ubuntu:ubuntu@192.168.200.200:3128" https_proxy="http://ubuntu:ubuntu@192.168.200.200:3128" no_proxy="localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.0.0.0/8,s-cluster.test.contoso.com" cert_file_path="C:\ClusterStorage\UserStorage_1\server.crt"

For proxy authentication, you can pass the username and password combined in a URL as follows:"http://username:password@proxyserver.contoso.com:3128".

Depending on the PowerShell version you're running on your VM, you may need to enable the proxy settings for your VM.

  • For Windows VMs running PowerShell version 5.1 or earlier, sign in to the VM after the creation. Run the following command to enable proxy:

    netsh winhttp set proxy proxy-server="http=myproxy;https=sproxy:88" bypass-list="*.foo.com"
    

    After the proxy is enabled, you can then Enable guest management.

  • For Windows VMs running PowerShell version later than 5.1, proxy settings passed during VM creation are only used for enabling Arc guest management. After the VM is created, sign in to the VM and run the above command to enable proxy for other applications.

Use managed identity to authenticate Arc VMs

When the Arc VMs are created on your Azure Stack HCI system via Azure CLI or Azure portal, a system-assigned managed identity is also created that lasts for the lifetime of the Arc VMs.

The Arc VMs on Azure Stack HCI are extended from Arc-enabled servers and can use system-assigned managed identity to access other Azure resources that support Microsoft Entra ID-based authentication. For example, the Arc VMs can use a system-assigned managed identity to access the Azure Key Vault.

For more information, see System-assigned managed identities and Authenticate against Azure resource with Azure Arc-enabled servers.

Next steps