Skip to content

Commit 8ff54f6

Browse files
KimForssKimForss
authored
Update environment parameters and VM settings
1 parent e1a8656 commit 8ff54f6

1 file changed

Lines changed: 53 additions & 59 deletions

File tree

articles/sap/automation/configure-control-plane.md

Lines changed: 53 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -38,16 +38,13 @@ This table shows the Terraform parameters. Enter these parameters manually if yo
3838

3939
This table shows the parameters that define the resource naming.
4040

41-
> [!div class="mx-tdCol2BreakAll "]
42-
> | Variable | Description | Type | Notes |
43-
> | ---------------------------------------- | ------------------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------- |
44-
> | `environment` | Identifier for the control plane (max 5 characters). | Mandatory | For example, `PROD` for a production environment and `NP` for a nonproduction environment. |
45-
> | `location` | Azure region in which to deploy. | Required | Use lowercase. |
46-
> | `codename` | Additional component for naming the resources. | Optional | |
47-
> | `subscription_id` | Azure subscription id for the deployment. | Mandatory | Will be automatically set when using the deployment scripts. |
48-
> | `name_override_file` | Name override file. | Optional | See [Custom naming](naming-module.md). |
49-
> | `place_delete_lock_on_resources` | Place a delete lock on the key resources. | Optional | |
50-
> | `prevent_deletion_if_contains_resources` | Controls resource group deletion. | Optional | If set to `false` Terraform will delete the resource group even if it contains resources. |
41+
| Variable | Description | Type | Notes |
42+
| -------------------------------- | ---------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------- |
43+
| `environment` | Identifier for the control plane (maximum of five characters). | Mandatory | For example, `PROD` for a production environment and `NP` for a nonproduction environment. |
44+
| `location` | Azure region in which to deploy. | Required | Use lowercase. |
45+
| `codename` | Another component for naming the resources. | Optional | |
46+
| `name_override_file` | Name override file. | Optional | See [Custom naming](naming-module.md). |
47+
| `place_delete_lock_on_resources` | Place a delete lock on the key resources. | Optional | |
5148

5249
### Resource group
5350

@@ -73,34 +70,31 @@ The recommended CIDR value for the firewall subnet is /26, which allows 64 IP ad
7370

7471
This table shows the networking parameters.
7572

76-
> [!div class="mx-tdCol2BreakAll "]
77-
> | Variable | Description | Type | Notes |
78-
> | ------------------------------------------ | --------------------------------------------------------------------------- | ---------- | --------------------------- |
79-
> | `management_network_name` | The name of the virtual network into which the deployer will be deployed | Optional | For green-field deployments |
80-
> | `management_network_logical_name` | The logical name of the network (DEV-WEEU-MGMT01-INFRASTRUCTURE) | Required | |
81-
> | `management_network_arm_id` | The Azure resource identifier for the virtual network | Optional | For brown-field deployments |
82-
> | `management_network_address_space` | The address range for the virtual network | Mandatory | For green-field deployments |
83-
> | | | | |
84-
> | `management_subnet_name` | The name of the subnet | Optional | |
85-
> | `management_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
86-
> | `management_subnet_arm_id` | The Azure resource identifier for the subnet | Mandatory | For brown-field deployments |
87-
> | `management_subnet_nsg_name` | The name of the network security group | Optional | |
88-
> | `management_subnet_nsg_arm_id` | The Azure resource identifier for the network security group | Mandatory | For brown-field deployments |
89-
> | `management_subnet_nsg_allowed_ips` | Range of allowed IP addresses to add to Azure Firewall | Optional | |
90-
> | | | | |
91-
> | `firewall_deployment` | Boolean flag that controls if an Azure firewall is to be deployed. | Optional | |
92-
> | `management_firewall_subnet_arm_id` | The Azure resource identifier for the Azure Firewall subnet | Mandatory | For brown-field deployments |
93-
> | `management_firewall_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
94-
> | | | | |
95-
> | `bastion_deployment` | Boolean flag that controls if Azure Bastion host is to be deployed. | Optional | |
96-
> | `management_bastion_subnet_arm_id` | The Azure resource identifier for the Azure Bastion subnet | Mandatory | For brown-field deployments |
97-
> | `management_bastion_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
98-
> | | | | |
99-
> | `webapp_subnet_arm_id` | The Azure resource identifier for the web app subnet | Mandatory | For brown-field deployments |
100-
> | `webapp_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
101-
> | | | | |
102-
> | `use_private_endpoint` | Use private endpoints. | Optional | |
103-
> | `use_service_endpoint` | Use service endpoints for subnets. | Optional | |
73+
| Variable | Description | Type | Notes |
74+
| ------------------------------------------ | --------------------------------------------------------------------------- | ---------- | --------------------------- |
75+
| `management_network_name` | The name of the virtual network into which the deployer is deployed | Optional | For green-field deployments |
76+
| `management_network_logical_name` | The logical name of the network (DEV-WEEU-MGMT01-INFRASTRUCTURE) | Required | |
77+
| `management_network_arm_id` | The Azure resource identifier for the virtual network | Optional | For brown-field deployments |
78+
| `management_network_address_space` | The address range for the virtual network | Mandatory | For green-field deployments |
79+
| | | | |
80+
| `management_subnet_name` | The name of the subnet | Optional | |
81+
| `management_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
82+
| `management_subnet_arm_id` | The Azure resource identifier for the subnet | Mandatory | For brown-field deployments |
83+
| `management_subnet_nsg_name` | The name of the network security group | Optional | |
84+
| `management_subnet_nsg_arm_id` | The Azure resource identifier for the network security group | Mandatory | For brown-field deployments |
85+
| `management_subnet_nsg_allowed_ips` | Range of allowed IP addresses to add to Azure Firewall | Optional | |
86+
| | | | |
87+
| `management_firewall_subnet_arm_id` | The Azure resource identifier for the Azure Firewall subnet | Mandatory | For brown-field deployments |
88+
| `management_firewall_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
89+
| | | | |
90+
| `management_bastion_subnet_arm_id` | The Azure resource identifier for the Azure Bastion subnet | Mandatory | For brown-field deployments |
91+
| `management_bastion_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
92+
| | | | |
93+
| `webapp_subnet_arm_id` | The Azure resource identifier for the web app subnet | Mandatory | For brown-field deployments |
94+
| `webapp_subnet_address_prefix` | The address range for the subnet | Mandatory | For green-field deployments |
95+
| | | | |
96+
| `use_private_endpoint` | Use private endpoints. | Optional | |
97+
| `use_service_endpoint` | Use service endpoints for subnets. | Optional | |
10498

10599
> [!NOTE]
106100
> When you use an existing subnet for the web app, the subnet must be empty, in the same region as the resource group being deployed, and delegated to Microsoft.Web/serverFarms.
@@ -109,19 +103,18 @@ This table shows the networking parameters.
109103

110104
This table shows the parameters related to the deployer VM.
111105

112-
> [!div class="mx-tdCol2BreakAll "]
113-
> | Variable | Description | Type |
114-
> | ------------------------------- | ---------------------------------------------------------------------------------------- | ---------- |
115-
> | `deployer_size` | Defines the VM SKU to use, default: Standard_D4ds_v4 | Optional |
116-
> | `deployer_count` | Defines the number of deployers | Optional |
117-
> | `deployer_image` | Defines the VM image to use, default: Ubuntu 24.04 | Optional |
118-
> | `plan` | Defines the plan associated to the VM image | Optional |
119-
> | `deployer_disk_type` | Defines the disk type, default: Premium_LRS | Optional |
120-
> | `deployer_use_DHCP` | Controls if the Azure subnet-provided IP addresses should be used (dynamic) true | Optional |
121-
> | `deployer_private_ip_address` | Defines the private IP address to use | Optional |
122-
> | `deployer_enable_public_ip` | Defines if the deployer has a public IP | Optional |
123-
> | `auto_configure_deployer` | Defines if the deployer is configured with the required software (Terraform and Ansible) | Optional |
124-
> | `add_system_assigned_identity` | Defines if the deployer is assigned a system identity | Optional |
106+
| Variable | Description | Type |
107+
| ------------------------------- | ---------------------------------------------------------------------------------------- | ---------- |
108+
| `deployer_size` | Defines the VM SKU to use, default: Standard_D4ds_v4 | Optional |
109+
| `deployer_count` | Defines the number of deployers | Optional |
110+
| `deployer_image` | Defines the VM image to use, default: Ubuntu 22.04 | Optional |
111+
| `plan` | Defines the plan associated to the VM image | Optional |
112+
| `deployer_disk_type` | Defines the disk type, default: Premium_LRS | Optional |
113+
| `deployer_use_DHCP` | Controls if the Azure subnet-provided IP addresses should be used (dynamic) true | Optional |
114+
| `deployer_private_ip_address` | Defines the private IP address to use | Optional |
115+
| `deployer_enable_public_ip` | Defines if the deployer has a public IP | Optional |
116+
| `auto_configure_deployer` | Defines if the deployer is configured with the required software (Terraform and Ansible) | Optional |
117+
| `add_system_assigned_identity` | Defines if a system identity is assigned to the deployer | Optional |
125118

126119
The VM image is defined by using the following structure:
127120

@@ -182,14 +175,15 @@ This section describes the parameters for Azure Key Vault.
182175

183176
### Other parameters
184177

185-
> [!div class="mx-tdCol2BreakAll "]
186-
> | Variable | Description | Type | Notes |
187-
> | -------------------------------------------- | ---------------------------------------------------------------------------- | ----------- | ----------------------------- |
188-
> | `bastion_sku` | SKU for Azure Bastion host to be deployed (Basic/Standard). | Optional | |
189-
> | `enable_purge_control_for_keyvaults` | Boolean flag that controls if purge control is enabled on the key vault. | Optional | Use only for test deployments. |
190-
> | `enable_firewall_for_keyvaults_and_storage` | Restrict access to selected subnets. | Optional |
191-
> | `Agent_IP` | IP address of the agent. | Optional |
192-
> | `add_Agent_IP` | Controls if Agent IP is added to the key vault and storage account firewalls | Optional |
178+
| Variable | Description | Type | Notes |
179+
| -------------------------------------------- | ---------------------------------------------------------------------------- | ----------- | ----------------------------- |
180+
| `firewall_deployment` | Boolean flag that controls whether Azure Firewall is deployed. | Optional | |
181+
| `bastion_deployment` | Boolean flag that controls whether Azure Bastion host is deployed. | Optional | |
182+
| `bastion_sku` | SKU for the Azure Bastion host (Basic/Standard). | Optional | |
183+
| `enable_purge_control_for_keyvaults` | Boolean flag that controls whether purge control is enabled on the key vault. | Optional | Use only for test deployments. |
184+
| `enable_firewall_for_keyvaults_and_storage` | Restrict access to selected subnets. | Optional |
185+
| `Agent_IP` | IP address of the agent. | Optional |
186+
| `add_Agent_IP` | Controls whether the agent IP is added to the key vault and storage account firewalls. | Optional |
193187

194188
### Web App parameters
195189

0 commit comments

Comments
 (0)