this error pops when using the AVS Private Cloud w/ the HCX addon ARM template.

Can we consolidate these 2 required parameters inside of the automation template for greenfield deployment?

I noticed in the Azure Template, it mentions deploying a bastion (Jumphost), it wasn't clear to me on whether this is something that is provided for free as part of using the template OR if there is a cost for end users? It would be useful to add some details around that and how its used (e.g. only required for the initial setup and can be deleted and hence cost or use of resources is time bound)

Sensitive values in the private cloud configuration force replacement when re-running terraform apply.

Working to allow the use of variables within the Azure CLI deployment commands. Want to use dynamic names and variables as much as possible whilst keeping the instruction easy to read

Working to allow the use of variables within the Azure CLI deployment commands. Want to use dynamic names and variables as much as possible whilst keeping the instruction easy to read

Hi Team,

I tested the AVS automation and it works very well as expected. However, this was deployed with a new Azure nework configuration (vNet, GW, and all RGs). Since most customers already have an Azure envirnment how woud we go about deloying to that exiting environment using the Automation process?

Thanks

Kevin

the bicep template references JumpBox while the directory in the repo is Jumpbox. This causes an issue w/ capitalization aware filesystems:

/avs-template.bicep(97,16) : Error BCP104: The referenced module has errors.
/Modules/JumpBox.bicep(16,15) : Error BCP091: An error occurred reading file. Could not find a part of the path /Modules/JumpBox/JumpBoxSubnet.bicep'.
/Modules/JumpBox.bicep(31,16) : Error BCP091: An error occurred reading file. Could not find a part of the path /Modules/JumpBox/Bastion.bicep'.
/Modules/JumpBox.bicep(41,11) : Error BCP091: An error occurred reading file. Could not find a part of the path /Modules/JumpBox/JumpBoxVM.bicep'.
/Modules/JumpBox.bicep(54,35) : Error BCP062: The referenced declaration with name "VM" is not valid.

receive this error when using the private cloud w/ HCX template.

Most users will simply input email string in this field, especially those who are not familiar with ARM/JSON.
with email string in the field, portal UI will give error - Unable to parse the value into type 'array' - and validation will fail.

Correct format is ["[email protected]"] - with bracket.

If a policy is evaluating the properties object, it will error as this isn't included today (null). Include an empty (not null) properties property on all Microsoft.AVS/privateClouds/authorizations resources.

{"code":"InvalidTemplateDeployment","details":[{"code":"BadRequest","message":"Errors encountered in precheck","details":[{"code":"PrecheckFailed","message":"Check failed for private cloud /subscriptions/000-000/resourceGroups/redactedRGName/providers/Microsoft.AVS/privateClouds/redactedPCName/authorizations/redactedAuthName: Missing required field 'properties'"}]}],"message":"The template deployment 'Microsoft.Template-20211130075648' is not valid according to the validation procedure. The tracking id is '000-000'. See inner errors for details."}

customers are not being able to use AVS landing zone accelerator because it does not provide them ability to specify their unique naming conventions.

Resources such as resource group, VNet name, subnet name, etc. are getting created by a pre-defined naming convention hard-coded in ARM template. Some examples below.

"resources": [
            {
              "type": "Microsoft.Resources/resourceGroups",
              "apiVersion": "2021-04-01",
              "name": "[format('{0}-PrivateCloud', parameters('Prefix'))]",
              "location": "[parameters('Location')]"
            },
....

"resources": [
                    {
                      "type": "Microsoft.AVS/privateClouds",
                      "apiVersion": "2021-06-01",
                      "name": "[format('{0}-SDDC', parameters('Prefix'))]",

....
 "resources": [
                    {
                      "type": "Microsoft.Network/virtualNetworks/subnets",
                      "apiVersion": "2021-02-01",
                      "name": "[format('{0}/{1}', parameters('VNetName'), 'JumpBox')]",

Enabling customers to completely customize names assigned to resources will encourage them to use AVS LZA.

Assumption
No custom deployment name is specified via the -n or --name parameter when issuing the az deployment command.

Scenario
When launching a deployment via cli/ARM template, the deployment’s default name is set to the deployment's filename i.e: ESLZDeploy.deploy

Situation
When launching multiple deployments simultaneously, based on the assumption (see above). These deployments will try to use the same deployment name (deployment's filename) for each, creating a race condition.

Result
Only one deployment will succeed in being initiated with the subsequent deployments failing with the message:

{
    'code': 'DeploymentActive', 
    'message': "Unable to edit or replace deployment 'ESLZDeploy.deploy': previous deployment from '2/20/2022 3:06:18 PM' is   still active (expiration time is '2/27/2022 3:06:13 PM'). Please see https://aka.ms/arm-deploy for usage details."
}

Suggestion
Set the deployment name value in the ARM template, avoiding the default behavior. It could be set to something like desired prefix + datetime stamp and dd a brief note in the documentation mentioning how the deployment’s default name is composed and how to change it via the cli parameter --name -n
Point the user for more details to:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli#azure-deployment-template-name

Attaching the image

Similar to the jumpbox VM, customers have asked, would it be possible to include an option to create a test VM (greenfield first then Brownfield) for testing traffic flow connectivity. Either Windows/Linux VM as long as you can do probing, traceroute/tracert, curl, ping, probing open ports (like Test-NetConnection).

This may be dependent on or will require automating first:

1. The creation of a DHCP profile in NSX
2. Associating the DHCP profile to the T1 gateway
3. The creation of a network segment for the VM/workload
4. Creating a content library in vCenter
5. Importing an OVA file to the library as a template
6. Deploying a new VM using the OVA template

Evaluate if AVS LZ Reference Implementation meets the review requirements as outlined in AVS Design Review Checklist.

Greenfields landing zone accelerator, needs none option on On-prem section

Not all customers are doing a migration and the current options of ExpressRoute or vpn could be confusing. There should be an option for none to make this as simple as possible.

Single Region deployment currently does not provide description or definition about each of the component being deployed part of the automation.

Kindly assist to add the details.

It is observed that AVS private cloud is deployed from "inside" of Azure portal. When deployed this way, AVS Landing Zone Accelerator doesn't appear as an option. This results in AVS deployment that is not aligned with AVS best practices recommended through AVS Landing Zone Accelerator.

If I enter my email address in the "Alert Emails" box, then i get following error.

Adding an issue for additional terraform work being completed to support the variety of deployment scenarios for AVS. Preference for getting deployments aligned with the Landing Zone network scenarios.

Could we add the ability to include logging architecture to the brown field blueprints as a way of providing an logging architecture for creating log analytics solution.