Enable trusted launch for existing-WVD-host-pool-arm #656
Conversation
|
Would you please help to remove https://github.com/Azure/RDS-Templates/blob/master/ARM-wvd-templates/nestedtemplates/unmanagedDisks-customvhdvm.json? thanks. |
Removed. |
|
clicked wrong button |
Removed. |
| @@ -305,6 +305,27 @@ | |||
| "description": "Session host configuration version of the host pool." | |||
| }, | |||
| "defaultValue": "" | |||
| }, | |||
| "securityType": { | |||
There was a problem hiding this comment.
These parameters aren't passed to the virtual machine so it doesn't do anything.
| @@ -305,6 +305,27 @@ | |||
| "description": "Session host configuration version of the host pool." | |||
| }, | |||
| "defaultValue": "" | |||
| }, | |||
| "securityType": { | |||
There was a problem hiding this comment.
These parameters aren't passed to the virtual machine so it doesn't do anything.
| @@ -409,6 +409,27 @@ | |||
| "description": "System data is used for internal purposes, such as support preview features." | |||
| }, | |||
| "defaultValue": {} | |||
| }, | |||
| "securityType": { | |||
There was a problem hiding this comment.
If the only valid value for this is an empty string or TrustedLaunch then you should specify "allowedValues" with those values so the customer will get an error if they enter something else.
This applies to the other ARM templates in this PR too.
| "secureBoot": { | ||
| "type": "bool", | ||
| "metadata": { | ||
| "description": "Specifies whether secure boot should be enabled on the virtual machine." |
There was a problem hiding this comment.
Should say this is only used if securityType is set to "TrustedLaunch".
This applies to the other ARM templates in this PR too.
| "vTPM": { | ||
| "type": "bool", | ||
| "metadata": { | ||
| "description": "Specifies whether vTPM (Virtual Trusted Platform Module) should be enabled on the virtual machine." |
There was a problem hiding this comment.
Should say this is only used if securityType is set to "TrustedLaunch".
This applies to the other ARM templates in this PR too.
| "securityType": { | ||
| "type": "string", | ||
| "metadata": { | ||
| "description": "Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. Default: UefiSettings will not be enabled unless this property is set as TrustedLaunch." |
There was a problem hiding this comment.
I think it would be helpful to include a link to the docs for this here https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/2021-07-01/virtualmachines?tabs=bicep#securityprofile so the customer has more context about this.
It looks like unmanagedDisks-customvhdvm.json is still supported in AddVirtualMachinesTemplate.json and CreateHostpoolTemplate.json . If you want to remove support for it then I suggest taking a look at this PR https://github.com/Azure/RDS-Templates/pull/406/files where WVD classic removed support for it. You may also want to announce it as an upcoming breaking change to customer before making the change too. Although it was announced here (I think before the non-classic templates were released) so it might be ok. This also seems un-related to the other changes in this PR so maybe make an changes around unmanagedDisks-customvhdvm.json in a separate PR. |
Add three trusted launch parameters for the ARM template.