config-terraform.html.md.erb

---
title: Configuring BOSH Director on Azure Using Terraform
owner: Ops Manager
iaas: Azure
install_type: terraform
---

<%= partial "/pcf/warning-terraform" %>

This topic describes how to configure the BOSH Director tile within Pivotal Operations Manager on Azure after [Deploying Ops Manager to Azure](./prepare-env-terraform.html).

<p class="note"><strong>Note:</strong> You can also perform the procedures in this topic using the Ops Manager API. For more information, see <a href="../install/ops-man-api.html">Using the Ops Manager API</a>.</p>


## <a id='prerequisites'></a> Prerequisite

To complete the procedures in this topic, you must have access to the output generated when you ran `terraform apply` to create resources for this deployment. To view this output, run `terraform output` in the directory where you ran `terraform apply`. You use the values in this output to configure the BOSH Director tile.


## <a id='access-om'></a> Step 1: Log Into <%= vars.ops_manager %>

1. In a web browser, navigate to the fully qualified domain name (FQDN) of Ops Manager. Use the `ops_manager_dns` value from running `terraform output`.

1. Log into <%= vars.ops_manager %>. To log in, see [Log In to <%= vars.ops_manager %> For the First Time](../login.html#login-first-time).

## <a id='azure-config'></a> Step 2: Azure Config Page

1. Click the **BOSH Director** tile.

1. Select **Azure Config**.

    <%= image_tag("../common/images/azure/azure-config.png", :alt => "Screenshot of the Bosh Director for Azure dialog. The 'Settings' tab is shown with the 'Azure Config' step on the left of the dialog selected.") %>

1. Complete the following fields with information you obtained in [Preparing to Deploy Ops Manager on Azure Using Terraform](prepare-azure-terraform.html).
	* **Subscription ID**: Enter the ID of your Azure subscription.
	* **Tenant ID**: Enter your `TENANT_ID`.
	* **Application ID**: Enter the `APPLICATION_ID` that you created in the [Step 3: Create an AAD Application](./prepare-azure-terraform.html#create-aad) step of the _Preparing to Deploy Ops Manager on Azure Using Terraform_ topic.
	* **Client Secret**: Enter your `CLIENT_SECRET`.

1. Complete the following fields:
	* **Resource Group Name**: Enter the name of your resource group, which is exported from Terraform as the output `pcf_resource_group_name`.
	* **BOSH Storage Account Name**: Enter the name of your storage account, which is exported from Terraform as the output `bosh_root_storage_account`.

1. For **Cloud Storage Type**, select **Use Managed Disks**. For **Storage Account Type**, select **Premium_LRS** which corresponds to SSD-based storage. See [Azure Managed Disks Overview](https://docs.microsoft.com/en-us/azure/storage/storage-managed-disks-overview) in the Microsoft documentation for more information.
        <%= image_tag("../common/images/azure/azure-managed-disk.png", :alt => "The words 'Cloud Storage Type' with two options underneath. The first option is a selected radio button labeled 'Use Managed Disks', below which is a dropdown labeled 'Storage Account Type' with 'Premium_LRS' selected. To the right of the dropdown is the help text 'Storage Account Type to use with managed disks'. The second option is a radio button labeled 'Use Storage Accounts', below which is a grayed-out text field labeled 'Deployments Storage Account Name'.") %>
    <p class="note warning"><strong>Warning:</strong> You can update your deployment from using storage accounts to using managed disks. However, after you select <strong>Use Managed Disks</strong> and deploy Ops Manager, you cannot change your deployment back to use storage accounts.</p>

1. For **Default Security Group**, enter the `bosh_deployed_vms_security_group_name` output from Terraform.

1. For **SSH Public Key**, enter the `ops_manager_ssh_public_key` output from Terraform.

1. For **SSH Private Key**, enter the `ops_manager_ssh_private_key` output from Terraform.

1. For **Availability Mode**, choose whether to use **Availability Sets** or **Availability Zones**. You can further configure this option in the [**Assign AZs and Networks Page**](#assign-networks).
   * **For new installations of Ops Manager**: **Availability Zones** are selected by default, but you can choose **Availability Sets**.
   * **If you are upgrading from v2.4**: You must use **Availability Sets**.
    <p class="note"><strong>Note:</strong> You can only choose between Availability Zones and Availability Sets in a staged BOSH Director tile that has not yet deployed. After you click <strong>Apply Changes</strong> and the BOSH Director deploys successfully, you cannot switch between Availability Zones and Availability Sets.</p>

1. <%= partial "../common/azure-environment" %>

1. Click **Save**.


## <a id='director-config'></a> Step 3: Director Config Page

<%= partial "../common/director-config" %>

## <a id='network'></a> Step 4: Create Networks Page

Select **Create Networks** and follow the procedures in this section to add the network configuration that you created for your VPC.

* [Create Network for <%= vars.app_runtime_abbr %>](#pas-network)
* [Create Network for <%= vars.k8s_runtime_abbr %>](#pks-network)

### <a id='pas-network'></a> Create Network for PAS

Create the following three networks:

* [<%= vars.app_runtime_abbr %> Infrastructure Network](#pas-infrastructure-network)
* [<%= vars.app_runtime_abbr %> Runtime Network](#pas-runtime-network)
* [<%= vars.app_runtime_abbr %> Services Network](#pas-services-network)

<p class="note"><strong>Note:</strong> The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.</p>

#### <a id='pas-infrastructure-network'></a> <%= vars.app_runtime_abbr %> Infrastructure Network

To create the infrastructure network, do the following:

1. (Optional) Select **Enable ICMP checks** to enable ICMP on your networks. Ops Manager uses ICMP checks to confirm that components within your network are reachable.

1. Click **Add Network**.

1. For **Name**, enter `infrastructure`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>infrastructure</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>infrastructure_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>infrastructure_subnet_cidrs</code> output from
        Terraform. For example, <code>10.0.8.0/26</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.8.1-10.0.8.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the first IP address of the subnet. For example, <code>10.0.8.1</code>.</td>
      </tr>
    </table>
    <%= image_tag("../common/images/azure/create-networks-management.png", :alt => "Screenshot of the Create Networks page. There are two sections: 'Verification Settings', and 'Networks'.") %>

1. Click **Save**.<%= vars.expand_network_azs %>

#### <a id='pas-runtime-network'></a> <%= vars.app_runtime_abbr %> Runtime Network

1. Click **Add Network**.

1. For **Name**, enter `pas`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>pas</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>pas_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>pas_subnet_cidrs</code> output from Terraform. For
        example, <code>10.0.0.0/22</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.0.1-10.0.0.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the first IP address of the subnet. For example, <code>10.0.0.1</code>.</td>
      </tr>
    </table>
    <%= image_tag("../common/images/azure/create-networks-deployment.png", :alt => "Screenshot of the Subnet page with values in each of the required fields.") %>

1. Click **Save**.

#### <a id='pas-services-network'></a> <%= vars.app_runtime_abbr %> Services Network

1. Click **Add Network**.

1. For **Name**, enter `services`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>services</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>services_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>services_subnet_cidrs</code> output from Terraform.
        For example, <code>10.0.4.0/22</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.4.1-10.0.4.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the first IP address of the subnet. For example, <code>10.0.4.1</code>.</td>
      </tr>
    </table>
    <%= image_tag("../common/images/azure/create-networks-services.png", :alt => "Screenshot of the Subnet page with values in each of the required fields.") %>

1. Click **Save**.

1. You might see red warnings.
   Ignore them only if **Enable ICMP checks** is not selected.

If you complete this step for <%= vars.app_runtime_abbr %>, proceed to [Assign AZs and Networks Page](#assign-networks).

### <a id='pks-network'></a> Create Network for <%= vars.k8s_runtime_abbr %>

Create the following three networks:

* [<%= vars.k8s_runtime_abbr %> Infrastructure Network](#pks-infrastructure-network)
* [<%= vars.k8s_runtime_abbr %> Runtime Network](#pks-runtime-network)
* [<%= vars.k8s_runtime_abbr %> Services Network](#pks-services-network)

<p class="note"><strong>Note:</strong> The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.</p>

#### <a id='pks-infrastructure-network'></a> <%= vars.k8s_runtime_abbr %> Infrastructure Network

To create the infrastructure network, do the following:

1. (Optional) Select **Enable ICMP checks** to enable ICMP on your networks. Ops Manager uses ICMP checks to confirm that components within your network are reachable.

1. Click **Add Network**.

1. For **Name**, enter `infrastructure`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>infrastructure</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>infrastructure_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>infrastructure_subnet_cidrs</code> output from
        Terraform. For example, <code>10.0.8.0/26</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.8.1-10.0.8.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the first IP address of the subnet. For example, <code>10.0.8.1</code>.</td>
      </tr>
    </table>

1. Click **Save**.

#### <a id='pks-runtime-network'></a> <%= vars.k8s_runtime_abbr %> Runtime Network

1. Click **Add Network**.

1. For **Name**, enter `pks`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>pks</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>pks_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>pks_subnet_cidrs</code> output from Terraform. For
        example, <code>10.0.12.0/22</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.12.1-10.0.12.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the IP address listed under <code>pks_subnet_gateway</code> output from
        Terraform. This should be the first IP address of the subnet. For example,
        <code>10.0.12.1</code>.</td>
      </tr>
    </table>

1. Click **Save**.

### <a id='pks-services-network'></a> <%= vars.k8s_runtime_abbr %> Services Network

1. Click **Add Network**.

1. For **Name**, enter `services`.

1. Under **Subnets**, create a subnet using the information in the following table:

    <table>
      <tr>
        <th>Network Name</th>
        <td><code>services</code></td>
      </tr>
      <tr>
        <th>Azure Network Name</th>
        <td>Enter <code>NETWORK-NAME/SUBNET-NAME</code>, where:
          <ul>
            <li><code>NETWORK-NAME</code> is the <code>network_name</code> output from
            Terraform</li>
            <li><code>SUBNET-NAME</code> is the <code>services_subnet_name</code> output from
            Terraform</li>
          </ul>
        </td>
      </tr>
      <tr>
        <th>CIDR</th>
        <td>Enter the CIDR listed under <code>services_subnet_cidrs</code> output from Terraform.
        For example, <code>10.0.16.0/22</code>.</td>
      </tr>
      <tr>
        <th>Reserved IP Ranges</th>
        <td>Enter the first nine IP addresses of the subnet. For example,
        <code>10.0.16.1-10.0.16.9</code>.</td>
      </tr>
      <tr>
        <th>DNS</th>
        <td>Enter <code>168.63.129.16</code>.</td>
      </tr>
      <tr>
        <th>Gateway</th>
        <td>Enter the IP address listed under <code>services_subnet_gateway</code> output from
        Terraform. This should be the first IP address of the subnet. For example,
        <code>10.0.16.1</code>.</td>
      </tr>
    </table>

1. Click **Save**.

1. You might see red warnings.
   Ignore them only if **Enable ICMP checks** is not selected.


## <a id="assign-networks"></a> Step 5: Assign AZs and Networks Page

<ol>
  <li>Select <strong>Assign AZs and Networks</strong>.<br/>
  <p class="note"><strong>Note:</strong> The appearance of this page changes based on whether you are using Availability Zones or Availability Sets. For more information, see <a href="#azure-config">Step 2: Azure Config Page</a>.</p>
    <ul>
    <li>If you use Availability Zones, select one of the three available zones from the <strong>Singleton Availability Zone</strong> dropdown, then select a network from the <strong>Networks</strong> dropdown. The networks that appear in this list are networks that you created earlier in this procedure.
    </li>
    <li>If you use Availability Sets, choose a network from the <strong>Networks</strong> dropdown. The networks that appear in this list are networks you created earlier in this procedure.</li>
    </ul>
  </li>
  <li>Click <strong>Save</strong>.</li>
</ol>


## <a id='security'></a> Step 6: Security Page

<%= partial "../common/security-pane" %>

## <a id="bosh-dns"></a> Step 7: BOSH DNS Config Page

<%= partial '../common/bosh-dns-config'  %>

## <a id='syslog'></a> Step 8: Syslog Page

<%= partial(:"/pcf/ops-manager/syslog_bosh", :locals => { :syslog_context => 'BOSH Director' }) %>

## <a id='resource-config'></a> Step 9: Resource Config Page

1. Select **Resource Config**.
    <%= image_tag("../common/images/azure/om-resource-config.png", :alt => "Screenshot of the BOSH DNS Config page. It has three fields: 'Excluded Recursors', 'Recursor Timeout', and 'Handlers'.") %>

1. Adjust any values as necessary for your deployment. Under the **Instances**, **VM Type**, and **Persistent Disk Type** fields, choose **Automatic** from the dropdown to allocate the recommended resources for the job. If the **Persistent Disk Type** field reads **None**, the job does not require persistent disk space.
    <p class="note"><strong>Note:</strong> For the BOSH Director job, select a VM type with at least 8&nbsp;GB memory.</p>
    <p class="note"><strong>Note:</strong> If you set a field to <strong>Automatic</strong> and the recommended resource allocation changes in a future version, Ops Manager automatically uses the new recommended allocation.</p>
    <p class="note"><strong>Note:</strong> If you install <%= vars.windows_runtime_full %> (<%= vars.windows_runtime_abbr %>),
    provision your <strong>Master Compilation Job</strong> with at least 100&nbsp;GB of disk space.</p>

1. (Optional) To add a load balancer to the BOSH Director, select the icon next to the **BOSH Director** job name to see the **Load Balancers** field and **Internet Connected** checkbox.
For **Load Balancers**, enter your Azure application gateway name under the **BOSH Director** job.
To create an application gateway, follow the procedures in [Create an application gateway with SSL termination using Azure PowerShell](https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-arm) from the Azure documentation. When you create the application gateway, associate the gateway's IP with your system domain.

1. Click **Save**.

## <a id="custom-vm-extensions"></a> Step 10: (Optional) Add Custom VM Extensions

<%= partial "../common/vm-extension-config"  %>

## <a id='complete'></a> Step 11: Complete the BOSH Director Installation

1. Click the **Installation Dashboard** link to return to the Installation Dashboard.

1. Click **Review Pending Changes**, then **Apply Changes**. If the following ICMP error message appears, click **Ignore errors and start the install**.

    <%= image_tag("../common/images/cloudform/install-error.png", :alt => "Screenshot of the PCF Ops Manager page with a red box listing errors. There are two options: 'Ignore errors and start the install' and 'Stop and fix errors'.") %>

1. BOSH Director installs. This may take a few moments. When the installation process successfully completes, the **Changes Applied** window appears.

    <%= image_tag("../common/images/cloudform/ops-manager-complete.png", :alt => "Screenshot of the Changes Applied pop up window. There are two options: 'Close' and 'Return to Installation Dashboard'.") %>


## <a id='next'></a> Next Steps

After you complete this procedure, do one of the following:
<ul>
  <li>If you are deploying <%= vars.app_runtime_abbr %>, follow the procedures in [Configuring <%= vars.app_runtime_abbr %>](https://docs.pivotal.io/application-service/2-8/operating/configure-pas.html).</li>
  <li>If you are deploying <%= vars.k8s_runtime_abbr %>, follow the procedures in [Creating Managed Identities in Azure for <%= vars.k8s_runtime_abbr %>](https://docs.pivotal.io/pks/azure-managed-identities.html).</li>
</ul>