Create a Windows Virtual Machine Scale
Set with Bicep
A Virtual Machine Scale Set allows you to deploy and manage a set of auto-scaling virtual machines. You can scale the number of VMs in the Virtual Machine Scale Set manually, or define rules to autoscale based on resource usage like CPU, memory demand, or network traffic. An Azure load balancer then distributes traffic to the VM instances in the Virtual Machine Scale Set. In this quickstart, you create a Virtual Machine Scale Set and deploy a sample application with Bicep.
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Review the Bicep file
The Bicep file used in this quickstart is from Azure Quickstart Templates.
@description('String used as a base for naming resources. Must be 3-61 characters in length and globally unique across Azure. A hash is prepended to this string for some resources, and resource-specific information is appended.')
@minLength(3)
@maxLength(61)
param vmssName string
@description('Size of VMs in the VM Scale Set.')
param vmSku string = 'Standard_D2s_v3'
@description('The Windows version for the VM. This will pick a fully patched image of this given Windows version. Allowed values: 2008-R2-SP1, 2012-Datacenter, 2012-R2-Datacenter & 2016-Datacenter, 2019-Datacenter.')
@allowed([
'2019-DataCenter-GenSecond'
'2016-DataCenter-GenSecond'
'2022-datacenter-azure-edition'
])
param windowsOSVersion string = '2022-datacenter-azure-edition'
@description('Security Type of the Virtual Machine.')
@allowed([
'Standard'
'TrustedLaunch'
])
param securityType string = 'TrustedLaunch'
@description('Number of VM instances (100 or less).')
@minValue(1)
@maxValue(100)
param instanceCount int = 3
@description('When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true.')
param singlePlacementGroup bool = true
@description('Admin username on all VMs.')
param adminUsername string = 'vmssadmin'
@description('Admin password on all VMs.')
@secure()
param adminPassword string
@description('The base URI where artifacts required by this template are located. For example, if stored on a public GitHub repo, you\'d use the following URI: https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vmss-windows-webapp-dsc-autoscale/.')
param _artifactsLocation string = deployment().properties.templateLink.uri
@description('The sasToken required to access _artifactsLocation. If your artifacts are stored on a public repo or public storage account you can leave this blank.')
@secure()
param _artifactsLocationSasToken string = ''
@description('Location of the PowerShell DSC zip file relative to the URI specified in the _artifactsLocation, i.e. DSC/IISInstall.ps1.zip')
param powershelldscZip string = 'DSC/InstallIIS.zip'
@description('Location of the of the WebDeploy package zip file relative to the URI specified in _artifactsLocation, i.e. WebDeploy/DefaultASPWebApp.v1.0.zip')
param webDeployPackage string = 'WebDeploy/DefaultASPWebApp.v1.0.zip'
@description('Version number of the DSC deployment. Changing this value on subsequent deployments will trigger the extension to run.')
param powershelldscUpdateTagVersion string = '1.0'
@description('Location for all resources.')
param location string = resourceGroup().location
@description('Fault Domain count for each placement group.')
param platformFaultDomainCount int = 1
var vmScaleSetName = toLower(substring('vmssName${uniqueString(resourceGroup().id)}', 0, 9))
var longvmScaleSet = toLower(vmssName)
var addressPrefix = '10.0.0.0/16'
var subnetPrefix = '10.0.0.0/24'
var vNetName = '${vmScaleSetName}vnet'
var publicIPAddressName = '${vmScaleSetName}pip'
var subnetName = '${vmScaleSetName}subnet'
var loadBalancerName = '${vmScaleSetName}lb'
var publicIPAddressID = publicIPAddress.id
var lbProbeID = resourceId('Microsoft.Network/loadBalancers/probes', loadBalancerName, 'tcpProbe')
var natPoolName = '${vmScaleSetName}natpool'
var bePoolName = '${vmScaleSetName}bepool'
var lbPoolID = resourceId('Microsoft.Network/loadBalancers/backendAddressPools', loadBalancerName, bePoolName)
var natStartPort = 50000
var natEndPort = 50119
var natBackendPort = 3389
var nicName = '${vmScaleSetName}nic'
var ipConfigName = '${vmScaleSetName}ipconfig'
var frontEndIPConfigID = resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', loadBalancerName, 'loadBalancerFrontEnd')
var osType = {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: windowsOSVersion
version: 'latest'
}
var securityProfileJson = {
uefiSettings: {
secureBootEnabled: true
vTpmEnabled: true
}
securityType: securityType
}
var imageReference = osType
var webDeployPackageFullPath = uri(_artifactsLocation, '${webDeployPackage}${_artifactsLocationSasToken}')
var powershelldscZipFullPath = uri(_artifactsLocation, '${powershelldscZip}${_artifactsLocationSasToken}')
resource loadBalancer 'Microsoft.Network/loadBalancers@2023-04-01' = {
name: loadBalancerName
location: location
properties: {
frontendIPConfigurations: [
{
name: 'LoadBalancerFrontEnd'
properties: {
publicIPAddress: {
id: publicIPAddressID
}
}
}
]
backendAddressPools: [
{
name: bePoolName
}
]
inboundNatPools: [
{
name: natPoolName
properties: {
frontendIPConfiguration: {
id: frontEndIPConfigID
}
protocol: 'Tcp'
frontendPortRangeStart: natStartPort
frontendPortRangeEnd: natEndPort
backendPort: natBackendPort
}
}
]
loadBalancingRules: [
{
name: 'LBRule'
properties: {
frontendIPConfiguration: {
id: frontEndIPConfigID
}
backendAddressPool: {
id: lbPoolID
}
protocol: 'Tcp'
frontendPort: 80
backendPort: 80
enableFloatingIP: false
idleTimeoutInMinutes: 5
probe: {
id: lbProbeID
}
}
}
]
probes: [
{
name: 'tcpProbe'
properties: {
protocol: 'Tcp'
port: 80
intervalInSeconds: 5
numberOfProbes: 2
}
}
]
}
}
resource vmScaleSet 'Microsoft.Compute/virtualMachineScaleSets@2023-09-01' = {
name: vmScaleSetName
location: location
sku: {
name: vmSku
tier: 'Standard'
capacity: instanceCount
}
properties: {
overprovision: true
upgradePolicy: {
mode: 'Automatic'
}
singlePlacementGroup: singlePlacementGroup
platformFaultDomainCount: platformFaultDomainCount
virtualMachineProfile: {
storageProfile: {
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
}
imageReference: imageReference
}
osProfile: {
computerNamePrefix: vmScaleSetName
adminUsername: adminUsername
adminPassword: adminPassword
}
securityProfile: ((securityType == 'TrustedLaunch') ? securityProfileJson : null)
networkProfile: {
networkInterfaceConfigurations: [
{
name: nicName
properties: {
primary: true
ipConfigurations: [
{
name: ipConfigName
properties: {
subnet: {
id: vNet.properties.subnets[0].id
}
loadBalancerBackendAddressPools: [
{
id: lbPoolID
}
]
}
}
]
}
}
]
}
extensionProfile: {
extensions: [
{
name: 'Microsoft.Powershell.DSC'
properties: {
publisher: 'Microsoft.Powershell'
type: 'DSC'
typeHandlerVersion: '2.9'
autoUpgradeMinorVersion: true
forceUpdateTag: powershelldscUpdateTagVersion
settings: {
configuration: {
url: powershelldscZipFullPath
script: 'InstallIIS.ps1'
function: 'InstallIIS'
}
configurationArguments: {
nodeName: 'localhost'
WebDeployPackagePath: webDeployPackageFullPath
}
}
}
}
]
}
}
}
}
resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2023-04-01' = {
name: publicIPAddressName
location: location
properties: {
publicIPAllocationMethod: 'Static'
dnsSettings: {
domainNameLabel: longvmScaleSet
}
}
}
resource vNet 'Microsoft.Network/virtualNetworks@2023-04-01' = {
name: vNetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
addressPrefix
]
}
subnets: [
{
name: subnetName
properties: {
addressPrefix: subnetPrefix
}
}
]
}
}
resource autoscalehost 'Microsoft.Insights/autoscalesettings@2022-10-01' = {
name: 'autoscalehost'
location: location
properties: {
name: 'autoscalehost'
targetResourceUri: vmScaleSet.id
enabled: true
profiles: [
{
name: 'Profile1'
capacity: {
minimum: '1'
maximum: '10'
default: '1'
}
rules: [
{
metricTrigger: {
metricName: 'Percentage CPU'
metricResourceUri: vmScaleSet.id
timeGrain: 'PT1M'
statistic: 'Average'
timeWindow: 'PT5M'
timeAggregation: 'Average'
operator: 'GreaterThan'
threshold: 50
}
scaleAction: {
direction: 'Increase'
type: 'ChangeCount'
value: '1'
cooldown: 'PT5M'
}
}
{
metricTrigger: {
metricName: 'Percentage CPU'
metricResourceUri: vmScaleSet.id
timeGrain: 'PT1M'
statistic: 'Average'
timeWindow: 'PT5M'
timeAggregation: 'Average'
operator: 'LessThan'
threshold: 30
}
scaleAction: {
direction: 'Decrease'
type: 'ChangeCount'
value: '1'
cooldown: 'PT5M'
}
}
]
}
]
}
}
output applicationUrl string = uri('http://${publicIPAddress.properties.dnsSettings.fqdn}', '/MyApp')
The following resources are defined in the Bicep file:
- Microsoft.Network/virtualNetworks
- Microsoft.Network/publicIPAddresses
- Microsoft.Network/loadBalancers
- Microsoft.Compute/virtualMachineScaleSets
- Microsoft.Insights/autoscaleSettings
Define a scale set
To create a Virtual Machine Scale Set with a Bicep file, you define the appropriate resources. The core parts of the Virtual Machine Scale Set resource type are:
| Property | Description of property | Example template value |
|---|---|---|
| type | Azure resource type to create | Microsoft.Compute/virtualMachineScaleSets |
| name | The scale set name | myScaleSet |
| location | The location to create the scale set | East US |
| sku.name | The VM size for each scale set instance | Standard_A1 |
| sku.capacity | The number of VM instances to initially create | 2 |
| upgradePolicy.mode | VM instance upgrade mode when changes occur | Automatic |
| imageReference | The platform or custom image to use for the VM instances | Microsoft Windows Server 2016 Datacenter |
| osProfile.computerNamePrefix | The name prefix for each VM instance | myvmss |
| osProfile.adminUsername | The username for each VM instance | azureuser |
| osProfile.adminPassword | The password for each VM instance | P@ssw0rd! |
To customize a Virtual Machine Scale Set Bicep file, you can change the VM size or initial capacity. Another option is to use a different platform or a custom image.
Add a sample application
To test your Virtual Machine Scale Set, install a basic web application. When you deploy a Virtual Machine Scale Set, VM extensions can provide post-deployment configuration and automation tasks, such as installing an app. Scripts can be downloaded from GitHub or provided to the Azure portal at extension run-time. To apply an extension to your Virtual Machine Scale Set, add the extensionProfile section to the resource example above. The extension profile typically defines the following properties:
- Extension type
- Extension publisher
- Extension version
- Location of configuration or install scripts
- Commands to execute on the VM instances
The Bicep file uses the PowerShell DSC extension to install an ASP.NET MVC app that runs in IIS.
An install script is downloaded from GitHub, as defined in url. The extension then runs InstallIIS from the IISInstall.ps1 script, as defined in function and Script. The ASP.NET app itself is provided as a Web Deploy package, which is also downloaded from GitHub, as defined in WebDeployPackagePath:
Deploy the Bicep file
Save the Bicep file as
main.bicepto your local computer.Deploy the Bicep file using either Azure CLI or Azure PowerShell.
Azure CLIaz group create --name exampleRG --location eastus az deployment group create --resource-group exampleRG --template-file main.bicep --parameters vmssName=<vmss-name>Replace <vmss-name> with the name of the Virtual Machine Scale Set. It must be 3-61 characters in length and globally unique across Azure. You'll be prompted to enter
adminPassword.Note
When the deployment finishes, you should see a message indicating the deployment succeeded. It can take 10-15 minutes for the Virtual Machine Scale Set to be created and apply the extension to configure the app.
Validate the deployment
To see your Virtual Machine Scale Set in action, access the sample web application in a web browser. Obtain the public IP address of your load balancer using Azure CLI or Azure PowerShell.
az network public-ip show --resource-group exampleRG
Enter the public IP address of the load balancer in to a web browser in the format http://publicIpAddress/MyApp. The load balancer distributes traffic to one of your VM instances, as shown in the following example:
Clean up resources
When no longer needed, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group and its resources.
az group delete --name exampleRG