|
| 1 | +--- |
| 2 | +title: Deploy on dedicated hosts |
| 3 | +description: Use dedicated hosts to achieve true host level isolation for your workloads |
| 4 | +ms.topic: article |
| 5 | +ms.date: 01/10/2020 |
| 6 | +ms.author: danlep |
| 7 | +--- |
| 8 | + |
| 9 | +# Deploy on dedicated hosts |
| 10 | + |
| 11 | +"Dedicated" is an Azure Container Instances (ACI) sku that provides an isolated and dedicated compute environment for securely running containers. Using the dedicated sku results in each container group having a dedicated physical server in an Azure datacenter, ensuring full workload isolation to help meet your organization's security and compliance requirements. |
| 12 | + |
| 13 | +The dedicated sku is appropriate for container workloads that require workload isolation from a physical server perspective. |
| 14 | + |
| 15 | +## Using the dedicated sku |
| 16 | + |
| 17 | +> [!IMPORTANT] |
| 18 | +> Using the dedicated sku is only available in the latest API version (2019-12-01) that is currently rolling out. Specify this API version in your deployment template. Additionally, the default limit for any subscription to use the dedicated sku is 0. If you would like to use this sku for your production container deployments, please create an [Azure Support request][azure-support] |
| 19 | +
|
| 20 | +Starting with API version 2019-12-01, thgere is a "sku" property under the container group properties section of a deployment template, which is required for an ACI deployment. Currently, you can use this property as part of an Azure Resource Manager deployment template for ACI. You can learn more about deploying ACI resources with a template in the [Tutorial: Deploy a multi-container group using a Resource Manager template](https://docs.microsoft.com/azure/container-instances/container-instances-multi-container-group). |
| 21 | + |
| 22 | +The sku property can have one of the following values: |
| 23 | +* Standard - this is the standard ACI deployment choice, which still guarantees hypervisor-level security |
| 24 | +* Dedicated - used for workload level isolation with dedicated physical hosts for the container group |
| 25 | + |
| 26 | +### Modify your JSON deployment template |
| 27 | + |
| 28 | +In your deployment template, where you specify your container group resource, ensure that the `"apiVersion": "2019-12-01",`. In the properties section of the container group resource, set `"sku": "Dedicated",`. |
| 29 | + |
| 30 | +Here is an example snippet for the resources section of acontainer group deployment template that uses the dedicated sku: |
| 31 | + |
| 32 | +```json |
| 33 | +{ |
| 34 | + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", |
| 35 | + "contentVersion": "1.0.0.0", |
| 36 | + "parameters": { |
| 37 | + "containerGroupName": { |
| 38 | + "type": "string", |
| 39 | + "defaultValue": "myContainerGroup", |
| 40 | + "metadata": { |
| 41 | + "description": "Container Group name." |
| 42 | + } |
| 43 | + } |
| 44 | + }, |
| 45 | + "resources": [ |
| 46 | + { |
| 47 | + "name": "[parameters('containerGroupName')]", |
| 48 | + "type": "Microsoft.ContainerInstance/containerGroups", |
| 49 | + "apiVersion": "2019-12-01", |
| 50 | + "location": "[resourceGroup().location]", |
| 51 | + "properties": { |
| 52 | + "sku": "Dedicated", |
| 53 | + "containers": [ |
| 54 | + { |
| 55 | + "name": "container1", |
| 56 | + "properties": { |
| 57 | + "image": "nginx", |
| 58 | + "command": [ |
| 59 | + "/bin/sh", |
| 60 | + "-c", |
| 61 | + "while true; do echo `date`; sleep 1000000; done" |
| 62 | + ], |
| 63 | + "ports": [ |
| 64 | + { |
| 65 | + "protocol": "TCP", |
| 66 | + "port": 80 |
| 67 | + } |
| 68 | + ], |
| 69 | + "environmentVariables": [], |
| 70 | + "resources": { |
| 71 | + "requests": { |
| 72 | + "memoryInGB": 1.0, |
| 73 | + "cpu": 1 |
| 74 | + } |
| 75 | + } |
| 76 | + } |
| 77 | + } |
| 78 | + ], |
| 79 | + "restartPolicy": "Always", |
| 80 | + "ipAddress": { |
| 81 | + "ports": [ |
| 82 | + { |
| 83 | + "protocol": "TCP", |
| 84 | + "port": 80 |
| 85 | + } |
| 86 | + ], |
| 87 | + "type": "Public" |
| 88 | + }, |
| 89 | + "osType": "Linux", |
| 90 | + }, |
| 91 | + "location": "eastus2euap", |
| 92 | + "tags": {} |
| 93 | + } |
| 94 | + ] |
| 95 | +} |
| 96 | +``` |
| 97 | + |
| 98 | +### Deploy your resources |
| 99 | + |
| 100 | +If you created and edited the deployment template file on your desktop, you can upload it to your Cloud Shell directory by dragging the file into it. |
| 101 | + |
| 102 | +Create a resource group with the [az group create][az-group-create] command. |
| 103 | + |
| 104 | +```azurecli-interactive |
| 105 | +az group create --name myResourceGroup --location eastus |
| 106 | +``` |
| 107 | + |
| 108 | +Deploy the template with the [az group deployment create][az-group-deployment-create] command. |
| 109 | + |
| 110 | +```azurecli-interactive |
| 111 | +az group deployment create --resource-group myResourceGroup --template-file deployment-template.json |
| 112 | +``` |
| 113 | + |
| 114 | +Within a few seconds, you should receive an initial response from Azure. Once the deployment completes, all data related to it persisted by the ACI service will be encrypted with the key you provided. |
| 115 | + |
| 116 | +<!-- LINKS - Internal --> |
| 117 | +[az-group-create]: /cli/azure/group#az-group-create |
| 118 | +[az-group-deployment-create]: /cli/azure/group/deployment#az-group-deployment-create |
| 119 | + |
| 120 | +<!-- LINKS - External --> |
| 121 | +[azure-support]: https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest |
0 commit comments