Tanzu Cloud Service Broker for Microsoft Azure 1.0

Service Plan Reference

Last Updated October 24, 2024

This topic provides reference information about the plans and configuration parameters used for configuring service instances.

See the section below for the service that you want:

Azure SQL (MSSQL)

This section applies to the csb-azure-mssql service. This section lists default plans and configuration options for Azure SQL on Azure.

Plans

The table below lists the plans for the csb-azure-mssql service:

PlanCPUsStorage Size
small250 GB
medium8200 GB
large32500 GB
extra-large641 TB

Plan Configuration Parameters

The table below lists the plan parameters that you can configure:

Option NameValuesDefault
max_storage_gb 50
cores1–64, multiples of 22

SKUs

Stock-keeping units (SKU) are usually formatted as TIER_FAMILY_NUMBER-OF-CORES. Where:

  • Examples of TIER are GP_S, GP, and HS
  • Examples of FAMILY are Gen4 and Gen5

Example SKUs are GP_S_Gen4_1 and GP_Gen5_8.

If you do not define a SKU using the sku_name parameter, the SKU is computed from the number of cores in your plan. See Plans above.

For a list of all valid SKUs, run:

az sql db list-editions -l LOCATION -o table

The table below shows the mapping of number of cores to the corresponding Azure stock-keeping unit (SKU):

CoresSKU
1GP_Gen5_1
2GP_Gen5_2
4GP_Gen5_4
8GP_Gen5_8
16GP_Gen5_16
32GP_Gen5_32
80GP_Gen5_80

For information about the the vCore purchasing model, see the Microsoft documentation.
For information about the the DTU purchasing model, see the Microsoft documentation.

Note Azure SQL service instances use the vCore model and the Gen5 hardware generation unless you override this default by using the sku_name parameter. For more information about the vCore model, see the Microsoft documentation.

When updating a service instance, the SKU for the updated service instance must remain in the same family (GP_S, GP, or HS).

If you update to a different family, Azure refuses the update request.

Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-mssql PLAN-NAME SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'

You can update the plan or configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE [-p NEW-PLAN] -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'

The table below lists the parameters that you can configure, using the -c flag, when provisioning a csb-azure-mssql service:

Parameter Name Type Description Default
instance_name string The name of the service instance. csb-azsql-INSTANCE-ID
resource_group string The Azure resource group in which to create the instance. rg-INSTANCE-NAME
db_name string The name of the database. csb-db
location string The Azure region in which to deploy the service instance.

Note Currently Azure SQL is not available in all regions. If you configure a region that is unavailable, Cloud Service Broker for Azure fails.

westus
azure_tenant_id string The ID of the Azure tenant for the service instance. The value the operator entered for Tenant ID in Ops Manager.
azure_subscription_id string The ID of the Azure subscription for the service instance. The value the operator entered for Subscription ID in Ops Manager.
azure_client_id string The ID of the Azure service principal to authenticate for service instance creation. The value the operator entered for Client ID in Ops Manager.
azure_client_secret string The secret (password) for the Azure service principal to authenticate for service instance creation. The value the operator entered for Client Secret in Ops Manager.
sku_name string The Azure stock-keeping unit (SKU). For more information about configuring this parameter, see SKUs above.
authorized_network string The Azure subnet ID, in long form, that the instance is connected to through a service endpoint. The subnet must have the Microsoft.sql service enabled.
skip_provider_registration boolean Set to true to skip automatic Azure provider registration. Set if the service principal being used does not have the rights to register providers. false

Binding Credentials

The format for binding credentials for Azure SQL is as follows:

{
    "name" : "DATABASE NAME",
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "uri" : "DATABASE CONNECTION-URI",
    "jdbcUrl" : "JDBC-FORMAT-CONNECTION-URI",
    "sqldbName" : "DATABASE-NAME",
    "sqlServerName" : "SERVER-NAME",
    "sqlServerFullyQualifiedDomainName" : "SERVER-FQDN",
    "databaseLogin" : "AUTHENTICATION-USERNAME",
    "databaseLoginPassword" : "AUTHENTICATION-PASSWORD"
}
``` <!--  Define any non-obvious placeholders present in the code snippet in the style of |Where PLACEHOLDER is...|  --> 



## <a id="azure-mssql-db"></a>Azure SQL (MSSQL) Database

This section applies to the service csb-azure-mssql-db.
The csb-azure-mssql-db service manages Azure SQL databases on pre-configured
database servers on Azure.

### <a id="azure-mssql-db-plans"></a> Plans

The table below lists the plans for the csb-azure-mssql-db service:

| Plan       | CPUs | Maximumum Storage Size |
|------------|------|--------------|
|small       | 2    | 50&nbsp;GB         |
|medium      | 8    | 200&nbsp;GB        |
|large       | 32   | 500&nbsp;GB       |
|extra-large | 80   | 1&nbsp;TB          |

### <a id="azure-mssql-db-plans-config"></a> Plan Configuration Parameters

The table below lists the plan parameters that you can configure:

| Parameter Name | Values              | Default |
|-------------|------------------------|---------|
| max\_storage\_gb  |                    |  50      |
| cores       | 1&ndash;64, multiples of 2    | 2       |

#### <a id="azure-mssql-db-skus"></a> SKUs

SKUs are usually formatted as `TIER_FAMILY_NUMBER-OF-CORES`. Where:

*   Examples of `TIER` are `GP_S`, `GP`, and `HS`
*   Examples of `FAMILY` are `Gen4` and `Gen5`

Example SKUs are `GP_S_Gen4_1` and `GP_Gen5_8`.

If you do not define a SKU using the `sku_name` parameter, the SKU is
computed from the number of cores in your plan.
See [Plans](#azure-mssql-db-plans) above.

For a list of all valid SKUs, run:

az sql db list-editions -l LOCATION -o table


The table below shows the mapping of number of cores to the corresponding SKU:

| Cores | SKU |
|-------|-----|
| 1  | GP\_Gen5\_1 |
| 2  | GP\_Gen5\_2 |
| 4  | GP\_Gen5\_4 |
| 8  | GP\_Gen5\_8  |
| 16 | GP\_Gen5\_16 |
| 32 | GP\_Gen5\_32 |
| 80 | GP\_Gen5\_80 |
 <!--  Is this table necessary? Can we get this information from the links below?  --> 

For information about the the vCore purchasing model, see the
<a href="https://docs.microsoft.com/en-us/azure/azure-sql/database/resource-limits-vcore-single-databases">Microsoft documentation</a>.<br>
For information about the the DTU purchasing model, see the
<a href="https://docs.microsoft.com/en-us/azure/azure-sql/database/resource-limits-dtu-single-databases">Microsoft documentation</a>.

<p class="note">
  <span class="note__title">Note</span> Azure SQL service instances use the vCore model and the Gen5
  hardware generation unless you override this default using the <code>sku_name</code> parameter.
  For more information about the vCore model, see the
  <a href="https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore?tabs=azure-portal">Microsoft documentation</a>.
</p>

<p class="note">
  <span class="note__title">Note</span> When updating a service instance, the SKU for the updated
  service instance must remain in the same family (<code>GP_S</code>, <code>GP</code>, or <code>HS</code>).
   <!--  Should this say tier or family? GP_S is a tier. Can you only use the tiers listed here?  --> 
  If you update to a different family, Azure refuses the update request.
</p>

### <a id="azure-mssql-db-parameters"></a> Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-mssql-db PLAN-NAME SERVICE-INSTANCE-NAME -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


You can update the plan or configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE [-p NEW-PLAN] -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


The table below lists the parameters that you can configure, using the `-c` flag, when
provisioning a csb-azure-mssql-db service:

<table>
  <thead>
    <tr>
      <th width="20%">Parameter Name</th>
      <th width="10%">Type</th>
      <th width="50%">Description</th>
      <th width="20%">Default</th>
    </tr>
  </thead>
  <tr>
    <td><code>db_name</code></td>
    <td>string</td>
    <td>The name of the database.</td>
    <td><code>csb-fog-db-INSTANCE-ID</code></td>
  </tr>
  <tr>
    <td><code>server</code></td>
    <td>string</td>
    <td>
      The name of the server on which to create the database.
      This must match one of the <code>SERVER</code> parameters in <code>server_credentials</code>.
      For example, <code>SERVER-1</code> in the code snippet in the <code>server_credentials</code> row below.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>server_credentials</code></td>
    <td>JSON</td>
    <td>
      A list of server credentials on which databases can be created.
      Format: <code>{ "SERVER-1": { "server_name":"...", "server_resource_group":"...", "admin_username":"...", "admin_password":"..."}, "SERVER-2":{"server_name":..., ...}...}</code>
      One of the values you use for <code>SERVER</code> must match the <code>server</code> parameter above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>azure_tenant_id</code></td>
    <td>string</td>
    <td>The ID of the Azure tenant for the service instance.</td>
    <td>The value the operator entered for <strong>Tenant ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_subscription_id</code></td>
    <td>string</td>
    <td>The ID of the Azure subscription for the service instance.</td>
    <td>The value the operator entered for <strong>Subscription ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_id</code></td>
    <td>string</td>
    <td>The ID of the Azure service principal to authenticate for service instance creation.  <!--  Clarification needed  --> </td>
    <td>The value the operator entered for <strong>Client ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_secret</code></td>
    <td>string</td>
    <td>The secret (password) for the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client Secret</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>sku_name</code></td>
    <td>string</td>
    <td>
      The Azure stock-keeping unit (SKU).
      For more information about configuring this parameter, see <a href="#azure-mssql-db-skus">SKUs</a> above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>skip_provider_registration</code></td>
    <td>boolean</td>
    <td>Set to <code>true</code> to skip automatic Azure provider registration.
    Set if the service principal being used does not have the rights to register providers.</td>
    <td><code>false</code></td>
  </tr>
</table>

### <a id="azure-mssql-db-binding-creds"></a> Binding Credentials

The format for binding credentials for an Azure SQL database is as follows:

```json
{
    "name" : "DATABASE-NAME",
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "uri" : "DATABASE-CONNECTION-URI",
    "jdbcUrl" : "JDBC-FORMAT-CONNECTION-URI",
    "sqldbName" : "DATABASE-NAME",
    "sqlServerName" : "SERVER-NAME",
    "sqlServerFullyQualifiedDomainName" : "SERVER-FQDN",
    "databaseLogin" : "AUTHENTICATION-USERNAME",
    "databaseLoginPassword" : "AUTHENTICATION-PASSWORD"
}

Azure SQL (MSSQL) Server

This section applies to the csb-azure-mssql-server service. The csb-azure-mssql-server service manages stand alone Azure SQL server service instances on Azure. No databases are created or managed.

Plans

The only plan is standard.

Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-mssql-server standard SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'

You can update the configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'

The table below lists the parameters that you can configure, using the -c flag, when provisioning a csb-azure-mssql-server service:

Parameter Name Type Description Default
instance_name string The name of the service instance for the server. csb-azsql-svr-INSTANCE-ID
resource_group string The Azure resource group in which to create the instance. rg-INSTANCE-NAME
admin_username string The admin username for the server. A randomly generated string.
admin_password string The admin password for the server. A randomly generated string.
location string The Azure region in which to create the server. westus
azure_tenant_id string The ID of the Azure tenant for the service instance. The value the operator entered for Tenant ID in Ops Manager.
azure_subscription_id string The ID of the Azure subscription for the service instance. The value the operator entered for Subscription ID in Ops Manager.
azure_client_id string The ID of the Azure service principal to authenticate for service instance creation. The value the operator entered for Client ID in Ops Manager.
azure_client_secret string The secret (password) for the Azure service principal to authenticate for service instance creation. The value the operator entered for Client Secret in Ops Manager.
authorized_network string The Azure subnet ID, in long form, that the instance is connected to through a service endpoint. The subnet must have the Microsoft.sql service enabled.
skip_provider_registration boolean Set to true to skip automatic Azure provider registration. Set if the service principal being used does not have the rights to register providers. false

Binding Credentials

The format for binding credentials for Azure SQL Server is as follows:

{
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "sqlServerName" : "SERVER-NAME",
    "sqldbResourceGroup" : "RESOURCE-GROUP-FOR-SERVER",
    "sqlServerFullyQualifiedDomainName" : "SERVER-FQDN",
    "databaseLogin" : "AUTHENTICATION-USERNAME",
    "databaseLoginPassword" : "AUTHENTICATION-PASSWORD"
}

Azure SQL (MSSQL) Failover Group

This section applies to the csb-azure-mssql-failover-group service. This section lists the default plans and configuration options for Azure SQL Failover Group on Azure.

Plans

The table below lists the plans for the csb-azure-mssql-failover-group service:

PlanCPUsStorage Size
small250 GB
medium8200 GB
large32500 GB

Configuration Options

The table below lists the options you can configure:

Option NameValuesDefault
max_storage_gb 50
cores1–64, multiples of 22

SKUs

SKUs are usually formatted as TIER_FAMILY_NUMBER-OF-CORES. Where:

  • Examples of TIER are GP_S, GP, and HS
  • Examples of FAMILY are Gen4 and Gen5

Example SKUs are GP_S_Gen4_1 and GP_Gen5_8.

If you do not define a SKU using the sku_name parameter, the SKU is computed from the number of cores in your plan. See Plans above.

For a list of all valid SKUs, run:

az sql db list-editions -l LOCATION -o table

The table below shows the mapping of number of cores to the corresponding SKU:

CoresSKU
1GP_Gen5_1
2GP_Gen5_2
4GP_Gen5_4
8GP_Gen5_8
16GP_Gen5_16
32GP_Gen5_32
80GP_Gen5_80

For information about the the vCore purchasing model, see the Microsoft documentation.
For information about the the DTU purchasing model, see the Microsoft documentation.

Note Azure SQL service instances use the vCore model and the Gen5 hardware generation unless you override this default using the sku_name parameter. For more information about the vCore model, see the Microsoft documentation.

Note When updating a service instance, the SKU for the updated service instance must remain in the same family (GP_S, GP, or HS). If you update to a different family, Azure refuses the update request.

Configuration Parameters

Except as noted below, the configuration is generally the same as for Azure SQL above.

The table below lists the parameters that you can configure, using the -c flag, when provisioning a csb-azure-mssql-failover-group service:

Parameter Name Type Description Default
instance_name string The name of the service instance. csb-azsql-INSTANCE-ID
resource_group string The Azure resource group in which to create the instance. rg-INSTANCE-NAME
location string The Azure region in which to deploy the service instance.

Note Currently Azure SQL is not available in all regions. If you configure a region that is unavailable, Cloud Service Broker for Azure fails.

westus
failover_location string The Azure region for the failover instance. DEFAULT-REGIONAL-PAIR. For information about regional pairs, see the Microsoft Documentation
read_write_endpoint_failover_policy string The Read/Write failover policy. The options are Automatic or Manual Automatic
failover_grace_minutes number The grace period in minutes before failover with data loss is attempted. 60
azure_tenant_id string The ID of the Azure tenant for the service instance. The value the operator entered for Tenant ID in Ops Manager.
azure_subscription_id string The ID of the Azure subscription for the service instance. The value the operator entered for Subscription ID in Ops Manager.
azure_client_id string The ID of the Azure service principal to authenticate for service instance creation. The value the operator entered for Client ID in Ops Manager.
azure_client_secret string The secret (password) for the Azure service principal to authenticate for service instance creation. The value the operator entered for Client Secret in Ops Manager.
sku_name string The Azure stock-keeping unit (SKU). For more information about configuring this parameter, see SKUs above.
authorized_network string The Azure subnet ID, in long form, that the instance is connected to through a service endpoint. The subnet must have the Microsoft.sql service enabled.
skip_provider_registration boolean Set to true to skip automatic Azure provider registration. Set if the service principal being used does not have the rights to register providers. false

Binding Credentials

The format for binding credentials for Azure SQL Failover Group is as follows:

{
    "name" : "DATABASE-NAME",
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "uri" : "DATABASE-CONNECTION-URI",
    "jdbcUrl" : "JDBC-FORMAT-CONNECTION-URI",
    "sqldbName" : "DATABASE-NAME",
    "sqlServerName" : "SERVER-NAME",
    "sqlServerFullyQualifiedDomainName" : "SERVER-FQDN",
    "databaseLogin" : "AUTHENTICATION-USERNAME",
    "databaseLoginPassword" : "AUTHENTICATION-PASSWORD"
}
``` <!--  Define any non-obvious placeholders present in the code snippet in the style of |Where PLACEHOLDER is...|  --> 


## <a id="azure-mssql-fog-preconfig"></a> Pre-Configured Server Pairs for Azure SQL (MSSQL) Failover Groups

This section applies to the csb-azure-mssql-db-failover-group service, which manages
Azure SQL Failover Group databases on pre-configured server pairs on Azure.
If you already have a failover group database server pre-configured,
use this service instead of the more general Azure SQL Failover Group service.

### <a id="azure-mssql-fog-preconfig-plans"></a> Plans

The table below lists the plans for the csb-azure-mssql-db-failover-group service:

| Plan       | CPUs | Storage Size |
|------------|------|--------------|
|small       | 2    | 50&nbsp;GB         |
|medium      | 8    | 200&nbsp;GB        |
|large       | 32   | 500&nbsp;GB        |
|existing    | n/a  | n/a          |

The `existing` plan connects to an existing failover group database to allow apps,
typically in a second foundation, to bind to the database.

### <a id="azure-mssql-fog-preconfig-plans-config"></a> Plan Configuration Parameters

The table below lists the plan parameters that you can configure:

| Parameter Name | Values           | Default |
|-------------|---------------------|---------|
| max\_storage\_gb  |             | 50      |
| cores       | 1&ndash;64, multiples of 2 | 2       |

#### <a id="azure-mssql-fog-preconfig-skus"></a> SKU

SKUs are usually formatted as `TIER_FAMILY_NUMBER-OF-CORES`. Where:

*   Examples of `TIER` are `GP_S`, `GP`, and `HS`
*   Examples of `FAMILY` are `Gen4` and `Gen5`

Example SKUs are `GP_S_Gen4_1` and `GP_Gen5_8`.

If you do not define a SKU using the `sku_name` parameter, the SKU is
computed from the number of cores in your plan.
See [Plans](#azure-mssql-fog-preconfig-plans) above.

For a list of all valid SKUs, run:

az sql db list-editions -l LOCATION -o table


The table below shows the mapping of number of cores to the corresponding SKU:

| Cores | SKU |
|-------|-----|
| 1  | GP\_Gen5\_1 |
| 2  | GP\_Gen5\_2 |
| 4  | GP\_Gen5\_4 |
| 8  | GP\_Gen5\_8  |
| 16 | GP\_Gen5\_16 |
| 32 | GP\_Gen5\_32 |
| 80 | GP\_Gen5\_80 |
 <!--  Is this table necessary? Can we get this information from the links below?  --> 

For information about the the vCore purchasing model, see the
<a href="https://docs.microsoft.com/en-us/azure/azure-sql/database/resource-limits-vcore-single-databases">Microsoft documentation</a>.<br>
For information about the the DTU purchasing model, see the
<a href="https://docs.microsoft.com/en-us/azure/azure-sql/database/resource-limits-dtu-single-databases">Microsoft documentation</a>.

<p class="note">
  <span class="note__title">Note</span> Azure SQL service instances use the vCore model and the Gen5
  hardware generation unless you override this default using the <code>sku_name</code> parameter.
  For more information about the vCore model, see the
  <a href="https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore?tabs=azure-portal">Microsoft documentation</a>.
</p>

### <a id="azure-mssql-fog-preconfig-parameters"></a> Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-mssql-db-failover-group PLAN-NAME SERVICE-INSTANCE-NAME -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


You can update the plan or configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE [-p NEW-PLAN] -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


The table below lists the parameters that you can configure, using the `-c` flag, when
provisioning a csb-azure-mssql-db-failover-group service:

<table>
  <thead>
    <tr>
    <th width="20%">Parameter Name</th>
    <th width="10%">Type</th>
    <th width="50%">Description</th>
    <th width="20%">Default</th>
    </tr>
  </thead>
  <tr>
    <td><code>instance_name</code></td>
    <td>string</td>
    <td>The name of the failover group service instance.</td>
    <td><code>csb-azsql-fog-INSTANCE-ID</code></td>
  </tr>
  <tr>
    <td><code>db_name</code></td>
    <td>string</td>
    <td>The name of the database.</td>
    <td><code>csb-fog-db-INSTANCE-ID</code></td>
  </tr>
  <tr>
    <td><code>server_pair</code></td>
    <td>string</td>
    <td>
      The server pair, from <code>server_credential_pairs</code> below, on which to create the failover database.
      This must match one of the <code>PAIR</code> parameters in <code>server_credentials_pairs</code>.
      For example, <code>PAIR-1</code> in the code snippet in the <code>server_credentials_pairs</code> row below.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>server_credential_pairs</code></td>
    <td>JSON</td>
    <td>
      A list of server pairs on which failover databases can be created.
      Format: <code>{ "PAIR-1": { "admin_username":"...", "admin_password":"...", "primary":{"server_name":"...", "resource_group":"..."}, "secondary":{"server_name":"...", "resource_group":"..."}, "PAIR-2":...}</code>
      One of the values you use for <code>PAIR</code> must match the <code>server_pair</code> parameter above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>read_write_endpoint_failover_policy</code></td>
    <td>string</td>
    <td>The Read/Write failover policy. The options are <code>Automatic</code> or <code>Manual</code></td>
    <td><code>Automatic</code></td>
  </tr>
  <tr>
    <td><code>failover_grace_minutes</code></td>
    <td>number</td>
    <td>The grace period in minutes before failover with data loss is attempted.</td>
    <td><code>60</code></td>
  </tr>
  <tr>
    <td><code>azure_tenant_id</code></td>
    <td>string</td>
    <td>The ID of the Azure tenant for the service instance.</td>
    <td>The value the operator entered for <strong>Tenant ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_subscription_id</code></td>
    <td>string</td>
    <td>The ID of the Azure subscription for the service instance.</td>
    <td>The value the operator entered for <strong>Subscription ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_id</code></td>
    <td>string</td>
    <td>The ID of the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_secret</code></td>
    <td>string</td>
    <td>The secret (password) for the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client Secret</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>sku_name</code></td>
    <td>string</td>
    <td>
      The Azure stock-keeping unit (SKU).
      For more information about configuring this parameter, see <a href="#azure-mssql-fog-preconfig-skus">SKUs</a> above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>skip_provider_registration</code></td>
    <td>boolean</td>
    <td>Set to <code>true</code> to skip automatic Azure provider registration.
    Set if the service principal being used does not have the rights to register providers.</td>
    <td><code>false</code></td>
  </tr>
</table>


### <a id="azure-mssql-fog-preconfig-binding-creds"></a> Binding Credentials

The format for binding credentials for Azure SQL Failover Group is as follows:

```json
{
    "name" : "DATABASE-NAME",
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "uri" : "DATABASE-CONNECTION-URI",
    "jdbcUrl" : "JDBC-FORMAT-CONNECTION-URI",
    "sqldbName" : "DATABASE-NAME",
    "sqlServerName" : "SERVER-NAME",
    "sqlServerFullyQualifiedDomainName" : "SERVER-FQDN",
    "databaseLogin" : "AUTHENTICATION-USERNAME",
    "databaseLoginPassword" : "AUTHENTICATION-PASSWORD"
}
``` <!--  Define any non-obvious placeholders present in the code snippet in the style of |Where PLACEHOLDER is...|  --> 


## <a id="azure-mssql-fog-runner"></a> Azure SQL Failover Group Failover Runner

This section applies to the csb-azure-mssql-fog-run-failover service.

The csb-azure-mssql-fog-run-failover service is a pseudo-service that upon
provisioning causes a failover group secondary server to become the primary.
Upon de-provisioning, the failover is undone and the original primary server
once again becomes the primary.

### <a id="azure-mssql-fog-runner-plans"></a> Plans

The only plan is `standard`.

### <a id="azure-mssql-fog-runner-parameters"></a> Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-mssql-fog-run-failover standard SERVICE-INSTANCE-NAME -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


You can update the configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


The table below lists the parameters that you can configure, using the `-c` flag, when
provisioning a csb-azure-mssql-fog-run-failover service:

<table>
  <thead>
    <tr>
    <th width="20%">Parameter Name</th>
    <th width="10%">Type</th>
    <th width="50%">Description</th>
    <th width="20%">Default</th>
    </tr>
  </thead>
  <tr>
    <td><code>fog_instance_name</code></td>
    <td>string</td>
    <td>The name of the service instance for the failover group to target.</td>
    <td></td>
  </tr>
  <tr>
    <td><code>server_pair_name</code></td>
    <td>string</td>
    <td>
      The server pair from <code>server_pairs</code> below.
      This must match one of the <code>PAIR</code> parameters in <code>server_pairs</code>.
      For example, <code>PAIR-1</code> in the code snippet in the <code>server_credentials_pairs</code> row below.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>server_pairs</code></td>
    <td>JSON</td>
    <td>
      A list of failover group server pairs.
      Format: <code>{ "PAIR-1": { "primary":{"server_name":"...", "resource_group":..."}, "secondary":{"server_name":"...", "resource_group":..."}, "PAIR-2":...}</code>
      One of the values you use for <code>PAIR</code> must match the <code>server_pair_name</code> parameter above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>azure_tenant_id</code></td>
    <td>string</td>
    <td>The ID of the Azure tenant for the service instance.</td>
    <td>The value the operator entered for <strong>Tenant ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_subscription_id</code></td>
    <td>string</td>
    <td>The ID of the Azure subscription for the service instance.</td>
    <td>The value the operator entered for <strong>Subscription ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_id</code></td>
    <td>string</td>
    <td>The ID of the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_secret</code></td>
    <td>string</td>
    <td>The secret (password) for the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client Secret</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>skip_provider_registration</code></td>
    <td>boolean</td>
    <td>Set to <code>true</code> to skip automatic Azure provider registration.
    Set if the service principal being used does not have the rights to register providers.</td>
    <td><code>false</code></td>
  </tr>
</table>

### <a id="azure-mssql-fog-runner-binding-creds"></a> Binding Credentials

There are no binding credentials for this service.



## <a id="azure-postgresql"></a> Azure PostgreSQL

This section applies to the csb-azure-postgresql service.
This section lists the default plans and configuration options for PostgreSQL on Azure.

### <a id="azure-postgresql-plans"></a> Plans

The table below lists the plans for the csb-azure-postgresql service:

| Plan | Version | CPUs | Memory Size | Disk Size |
|------|---------|------|-------------|-----------|
|small | 11      | 2    | minimum 4&nbsp;GB    | 5&nbsp;GB       |
|medium| 11      | 4    | minimum 8&nbsp;GB    | 10&nbsp;GB      |
|large | 11      | 8    | minimum 16&nbsp;GB   | 20&nbsp;GB     |

### <a id="azure-postgresql-config-options"></a> Configuration Options

The table below lists the options you can configure across all supported platforms:

| Option Name | Values | Default |
|-------------|--------|---------|
| postgres_version | 9.5, 9.6, 10, 11 | 11    |
| storage_gb  | 5 - 4096| 5      |
| cores       | 1,2,4,8,16,32,64 | 1      |
| db_name     | | csb-db |

### <a id="azure-postgresql-platform-parameters"></a> Platform Specific Configuration Parameters

Notes below document platform specific information for mapping that might be required.

The following table lists the CPU/memory size mapped onto Azure SKUs:

| Plan   | Sku       |
|--------|-----------|
| small  | GP_Gen5_2 |
| medium | GP_Gen5_4 |
| large  | GP_Gen5_8 |

For more information about the pricing tiers in Azure Database for PostgreSQL, see the
[Microsoft documentation](https://docs.microsoft.com/en-us/azure/postgresql/concepts-pricing-tiers)

<p class="note">
  <span class="note__title">Note</span> The maximum vCores is dependent on the Service Tier.
  <code>B_</code> = Basic, <code>GP_</code> = General Purpose, and <code>MO_</code> = Memory Optimized.
  See below for details.
</p>

 <!--  The note below used to be "Note: the same family (B, GP, or MO.) Otherwise Azure will refuse the update request."
I copied the new note from above.  --> 
<p class="note">
  <span class="note__title">Note</span> When updating a service instance, the SKU for the updated
  service instance must remain in the same family (<code>B</code>, <code>GP</code>, or <code>MO</code>).
   <!--  Should this say tier or family? GP_S is a tier. Can you only use the tiers listed here?  --> 
  If you update to a different family, Azure refuses the update request.
</p>

#### <a id="azure-postgresql-storage"></a>Storage

Storage auto grow is enabled on Azure.
For more information about storage auto grow, see the
[Microsoft documentation](https://docs.microsoft.com/en-us/azure/postgresql/concepts-pricing-tiers#storage-auto-grow)
Initial storage sizes are per plan.

#### <a id="azure-postgresql-skus"></a> SKUs

This is usually formatted as `TIER_FAMILY_NUMBER-OF-CORES`. Where:

*   Examples of `TIER` are `B`, `GP`, and `MO`
*   Examples of `FAMILY` are `Gen4` and `Gen5`

Example SKUs are `B_Gen4_1` and `GP_Gen5_8`.

This overrides the number of `cores` conversion into SKU per the table below.

The table below shows the mapping of number of cores to the corresponding SKU:

| Cores | Instance class |
|-------|----------------|
| 1     | GP\_Gen5\_1      |
| 2     | GP\_Gen5\_2      |
| 4     | GP\_Gen5\_4      |
| 8     | GP\_Gen5\_8      |
| 16    | GP\_Gen5\_16     |
| 32    | GP\_Gen5\_32     |
| 64    | GP\_Gen5\_64     |
 <!--  Is this table necessary? Can we link to this information in the Microsoft docs?  --> 

For more information about Azure SKUs, see the
<a href="https://docs.microsoft.com/en-us/azure/mysql/concepts-pricing-tiers">Microsoft documentation</a>.

### <a id="azure-postgresql-azure-parameters"></a> Azure Specific Configuration Parameters

As well as those the parameters in [Platform Specific Configuration Parameters](#azure-postgresql-platform-parameters)
above, you can also configure service specific parameters.
 <!--  What is the difference between the platform and Azure specific config parameter sections?  --> 

You can provision a service by running:

cf create-service csb-azure-postgresql PLAN-NAME SERVICE-INSTANCE-NAME -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


You can update the plan or configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE [-p NEW-PLAN] -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


The table below lists the parameters that you can configure, using the `-c` flag, when
provisioning a csb-azure-postgresql service:

<table>
  <thead>
    <tr>
    <th width="20%">Parameter Name</th>
    <th width="10%">Type</th>
    <th width="50%">Description</th>
    <th width="20%">Default</th>
    </tr>
  </thead>
  <tr>
    <td><code>instance_name</code></td>
    <td>string</td>
    <td>The name of the Azure instance to create.</td>
    <td><code>csb-mysql-INSTANCE-ID</code></td>
  </tr>
  <tr>
    <td><code>location</code></td>
    <td>string</td>
    <td>
      The Azure region in which to deploy the service instance.
      <p class="note">
        <span class="note__title">Note</span> Currently Azure SQL is not available in all regions.
        If you configure a region that is unavailable, Cloud Service Broker for Azure fails.
      </p>
    </td>
    <td><code>westus</code></td>
  </tr>
  <tr>
    <td><code>resource_group</code></td>
    <td>string</td>
    <td>The Azure resource group in which to create the instance.</td>
    <td><code>rg-INSTANCE-NAME</code></td>
  </tr>
  <tr>
    <td><code>azure_tenant_id</code></td>
    <td>string</td>
    <td>The ID of the Azure tenant for the service instance.</td>
    <td>The value the operator entered for <strong>Tenant ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_subscription_id</code></td>
    <td>string</td>
    <td>The ID of the Azure subscription for the service instance.</td>
    <td>The value the operator entered for <strong>Subscription ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_id</code></td>
    <td>string</td>
    <td>The ID of the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_secret</code></td>
    <td>string</td>
    <td>The secret (password) for the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client Secret</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>authorized_network</code></td>
    <td>string</td>
    <td>
      The subnet ID, in long form, of the Azure Virtual Network (VNet) or subnet
      that is attached to this instance to allow remote access.
      By default no VNets are allowed access.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>sku_name</code></td>
    <td>string</td>
    <td>
      The Azure stock-keeping unit (SKU).
      For more information about configuring this parameter, see <a href="#azure-postgresql-skus">SKUs</a> above.
    </td>
    <td></td>
  </tr>
  <tr>
    <td><code>use_tls</code></td>
    <td>boolean</td>
    <td>Use TLS for database connections.</td>
    <td><code>true</code></td>
  </tr>
  <tr>
    <td><code>skip_provider_registration</code></td>
    <td>boolean</td>
    <td>Set to <code>true</code> to skip automatic Azure provider registration.
    Set if the service principal being used does not have the rights to register providers.</td>
    <td><code>false</code></td>
  </tr>
</table>

### <a id="azure-postgresql-binding-creds"></a> Binding Credentials

The format for binding credentials for PostgreSQL is as follows:

```json
{
    "name" : "DATABASE-NAME",
    "hostname" : "DATABASE-SERVER-HOST",
    "port" : "DATABASE-SERVER-PORT",
    "username" : "AUTHENTICATION-USERNAME",
    "password" : "AUTHENTICATION-PASSWORD",
    "uri" : "DATABASE-CONNECTION-URI",
    "jdbcUrl" : "JDBC-FORMAT-CONNECTION-URI"
}
``` <!--  Define any non-obvious placeholders present in the code snippet in the style of |Where PLACEHOLDER is...|  --> 

<p class="note">
  <span class="note__title">Note</span> When a binding or service key is deleted, the underlying PostgreSQL user
  still exists in the database. To remove the user completely, use the Azure console.
  For more information, see the
  <a href="https://www.postgresql.org/docs/current/sql-dropuser.html">PostgreSQL documentation</a>.
</p>


## <a id="azure-storage-account"></a> Azure Storage Account

This section applies to csb-azure-storage-account.
This section details the plans and configuration parameters available for Azure Storage Account.

### <a id="azure-storage-account-plans"></a> Plans

The table below lists the plans for Azure Storage Account:

| Plan | Description |
|------|-------------|
| standard | General-purpose V2 account. Locally redundant, standard tier |

### <a id="azure-storage-account-parameters"></a> Configuration Parameters

You can provision a service by running:

cf create-service csb-azure-storage-account PLAN-NAME SERVICE-INSTANCE-NAME -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


You can update the configuration parameters for a service instance by running:

cf update-service SERVICE-INSTANCE -c ‘{“PARAMETER-NAME”: “PARAMETER-VALUE”}’


The table below lists the parameters that you can configure, using the `-c` flag, when
provisioning a csb-azure-storage-account service:

<table>
  <thead>
    <tr>
      <th width="20%">Parameter Name</th>
      <th width="10%">Type</th>
      <th width="50%">Description</th>
      <th width="20%">Default</th>
    </tr>
  </thead>
  <tr>
    <td><code>storage_account_type</code></td>
    <td>string</td>
    <td>
      The account type - <code>BlobStorage</code>, <code>BlockBlobStorage</code>,
      <code>FileStorage</code>, <code>Storage</code>, or <code>StorageV2</code>.
    </td>
    <td><code>StorageV2</code></td>
  </tr>
  <tr>
    <td><code>tier</code></td>
    <td>string</td>
    <td>The storage tier to use - <code>Standard</code> or <code>Premium</code>.</td>
    <td><code>Standard</code></td>
  </tr>
  <tr>
    <td><code>replication_type</code></td>
    <td>string</td>
    <td>The replication type - <code>LRS</code>, <code>GRS</code>, <code>RAGRS</code>, or <code>ZRS</code>.</td>
    <td><code>LRS</code></td>
  </tr>
  <tr>
    <td><code>location</code></td>
    <td>string</td>
    <td>The Azure region in which to deploy the service instance.  <!--  Should we add the note about not being available in all regions here like in Azure SQL above?  --> </td>
    <td><code>westus</code></td>
  </tr>
  <tr>
    <td><code>resource_group</code></td>
    <td>string</td>
    <td>The Azure resource group in which to create the instance.</td>
    <td><code>rg-ACCOUNT-NAME</code> (<code>ACCOUNT-NAME</code> is always generated)</td>
  </tr>
  <tr>
    <td><code>azure_tenant_id</code></td>
    <td>string</td>
    <td>The ID of the Azure tenant for the service instance.</td>
    <td>The value the operator entered for <strong>Tenant ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_subscription_id</code></td>
    <td>string</td>
    <td>The ID of the Azure subscription for the service instance.</td>
    <td>The value the operator entered for <strong>Subscription ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_id</code></td>
    <td>string</td>
    <td>The ID of the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client ID</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>azure_client_secret</code></td>
    <td>string</td>
    <td>The secret (password) for the Azure service principal to authenticate for service instance creation.</td>
    <td>The value the operator entered for <strong>Client Secret</strong> in Ops Manager.</td>
  </tr>
  <tr>
    <td><code>skip_provider_registration</code></td>
    <td>boolean</td>
    <td>Set to <code>true</code> to skip automatic Azure provider registration.
    Set if the service principal being used does not have the rights to register providers.</td>
    <td><code>false</code></td>
  </tr>
  <tr>
    <td><code>authorized_networks</code></td>
    <td>list (string)</td>
    <td>A list of resource IDs for subnets of the authorized Azure Vnet.</td>
    <td><code>[]</code></td>
  </tr>
</table>

### <a id="azure-storage-account-binding-creds"></a> Binding Credentials

The format for binding credentials for Azure Storage Account is as follows:

```json
{
    "storage_account_name" : "STORAGE-ACCOUNT-NAME",
    "primary_access_key" : "PRIMARY-ACCESS-KEY",
    "secondary_access_key" : "SECONDARY-ACCESS-KEY"
}