ICM Configuration Parameters

These tables describe the fields you can include in the configuration files (see Configuration, State and Log Files and Define the Deployment) to provide ICM with the information it needs to execute provisioning and deployment tasks and management commands. To look up a parameter by name, use the alphabetical list, which includes links to the tables containing the parameter definitions.

General Parameters

The fields in the following table are all used with all cloud providers, and some are used with vSphere and Preexisting as well.

The two rightmost columns indicate whether each parameter is required in every deployment or optional, and whether it must be included (when used) in either defaults.json or definitions.json, is recommended for one file or the other, or can be used in either. For example,

A single deployment is always on a single selected provisioning platform (even if subsequently merged with another to create a multiprovider deployment), therefore the Provider parameter is required and must be in the defaults file.
Each node type must be specified but a deployment can include multiple node types, thus the Role parameter is required in each definition in the definitions file.
Because each node that runs InterSystems IRIS must have a license, but other nodes don’t need one, the LicenseKey setting is required and generally appears in the appropriate definitions in the definitions file.
At least one container must be deployed on each node in the deployment, but a single container may be deployed on all the nodes (for instance iris/iris-arm64 across a sharded cluster consisting of DATA nodes only) or different containers on different node types (iris/iris-arm64 on DM and AM, webgateway on WS, arbiter on AR in a distributed cache cluster). For this reason the DockerImage parameter is required and can appear in the defaults file, the definitions file, or both (to specify a default image but override it for one or more node types).
Like the image to be deployed, the size of the OS volume can be specified for all nodes in the defaults file, for one or more node types in the definitions file, or in both, but because it has a default it is optional.

Note:

If no default is listed for a parameter, it does not have one.

Parameter	Definition	Use is ...	Config file
Provider	Platform to provision infrastructure on; see Provisioning Platforms.	required	defaults
Label Tag	Fields in naming scheme for provisioned cloud nodes: Label-Role-Tag-NNNN, for example ANDY-DATA-TEST-0001; should indicate ownership and purpose, to avoid conflicting with others. Multiple deployments should not share the same Label and Tag. Cannot contain dashes.	required	defaults
LicenseDir	Location of InterSystems IRIS license keys staged in the ICM container and individually specified by the LicenseKey field (below); see InterSystems IRIS Licensing for ICM.	required	defaults
LicenseKey	License key for the InterSystems IRIS instance on one or more provisioned DATA, COMPUTE, DM, AM, DS, or QS nodes, staged within the ICM container in the location specified by the LicenseDir field (above). In a configuration containing only DM and AM nodes, a standard license can be used; for all others (that is, sharded clusters), a sharding-enabled license is required.	required	definitions recommended
Region (Azure equivalent: Location)	Geographical region of provider’s compute resources in which infrastructure is provisioned. For information on deploying a single configuration in more than one region, see Deploying Across Multiple Regions or Providers. Provider-specific information, including provider documentation: AWS — Example: us-west-1; see About AWS Regions and Availability ZonesOpens in a new tab. GCP — Example: us-east1; see Regions and ZonesOpens in a new tab. Can be a comma-separated list for mutliregion deployment. Azure — Example: Central US; see Azure geographiesOpens in a new tab. (Use Location instead of Region.) Tencent — Example: na-siliconvalley (West US/Silicon Valley); see Regions and Availability ZonesOpens in a new tab.	required	defaults
Zone	Availability zone within the specified region (see above) in which to locate a node or nodes to be provisioned. For information on deploying a single configuration in more than one zone, see Deploying Across Multiple Zones. Provider-specific information: AWS — Example: us-west-1c in region us-west-1; see Regions and ZonesOpens in a new tab. GCP — Example: us-east1-b in region us-east1; see Regions and ZonesOpens in a new tab. Azure — Example: 1 in region Central US; see What are Availability Zones in Azure?Opens in a new tab. Note: Some Azure regions do not support availability zones. To deploy to such a regionset Zone to the empty string or omit it altogether: Tencent — Example: na-siliconvalley-1 in region na-siliconvalley; see Regions and Availability ZonesOpens in a new tab.	required	defaults
ZoneMap	When deploying across multiple zones (see Deploying Across Multiple Zones), specifies which nodes are deployed in which zones. Default: 0,1,2,...,255.	optional	definitions
Mirror	If true, InterSystems IRIS instances on DATA, DM, and DS nodes are deployed as mirrors; see Mirrored Configuration Requirements. Default: false.	optional	defaults
MirrorMap	Determines mirror member types of mirrored DATA, DS, and DM nodes, enabling deployment of DR async mirror members; see Rules for Mirroring. Default: primary,backup; the term async can be added one or more times to this, for example primary,backup,async,async.	optional	definitions
ISCPassword	Password that will be set for the predefined user accounts on the InterSystems IRIS instances on one or more provisioned nodes. Corresponding command-line option: -iscPassword. If both parameter and option are omitted, ICM prompts for the password. For more information see The icm run Command.	optional	defaults
Namespace	Namespace to be created on deployed InterSystems IRIS instances. This namespace is the default namespace for the icm session and icm sql commands, and can also be specified or overridden by the command-line option -namespace. Default: IRISCLUSTER.	optional	defaults
DockerImage	Docker image to be used for in deployment by icm run command. Must include the repository name (see RepositoriesOpens in a new tab in the Docker documentation). Can be specified for all nodes in defaults.json and optionally overridden for specific node definitions in definitions.json. Can also be specified or overridden using the command-line option -image.	required
DockerRegistry	DNS name of the server hosting the Docker repository storing the image specified by DockerImage (see About RegistryOpens in a new tab in the Docker documentation). If not included, ICM uses Docker’s public registry at docker.comOpens in a new tab. For information about the InterSystems Container Registry (ICR), see Downloading the ICM Image.	required	defaults
DockerUsername	Username to use along with DockerPassword (below) for logging in to the Docker repository specified in DockerImage (above) on the registry specified by DockerRegistry (above). Not required for public repositories. If not included and the repository specified by DockerImage is private, login fails.	required	defaults
DockerPassword	Password to use along with DockerUsername (above) for logging in to the Docker registry. Not required for public repositories. If this field is not included and the repository specified by DockerImage is private. ICM prompts you (with masked input) for a password. (If the value of this field contains special characters such as $, \|, (, and ), they must be escaped with two \ characters; for example, the password abc$def must be specified as abc\\$def.)	required	defaults
DockerVersion	Version of Docker installed on provisioned nodes. The version in each /Samples/.../defaults.json is generally correct for the platform; however, if your organization uses a different version of Docker, you may want that version installed on the nodes instead. Important: Container images from InterSystems comply with the Open Container Initiative (OCIOpens in a new tab) specification, and are built using the Docker Enterprise Edition engine, which fully supports the OCI standard and allows for the images to be certified and featured in the Docker Hub registry. InterSystems images are built and tested using the widely popular container Ubuntu operating system, and are therefore supported on any OCI-compliant runtime engine on Linux-based operating systems, both on premises and in public clouds.	optional	defaults
DockerURL	URL of the Docker Enterprise Edition repository associated with your subscription or trial; when provided, triggers installation of Docker Enterprise Edition on provisioned nodes, instead of Docker Community Edition. For more information about Docker EE see Docker EnterpriseOpens in a new tab in the Docker documentation.	optional	defaults
DockerInit	If set to False, the Docker --init option is not passed to all containers other than InterSystems IRIS containers, as it is by default. Default: true. (The --init option is never passed to InterSystems IRIS containers.)	optional	defaults
Overlay	Determines the Docker overlay network type; normally "weave", but may be set to "host" for development, performance, or debug purposes, or when deploying on a preexisting cluster. Default: weave (host when deploying on a preexisting cluster). For more information, see Use overlay networksOpens in a new tab in the Docker documentation.	optional	defaults
DockerStorageDriver	Determines the storage driver used by Docker (see Docker storage driversOpens in a new tab in the Docker documentation). Values include overlay2 (the default) and btrfs. If set to overlay2, FileSystem (see below) must be set to xfs; if set to btrfs, FileSystem must be set to btrfs..	optional	defaults
FileSystem	Type of file system to use for persistent volumes on provisioned nodes. Valid values are xfs and btrfs. Default: xfs. If DockerStorageDriver (above) is set to overlay2, FileSystem must be set to xfs; if DockerStorageDriver is btrfs, FileSystem must be btrfs.	optional	defaults recommended
OSVolumeSize	Size (in GB) of the OS volume for a node or nodes in the deployment. Default: 32. May be limited by or ignored in favor of settings specific to the applicable parameters specifying machine image or template, instance type, or OS volume type parameters (see Provider-Specific Parameters).	optional
DataVolumeSize WIJVolumeSize Journal1VolumeSize Journal2VolumeSize	Size (in GB) of the corresponding persistent storage volume to create for iris containers. For example, DataVolumeSize determines the size of the data volume. Default: 10, although DataVolumeSize must be at least 60 for Tencent deployments. May be limited by the applicable volume type parameter (see Provider-Specific Parameters). Each volume also has a corresponding device name parameter (for example, DataDeviceName; see Device Name Parameters) and mount point parameter (for example, DataMountPoint; see immediately below and Storage Volumes Mounted by ICM).	optional
DataMountPoint WIJMountPoint Journal1MountPoint Journal2MountPoint	The location within iris containers at which the corresponding persistent volume is mounted. For example, DataMountPoint determines the location for the data volume. For more information, see Storage Volumes Mounted by ICM. Defaults: /irissys/{ data \| wij \| journal1j \| journal2j }. Each volume also has a corresponding device name parameter (for example, DataDeviceName; see Device Name Parameters) and size parameter (for example, DataVolumeSize; see above).	optional
Containerless	If true, enables containerless mode, in which InterSystems IRIS is deployed from an installation kit rather than a container; see Containerless Deployment. Default: false.	optional	defaults
Role	Role of the node or nodes to be provisioned by a given entry in the definitions file, for example DM or DATA; see ICM Node Types.	required	definitions
Count	Number of nodes to provision from a given entry in the definitions file. Default: 1.	required	definitions
StartCount	Numbering start for a particular node definition in the definitions file. For example, if the DS node definition includes "StartCount": "3", the first DS node provisioned is named Label-DS-Tag-0003.	optional	definitions
LoadBalancer	If true in definitions of node type DATA, COMPUTE, AM, or WS, a predefined load balancer is automatically provisioned on providers AWS, GCP, Azure, and Tencent (see Predefined Load Balancer). If true in definitions of node type CN or VM, a generic load balancer is added if other parameters are included in the definition (see Generic Load Balancer). Default: false.	optional	definitions
AlternativeServers	Remote server selection algorithm for definitions of type WS (see Node Type: Web Server). Valid values are LoadBalancing and FailOver. Default: LoadBalancing.	optional	definitions
ApplicationPath	Application path to create for definitions of type WS. Do not include a trailing slash.	optional	definitions
IAMImage	InterSystems API Manager (IAM) image; no default.	optional	definitions
PostgresImage	Postgres image (optional IAM component); default: postgres:11.6.	optional	definitions
PrometheusImage	Prometheus image; default: prom/prometheus:v2.17.1.	optional	definitions
AlertmanagerImage	Alertmanager image; default: prom/alertmanager:v0.20.0.	optional	definitions
GrafanaImage	Grafana image; default: grafana/grafana:6.7.1.	optional	definitions
NginxImage	Nginx image; default: nginx:1.17.9-alpine.	optional	definitions
UserCPF	Configuration merge file to be used to customize the CPFs InterSystems IRIS instances during deployment (see Deploying with Customized InterSystems IRIS Configurations).	optional
SystemMode	String to be shown in the masthead of the Management Portal of the InterSystems IRIS instances on one or more provisioned nodes. Certain values (LIVE, TEST, FAILOVER, DEVELOPMENT) trigger additional changes in appearance. Default: blank. This setting can also be specified by adding [Startup]/SystemMode to the configuration merge file (see previous entry).	optional

Security-related Parameters

The parameters in the following table are used to provide access and identify required files and information so that ICM can communicate securely with the provisioned nodes and deployed containers. They are all required, in the defaults file only.

For information about using scripts provided with ICM to generate these files, see Obtain Security-Related Files.
For information about how ICM uses the security files you provide to communicate securely with provisioned nodes and services on them, see ICM Security
For general information about using the SSH protocol, see SSH PROTOCOLOpens in a new tab from SSH Communications Security.
For information about Docker security. including the use of TLS certificates with Docker, see Docker securityOpens in a new tab in the Docker documentation.
For general information about using TLS with InterSystems IRIS, see InterSystems TLS Guide and The InterSystems Public Key Infrastructure. For information about the contents of the file identified by the SSLConfig parameter, see Create a Client Configuration.
For information about the use of TLS to secure connections between mirror members, see Securing Mirror Communication with TLS Security.

Parameter	Definition

Provider-specific credentials and account parameters; to see detailed instructions for obtaining the files and values, click the provider link	Provider-Specific – AWS Credentials: Path to a file containing the public/private keypair for an AWS account. Provider-Specific – GCP Credentials: Path to a JSON file containing the service account key for a GCP account. Project: GCP project ID. Provider-Specific – Azure SubscriptionId: A unique alphanumeric string that identifies a Microsoft Azure subscription. TenantId: A unique alphanumeric string that identifies the Azure Active Directory directory in which an application was created. UseMSI: If true, authenticates using a Managed Service Identity in place of ClientId and ClientSecret; default is false. ClientId, ClientSecret: Credentials identifying and providing access to an Azure application (if UseMSI is false). Provider-Specific – Tencent SecretID, SecretKey: Unique alphanumeric strings that identify and provide access to a Tencent Cloud account. Provider-Specific – vSphere VSphereUser, VSpherePassword: Credentials for vSphere operations.
SSHUser	Nonroot account with sudo access used by ICM for access to provisioned nodes. Root of SSHUser’s home directory can be specified using the Home field. Required value is provider-specific, as follows: AWS — As per AMI (see AMI parameter in AWS Parameters); usually ubuntu for Ubuntu images GCP — At user's discretion Azure — At user's discretion Tencent — As per image (see ImageId parameter in Tencent Parameters) vSphere — As per VM template (see Template parameter in vSphere Parameters) Preexisting — See SSH
SSHPassword	Initial password for the user specified by SSHUser. Required for marketplace Docker images and deployments of type vSphere, Azure, and PreExisting. This password is used only during provisioning, at the conclusion of which password logins are disabled.
SSHOnly	If true, ICM does not attempt SSH password logins during provisioning, for providers vSphere and PreExisting only. Because this prevents ICM from logging in using a password, it requires that you stage your public SSH key (as specified by the SSHPublicKey field, below) on each node. Default: false.
SSHPublicKey	Path within the ICM container of the public key of the SSH public/private key pair; required for all deployments. For provider AWS, must be in SSH2 format, for example:---- BEGIN SSH2 PUBLIC KEY --- AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0 ---- BEGIN SSH2 PUBLIC KEY ---For other providers, must be in OpenSSH format, for example:ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAoa0
SSHPrivateKey	Path within the ICM container of the private key of the SSH public private key pair; required for all deployments in RSA format, for example:-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAoa0ex+JKzC2Nka1 -----END RSA PRIVATE KEY-----
TLSKeyDir	Directory within the ICM container containing TLS keys used to establish secure connections to Docker, InterSystems Web Gateway, JDBC, and mirrored InterSystems IRIS databases, as follows: ca.pem cert.pem key.pem keycert.pem server-cert.pem server-key.pem keystore.p12 truststore.jks SSLConfig.properties
SSLConfig	Path within the ICM container to an TLS configuration file used to establish secure JDBC connections. Default: If this parameter is not provided, ICM looks for a configuration file in /TLSKeyDir/SSLConfig.Properties (see previous entry).
PrivateSubnet	If true, ICM deploys on an existing private subnet, or creates and deploys on a new private subnet, for use with a bastion host; see Deploying on a Private Network.
WeavePassword	Password used to encrypt traffic over Weave Net; enable encryption by setting to a value other than null in the defaults file. Default: null.
net_vpc_cidr	CIDR of the existing private network to deploy on; see Deploy Within an Existing Private Network.
net_subnet_cidr	CIDR of an ICM node’s subnet within an existing private network.

Port and Protocol Parameters

Typically, the defaults for these parameters are sufficient. For information about two use cases in which you may need to specify some of these parameters, see Ports (Custom and Third Party) and Ports (Preexisting Cluster).

Parameter	Definition
ForwardPort	Port to be forwarded by a given load balancer (both 'from' and 'to'). Defaults: AM, DM, DATA, COMPUTE: SuperServerPort,WebServerPort (below) WS: WebGatewayPort (below) VM/CN: user-defined; must be included for a generic load balancer to be deployed The value can be a comma-separated list of ports, as long as all use the same ForwardProtocol (below).
ForwardProtocol	Protocol to be forwarded by a given load balancer. Value TCP is valid for all providers; additional protocols available on a per-provider basis. DATA, COMPUTE, DM, AM: TCP WS: TCP VM/CN: user-defined; parameter must be included to deploy a generic load balancer
HealthCheckPort	Port used to verify health of instances in the target pool. Defaults: AM, DM, DATA, COMPUTE: WebServerPort (below) WS: 80 VM/CN: user-defined; parameter must be included to deploy a generic load balancer
HealthCheckProtocol	Protocol used to verify health of instances in the target pool. Defaults: AM, DM, DATA, COMPUTE: HTTP WS: TCP VM/CN: user-defined; parameter must be included to deploy a generic load balancer
HealthCheckPath	Path used to verify health of instances in the target pool. Defaults: Nonmirrored DM/DATA, AM, COMPUTE: /csp/user/cache_status.cxw Mirrored DM, DATA: /csp/user/mirror_status.cxw WS: N/A (path not used for TCP health checks) VM/CN: user-defined for HTTP health checks; parameter must be included to deploy a generic load balancer
ISCAgentPort *	Port used by InterSystems IRIS ISC Agent. Default: 2188. If Containerless is false or absent and Overlay is set to weave (see General Parameters), this port is closed in the firewall.
SuperServerPort	Port used by InterSystems IRIS Superserver. Default: 1972.
WebServerPort	Port used by InterSystems IRIS Web Server/Management Portal. Default: 52773. Also used by the InterSystems Web Gateway instance on a WS node deployed in nonroot containerless mode.
WebGatewayPort	Port used by InterSystems IRIS Web Gateway. Default: 80 (webgateway, webgateway-nginx), 52773 (webgateway-lockeddown).
LicenseServerPort *	Port used by InterSystems IRIS License Server. Default: 4002.. If Containerless is false or absent and Overlay is set to weave (see General Parameters), this port is closed in the firewall.

* If ICM is in container mode (Containerless is false or absent) and Overlay is set to weave (see General Parameters), this port is closed in the node’s firewall.

CPF Parameters

When using a configuration merge file specified by the UserCPF property to customize the CPF of one or more InterSystems IRIS instances during deployment, as described in Deploying with Customized InterSystems IRIS Configuration Parameters, you cannot include certain CPF settings, because ICM needs to read their values before it adds them to the CPF at a later stage. You should therefore customize these settings by specifying the following parameters (described in General Parameters and Port and Protocol Parameters) in your configuration files:

Parameter	CPF Setting
WIJMountPoint	[config]/wijdir
Journal1MountPoint	[Journal]/CurrentDirectory
Journal2MountPoint	[Journal]/AlternateDirectory
SuperServerPort	[Startup]/DefaultPort
WebServerPort	[Startup]/WebServerPort

Note:

The value of the ICM LicenseServerPort field is taken from the [LicenseServers] block of the CPF, bound to the name of the configured license server (see InterSystems IRIS Licensing for ICM).

Provider-Specific Parameters

The tables in this section list parameters used by ICM that are specific to the various cloud providers. Some of these parameters are used with more than one provider; for example, the InstanceType, ElasticIP, and VPCId parameters can be used in both AWS and Tencent deployments. Some provider-specific parameters have different names but the same purpose, for example AMI and InstanceType for AWS, Image and MachineType for GCP, and ImageId and InstanceType for Tencent, whereas there are four Azure parameters corresponding to each of these.

Like the General Parameters table, the tables in this section indicate whether each parameter is required in every deployment or optional, and whether it must be included (when used) in either defaults.json or definitions.json, is recommended for one file or the other, or can be used in either. For examples of each type, see General Parameters.

Note:

For information about parameters used only for PreExisting deployments, see Definitions File for PreExisting.

Selecting Machine Images

Cloud providers operate data centers in various regions of the world, so one of the important things to customize for your deployment is the region in which your cluster will be deployed (see the Region parameter in General Parameters). Another choice is which virtual machine images to use for the host nodes in your cluster (parameters vary by provider). Although the sample configuration files define valid regions and machine images for all cloud providers, you will generally want to change the region to match your own location. Because machine images are often specific to a region, both must be selected.

Container images from InterSystems comply with the Open Container Initiative (OCIOpens in a new tab) specification, and are built using the Docker Enterprise Edition engine, which fully supports the OCI standard and allows for the images to be certified and featured in the Docker Hub registry. InterSystems images are built and tested using the widely popular container Ubuntu operating system, and ICM therefore supports their deployment on any OCI-compliant runtime engine on Linux-based operating systems, both on premises and in public clouds.

Provider-Specific Parameter Tables

Parameter	Definition	Use is ...	Config file
Credentials	Path to a file containing the public/private keypair for an AWS account. To download, after logging in to the AWS management console, open Managing Access Keys for IAM UsersOpens in a new tab in the AWS documentation and follow the procedure for managing access keys in the AWS console.	required	defaults
AMI	AMI (machine image) to use as platform and OS template for nodes to be provisioned; see Amazon Machine Images (AMI)Opens in a new tab in the AWS documentation. Example: ami-a540a5e1. To list public AMIs available, in the EC2 Console, select AMIs in the navigation pane and filter for Public AMIs.	required
InstanceType	Instance type to use as compute resources template for nodes to be provisioned on AWS and Tencent; see Amazon EC2 Instance TypesOpens in a new tab in the AWS documentation. Example: m4.large. (Some instance types may not be compatible with some AMIs.)	required
ElasticIP	Enables the Elastic IP feature on AWS and Tencent to preserve IP address and domain name across host node restart (see Host Node Restart and Recovery). Default: false.	optional	defaults
VPCId	Existing Virtual Private Cloud (VPC) to be used in the deployment on AWS and Tencent, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network. Note: Internal parameter net_subnet_cidr must be provided if the VPC is not created in the default address space 10.0.%d.0/24; for example, for a VPC in the range 172.17.0.0/24, you would need to specify net_subnet_cidr as 172.17.%d.0/24.	optional	defaults
SubnetIds	When deploying on an existing private subnet on AWS or Tencent, comma-separated list of subnet IDs, one for each element specified by the Zone parameter (see General Parameters).	optional	defaults
RouteTableId	When deploying on an existing private subnet, the route table to use for access to the ICM host; if provided, ICM uses this instead of allocating its own (and does not deallocate during unprovision). No default.	optional	defaults
InternetGatewayId	When deploying on an existing private subnet, the Internet gateway to use for access to the ICM host; if provided, ICM uses this instead of allocating its own (and does not deallocate during unprovision). No default.	optional	defaults
OSVolumeType	Determines disk type of the OS volume for a node or nodes in the deployment, which in turn determines the maximum value for the OSVolumeSize parameter (see General Parameters), which sets the size of the OS volume. See Amazon EBS Volume TypesOpens in a new tab in the AWS documentation. Tencent uses the same parameter name. Default: standard.	optional
DataVolumeType WIJVolumeType Journal1VolumeType Journal2VolumeType	Determines disk type of the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM), which in turn determines the maximum size of the volume. For example, DataVolumeType determines the maximum value for the DataVolumeSize parameter (see General Parameters), which detemines the size of the data volume. See Amazon EBS Volume TypesOpens in a new tab in the AWS documentation. Tencent uses the same parameter name. Default: standard.	optional
OSVolumeIOPS	Determines IOPS count for the OS volume for a node or nodes in the deployment; see I/O Characteristics and MonitoringOpens in a new tab in the AWS documentation. Default: 0.	optional
PlacementGroups	A comma-separated list of placement groups to create (see Placement groupsOpens in a new tab in the AWS documentation). If blank or omitted, no placement groups are created. Default: none.	optional
PlacementStrategy	Strategy for placing instances in the groups specified by PlacementGroups. Valid values are cluster, partition, and spread. Default: cluster.	optional
PlacementMap	Specifies the mapping between the values of PlacementGroups and the nodes within a given definition. Instances will be assigned in the order in which they occur in PlacementGroups (with wraparound). Default: 0,1,2,3,...,256.	optional
PlacementPartitionCount	The number of partitions to create in the placement group. Has no effect unless PlacementStrategy is set to partition. Default: 2	optional
PlacementSpreadLevel	Places a group of instances on distinct hardware. Has no effect unless PlacementStrategy is set to spread. Valid values are rack and host. Default: none	optional
DataVolumeIOPS WIJVolumeIOPS Journal1VolumeIOPS Journal2VolumeIOPS	Determines IOPS count for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeIOPS determines the IOPS count for the data volume. See I/O Characteristics and MonitoringOpens in a new tab in the AWS documentation. Must be nonzero when the corresponding volume type (see the immediately preceding) is io1. Default: 0.	optional
LoadBalancerInternal	When set to True, creates a load balancer of type "internal", otherwise the load balancer type is "external". Default: False.	optional	definitions

Parameter	Definition	Use is ...	Config file
Credentials	Path to a JSON file containing the service account key for a GCP account. To download, after logging in to the GCP console and selecting a project, open Creating and managing service account keysOpens in a new tab in the GCP documentation and follow the procedure for creating service account keys in the GCP console.	required	defaults
Project	GCP project ID; see Creating and Managing ProjectsOpens in a new tab in the GCP documentation.	required	defaults
Image	Source machine image to use as platform and OS template for provisioned nodes; see ImagesOpens in a new tab in the GCP documentation. Example: ubuntu-os-cloud/ubuntu-1804-bionic-v20190911.	required
MachineType	Machine type to use as compute resources template for nodes to be provisioned; see Machine typesOpens in a new tab in the GCP documentation. Example: n1-standard-1.	required
RegionMap	When deploying across multiple regions (see Deploying Across Multiple Regions on GCP), specifies which nodes are deployed in which regions. Default: 0,1,2,...,255.	optional	definitions
Network	Existing Virtual Private Cloud (VPC) to be used in the deployment, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.	optional	defaults
Subnet	Existing private subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on GCP), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.	optional	defaults
OSVolumeType	Determines disk type for the OS volume for a node or nodes in the deployment; see Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard.	optional
DockerVolumeType	Determines disk type for the block storage device used for the Docker thin pool on a node or nodes in the deployment; see Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard.	optional
DataVolumeType WIJVolumeType Journal1VolumeType Journal2VolumeType	Determines disk type for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeType determines the disk type for the data volume. See Storage OptionsOpens in a new tab in the GCP documentation. Default: pd-standard.	optional

Parameter	Definition	Use is ...	Config file
SubscriptionId	A unique alphanumeric string that identifies a Microsoft Azure subscription; to display, on the Azure portal select Subscriptions or type “subscriptions” into the search box, and use the Subscription ID displayed for SubscriptionId.	required	defaults
TenantId	A unique alphanumeric string that identifies the Azure Active Directory directory in which an application was created; to display, on the Azure portal select Azure Active Directory in the nav pane and then Properties on the nav pane for that page, and use the Directory ID displayed for TenantId.	required	defaults
UseMSI	If true, authenticates using a Managed Service Identity in place of ClientId and ClientSecret; see What is managed identities for Azure resources?Opens in a new tab in the Azure documentation. Requires that ICM be run from a machine in Azure.	required	defaults
ClientId ClientSecret	Credentials identifying and providing access to an Azure application (if UseMSI is false); to create them: Follow the procedure in Quickstart: Register an application with the Microsoft identity platformOpens in a new tab to create a new application registration. Use the Application ID displayed on the App Registration tab for ClientId. Select Settings > Keys to generate a key and use the key value displayed for ClientSecret.	required	defaults
Location	Region in which to provision a node or nodes; see the Region parameter in General Parameters.	required	defaults
LocationMap	When deploying across multiple regions (see Deploying Across Multiple Regions on Azure), specifies which nodes are deployed in which regions. Default: 0,1,2,...,255.	optional	definitions
PublisherName	Entity providing a given Azure machine image to use as platform and OS template for provisioned nodes. Example: OpenLogic.	required
Offer	Operating system of a given Azure machine image. Example: UbuntuServer.	required
Sku	Major version of the operating system of a given Azure machine image. Example: 7.2.	required
Version	Build version of a given Azure machine image. Example: 7.2.20170105.	required
CustomImage	Image to be used to create the OS disk, in place of the Azure machine image described by the PublisherName, Offer, Sku, and Version fields. Value is an Azure URI of the form: /subscriptions/subscription/resourceGroups/resource_group/providers /Microsoft.Compute/images/image_name	optional
Size	Machine size to use as compute resources template for nodes to be provisioned; see Sizes for virtual machines in AzureOpens in a new tab in the Azure documentation. Example: Standard_DS1.	required
ResourceGroupName	Existing resource group to be used in the deployment, instead of allocating a new one; the specified group is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new resource group is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network.	optional	defaults
VirtualNetworkName	Existing private subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on Azure), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network. Note: The net_subnet_cidr parameter (see Security-related Parameters) must be provided if the network is not created in the default address space 10.0.%d.0/24.	optional	defaults
SubnetName	Name of an existing subnet to be used in the deployment, instead of allocating a new one; not deallocated during unprovision. For multiregion deployments (see Deploying Across Multiple Regions on Azure), value must be a comma-separated list, one for each region specified. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new subnet is allocated for the deployment and deallocated during unprovision. Note: When provisioning on a private network, unique SubnetName and net_subnet_cidr parameters must be provided for each entry in the definitions file (but ResourceGroupName and VirtualNetworkName remain in the defaults file). This includes the bastion host definition when deploying a bastion host (see Deploy on a Private Network Through a Bastion Host).	optional	definitions
AccountTier	Storage account performance tier (see Azure storage account overviewOpens in a new tab in the Azure documentation); either HDD (Standard) or SSD (Premium).	optional
AccountReplicationType	Storage account replication type: locally-redundant storage (LRS), geo-redundant storage (GRS), zone-redundant storage (ZRS), or read access geo-redundant storage (RAGRS).	optional

Parameter	Definition	Use is ...	Config file
SecretID SecretKey	Unique alphanumeric strings that identify and provide access to a Tencent Cloud account. To download, open SignatureOpens in a new tab in the Tencent Cloud documentation and follow the procedure in “Applying for Security Credentials”.	required	defaults
ImageId	Machine image to use as platform and OS template for provisioned nodes; see Image OverviewOpens in a new tab in the Tencent documentation. Example: img-pi0ii46r.	required (see below)
OSName	If ImageId (above) is not provided, ICM searches for an image matching this field. Note that this field supports regexp. Default: ubuntu.	required (see above)
InstanceFamily	Instance family from which to select instance type; if InstanceType (below) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (below). Default: S3.	required (see below)
InstanceType	Instance type to use as compute resources template for nodes to be provisioned on AWS and Tencent; see Instance TypesOpens in a new tab in the Tencent documentation. Example: S2.MEDIUM4.	required (see above)
ElasticIP	Enables the Elastic IP feature on AWS and Tencent to preserve IP address and domain name across host node restart (see Host Node Restart and Recovery). Default: false.	optional	defaults
VPCId	Existing Virtual Private Cloud (VPC) to be used in the deployment on AWS and Tencent, instead of allocating a new one; the specified VPC is not deallocated during unprovision. If not specified when PrivateSubnet (see Security-related Parameters) is true, a new VPC is allocated for the deployment and deallocated during unprovision. For more information, see Deploying Within an Existing Private Network. Note: Internal parameter net_subnet_cidr must be provided if the VPC is not created in the default address space 10.0.%d.0/24; for example, for a VPC in the range 172.17.0.0/24, you would need to specify net_subnet_cidr as 172.17.%d.0/24.	optional	defaults
SubnetIds	When deploying on an existing private subnet on AWS or Tencent, comma-separated list of subnet IDs, one for each element specified by the Zone parameter (see General Parameters).	optional	defaults
CPUCoreCount	CPU core to match when selecting instance type; if InstanceType (above) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (above). Default: 2.	optional
MemorySize	Memory size to match when selecting instance type; if InstanceType (above) is not provided, ICM searches for an instance type matching InstanceFamily, CPUCoreCount, and MemorySize (above). Default: 4 GB.	optional
OSVolumeType	Determines disk type for the OS volume for a node or nodes in the deployment; see Data Types: DataDiskOpens in a new tab in the Tencent documentation. AWS uses the same parameter name. Default: CLOUD_BASIC.	optional
DockerVolumeType	Determines disk type for the block storage device used for the Docker thin pool on a node or nodes in the deployment; see Data Types: DataDiskOpens in a new tab in the Tencent documentation. AWS uses the same parameter name. Default: CLOUD_BASIC.	optional
DataVolumeType WIJVolumeType Journal1VolumeType Journal2VolumeType	Determines disk type for the corresponding persistent storage volume for iris containers (see Storage Volumes Mounted by ICM). For example, DataVolumeType determines the disk type for the data volume. AWS uses the same parameter names. See Data Types: DataDiskOpens in a new tab in the Tencent documentation. Default: CLOUD BASIC.	optional

Parameter	Definition	Use is ...	Config file
Server	Name of the vCenter server. Example: tbdvcenter.internal.acme.com.	required	defaults
Datacenter	Name of the datacenter.	required	defaults
DatastoreCluster	Collection of datastores where virtual machine files will be stored; see Creating a Datastore ClusterOpens in a new tab in the VMware documentation. Example: DatastoreCluster1.	required	defaults
DataStore	If provided, specifies one datastore in the datastore cluster in which to store virtual machine files. Example: Datastore1	optional	defaults
ComputeCluster	Cluster of hosts used to manage compute resources, DRS, and HA. Example: ComputeCluster1	required	defaults
VSphereUser VSpherePassword	Credentials for vSphere operations; see About vSphere AuthenticationOpens in a new tab in the VMware documentation.	required	defaults
DNSServers	List of DNS servers for the virtual network. Example: 172.16.96.1,172.17.15.53	required	defaults
DNSSuffixes	List of name resolution suffixes for the virtual network adapter. Example: internal.acme.com	required	defaults
Domain	FQDN for a node or nodes to be provisioned. Example: internal.acme.com	required	defaults
NetworkInterface	Label to assign to a network interface. Example: VM Network	optional	defaults
ResourcePool	Name of a vSphere resource pool; see Managing Resource PoolsOpens in a new tab in the VMware documentation. Example: ResourcePool1.	optional	defaults
Template	Virtual machine master copy (machine image) to use as platform and OS template for nodes to be provisioned. Example: ubuntu1804lts	required
VCPU	Number of CPUs in a node or nodes to be provisioned. Example: 2.	optional
Memory	Amount of memory (in MB) in a node or nodes to be provisioned. Example: 4096.	optional
GuestID	Guest ID for the operating system type. Look for Enum - VirtualMachineGuestOsIdentifier on the VMware support website. Default: other3xLinux64Guest.	optional
WaitForGuestNetTimeout	Time (in minutes) to wait for an available IP address on a virtual machine. Default: 5.	optional
ShutdownWaitTimeout	Time (in minutes) to wait for graceful guest shutdown when making necessary updates to a virtual machine. Default: 3.	optional
MigrateWaitTimeout	Time (in minutes) to wait for virtual machine migration to complete. Default: 10.	optional
CloneTimeout	Time (in minutes) to wait for virtual machine cloning to complete. Default: 30.	optional
CustomizeTimeout	Time (in minutes) that Terraform waits for customization to complete. Default: 10.	optional
DiskPolicy	Disk provisioning policy for the deployment (see About Virtual Disk Provisioning PoliciesOpens in a new tab in the VMware documentation). Values are: thin — Thin Provision lazy — Thick Provision Lazy Zeroed eagerZeroedThick — Thick Provision Eager Zeroed Default: lazy.	optional
SDRSEnabled	If specified, determines whether Storage DRS (see Enable and Disable Storage DRSOpens in a new tab in the VMware documentation) is enabled for a virtual machine; otherwise, use current datastore cluster settings. Default: Current datastore cluster settings.	optional
SDRSAutomationLevel	If specified, determines Storage DRS automation level for a virtual machine; otherwise, use current datastore cluster settings. Values are automated or manual. Default: Current datastore cluster settings.	optional
SDRSIntraVMAffinity	If provided, determines Intra-VM affinity setting for a virtual machine (see Override VMDK Affinity RulesOpens in a new tab in the VMware documentation); otherwise, use current datastore cluster settings. Values include: true — All disks for this virtual machine will be kept on the same datastore. false — Storage DRS may locate individual disks on different datastores if it helps satisfy cluster requirements. Default: Current datastore cluster settings.	optional
SCSIControllerCount	Number of SCSI controllers for a given host node; must be between 1 and 4. The OS volume is always be placed on the first SCSI controller. vSphere may not be able to create more SCSI controllers than were present in the template specified by the Template field. Default: 1	optional
DockerVolumeSCSIController	SCSI controller on which to place the Docker volume. Must be between 1 and 4 and may not exceed SCSIControllerCount. Default: 1	optional
DataVolumeSCSIController WIJVolumeSCSIController Journal1VolumeSCSIController Journal2VolumeSCSIController	SCSI controller on which to place the corresponding volume in iris containers; for example, DataVolumeSCSIController determines the controller for data volume. Must be between 1 and 4 and may not exceed SCSIControllerCount. Default: 1	optional

Note:

The requirements for the VMware vSphere template specified by the Template property are similar to those described in Host Node Requirements (for example, passwordless sudo access).

To address the needs of the many users who rely on VMware vSphere, it is supported by this release of ICM. Depending on your particular vSphere configuration and underlying hardware platform, the use of ICM to provision virtual machines may entail additional extensions and adjustments not covered in this guide, especially for larger and more complex deployments, and may not be suitable for production use. Full support is expected in a later release.

Device Name Parameters

The parameters listed in the following specify the device files under /dev that represent the persistent volumes created by ICM for use by InterSystems IRIS. For information about these persistent volumes and a table of provider and OS-specific default values for these parameters, see Storage Volumes Mounted by ICM. For PreExisting deployments, see Storage Volumes.

Parameter	Persistent Volume For
DataDeviceName	Databases
WIJDeviceName	WIJ directory
Journal1DeviceName	Primary journal directory
Journal2DeviceName	Alternate journal directory

Alphabetical List of User Parameters

The following table lists all of the parameters discussed in the preceding tables in this section in alphabetical order, with links to the table(s) containing their definition.

Parameter	Table(s) for definition
AccountReplicationType	Provider-Specific – Azure
AccountTier	Provider-Specific – Azure
AlternativeServers	General
AMI	Provider-Specific – AWS
ApplicationPath	General
ClientId	Provider-Specific – Azure, Security
ClientSecret	Provider-Specific – Azure, Security
CloneTimeout	Provider-Specific – vSphere
ComputeCluster	Provider-Specific – vSphere
Count	General
CPUCoreCount	Provider-Specific – Tencent
Credentials	Provider-Specific – AWS, Provider-Specific – GCP, Security
CustomizeTimeout	Provider-Specific – vSphere
Datacenter	Provider-Specific – vSphere
DataDeviceName	Device Name
DataMountPoint	General
Datastore	Provider-Specific – vSphere
DatastoreCluster	Provider-Specific – vSphere
DataVolumeIOPS	Provider-Specific – AWS
DataVolumeSCSIController	Provider-Specific – vSphere
DataVolumeSize	General
DataVolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
DiskPolicy	Provider-Specific – vSphere
DNSName	PreExisting
DNSServers	Provider-Specific – vSphere
DNSSuffixes	Provider-Specific – vSphere
DockerImage	General
DockerInit	General
DockerPassword	General
DockerRegistry	General
DockerStorageDriver	General
DockerURL	General
DockerUsername	General
DockerVersion	General
DockerVolumeIOPS	Provider-Specific – AWS
DockerVolumeSCSIController	Provider-Specific – vSphere
DockerVolumeSize	General
DockerVolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
Domain	Provider-Specific – vSphere
ElasticIP	Provider-Specific – AWS, Provider-Specific – Tencent
FileSystem	General
GuestID	Provider-Specific – vSphere
Image	Provider-Specific – GCP
ImageId	Provider-Specific – Tencent
InstanceFamily	Provider-Specific – Tencent
InstanceType	Provider-Specific – AWS, Provider-Specific – Tencent
InternetGatewayId	Provider-Specific – AWS
IPAdress	PreExisting
ISCPassword	General
Journal1DeviceName	Device Name
Journal1MountPoint	General, CPF
Journal1VolumeIOPS	Provider-Specific – AWS
Journal1VolumeSCSIController	Provider-Specific – vSphere
Journal1VolumeSize	General
Journal1VolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
Journal2DeviceName	Device Name
Journal2MountPoint	General, CPF
Journal2VolumeIOPS	Provider-Specific – AWS
Journal2VolumeSCSIController	Provider-Specific – vSphere
Journal2VolumeSize	General
Journal2VolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
Label	General
LicenseDir	General
LicenseKey	General
LicenseServerPort	Port, CPF
LoadBalancer	General
LoadBalancerInternal	Provider-Specific – AWS
Location	Provider-Specific – Azure
LocationMap	Provider-Specific – Azure
MachineType	Provider-Specific – GCP
Memory	Provider-Specific – vSphere
MemorySize	Provider-Specific – Tencent
MigrateWaitTimeout	Provider-Specific – vSphere
Mirror	General
MirrorMap	General
Namespace	General
NetworkInterface	Provider-Specific – vSphere
OSName	Provider-Specific – Tencent
OSVolumeIOPS	Provider-Specific – AWS
OSVolumeSize	General
OSVolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
Overlay	General
PlacementGroups	Provider-Specific – AWS
PlacementStrategy	Provider-Specific – AWS
PlacementMap	Provider-Specific – AWS
PlacementPartitionCount	Provider-Specific – AWS
PlacementSpreadLevel	Provider-Specific – AWS
Project	Provider-Specific – GCP
Provider	General
ProxyImage	General
Region	General
RegionMap	Provider-Specific – GCP
ResourceGroupName	Provider-Specific – Azure
ResourcePool	Provider-Specific – vSphere
Role	General
RouteTableId	Provider-Specific – AWS
SCSIControllerCount	Provider-Specific – vSphere
SDRSAutomationLevel	Provider-Specific – vSphere
SDRSEnabled	Provider-Specific – vSphere
SDRSIntraVMAffinity	Provider-Specific – vSphere
SecretID	Provider-Specific – Tencent, Security
SecretKey	Provider-Specific – Tencent, Security
Server	Provider-Specific – vSphere
ShutdownWaitTimeout	Provider-Specific – vSphere
Size	Provider-Specific – Azure
SSHOnly	Security
SSHPassword	Security
SSHPrivateKey	Security
SSHPublicKey	Security
SSHUser	Security
SSLConfig	Security
StartCount	General
SubnetName	Provider-Specific – Azure
SubnetIds	Provider-Specific – AWS, Provider-Specific – Tencent
SubscriptionId	Security
SuperServerPort	Port, CPF
SystemMode	General
Tag	General
Template	Provider-Specific – vSphere
TenantId	Security
TLSKeyDir	Security
UseMSI	Provider-Specific – Azure, Security
UserCPF	General
VCPU	Provider-Specific – vSphere
VirtualNetworkName	Provider-Specific – Azure
VPCId	Provider-Specific – AWS, Provider-Specific – Tencent
VspherePassword	Provider-Specific – vSphere, Security
VsphereUser	Provider-Specific – vSphere, Security
WaitForGuestNetTimeout	Provider-Specific – vSphere
WeavePassword	Security
WebGatewayPort	Port
WebServerPort	Port, CPF
WIJDeviceName	Device Name
WIJMountPoint	General, CPF
WIJVolumeIOPS	Provider-Specific – AWS
WIJVolumeSCSIController	Provider-Specific – vSphere
WIJVolumeSize	General
WIJVolumeType	Provider-Specific – AWS, Provider-Specific – GCP, Provider-Specific – Tencent
Zone	General
ZoneMap	General

ICM Node Types

ICM Commands and Options