Suntory Azure Managed Service Standard Document

Azure Virtual Machine
Parameter Sheet
Document IDAZ-VM-PARAM-001
Version1.0
StatusRELEASED
Created2026-05-18
Revised2026-05-18
CompanySuntory Holdings Limited
DivisionDigital & AI Global ITG
AuthorTomoki Koyama
Estimated TimeApprox. 1 hour (initial build, 1 VM)

Please complete all items in this parameter sheet before building the VM and obtain approval from the approver.
For design rationale and selection criteria for each parameter, refer to AZ-VM-DESIGN-001 (Design Document).

Revision History

Ver. Date Author Description Approver
1.0 2026-05-18 Tomoki Koyama Initial release (created as a standalone document split from Design Document AZ-VM-DESIGN-001)
📋 Suntory Standard References (External Document List)

VM Parameter Sheet (Pre-Entry and Approval Required)

The "Setting Value (Input)" column can be filled in and selected in your browser.
⚠️ All items in the parameter sheet below must be completed before building the VM, and approval must be obtained from the approver. Starting a build without completing all entries or obtaining approval is prohibited.
About the Notes column: Each row's Notes field contains quick hints such as standard values and format examples. For details on design rationale and decision criteria, refer to the Design Document (AZ-VM-DESIGN-001).

Basics

No. Parameter Item Required Setting Value (Input) Notes (Hints)
1 Subscription Required Refer to Suntory Subscriptions mapping
2 Resource group Required Format: rgp-<region>-<sub>-<env>-<app>-<seq>
Example: rgp-jp1-sjp-bn-aaa-001
3 Virtual machine name Required Format: <Co><Z><Region><OS><Role><Env><Seq>
Example: JZJP1WAPSP001
Duplication check: nslookup / ServiceNow CMDB
4 Region Required SJP → Japan East
5 Availability option Required

Select an Availability option and enter additional values as needed.

Select Availability option Additional Settings (Input)
No infrastructure redundancy required
Availability set Fault domains (FD): ___
Update domains (UD): ___
Availability zone
  └ ● Self-selected zone		 Zone Number (1 / 2 / 3): ___
※Select different Zones for VM1 and VM2
  └ ○ Azure-selected zone (Preview) Not selectable at this time
Virtual machine scale set
  └ Orchestration mode		 Uniform / Flexible: ___
  └ Scaling mode Manual / Autoscaling / No scaling profile: ___
Default: Availability zone (Production)

Refer to Design Doc No.5 for decision criteria details
6 Security type Required
※Standard default		 ○ Standard
● Trusted launch virtual machines
○ Confidential virtual machines		 Default: Trusted launch virtual machines
7 OS Image
(Publisher / Offer / SKU / Version)		 Required Select the latest SKU
See Design Doc No.7 for OS-specific recommendations
8 VM architecture Required
※Standard default		 ○ Arm64
● x64		 Default: x64
9 Run with Azure Spot discount Required
※Standard default		 ● OFF (Disable)
○ ON (Enable)		 Default: OFF
(Risk of forced stop)
10 VM Size (SKU) Required Select based on workload
See Design Doc No.10 for families and recommended sizes
11 Enable Hibernation Required
※Standard default		 ● OFF (Disable)
○ ON (Enable)		 Default: OFF
(Stateless design policy)
12 Administrator account
- Username
- Password		 Required
※Standard default		 ○ SSH public key
● Password
Username: AzureVmAdmin
Password: Shared via separate channel (not recorded in this document)		 Auth: Password
Username: AzureVmAdmin
PW: Shared via separate channel at build time only
Register and change in CyberArk after build
13 Inbound port rules
(Public inbound ports)		 Required
※Standard default		 ● None
○ Allow selected ports		 Default: None
(Public IP is held on the LB side)
14 Licensing
(Azure Hybrid Benefit)		 Optional
※Standard default		 ● OFF (Disable)
○ ON (Enable)		 Default: OFF
(Avoids operational complexity)

Disks

No. Parameter Item Required Setting Value (Input) Notes (Hints)
15 VM disk encryption Required
※Standard default		 ● OFF (Disable)
○ ON (Enable)		 Default: OFF
(SSE is enabled by default)
16 OS disk size Required
※Standard default		 Image default (127 GiB) Default: Image default (127 GiB)
Linux: 64 GiB
17 OS disk type Required #Locally-redundant storage(LRS)
○ Premium SSD
● Standard SSD
○ Standard HDD
#Zone-redundant storage(ZRS)
○ Ultra Disk
○ Premium SSD v2		 OS volume: Standard SSD only
DB data volume: Premium SSD
Large TRX: Ultra Disk
See Design Doc No.17
18 Delete with VM Required
※Standard default		 ● ON (Enable) Default: ON
(Disk is automatically deleted when VM is deleted)
19 Key management Required
※Standard default		 ● Platform-managed key
○ Customer-managed key
○ Platform-managed and customer-managed keys		 Default: Platform-managed key
(Minimizes operational overhead)
20 Enable Ultra Disk compatibility Optional ● OFF (Disable)
○ ON (Enable)		 Default: OFF
Enable only when Ultra Disk attachment is planned
21 Create a new disk
– Name		 Required when added Format: hostname_data<N>
Example: JZJP1WAPSP001_data01
1 disk per drive (D drive, etc.)
22 Create a new disk
– Source type		 Required when added
※Standard default		 ○ Snapshot
○ Storage blob
● None (empty disk)		 Default: None (empty disk)
Use Snapshot for migration only
23 Create a new disk
– Size (GiB)		 Required when added Specify according to system requirements
24 Create a new disk
– Key management		 Required when added
※Standard default		 ● Platform-managed key
○ Customer-managed key
○ Platform-managed and customer-managed keys		 Default: Platform-managed key
(Same as No.19)
25 Create a new disk
– Enable shared disk		 Required when added
※Standard default		 ○ Yes
● No		 Default: No
Yes only for cluster configurations (WSFC, etc.)
26 Create a new disk
– Delete with VM		 Required when added
※Standard default		 ● ON (Enable) Default: ON
(Same as No.18)

Networking

No. Parameter Item Required Setting Value (Input) Notes (Hints)
27 Virtual network Required Use existing VNets
Example: vnt-jp1-sjp-bp-infra-01
28 Subnet Required Select existing subnet
DMZ Example: snt-jp1-sjp-bn-infra-dmz-01
Internal Example: snt-jp1-sjp-bn-infra-tst-01
29 Public IP Required
※Standard default		 ○ New
● None		 Default: None
(Security policy)
30 NIC network security group Required
※Standard default		 ○ None
○ Basic
● Advanced		 Default: Advanced
Assign existing Common NSG
Example: si2-securitygroup-shd-cs-tokyo-cmn-01
31 Delete NIC when VM is deleted Required
※Standard default		 ● ON (Enable) Default: ON
(Prevents unused resources from remaining)
32 Enable accelerated networking Required
※Standard default		 ● ON (Enable) Default: ON
(Performance improvement via SR-IOV)
33 Load balancing Required
※Standard default		 ● None
○ Azure load balancer
○ Application gateway		 Default: None
(LB is handled via a separate request)

Management

No. Parameter Item Required Setting Value (Input) Notes (Hints)
34 Microsoft Defender for Cloud N/A Auto-enabled Confirm auto-enabled
Confirm the "Foundational CSPM Free Plan" message
35 Metadata Security Protocol
– IMDS		 Required
※Standard default		 ● ON (Enable) Default: ON
(Only authenticated processes can access IMDS)
36 Metadata Security Protocol
– WireServer		 Required
※Standard default		 ● OFF (Disable)
○ ON (Enable)		 Default: OFF
(Avoids impact on agent communication)
37 Identity
– System assigned managed identity		 Required
※Standard default		 ● OFF (Disable) Default: OFF
38 Microsoft Entra ID
– Login with Microsoft Entra ID		 Required
※Standard default		 ● OFF (Disable) Default: OFF
(Managed via CyberArk PAM)
39 Auto-shutdown
– Enable auto-shutdown		 Required
※Standard default		 ● OFF (Disable) Default: OFF
(Managed by a separate mechanism)
40 Backup
– Enable backup		 Required ● ON (Enable) Default: ON
(Complies with backup policy)
41 Backup
– Recovery Services vault		 Required Select Default Select Default
Confirm with backup operations team
42 Backup
– Policy subtype		 N/A ○ Standard
● Enhanced
※Select Default		 Fixed to Enhanced when Trusted launch is selected
43 Site Recovery
– Enable Disaster Recovery		 Required
※Standard default		 ● OFF (Disable) Default: OFF
(DR to be considered separately)
44 Guest OS updates
– Enable periodic assessment		 Required
※Standard default		 ● ON (Enable) Default: ON
(Periodic patch check; does not apply patches)
45 Guest OS updates
– Enable hotpatch		 Required Test VM: ON
Production VM: OFF
46 Guest OS updates
– Patch orchestration options		 Required
※Standard default		 Select the following when No.45 is enabled
○ Automatic by OS
● Azure-orchestrated
○ Manual updates
○ Image default		 Default: Azure-orchestrated
(Set only when No.45 is enabled)
47 Guest OS updates
– Reboot setting		 Required Select the following when No.45 is enabled
○ Always reboot
● Reboot if required
○ Never reboot		 Default: Reboot if required
(Set only when No.45 is enabled)

Monitoring

No. Parameter Item Required Setting Value (Input) Notes (Hints)
48 Alerts
– Enable recommended alert rules		 Optional ● ON (Enable) Default: ON
Detailed monitoring including NewRelic should be considered
49 Alerts
– Alert rules		 Optional Refer to separate Alert Rules sheet Refer to Alert Rules sheet
50 Diagnostics
– Boot diagnostics		 Optional ○ Enable with managed storage account
○ Enable with custom storage account
● Disable		 Default: Disable
(Troubleshooting function before OS starts)
51 Diagnostics
– Enable OS guest diagnostics		 Optional Production VM: ON
Test VM: OFF
(Additional cost incurred)
52 Health
– Enable application health monitoring		 Optional ● OFF (Disable) Default: OFF

Advanced

No. Parameter Item Required Setting Value (Input) Notes (Hints)
53 Extensions N/A N/A N/A (handled via IaC: Ansible / Terraform)
54 VM applications N/A N/A Not required by default
55 Custom data N/A N/A Not required by default
56 Performance (NVMe) Optional Enable only when using Premium SSD / Ultra Disk
57 Host (Dedicated Host) Optional Not required by default
Only if a licensing requirement for Dedicated Host exists
58 Capacity reservations Optional Not required by default
59 Proximity placement group Optional Not required by default

Tagging

Tag keys and values must comply with Suntory Azure Foundation Tag Standards.xlsx.
No. Tag Key (Tag name) Classification Setting Value (Input) Notes (Hints)
60 Subsidiary Required Example: SBFE, SBFA, SBFT, SJP
61 BusinessUnit Optional Example: SPS
(Required for SJP)
62 ServiceName Required Example: Beer Production Planning System
(Required for SJP)
63 SystemID Optional Example: aaa
(Required for SJP)
64 Environment Required prod or nonprod
65 BCPRank Required Example: 3
66 Responsibility Optional Example: TransformationG
(Required for SJP)

Azure Virtual Machine Parameter Sheet v1.0 | Author: Tomoki Koyama (Suntory Holdings Limited / Digital & AI Global ITG) | Date: 2026-05-18

This document complies with the Suntory Azure Foundation Design Document (HLD/LLD) and Suntory Azure Foundation Naming/Tag Standards.

For details on design rationale and selection criteria, refer to AZ-VM-DESIGN-001 (AzureVM_DesignDocument.html).