Deployment Methods
DOCUMENT CATEGORY: Reference
SCOPE: Deployment method selection guide
PURPOSE: Choose the appropriate deployment method for your environment MASTER REFERENCE: Deploy Azure Local via Azure portal
Status: Active Last Updated: 2026-03-08
Overview
Azure Local clusters can be deployed using different methods and authentication types. This guide helps you select the appropriate deployment path for your environment.
Authentication Types
| Type | Description | Use Case |
|---|---|---|
| Active Directory | Domain-joined deployment using AD accounts | Enterprise environments with existing AD infrastructure |
| Local Identity | Local Windows accounts with Azure Key Vault integration | Edge deployments or environments without AD |
For Azure Local Cloud Azure Local deployments, Active Directory with ARM Template is the standard approach for consistency and repeatability.
Storage Topology
| Topology | Description | Use Case |
|---|---|---|
| Storage Spaces Direct (S2D) | Hyperconverged — local NVMe drives managed by Windows S2D | New deployments without existing SAN investment |
| Disaggregated SAN | External SAN array via Fibre Channel | Environments with existing SAN infrastructure or specific storage requirements |
Storage Spaces Direct is the recommended topology for most Azure Local Cloud deployments. Choose SAN only when there is an existing Fibre Channel SAN that the customer explicitly wants to use.
SAN Pre-Deployment Requirements
If using SAN disaggregated topology, complete Phase 03 Tasks 12–14 before running the deployment wizard:
- Task 12 — Install FC HBA Drivers
- Task 13 — Configure MPIO & MSDSM
- Task 14 — Verify SAN LUN Presentation
The SAN infrastructure volume (≥250 GB) and performance history LUN (≥20 GB) must remain uninitialized (RAW) until the deployment wizard claims them. Do not initialize these LUNs before running the wizard.
FC zoning is typically completed in two steps:
- Before deployment: Zone server HBA ports to SAN array target ports
- After Arc registration: Add the infrastructure volume and performance history LUNs to the host group
Coordinate timing with your SAN administrator.
Deployment Methods Matrix
Storage Spaces Direct (S2D) — Hyperconverged
| Authentication | Portal | ARM Template | Recommendation |
|---|---|---|---|
| Active Directory | ✅ Supported | ✅ Supported | ARM Template for production |
| Local Identity | ✅ Supported | ✅ Supported | Portal for edge deployments |
Storage Area Network (SAN) — Disaggregated
| Authentication | Portal | ARM Template | Recommendation |
|---|---|---|---|
| Active Directory | ✅ Supported | ✅ Supported | ARM Template for production |
| Local Identity | ✅ Supported | ✅ Supported | Portal for edge deployments |
- S2D (Hyperconverged): Storage is local to each compute node. Scale compute and storage together. Up to 16 nodes.
- SAN (Disaggregated): External SAN provides storage via Fiber Channel. Scale compute and storage independently. Up to 64 nodes.
For SAN deployment details, see SAN (Disaggregated) Deployment.
Active Directory Deployment (S2D and SAN)
Enterprise deployments using domain-joined nodes with Active Directory authentication.
Prerequisites
- Run
New-HciAdObjectsPreCreationto create the OU, LCM user account, and block GPO inheritance at the OU level - LCM user password must be ≥14 characters with lowercase, uppercase, numeral, and special character (cannot use
adminas username) - Nodes must NOT be domain-joined before deployment — all nodes must be in workgroup state
- DNS resolves the AD domain FQDN from all nodes
- WinRM (WS-MAN port 5985) open bi-directionally between all nodes for inter-node cluster communication
- If a firewall exists between Azure Local nodes and AD, firewall rules must permit AD communication
These Active Directory deployment steps apply to both S2D and SAN disaggregated deployments. Select the appropriate runbook for your topology below.
Deployment Options
| Method | S2D Runbook | SAN Runbook |
|---|---|---|
| Portal | AD/S2D — Portal | AD/SAN — Portal |
| ARM Template | AD/S2D — ARM Template | AD/SAN — ARM Template |
Local Identity Deployment (S2D and SAN)
Deployments using local Windows accounts, suitable for edge scenarios or environments without Active Directory.
Prerequisites
- Non-built-in local administrator account (NOT the built-in
Administrator) with identical credentials on ALL nodes — added to local Administrators group on each node - Account password must be ≥14 characters with lowercase, uppercase, numeral, and special character
- Static IP addresses configured on all nodes — DHCP is not supported
- DNS server with Host A records for each node AND for the cluster system itself
- WinRM (WS-MAN port 5985) open bi-directionally between all nodes for inter-node cluster communication
- SSH enabled on each node (required for Azure portal Arc-based remote access)
- Azure Key Vault accessible (existing KV, or created during the portal deployment wizard)
Windows Admin Center is not supported in Local Identity with Key Vault environments. Use PowerShell or the Azure portal for administrative tasks.
These Local Identity deployment steps apply to both S2D and SAN disaggregated deployments. Select the appropriate runbook for your topology below.
Deployment Options
| Method | S2D Runbook | SAN Runbook |
|---|---|---|
| Portal | LI/S2D — Portal | LI/SAN — Portal |
| ARM Template | LI/S2D — ARM Template | LI/SAN — ARM Template |
Decision Tree
graph TD
A[Start Deployment] --> S{Storage Type?}
S -->|S2D Hyperconverged| B{Active Directory Available?}
S -->|SAN Disaggregated| B2{Active Directory Available?}
B -->|Yes| C{Need Automation?}
B -->|No| D[Local Identity]
C -->|Yes| E[S2D + AD - ARM Template]
C -->|No| F[S2D + AD - Portal]
D --> G{Need Automation?}
G -->|Yes| H[S2D + Local - ARM Template]
G -->|No| I[S2D + Local - Portal]
B2 -->|Yes| C2{Need Automation?}
B2 -->|No| D2[SAN + Local Identity]
C2 -->|Yes| E2[SAN + AD - ARM Template]
C2 -->|No| F2[SAN + AD - Portal]
D2 --> G2{Need Automation?}
G2 -->|Yes| H2[SAN + Local - ARM Template]
G2 -->|No| I2[SAN + Local - Portal]
SAN (Disaggregated) Deployment
Deployments using external Storage Area Network (SAN) storage via Fiber Channel. The disaggregated architecture separates compute and storage, supporting up to 64 nodes.
For full details, see SAN (Disaggregated) Deployment.
Deployment Options
| Identity | Method | Link |
|---|---|---|
| Active Directory | Portal | AD — Portal (SAN) |
| Active Directory | ARM Template | AD — ARM Template (SAN) |
| Local Identity | Portal | Local Identity — Portal (SAN) |
| Local Identity | ARM Template | Local Identity — ARM Template (SAN) |
Method Comparison
Portal Deployment
| Aspect | Description |
|---|---|
| Pros | Visual interface, guided wizard, real-time validation |
| Cons | Manual, not repeatable, requires interactive session |
| Best For | Learning, troubleshooting, single deployments |
ARM Template Deployment
| Aspect | Description |
|---|---|
| Pros | Repeatable, version controlled, CI/CD integration |
| Cons | Requires template knowledge, initial setup time |
| Best For | Production, multi-site, enterprise deployments |
Quick Start
Azure Local Cloud Standard Deployment (S2D)
For standard Azure Local Cloud Azure Local deployments with Storage Spaces Direct:
- Complete Phase 14: Arc Registration
- Use AD/S2D — ARM Template
- Follow the deployment procedure with Azure Local Cloud templates
- Proceed to Phase 16: Post-Deployment
SAN Disaggregated Deployment
For deployments using an external Fibre Channel SAN:
- Complete Phase 03 Tasks 12–14 (FC HBA, MPIO, LUN verification)
- Complete Phase 14: Arc Registration
- Use AD/SAN — Portal or AD/SAN — ARM Template
- Proceed to Phase 16: Post-Deployment
Navigation
| Previous | Up | Next |
|---|---|---|
| Phase 14: Arc Registration | Phase 15: Cluster Deployment | Phase 16: Post-Deployment |
References: