Local Identity — Portal Deployment (SAN)
DOCUMENT CATEGORY: Runbook SCOPE: Portal-based SAN cluster deployment with Local Identity PURPOSE: Deploy Azure Local with external SAN storage and Local Identity (Key Vault) MASTER REFERENCE: Microsoft Learn — Deploy via Portal (Disaggregated)
Status: Active
Overview
This runbook deploys a disaggregated Azure Local cluster using the Azure Portal wizard with:
- Storage: External SAN (Fiber Channel)
- Identity: Local Identity with Azure Key Vault (no Active Directory required)
This combination is ideal for edge or remote deployments using existing SAN infrastructure where AD is not available or desired.
Prerequisites
Complete all items from the SAN Prerequisites and the Local Identity Prerequisites sections.
Additionally:
- Non-built-in local administrator account with identical credentials on ALL nodes
- Static IP addresses on all nodes (DHCP not supported with Local Identity)
- DNS server with Host A records for each node and the cluster
- Azure Key Vault accessible (or will be created during deployment)
- FC HBA drivers installed, MPIO enabled, LUNs visible in RAW state
For disaggregated (SAN) deployments, the "Rack aware" cluster option is not available.
Portal Wizard — Step-by-Step
Step 1: Start the Wizard
- In the Azure portal, navigate to Azure Arc → Azure Local
- On the Get started tab, select Create instance
Step 2: Basics
- Select Subscription and Resource group
- Enter the Instance name
- Select the Region
- Cluster options: Select Standard (Rack aware not available for disaggregated)
- Storage options: Select Storage Area Network (SAN)
- Identity provider: Select Local identity with Azure Key Vault
- Select + Add machines — machines must NOT be domain-joined
Step 3: Networking
- Storage configuration: Select SAN based storage
- Configure Management and Compute traffic intents
- Assign network adapters, VLANs, and subnets
- Configure IP allocation
- Provide subnet, default gateway, and DNS servers
Step 4: Management
- Set the Custom location name
- Configure the cloud witness storage account
- Enter Local administrator credentials (must match across all nodes, 14+ character complexity requirements)
- An Azure Key Vault is provisioned during deployment to store cluster secrets
Step 5: Advanced — SAN Storage Selection
- Select the infrastructure LUN (≥ 250 GB)
- Select the cluster performance history LUN (≥ 20 GB)
Step 6: Validation and Deployment
- Select Start validation — monitor progress
- After validation succeeds, select Create
Post-Deployment
- Connect workload LUNs — see Connect External Storage
- Proceed to Phase 06: Post-Deployment
Windows Admin Center is not supported with Local Identity environments. Use PowerShell or the Azure portal for administrative tasks.
Troubleshooting
| Issue | Resolution |
|---|---|
| Rack aware option not available | Expected for disaggregated deployments. Use Standard cluster option. |
| No SAN disks visible | Verify FC zoning, HBA drivers, and MPIO. Run Get-PhysicalDisk on each node. |
| Key Vault creation fails | Verify permissions (Owner or Contributor + RBAC Admin on the resource group). |
| DNS resolution failures | Ensure Host A records exist for all nodes and the cluster name in your DNS server. |
Navigation
| ← AD — ARM Template (SAN) | ↑ SAN Deployment | Local Identity — ARM Template (SAN) → |
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-05-01 | Azure Local Cloud | Initial release |