Task 01: Validate SDN Prerequisites
DOCUMENT CATEGORY: Runbook SCOPE: SDN prerequisite validation PURPOSE: Verify cluster meets SDN requirements MASTER REFERENCE: Microsoft Learn - SDN Overview
Status: Active
Overview
Before enabling SDN on Azure Local, you must verify that your cluster meets all prerequisites including version requirements, network intent configuration, and workload compatibility.
Prerequisites Checklist
Version Requirements
| Requirement | Minimum Version |
|---|---|
| Azure Local | 2601 |
| OS Build | 26100.xxxx |
| Arc Agent | Latest |
Network Intent Compatibility
SDN enabled by Arc only supports specific Network ATC configurations. Verify your intent matches one of these patterns:
| Pattern | Description | Storage Connectivity |
|---|---|---|
| Group All Traffic | Single intent for all traffic | Switched only |
| Management + Compute with Separate Storage | 2 intents | Switched or Switchless (≤4 nodes) |
| Fully Disaggregated | Up to 3 separate intents | Switched or Switchless (≤4 nodes) |
Workload Compatibility
| Workload | SDN Compatible |
|---|---|
| Azure Local VMs (deployed from Azure) | ✅ Yes |
| Hyper-V VMs (deployed locally) | ❌ No - Use on-premises SDN |
| AKS on Azure Local | ❌ No |
| Multi-cast applications | ❌ No |
Execution Options
- Azure Portal
- Direct Script (On Node)
- Orchestrated Script (Mgmt Server)
- Standalone Script
Steps
- Navigate to Azure Portal → Azure Arc → Azure Local
- Select your cluster resource
- Go to Overview and verify:
- Version: 2601 or later
- Connection Status: Connected
Portal Limitation
Network ATC intent configuration and OS build version are not visible in the Azure Portal. You must use PowerShell (Direct Script or Orchestrated Script) to validate these prerequisites. The portal can only confirm cluster version and Arc connectivity.
Verification (Portal Only)
Document the following from the portal:
- Cluster version is 2601+
- Arc connection is active
For full validation, use the Direct Script or Orchestrated Script tab to also verify:
- OS build (26100.xxxx+)
- Network intent compatibility
- AKS workload check
Run this script directly on any Azure Local cluster node.
Validate-SDNPrerequisites.ps1 (Run ON Node)
#Requires -RunAsAdministrator
<#
.SYNOPSIS
Validates prerequisites for enabling SDN on Azure Local.
.DESCRIPTION
This script checks version requirements, network intent configuration,
and Arc connectivity before SDN enablement.
#>
[CmdletBinding()]
param()
$ErrorActionPreference = 'Stop'
Write-Host "=" * 60 -ForegroundColor Cyan
Write-Host "SDN Prerequisites Validation" -ForegroundColor Cyan
Write-Host "=" * 60 -ForegroundColor Cyan
$results = @{
VersionCheck = $false
OSBuildCheck = $false
ArcConnectionCheck = $false
NetworkIntentCheck = $false
WorkloadCheck = $false
}
# Check Azure Local version
Write-Host "`n[1/5] Checking Azure Local version..." -ForegroundColor Yellow
$registration = Get-AzStackHCI
$version = $registration.ClusterVersion
Write-Host " Cluster Version: $version"
# Version 2601 = 26.1.x.x pattern
if ($version -match "^2[6-9]\." -or $version -match "^[3-9][0-9]\.") {
Write-Host " ✓ Version requirement met" -ForegroundColor Green
$results.VersionCheck = $true
} else {
Write-Host " ✗ Version 2601+ required" -ForegroundColor Red
}
# Check OS Build
Write-Host "`n[2/5] Checking OS build version..." -ForegroundColor Yellow
$osBuild = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").CurrentBuild
$osUBR = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").UBR
$fullBuild = "$osBuild.$osUBR"
Write-Host " OS Build: $fullBuild"
if ([int]$osBuild -ge 26100) {
Write-Host " ✓ OS build requirement met" -ForegroundColor Green
$results.OSBuildCheck = $true
} else {
Write-Host " ✗ OS build 26100+ required" -ForegroundColor Red
}
# Check Arc connection
Write-Host "`n[3/5] Checking Arc connection status..." -ForegroundColor Yellow
$connectionStatus = $registration.ConnectionStatus
Write-Host " Connection Status: $connectionStatus"
if ($connectionStatus -eq 'Connected') {
Write-Host " ✓ Arc connection active" -ForegroundColor Green
$results.ArcConnectionCheck = $true
} else {
Write-Host " ✗ Arc connection required" -ForegroundColor Red
}
# Check Network Intent configuration
Write-Host "`n[4/5] Checking Network ATC intent configuration..." -ForegroundColor Yellow
try {
$intents = Get-NetIntent
$intentCount = ($intents | Measure-Object).Count
Write-Host " Intent Count: $intentCount"
foreach ($intent in $intents) {
Write-Host " - $($intent.IntentName): $($intent.TrafficType -join ', ')" -ForegroundColor Gray
}
# Check for unsupported configurations
$hasComputeStorageCombined = $intents | Where-Object {
$_.TrafficType -contains 'Compute' -and $_.TrafficType -contains 'Storage' -and $_.TrafficType -notcontains 'Management'
}
if ($intentCount -le 3 -and -not $hasComputeStorageCombined) {
Write-Host " ✓ Network intent configuration compatible" -ForegroundColor Green
$results.NetworkIntentCheck = $true
} else {
Write-Host " ✗ Network intent configuration not supported for SDN" -ForegroundColor Red
}
} catch {
Write-Host " ⚠ Could not retrieve network intents: $_" -ForegroundColor Yellow
}
# Check for AKS workloads
Write-Host "`n[5/5] Checking for AKS workloads..." -ForegroundColor Yellow
try {
$aksVMs = Get-VM | Where-Object { $_.Name -match "^(aks|kubernetes|k8s)" -or $_.Notes -match "AKS" }
$aksCount = ($aksVMs | Measure-Object).Count
if ($aksCount -eq 0) {
Write-Host " ✓ No AKS workloads detected" -ForegroundColor Green
$results.WorkloadCheck = $true
} else {
Write-Host " ✗ AKS workloads detected ($aksCount VMs) - SDN not compatible" -ForegroundColor Red
}
} catch {
Write-Host " ⚠ Could not check for AKS workloads: $_" -ForegroundColor Yellow
$results.WorkloadCheck = $true # Assume compatible if we can't check
}
# Summary
Write-Host "`n" + "=" * 60 -ForegroundColor Cyan
Write-Host "Validation Summary" -ForegroundColor Cyan
Write-Host "=" * 60 -ForegroundColor Cyan
$allPassed = $true
foreach ($check in $results.GetEnumerator()) {
$status = if ($check.Value) { "✓ PASS" } else { "✗ FAIL"; $allPassed = $false }
$color = if ($check.Value) { "Green" } else { "Red" }
Write-Host " $($check.Key): $status" -ForegroundColor $color
}
Write-Host "`n"
if ($allPassed) {
Write-Host "All prerequisites met. You can proceed with SDN enablement." -ForegroundColor Green
} else {
Write-Host "Some prerequisites not met. Address the issues above before enabling SDN." -ForegroundColor Red
}
return $results
Run this script from the management server to validate SDN prerequisites remotely.
Validate-SDNPrerequisites-Orchestrated.ps1 (Run FROM Management Server)
#Requires -Modules Az.Accounts, Az.Resources, Az.StackHCI
<#
.SYNOPSIS
Validates SDN prerequisites on an Azure Local cluster from a management server.
.DESCRIPTION
This script connects to Azure and validates that the target cluster meets
all requirements for enabling SDN via Azure Arc.
.PARAMETER ClusterName
The name of the Azure Local cluster.
.PARAMETER ResourceGroupName
The resource group containing the cluster.
.PARAMETER SubscriptionId
The Azure subscription ID.
.PARAMETER NodeName
The name of a cluster node for remote PowerShell validation.
.PARAMETER Credential
Credentials for connecting to cluster nodes.
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$ClusterName,
[Parameter(Mandatory = $true)]
[string]$ResourceGroupName,
[Parameter(Mandatory = $false)]
[string]$SubscriptionId,
[Parameter(Mandatory = $true)]
[string]$NodeName,
[Parameter(Mandatory = $false)]
[PSCredential]$Credential
)
$ErrorActionPreference = 'Stop'
# Connect to Azure if not already connected
$context = Get-AzContext
if (-not $context) {
Write-Host "Connecting to Azure..." -ForegroundColor Yellow
Connect-AzAccount
}
if ($SubscriptionId) {
Set-AzContext -SubscriptionId $SubscriptionId | Out-Null
}
Write-Host "=" * 60 -ForegroundColor Cyan
Write-Host "SDN Prerequisites Validation (Remote)" -ForegroundColor Cyan
Write-Host "Cluster: $ClusterName" -ForegroundColor Cyan
Write-Host "=" * 60 -ForegroundColor Cyan
# Get cluster resource from Azure
Write-Host "`n[1/4] Retrieving cluster information from Azure..." -ForegroundColor Yellow
$cluster = Get-AzResource -ResourceGroupName $ResourceGroupName -Name $ClusterName -ResourceType "Microsoft.AzureStackHCI/clusters" -ExpandProperties
if (-not $cluster) {
throw "Cluster '$ClusterName' not found in resource group '$ResourceGroupName'"
}
Write-Host " Cluster ID: $($cluster.ResourceId)" -ForegroundColor Gray
Write-Host " Status: $($cluster.Properties.status)" -ForegroundColor Gray
Write-Host " Connectivity: $($cluster.Properties.connectivityStatus)" -ForegroundColor Gray
# Check version via Azure
Write-Host "`n[2/4] Checking cluster version..." -ForegroundColor Yellow
$reportedVersion = $cluster.Properties.reportedProperties.clusterVersion
Write-Host " Reported Version: $reportedVersion"
# Check connectivity status
Write-Host "`n[3/4] Checking Arc connectivity..." -ForegroundColor Yellow
$connectivityStatus = $cluster.Properties.connectivityStatus
if ($connectivityStatus -eq "Connected") {
Write-Host " ✓ Cluster is connected to Azure Arc" -ForegroundColor Green
} else {
Write-Host " ✗ Cluster connectivity: $connectivityStatus" -ForegroundColor Red
}
# Remote validation on node
Write-Host "`n[4/4] Running remote validation on node: $NodeName..." -ForegroundColor Yellow
$remoteParams = @{
ComputerName = $NodeName
}
if ($Credential) {
$remoteParams.Credential = $Credential
}
$remoteResult = Invoke-Command @remoteParams -ScriptBlock {
$result = @{
OSBuild = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").CurrentBuild
IntentCount = (Get-NetIntent | Measure-Object).Count
Intents = Get-NetIntent | Select-Object IntentName, @{N='TrafficTypes';E={$_.TrafficType -join ','}}
}
return $result
}
Write-Host " OS Build: $($remoteResult.OSBuild)" -ForegroundColor Gray
Write-Host " Network Intents: $($remoteResult.IntentCount)" -ForegroundColor Gray
foreach ($intent in $remoteResult.Intents) {
Write-Host " - $($intent.IntentName): $($intent.TrafficTypes)" -ForegroundColor Gray
}
# Summary
Write-Host "`n" + "=" * 60 -ForegroundColor Cyan
Write-Host "Validation Complete" -ForegroundColor Cyan
Write-Host "=" * 60 -ForegroundColor Cyan
Write-Host @"
Review the output above and verify:
[ ] Cluster version is 2601+
[ ] OS build is 26100+
[ ] Arc connectivity is Connected
[ ] Network intent configuration is compatible
[ ] No AKS workloads are running
If all prerequisites are met, proceed to Task 2: Enable SDN Integration.
"@ -ForegroundColor Yellow
Copy-paste ready validation script — no config file, no helpers, no dependencies.
Validate-SDNPrerequisites-Standalone.ps1
# ============================================================================
# Script: Validate-SDNPrerequisites-Standalone.ps1
# Execution: Run anywhere — fully self-contained, no external dependencies
# Prerequisites: PowerShell, run ON an Azure Local cluster node
# ============================================================================
#region CONFIGURATION
# ── No configuration needed — this script reads values from the local node ──
#endregion CONFIGURATION
$ErrorActionPreference = 'Stop'
Write-Host "=" * 60 -ForegroundColor Cyan
Write-Host "SDN Prerequisites Validation (Standalone)" -ForegroundColor Cyan
Write-Host "=" * 60 -ForegroundColor Cyan
$results = @{ Pass = 0; Fail = 0 }
# [1/5] Azure Local version
Write-Host "`n[1/5] Checking Azure Local version..." -ForegroundColor Yellow
$registration = Get-AzStackHCI
$version = $registration.ClusterVersion
Write-Host " Cluster Version: $version"
if ($version -match "^2[6-9]\." -or $version -match "^[3-9][0-9]\.") {
Write-Host " ✓ Version requirement met (2601+)" -ForegroundColor Green; $results.Pass++
} else {
Write-Host " ✗ Version 2601+ required" -ForegroundColor Red; $results.Fail++
}
# [2/5] OS Build
Write-Host "`n[2/5] Checking OS build version..." -ForegroundColor Yellow
$osBuild = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").CurrentBuild
Write-Host " OS Build: $osBuild"
if ([int]$osBuild -ge 26100) {
Write-Host " ✓ OS build requirement met (26100+)" -ForegroundColor Green; $results.Pass++
} else {
Write-Host " ✗ OS build 26100+ required" -ForegroundColor Red; $results.Fail++
}
# [3/5] Arc connection
Write-Host "`n[3/5] Checking Arc connection status..." -ForegroundColor Yellow
Write-Host " Connection Status: $($registration.ConnectionStatus)"
if ($registration.ConnectionStatus -eq 'Connected') {
Write-Host " ✓ Arc connection active" -ForegroundColor Green; $results.Pass++
} else {
Write-Host " ✗ Arc connection required" -ForegroundColor Red; $results.Fail++
}
# [4/5] Network intents
Write-Host "`n[4/5] Checking Network ATC intents..." -ForegroundColor Yellow
try {
$intents = Get-NetIntent
foreach ($i in $intents) { Write-Host " - $($i.IntentName): $($i.TrafficType -join ', ')" -ForegroundColor Gray }
Write-Host " ✓ Network intent configuration retrieved" -ForegroundColor Green; $results.Pass++
} catch {
Write-Host " ⚠ Could not retrieve network intents: $_" -ForegroundColor Yellow; $results.Fail++
}
# [5/5] AKS workloads
Write-Host "`n[5/5] Checking for AKS workloads..." -ForegroundColor Yellow
try {
$aksCount = (Get-VM | Where-Object { $_.Name -match "^(aks|kubernetes|k8s)" } | Measure-Object).Count
if ($aksCount -eq 0) {
Write-Host " ✓ No AKS workloads detected" -ForegroundColor Green; $results.Pass++
} else {
Write-Host " ✗ AKS workloads detected ($aksCount VMs)" -ForegroundColor Red; $results.Fail++
}
} catch {
Write-Host " ⚠ Could not check VMs: $_" -ForegroundColor Yellow; $results.Pass++
}
# Summary
Write-Host "`n" + "=" * 60 -ForegroundColor Cyan
Write-Host "Results: $($results.Pass) passed, $($results.Fail) failed" -ForegroundColor $(if ($results.Fail -eq 0) { 'Green' } else { 'Red' })
No External Dependencies
This script is completely self-contained. Run it directly on any Azure Local cluster node — no variables.yml, no config-loader, no helpers required.
Validation Checklist
Complete this checklist before proceeding to SDN enablement:
| Requirement | Status | Notes |
|---|---|---|
| Azure Local version 2601+ | ☐ | |
| OS build 26100.xxxx+ | ☐ | |
| Arc connection active | ☐ | |
| Network intent compatible | ☐ | Document pattern used |
| No AKS workloads | ☐ | |
| No existing on-premises SDN | ☐ |
Troubleshooting
| Issue | Resolution |
|---|---|
| Version too old | Upgrade Azure Local to 2601+ |
| Arc not connected | Run Sync-AzureStackHCI and verify connectivity |
| Incompatible network intent | Reconfigure Network ATC before enabling SDN |
| AKS workloads present | Cannot enable SDN - AKS not supported |
| Existing SDN via WAC/SDN Express | Cannot migrate - choose one method |
Next Steps
If all prerequisites are met, proceed to Task 2: Enable SDN Integration.
Navigation
| Previous | Up | Next |
|---|---|---|
| ← Phase 01: SDN Deployment | Phase 01: SDN Deployment | Task 02: Enable SDN Integration → |
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0.0 | 2026-03-24 | Azure Local Cloudnology Team | Initial release |