89 docs tagged with "azure-local"

Deploy Azure Local cluster with Active Directory authentication using the Azure Portal

ARM template-based Azure Local cluster deployment options for Active Directory and Local Identity environments.

Authentication options for Azure Local deployment — Azure PowerShell and Azure CLI session setup.

Complete guide for deploying Azure Local infrastructure — from Azure foundation through cluster deployment, validation, and handover.

Runbook for deploying Azure Local clusters, covering OS installation, Arc registration, cluster creation, and post-deployment configuration.

Overview of Azure Local cluster deployment methods including Portal and ARM Template options for Active Directory and Local Identity environments.

Real-time dashboard scripts for monitoring Azure Local cluster validation and deployment progress

Overview of the full CAF/WAF landing zone deployment — enterprise-scale management group hierarchy, dedicated subscriptions, and multi-resource-group organization following Azure Landing Zone architecture.

Detailed provisioning instructions with tabbed execution options for each step.

Configuration management system for Azure Local deployments using config/variables.yml and JSON Schema validation.

Deploy Azure Local cluster with local identity authentication using the Azure Portal and Key Vault

Manual step-by-step deployment procedures for Azure Local management infrastructure components

Real-time dashboard for monitoring Azure Local cluster deployment progress via Azure API step hierarchy and live log streaming

Real-time dashboard for monitoring Azure Local cluster validation progress via Azure API and live node log streaming

On-Premises Readiness for Azure Local Deployments

Prepare Active Directory domain infrastructure including OU structure, service accounts, and group policies for Azure Local deployment

Discover cluster node hardware, configure DHCP reservations, validate and remediate BIOS/iDRAC settings against Dell Azure Local validated baselines before OS installation.

Phase 01: Landing Zones — choose your deployment model and deploy management groups, subscriptions, and resource groups following Azure CAF/WAF and Azure Landing Zone architecture.

Validate customer network infrastructure prerequisites before Azure Local deployment

Prepare Dell hardware boot configuration, verify ISO availability, and install Azure Stack HCI OS on each cluster node before OS configuration.

Phase 02: Register required Azure resource providers for Azure Local deployment.

Configure network infrastructure including OpenGear, switches, and firewall endpoints for Azure Local deployment

Configure RBAC permissions and create deployment service principal for Azure Local

Deploy Azure management infrastructure for Azure Local including networking, VPN connectivity, management VMs, and monitoring resources.

Configure Privileged Identity Management and Conditional Access policies to protect administrative access to the Azure Local deployment.

Portal-based Azure Local cluster deployment options for Active Directory and Local Identity environments.

Requirements and assumptions for Azure Local deployment.

Comprehensive guidance for deploying Azure Local infrastructure with multiple implementation approaches.

Overview of the single subscription landing zone deployment — single management group, single subscription, single resource group.

Install and configure Active Directory Domain Services on the domain controller VMs for the Azure Local management domain.

Create the landing zone management group under the existing root management group.

Create the full CAF/WAF management group hierarchy under the existing root management group.

Configure OpenGear OM1208-8E-L console server for out-of-band management access

Create the Azure Local deployment service principal for Azure Local automation

Create DHCP reservations for iDRAC out-of-band management interfaces using MAC addresses and planned IPs from variables.yml before hardware arrives on site.

Delete and recreate virtual disks on Dell BOSS cards via iDRAC Storage Management or Redfish API for a clean OS installation target.

Enable Windows Remote Management on all Azure Local nodes via iDRAC Virtual Console. Must run locally on each node — WinRM cannot be enabled remotely before it exists.

Create Azure Local OU and required AD objects using AsHciADArtifactsPreCreationTool

Configure Privileged Identity Management and Entra ID Conditional Access policies to protect administrative access to Azure Local.

Register the 12 required Azure resource providers for Azure Local deployment.

Create the Azure Virtual Network and subnets for Azure Local management infrastructure.

Physical verification of servers, network equipment, and cabling

Assign required RBAC roles to the deployment service principal and deployment user for Azure Local

Configure Dell PowerSwitch TOR switches with QoS/DCB, VLT, and VLANs for Azure Local

Configure the utility/management server — domain join, install management tools, configure Remote Server Administration Tools (RSAT), and prepare as the primary admin jump box.

Create a single subscription for the single subscription deployment and associate it with the landing zone management group.

Create dedicated subscriptions for the full CAF/WAF deployment and associate them with management groups.

Verify customer-provided DNS and NTP services are operational

Enable Remote Desktop Protocol on all Azure Local nodes for graphical remote access during configuration and troubleshooting.

Discover all cluster node hardware using Dell iDRAC Redfish API, collecting hardware inventory, BIOS configuration, and iDRAC settings for use in subsequent tasks.

Mount the Dell Azure Stack HCI OS gold image ISO to all cluster nodes via iDRAC virtual media or USB drive, and verify mount status before BOSS card preparation.

Step 2 - Security Groups (task-02-security-groups.mdx)

Verify all 12 required Azure resource providers are registered before proceeding to RBAC configuration.

Deploy the Azure VPN Gateway for site-to-site connectivity between Azure and on-premises infrastructure.

Configure the Network/DevOps Management (NDM) server for SYSLOG collection, SNMP monitoring, and network device management.

Configure static IP addresses on the management network adapter for each Azure Local cluster node using explicit values from variables.yml.

Create DHCP reservations for in-band management network interfaces using MAC addresses from Task 02 hardware discovery and planned IPs from variables.yml.

Create resource groups in each subscription for the full CAF/WAF deployment.

Create the single resource group for the simplified deployment Azure Local cluster.

Step 3 - DNS Node A Records (task-03-dns-node-a-records.mdx)

Manually install Azure Stack HCI OS on each cluster node using iDRAC Virtual Console. The ISO was mounted in Task 02 — nodes boot directly into Windows Setup after the BOSS recreation reboot.

Verify OpenGear console server is registered with Lighthouse

Apply Active Directory security groups to the local groups on each cluster node for least-privilege administrative and remote management access

Create the Local Network Gateway and Site-to-Site VPN connection between Azure and on-premises infrastructure.

Verify firewall rules for required Azure and Dell endpoints

Validate BIOS and iDRAC settings against Azure Local requirements using Task 02 discovery data. Generates a per-node compliance report for use in Task 05 remediation.

Deploy and configure the OpenGear Lighthouse central management server for out-of-band console management of Azure Local infrastructure.

Disable DHCP on all network adapters except virtual and management adapters to lock in static IP configuration across all Azure Local cluster nodes.

Run comprehensive network validation and Microsoft Environment Checker

Configure Point-to-Site VPN for remote administrative access to the Azure management network.

Step 4 - Service & Admin Accounts (task-04-service-admin-accounts.mdx)

Complete validation sign-off and document readiness

Verify that Azure Stack HCI OS has been successfully installed on all cluster nodes before proceeding to Phase 03: OS Configuration.

Deploy Azure Bastion for secure browser-based RDP/SSH access to management VMs without public IP exposure.

Remediate non-compliant BIOS and iDRAC settings identified in Task 04 using Dell Redfish API. Handles reboots, re-collects configuration, and re-runs Task 04 validation to confirm 100% compliance.

Configure primary and secondary DNS server addresses on the management NIC of each Azure Local cluster node using explicit values from variables.yml.

Install and configure Windows Admin Center (WAC) on the utility server for Azure Local cluster management, monitoring, and Azure integration.

Step 5 - Group Assignments (task-05-group-assignments.mdx)

Create and associate Network Security Groups for the management subnet and AzureBastionSubnet.

Verify that DNS servers are correctly configured on the management NIC of each Azure Local node and that critical Azure endpoints resolve successfully.

Configure the NTP time source on each Azure Local node using w32tm — required for Kerberos authentication and AD domain operations.

Deploy a NAT Gateway for outbound internet connectivity from the management subnet.

Deploy an Azure Arc Gateway to enable Arc-enabled server connectivity through a centralized gateway endpoint.

Enable ICMPv4 and ICMPv6 inbound firewall rules on each Azure Local node to allow ping for network diagnostics and connectivity validation.

Create a Log Analytics workspace for centralized monitoring and log collection across management infrastructure.

Deploy the management Key Vault for storing deployment secrets, certificates, and credentials.

Deploy all management virtual machines — Domain Controllers, Utility Server, NDM Server, and Lighthouse Server.

Organization-wide variable naming, structure, and management standard for all AzureLocal solution repositories.

Configure management virtual machines — Active Directory, utility jump box, NDM monitoring, OpenGear Lighthouse, and Windows Admin Center.