145 docs tagged with "azure-local"

Deploy Azure Local cluster with Active Directory authentication using the Azure Portal

ARM template-based Azure Local cluster deployment options for Active Directory and Local Identity environments.

Authentication options for Azure Local deployment — Azure PowerShell and Azure CLI session setup.

Complete guide for deploying Azure Local infrastructure — from Azure foundation through cluster deployment, validation, and handover.

Runbook for deploying Azure Local clusters, covering OS installation, Arc registration, cluster creation, and post-deployment configuration.

Overview of Azure Local cluster deployment methods including Portal and ARM Template options for Active Directory and Local Identity environments.

Real-time dashboard scripts for monitoring Azure Local cluster validation and deployment progress

Overview of the full CAF/WAF landing zone deployment — enterprise-scale management group hierarchy, dedicated subscriptions, and multi-resource-group organization following Azure Landing Zone architecture.

Detailed provisioning instructions with tabbed execution options for each step.

Configuration management system for Azure Local deployments using config/variables.yml and JSON Schema validation.

Deploy Azure Local cluster with local identity authentication using the Azure Portal and Key Vault

Management server definitions — domain controllers, jumpbox, WAC, and syslog server. Deployment-agnostic variable capture.

Manual step-by-step deployment procedures for Azure Local management infrastructure components

Real-time dashboard for monitoring Azure Local cluster deployment progress via Azure API step hierarchy and live log streaming

Real-time dashboard for monitoring Azure Local cluster validation progress via Azure API and live node log streaming

On-Premises Readiness for Azure Local Deployments

Prepare Active Directory domain infrastructure including OU structure, service accounts, and group policies for Azure Local deployment

Discover cluster node hardware, configure DHCP reservations, validate and remediate BIOS/iDRAC settings against Dell Azure Local validated baselines before OS installation.

Phase 01: Landing Zones — choose your deployment model and deploy management groups, subscriptions, and resource groups following Azure CAF/WAF and Azure Landing Zone architecture.

Validate customer network infrastructure prerequisites before Azure Local deployment

Prepare Dell hardware boot configuration, verify ISO availability, and install Azure Stack HCI OS on each cluster node before OS configuration.

Phase 02: Register required Azure resource providers for Azure Local deployment.

Configure network infrastructure including OpenGear, switches, and firewall endpoints for Azure Local deployment

Configure RBAC permissions and create deployment service principal for Azure Local

Deploy Azure management infrastructure for Azure Local including networking, VPN connectivity, management VMs, and monitoring resources.

Configure Privileged Identity Management and Conditional Access policies to protect administrative access to the Azure Local deployment.

Portal-based Azure Local cluster deployment options for Active Directory and Local Identity environments.

Requirements and assumptions for Azure Local deployment.

Comprehensive guidance for deploying Azure Local infrastructure with multiple implementation approaches.

Overview of the single subscription landing zone deployment — single management group, single subscription, single resource group.

Create the CI/CD service principal and configure Azure access

Commit Terraform configuration to Git and trigger pipeline

Configure Azure Backup for Azure Local VM protection

Define customer and CI/CD Infrastructure integration variables

Create and configure the Log Analytics workspace for Azure Local monitoring and observability

Create the landing zone management group under the existing root management group.

Create the full CAF/WAF management group hierarchy under the existing root management group.

Configure OpenGear OM1208-8E-L console server for out-of-band management access

Create the Azure Local deployment service principal for Azure Local automation

Create DHCP reservations for iDRAC out-of-band management interfaces using MAC addresses and planned IPs from variables.yml before hardware arrives on site.

Delete and recreate virtual disks on Dell BOSS cards via iDRAC Storage Management or Redfish API for a clean OS installation target.

Enable Software Defined Networking (SDN) on Azure Local via Arc integration — Network Controller as Failover Cluster service, enabling logical network NSG management

Enable Azure Hybrid Benefit on Azure Local cluster to reduce Windows VM compute costs

Enable Microsoft Defender for Cloud with security policy initiatives for Azure Local deployments

Enable Windows Remote Management on all Azure Local nodes via iDRAC Virtual Console. Must run locally on each node — WinRM cannot be enabled remotely before it exists.

Comprehensive infrastructure health validation including Test-Cluster, Health Service, and Arc connectivity

Create Azure Local OU and required AD objects using AsHciADArtifactsPreCreationTool

Configure Privileged Identity Management and Entra ID Conditional Access policies to protect administrative access to Azure Local.

Validate identity, permissions, and connectivity before Arc registration

Register the 12 required Azure resource providers for Azure Local deployment.

Verify network intent compatibility and requirements before enabling SDN on Azure Local

Verify all Azure resources exist and are configured correctly

Create the Azure Virtual Network and subnets for Azure Local management infrastructure.

Physical verification of servers, network equipment, and cabling

Activate Windows Server Subscription for Azure Local to enable automatic VM licensing

Apply Azure Policy initiatives including Azure Local security baseline and compliance policies

Assign required RBAC roles to the deployment service principal and deployment user for Azure Local

Configure cluster quorum — validate and provision the cloud witness storage account, then set quorum via Cloud Witness, File Share Witness, or Disk Witness

Deploy Azure Monitor Agent to cluster nodes and configure Data Collection Rules

Configure Dell PowerSwitch TOR switches with QoS/DCB, VLT, and VLANs for Azure Local

Define network configuration for management infrastructure deployment

Configure Azure Site Recovery for Azure Local VM disaster recovery to Azure

Create the deployment source control project

Create a single subscription for the single subscription deployment and associate it with the landing zone management group.

Create dedicated subscriptions for the full CAF/WAF deployment and associate them with management groups.

Verify customer-provided DNS and NTP services are operational

Enable Remote Desktop Protocol on all Azure Local nodes for graphical remote access during configuration and troubleshooting.

Discover all cluster node hardware using Dell iDRAC Redfish API, collecting hardware inventory, BIOS configuration, and iDRAC settings for use in subsequent tasks.

Day 2 management of Network Security Groups — add/remove rules, associate/dissociate, and troubleshoot

Watch validation stage perform syntax and security checks

Mount the Dell Azure Stack HCI OS gold image ISO to all cluster nodes via iDRAC virtual media or USB drive, and verify mount status before BOSS card preparation.

Arc-enable each Azure Local cluster node using Invoke-AzStackHciArcInitialization

Step 2 - Security Groups (task-02-security-groups.mdx)

Test network connectivity including VPN, Bastion, and DNS

Verify all 12 required Azure resource providers are registered before proceeding to RBAC configuration.

Deploy VMFleet for comprehensive storage performance testing and baseline documentation

Deploy the Azure VPN Gateway for site-to-site connectivity between Azure and on-premises infrastructure.

Define cluster-specific resources including VPN connection and node DNS

Configure diagnostic level, streaming data client, and EU location settings for Azure Local telemetry

Configure source control project settings for branch protection, merge approvals, and security

Review and remediate Defender for Cloud security recommendations for Azure Local

Configure static IP addresses on the management network adapter for each Azure Local cluster node using explicit values from variables.yml.

Create DHCP reservations for in-band management network interfaces using MAC addresses from Task 02 hardware discovery and planned IPs from variables.yml.

Create resource groups in each subscription for the full CAF/WAF deployment.

Create the single resource group for the simplified deployment Azure Local cluster.

Step 3 - DNS Node A Records (task-03-dns-node-a-records.mdx)

Enable Azure Local (HCI) Insights for cluster health monitoring and performance analytics

Manually install Azure Stack HCI OS on each cluster node using iDRAC Virtual Console. The ISO was mounted in Task 02 — nodes boot directly into Windows Setup after the BOSS recreation reboot.

Monitor Arc registration bootstrap status and handle OEM image updates

Validate network connectivity, RDMA configuration, and DCB settings for Azure Local cluster

Verify OpenGear console server is registered with Lighthouse

Review Terraform execution plan showing resource changes

Apply Active Directory security groups to the local groups on each cluster node for least-privilege administrative and remote management access

Create the Local Network Gateway and Site-to-Site VPN connection between Azure and on-premises infrastructure.

Validate disaster recovery procedures with test failovers and failback testing

Validate Key Vault access, Log Analytics, and monitoring setup

Verify firewall rules for required Azure and Dell endpoints

Approve the deployment to proceed with infrastructure provisioning

Validate BIOS and iDRAC settings against Azure Local requirements using Task 02 discovery data. Generates a per-node compliance report for use in Task 05 remediation.

Create deployment environments for CI/CD pipelines

Disable DHCP on all network adapters except virtual and management adapters to lock in static IP configuration across all Azure Local cluster nodes.

Configure security event collection via Data Collection Rules for Azure Local

Test cluster high availability, failover scenarios, and live migration capabilities

Run comprehensive network validation and Microsoft Environment Checker

Configure Point-to-Site VPN for remote administrative access to the Azure management network.

Step 4 - Service & Admin Accounts (task-04-service-admin-accounts.mdx)

Configure alert rules and action groups for Azure Local monitoring and notifications

Install the WindowsOpenSSH Arc extension on cluster nodes and enable Azure Arc SSH tunneled access via HybridConnectivity

Complete validation sign-off and document readiness

Verify that Azure Arc registration is successful and connectivity is established for all cluster nodes

Verify that Azure Stack HCI OS has been successfully installed on all cluster nodes before proceeding to Phase 03: OS Configuration.

Deploy Azure Bastion for secure browser-based RDP/SSH access to management VMs without public IP exposure.

Remediate non-compliant BIOS and iDRAC settings identified in Task 04 using Dell Redfish API. Handles reboots, re-collects configuration, and re-runs Task 04 validation to confirm 100% compliance.

Configure Azure Update Manager for patch management and update orchestration for Azure Local and Arc-enabled servers

Configure primary and secondary DNS server addresses on the management NIC of each Azure Local cluster node using explicit values from variables.yml.

Configure CI/CD environment variables for Azure authentication

Deploy Dell OpenManage Integration for Windows Admin Center (OMIMSWAC) for hardware monitoring

Deploy and configure Windows Admin Center (WAC) on a dedicated management server for Azure Local cluster management, monitoring, and Azure integration.

Step 5 - Group Assignments (task-05-group-assignments.mdx)

Monitor infrastructure deployment during apply stage

Validate security configuration, Defender for Cloud, RBAC, and compliance posture

Size and create S2D CSV volumes on the Azure Local cluster and register storage paths in Azure for VM workload placement

Validate backup operations, restore procedures, and disaster recovery capabilities

Configure syslog and SNMP forwarding from network devices to the syslog Linux server

Plan and deploy CI/CD runners for Azure Local automation

Create and associate Network Security Groups for the management subnet and AzureBastionSubnet.

Verify that DNS servers are correctly configured on the management NIC of each Azure Local node and that critical Azure endpoints resolve successfully.

Verify automated tests confirm successful deployment

Download Azure Marketplace VM images to the Azure Local cluster for Arc VM deployment

Create Azure Local NSGs for logical network micro-segmentation before network provisioning

Configure the NTP time source on each Azure Local node using w32tm — required for Kerberos authentication and AD domain operations.

Deploy a NAT Gateway for outbound internet connectivity from the management subnet.

Deploy an Azure Arc Gateway to enable Arc-enabled server connectivity through a centralized gateway endpoint.

Enable ICMPv4 and ICMPv6 inbound firewall rules on each Azure Local node to allow ping for network diagnostics and connectivity validation.

Create Azure Local logical networks for Arc VM network connectivity

Disable network adapters not used for management to prevent configuration issues during cluster deployment

Create a Log Analytics workspace for centralized monitoring and log collection across management infrastructure.

Verify all Phase 06 post-deployment tasks completed successfully

Set the computer hostname for each node according to naming standards

Deploy the management Key Vault for storing deployment secrets, certificates, and credentials.

Clear previous Storage Spaces Direct configuration if redeploying on existing hardware

Deploy all management virtual machines — Domain Controllers, Utility Server, NDM Server, and Lighthouse Server.

Optional combined script that runs Tasks 02–10 in a single execution for faster deployment

Read-only verification of all Phase 03 OS Configuration tasks (01–11) across all cluster nodes

Organization-wide variable naming, structure, and management standard for all AzureLocal solution repositories.