Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to deploy an Azure Local node for deployment in disconnected environments. Prepare your environment to ensure a successful setup of your Azure Local instance using a local control plane. Complete these steps before setting up any Azure Local instances in your disconnected environment.
Prepare Azure Local machines
Prepare your Azure Local machines for disconnected operations by completing these steps to ensure proper setup and configuration. This process includes downloading the necessary ISO, configuring networking, and setting up certificates and environment variables.
Download the Azure Local ISO that matches your disconnected control plane version (for example, 2601).
Install the OS and configure the node networking for each Azure Local machine you plan to use to form an instance. For more information, see Install the Azure Stack HCI operating system.
On physical hardware, install firmware and drivers as instructed by your OEM.
Rename network adapters.
Use the same adapter name on each node for the physical network. Rename adapters to meaningful names if the default names aren't clear. Skip this step if the adapter names already match.
Here's an example:
Rename-NetAdapter -Name "Mellanox #1" -NewName "ethernet" Rename-NetAdapter -Name "Mellanox #2" -NewName "ethernet 2" # Other examples for naming e.g."storage port 0"Set up the virtual switches according to your planned network:
Network considerations for cloud deployments of Azure Local.
If your network plan groups all traffic (management, compute, and storage), create a virtual switch called
ConvergedSwitch(ManagementComputeStorage)on each node.Here's an example:
# Example $networkIntentName = 'ManagementComputeStorage' New-VMSwitch -Name "ConvergedSwitch($networkIntentName)" -NetAdapterName "ethernet","ethernet 2" -EnableEmbeddedTeaming $true -AllowManagementOS $true # Rename the VMNetworkAdapter for management. During creation, Hyper-V uses the vSwitch name for the virtual network adapter. Rename-VmNetworkAdapter -ManagementOS -Name "ConvergedSwitch($networkIntentName)" -NewName "vManagement($networkIntentName)" # Rename the NetAdapter. During creation, Hyper-V adds the string "vEthernet" to the beginning of the name. Rename-NetAdapter -Name "vEthernet (ConvergedSwitch($networkIntentName))" -NewName "vManagement($networkIntentName)"If you use VLANs, make sure you set the network adapter VLAN.
Set-NetAdapter -Name "ethernet 1" -VlanID 10
Rename each node according to your environment's naming conventions. For example, azlocal-n1, azlocal-n2, and azlocal-n3.
Management cluster only: Check that you have sufficient disk space for disconnected operations deployment.
Make sure you have at least 600 GB of free space on the drive you plan to use for deployment. If your drive has less space, use a data disk on each node and initialize it so each node has the same available data disks for deployment.
Here's how to initialize a disk on the nodes and format it for a D partition:
$availableDrives = Get-PhysicalDisk | Where-Object { $_.MediaType -eq "SSD" -or $_.MediaType -eq "NVMe" } | where -Property CanPool -Match "True" | Sort-Object Size -Descending $driveGroup = $availableDrives | Group-Object Size | select -First 1 $biggestDataDrives = $availableDrives | select -First $($driveGroup.Count) $firstDataDrive= ($biggestDataDrives | Sort-Object DeviceId | select -First 1).DeviceId Initialize-Disk -Number $firstDataDrive New-partition -disknumber $firstDataDrive -usemaximumsize | format-volume -filesystem NTFS -newfilesystemlabel Data Get-partition -disknumber $firstDataDrive -PartitionNumber 2 | Set-Partition -NewDriveLetter DOn each node, copy the root certificate public key. For more information, see PKI for disconnected operations. Modify the paths according to the location and method you use to export your public key for creating certificates.
# Replace paths with your actual values. $applianceConfigBasePath = "C:\AzureLocalDisconnectedOperations\" $applianceRootCertFile = "C:\AzureLocalDisconnectedOperations\applianceRoot.cer" New-Item -ItemType Directory $applianceConfigBasePath Copy-Item \\fileserver\share\azurelocalcerts\publicroot.cer $applianceRootCertFileCopy to the APPData/AzureLocal folder and name it azureLocalRootCert. Use this information during the Arc appliance deployment.
New-Item -ItemType Directory "$($env:APPDATA)\AzureLocal" -force Copy-Item $applianceRootCertFile "$($env:APPDATA)\AzureLocal\AzureLocalRootCert.cer"On each node, import the public key into the local store:
Import-Certificate -FilePath $applianceRootCertFile -CertStoreLocation Cert:\LocalMachine\Root -Confirm:$falseNote
If you use a different root for the management certificate, repeat the process and import the key on each node.
Set the environment variable to support disconnected operations.
[Environment]::SetEnvironmentVariable("DISCONNECTED_OPS_SUPPORT", $true, [System.EnvironmentVariableTarget]::Machine)Setup Azure CLI on each node. Ensure it works on each node before you deploy an Azure Local instance. Otherwise, the deployment fails.
From the list of node names, select the first machine and designate it as the (seed node). The seed node is the first node used to deploy the disconnected operations control plane. Use the following command to designate the seed node.
$seednode = @('azlocal-1', 'azlocal-2','azlocal-3')|Sort|select –first 1 $seednode
Time synchronization in fully disconnected (air-gapped) environments
For fully air‑gapped deployments with no outbound internet access, complete these actions on each Azure Local node and configure a local time server for time synchronization.
On each node, configure the time server to use your domain controller. Modify the script and run it from PowerShell:
w32tm /config /manualpeerlist:"dc.contoso.com" /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
w32tm /resync /rediscover
# Check your NTP settings
w32tm /query /peers
Next steps
This feature is available only in Azure Local 2602 or later.