{"id":1627,"date":"2025-06-19T10:51:09","date_gmt":"2025-06-19T08:51:09","guid":{"rendered":"https:\/\/www.gerjon.com\/?p=1627"},"modified":"2025-06-19T10:53:23","modified_gmt":"2025-06-19T08:53:23","slug":"setting-up-azure-local-complete-guide","status":"publish","type":"post","link":"https:\/\/www.gerjon.com\/?p=1627","title":{"rendered":"Setting Up Azure Local: Complete Guide"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Welcome to the world of Azure Local!<\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>Azure Local (the artist formerly known as \u201cAzure Stack HCI\u201d) lets you run VMs, containers and a handful of PaaS services on-prem while Azure Arc keeps everything in the same control plane. Think of it as cloud super-powers wrapped in a 2U pizza box \u2013 minus the pineapple.<\/em> (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/?view=azloc-24112\">learn.microsoft.com<\/a>)<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">1. What You\u2019ll Need Before You Even Think About Powering On<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Area<\/th><th>Key checklist items<\/th><\/tr><\/thead><tbody><tr><td><strong>Hardware<\/strong><\/td><td>Vendor-validated nodes (1 \u2013 16), TPM 2.0, 32 GB ECC RAM min, 200 GB OS drive, \u2265 1 Gb mgmt NIC + 2 \u00d7 10\/25\/40 Gb for data (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/concepts\/system-requirements-23h2?view=azloc-24113&amp;utm_source=chatgpt.com\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>Network<\/strong><\/td><td>Management VLAN, (optionally) storage VLANs, routable DNS, outbound 443 to Azure, accurate NTP<\/td><\/tr><tr><td><strong>Active Directory<\/strong><\/td><td>New OU, unique hostnames, domain functional level 2016+ (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-prerequisites?view=azloc-24112&amp;utm_source=chatgpt.com\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>Azure side<\/strong><\/td><td>Subscription owner, resource group, registered resource providers, RBAC roles (<code>Azure Connected Machine Onboarding<\/code>, etc.) (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-arc-register-server-permissions?view=azloc-24112\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>Time<\/strong><\/td><td>~ 2 hrs for a single node, ~ 2.5 hrs for a 2-node cluster (excluding coffee) (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deploy-via-portal?view=azloc-2505\">learn.microsoft.com<\/a>)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Pro tip:<\/strong> Do the prerequisites <em>once<\/em> in a build runbook; future clusters become copy-paste easy.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2. Stage 0 \u2013 Lay Down the Azure Local OS<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Download the ISO<\/strong> from the Azure portal (free 60-day trial if you need it).<\/li>\n\n\n\n<li>Boot each node and run the <strong>Install Azure Stack HCI<\/strong> wizard \u2192 <em>Custom<\/em> install \u2192 pick the blank drive.<\/li>\n\n\n\n<li>First boot asks for a new local admin password (12+ chars, upper\/lower\/number\/special).<\/li>\n\n\n\n<li>Reboot happens twice \u2013 totally normal.<\/li>\n\n\n\n<li>Install vendor firmware\/drivers; drop the <em>Solution Builder Extension<\/em> in <code>C:\\SBE<\/code> if your OEM ships one. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-install-os?view=azloc-24112\">learn.microsoft.com<\/a>)<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3. Stage 1 \u2013 Baseline Config with <strong>SConfig<\/strong><\/h3>\n\n\n\n<p>Immediately after login, SConfig pops up automatically:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Handy menu numbers\n1) Domain\/Workgroup  8) Network Settings\n7) Remote Desktop    12) Reboot\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Configure each NIC with the right VLAN\/IP, gateway and <strong>DNS that points to your AD<\/strong>.<\/li>\n\n\n\n<li>Set a valid NTP server: <code>w32tm \/config \/manualpeerlist:\"pool.ntp.org\" \/syncfromflags:manual \/update<\/code><\/li>\n\n\n\n<li>Rename the computer if you like, but <strong>do NOT join the domain yet<\/strong>. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-install-os?view=azloc-24112\">learn.microsoft.com<\/a>)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4. Stage 2 \u2013 Register Nodes with <strong>Azure Arc<\/strong><\/h3>\n\n\n\n<p>On every node (run as local admin):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># 1. Log in &amp; set context\nConnect-AzAccount -SubscriptionId \"&lt;subId&gt;\" -TenantId \"&lt;tenantId&gt;\" -DeviceCode\n$token = (Get-AzAccessToken).Token\n$id    = (Get-AzContext).Account.Id\n\n# 2. Kick off Arc bootstrap\nInvoke-AzStackHciArcInitialization `\n  -SubscriptionID \"&lt;subId&gt;\" `\n  -ResourceGroup  \"rg-azlocal\" `\n  -TenantID       \"&lt;tenantId&gt;\" `\n  -Region         \"westeurope\" `\n  -ArmAccessToken $token `\n  -AccountID      $id\n<\/code><\/pre>\n\n\n\n<p>When the script finishes, each server shows up in Azure as <strong>Machine \u2013 Azure Arc<\/strong>. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-arc-register-server-permissions?view=azloc-24112\">learn.microsoft.com<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">5. Stage 3 \u2013 Run the <strong>Azure Local Deployment Wizard<\/strong><\/h3>\n\n\n\n<p>In the Azure portal \u2192 <strong>Azure Arc | Azure Local \u2192 Get started \u2192 Deploy<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Select machines<\/strong> you just registered \u2192 <em>Install extensions<\/em> \u2192 <em>Validate<\/em>.<\/li>\n\n\n\n<li><strong>Key Vault<\/strong> \u2013 create or reuse; secrets &amp; BitLocker keys live here.<\/li>\n\n\n\n<li><strong>Networking<\/strong> \u2013 choose an <strong>Intent<\/strong> template (e.g., \u201cMgmt + Compute\u201d on two 25 Gb NICs, \u201cStorage\u201d on two RDMA NICs).<\/li>\n\n\n\n<li><strong>Management<\/strong> \u2013 point to your <strong>AD domain<\/strong>, OU, and supply deployment + identical local admin creds.<\/li>\n\n\n\n<li><strong>Security<\/strong> \u2013 pick <em>Recommended<\/em> unless you enjoy sleepless nights.<\/li>\n\n\n\n<li><strong>Volumes<\/strong> \u2013 let the wizard create one infra + one thin workload volume per node (you can fine-tune later).<\/li>\n\n\n\n<li><strong>Validation \u2192 Review + create \u2192 Create<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>Grab another coffee; single-node finishes in ~ 90 min, two-node in ~ 150 min. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deploy-via-portal?view=azloc-2505\">learn.microsoft.com<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">6. Stage 4 \u2013 Post-Deployment TLC<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Task<\/th><th>Why \/ How<\/th><\/tr><\/thead><tbody><tr><td><strong>Verify Resources<\/strong><\/td><td>Resource Group should show: 1 \u00d7 Azure Local, 1 \u00d7 Arc Resource Bridge, Key Vault, Custom Location, Storage accounts, plus one Machine resource per node. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deploy-via-portal?view=azloc-2505\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>Enable Health Alerts<\/strong><\/td><td>Turn on capacity alerts when Storage Pool hits 70 %.<\/td><\/tr><tr><td><strong>Enable RDP (if needed)<\/strong><\/td><td><code>Enter-PSSession &lt;node&gt;; Enable-ASRemoteDesktop<\/code> \u2013 disable again when done. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deploy-via-portal?view=azloc-2505\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>RBAC configuration<\/strong><\/td><td>Assign <code>Azure Stack HCI Administrator<\/code> \/ <code>VM Contributor<\/code> etc. to your ops team. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-arc-register-server-permissions?view=azloc-24112\">learn.microsoft.com<\/a>)<\/td><\/tr><tr><td><strong>Create extra volumes \/ VM images<\/strong><\/td><td>Use Arc-enabled VM or AKS-H commands once infra is green.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">7. Keeping It Fresh \u2013 Updates &amp; Upgrades<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Monthly cumulative &amp; semi-annual feature updates<\/strong> land via the <strong>Azure Update Manager<\/strong>; do <strong>not<\/strong> use SConfig, WAC or cluster-aware updating for the OS anymore. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/update\/about-updates-23h2?view=azloc-2505\">learn.microsoft.com<\/a>)<\/li>\n\n\n\n<li>Stay within <strong>6 months<\/strong> of the latest feature build; October 31 2025 is end-of-support for 23H2.<\/li>\n\n\n\n<li>The orchestrator patches OS, Arc agents and (when your OEM participates) firmware in one go<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">8. Troubleshooting &amp; \u201cOops\u201d Recovery<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Deployment failed?<\/strong> Hit <em>Resume deployment<\/em> in the portal; it\u2019s idempotent.<\/li>\n\n\n\n<li><strong>Arc registration wrong tenant?<\/strong> Only fix is to <strong>re-image<\/strong> the node. (<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-local\/deploy\/deployment-arc-register-server-permissions?view=azloc-24112\">learn.microsoft.com<\/a>)<\/li>\n\n\n\n<li><strong>Logs<\/strong> live under <code>C:\\ClusterStorage\\Volume1\\Logs<\/code> on the resource bridge VM and are downloadable from the portal.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping Up<\/h2>\n\n\n\n<p>By following the four big stages\u2014<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>OS install, <\/em><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Baseline config, <\/em><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Arc registration, <\/em><\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Portal deploymen<\/em>t<\/li>\n<\/ul>\n\n\n\n<p>You transform commodity servers into a fully Azure-managed edge cloud.<\/p>\n\n\n\n<p>Happy hybrid hacking! \ud83d\udee0\ufe0f<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the world of Azure Local! Azure Local (the artist formerly known as \u201cAzure Stack HCI\u201d) lets you run VMs, containers and a handful of PaaS services on-prem while Azure Arc keeps everything in &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1629,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[12,11],"tags":[],"class_list":["post-1627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hyper-v","category-microsoft"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.gerjon.com\/wp-content\/uploads\/2025\/06\/image.png?fit=1024%2C768&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p59CpB-qf","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1627"}],"version-history":[{"count":3,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1627\/revisions"}],"predecessor-version":[{"id":1631,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/posts\/1627\/revisions\/1631"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=\/wp\/v2\/media\/1629"}],"wp:attachment":[{"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gerjon.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}