Azure Local (Azure Stack HCI) is Microsoft’s hyperconverged infrastructure solution that brings Azure services into your datacenter, combining local compute and storage with cloud‑based management and monitoring. It’s designed for organizations that want hybrid cloud flexibility without fully moving workloads to public Azure.
Note :-
A virtual deployment of Azure Local is intended for educational and Lab purposes only. Microsoft Support doesn’t support virtual deployments.
Key Features
- VM hosting: Runs Windows and Linux VMs or containerized workloads.
- Azure Arc integration: Extends Azure services (monitoring, policy, security) to local clusters.
- Storage Spaces Direct: Provides resilient, software‑defined storage across local disks.
- Validated hardware: Certified solutions from Microsoft partners ensure reliability and support.
Cluster Size Information
- Cluster size: Minimum 1 node (single‑server deployment) and maximum 16 nodes in a hyperconverged cluster.
- Recommended: At least 2 nodes for resiliency, with 3+ nodes enabling 3‑way mirroring and higher fault tolerance.
- Scaling: You can start small and expand later by adding nodes, provided hardware is validated and compatible
For more details you can refer following official doc – https://docs.azure.cn/en-us/azure-local/
For Testing/evaluation purpose you can deploy on Nested environment Hyper V and official doc
https://learn.microsoft.com/en-us/azure/azure-local/deploy/deployment-virtual?view=azloc-2511
Below are the steps for deploying two nodes in the vSphere environment :-
Azure node requirements: –
Secure Boot and Trusted Platform Module (TPM) enabled ( For the lab/test setup, we can bypass the hardware validation for TPM and ECC memory)
vCPU’s – Min Four cores.
Memory – A minimum of 24 GB
Networking – At least two network adapters connected to internal network. MAC spoofing must be enabled.
Boot disk – One disk to install the Azure Stack HCI operating system from ISO. At least 200 GB.
Hard disks for Storage Spaces Direct – Four dynamic expanding disks. Maximum disk size is 1024 GB.
Time synchronization in integration – Disabled.
Perquisites for setup
- Active directory (AD)
- Azure subscription with the below resource providers
To register, you must be an owner or contributor on your subscription. You can also ask an administrator to register.
Register-AzResourceProvider -ProviderNamespace “Microsoft.HybridCompute”
Register-AzResourceProvider -ProviderNamespace “Microsoft.GuestConfiguration”
Register-AzResourceProvider -ProviderNamespace “Microsoft.HybridConnectivity”
Register-AzResourceProvider -ProviderNamespace “Microsoft.AzureStackHCI”
Register-AzResourceProvider -ProviderNamespace “Microsoft.Kubernetes”
Register-AzResourceProvider -ProviderNamespace “Microsoft.KubernetesConfiguration”
Register-AzResourceProvider -ProviderNamespace “Microsoft.ExtendedLocation”
Register-AzResourceProvider -ProviderNamespace “Microsoft.ResourceConnector”
Register-AzResourceProvider -ProviderNamespace “Microsoft.HybridContainerService”
Register-AzResourceProvider -ProviderNamespace “Microsoft.Attestation”
Register-AzResourceProvider -ProviderNamespace “Microsoft.Storage”
Register-AzResourceProvider -ProviderNamespace “Microsoft.Insights”
Following role permissions
- Azure Stack HCI Administrator
- Reader
Permissions to the user
- Key Vault Data Access Administrator: This permission is required to manage data plane permissions to the key vault used for deployment.
- Key Vault Secrets Officer: This permission is required to read and write secrets in the key vault used for deployment.
- Key Vault Contributor: This permission is required to create the key vault used for deployment.
- Storage Account Contributor: This permission is required to create the storage account used for deployment.
Azure Local ISO
Here are the details of my environment :-
vCenter Version. -8.0.2
ESXi Version – 8.0.2
DNS/AD IP – 172.16.16.100 – azurelocal.lab
Networks
| |
Mgmt | Untagged VLAN Network |
Storage | Trunk Port |
AD/DNS preparation
Create a DNS records
Create a DNS records for nodes and cluster
Create AD OU group
Active Directory requirements for Azure Local include:
- A dedicated Organization Unit (OU).
- Group policy inheritance that is blocked for the applicable Group Policy Object (GPO).
- A user account that has all rights to the OU in the Active Directory.
- Machines must not be joined to Active Directory before deployment.
Run the following command to install the module from PowerShell Gallery:
Install-Module AsHciADArtifactsPreCreationTool -Repository PSGallery -Force
Run PowerShell as administrator.
Run the following command to create the dedicated OU.
New-HciAdObjectsPreCreation -AzureStackLCMUserCredential (Get-Credential) -AsHciOUName “<OU name or distinguished name including the domain components>”
Example :- New-HciAdObjectsPreCreation -AzureStackLCMUserCredential (Get-Credential) -AsHciOUName “OU=clusteraz,DC=azurelocal,DC=lab”
Enter the Username and password (Password – min 12 charters)
AD OU and User created Successfully.
Downloading an Azure Local ISO
Login to Azure cloud portal and under azure local download local HCI OS and upload it to vSphere Datastore.
Creating an Azure Local Node VM’s
Create 2 VMs with 5 disks, 4 NIC cards, at least 24 GB of memory, and 4 cores.
Disks: – Disk 1 – 250 for the operating system, with the remaining 4 disks for Storage Spaces Direct
NICS: – 1 and 2 are used for management, and 3 and 4 are for storage
Mount the local ISO from Azure
Similarly, create a second VM with the same resources
Installing the Azure Local
Power on VM
Click on Next
Select Disk 0 and click on Next.
Click on Install
When the installation is done, you will be asked for the password for the local administrator account. Set the password now.
In the same way, you can set up node2 VM
Preparing the Azure Local nodes
Note :- Ensure that the configuration mentioned below is done on both nodes.
Set up the IP for NIC1 management and change the names of the NICs to NIC1, NIC2, NIC3, and NIC4.
Only configure a static IP to NIC1 and leave NIC2, NIC3, and NIC4 without any IPs.
Press 8 to set the network configurations.
Change the names of the network adapters and set a static IP for NIC1 (In my environment, DHCP assigned IPs to all NICs)
Change the name of all the NIC
Type 2 to set the hostname
The hostname will be updated after the reboot. We can reboot once the VMware Tools are installed.
Disable Ipv6 for all NIC’s
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters” `
-Name “DisabledComponents” -PropertyType DWord -Value 0xFF
Turn off DHCP and clear IPs from NIC2 to NIC4. (In my setup, DHCP assigned IPs to all NICs, so I am removing the IP. If you do not use DHCP, you can ignore the step of removing IPs.)
You can use below commands to disable the DHCP and remove the IP’s
Set-NetIPInterface -InterfaceAlias “NIC2” -Dhcp Disabled
Set-NetIPInterface -InterfaceAlias “NIC3” -Dhcp Disabled
Set-NetIPInterface -InterfaceAlias “NIC4” -Dhcp Disabled
Remove-NetIPAddress -InterfaceAlias “NIC2” -Confirm:$false
Remove-NetIPAddress -InterfaceAlias “NIC3” -Confirm:$false
Remove-NetIPAddress -InterfaceAlias “NIC4” -Confirm:$false
Set the VLAN Registry key to 0 for all NICs. (In a vSphere environment, network validation will fail if the VLAN ID registry value is not set to 0.)
Create a local administrator user – Press 3
Enter the username and password (ex: user – adminuser1)
Install VMware Tools
On the vSphere VM summary, click on Install VMware Tools to mount the VMware Tools ISO.
Change to the ISO directory
cd D:
Run setup file
.\setup.exe
Reboot the Node after installation
Install windows Updates: –
Press 6 to check for and install updates
Once the update is complete, reboot the VM. After that, verify all NIC names and their configurations. Make sure NIC1 is set up with an IP address, and that NIC2, NIC3, and NIC4 are unconfigured with DHCP turned off.
Registering with Azure cloud
$Tenant = “xxx”
$Subscription = “xxx”
$RG = “Infra”
$Region = “Southeastasia”
you refer below link to check supported regions
Run the Arc registration script. The script takes a few minutes to run
#Invoke the registration script. Use a supported region.
Invoke-AzStackHciArcInitialization -TenantId $Tenant -SubscriptionID $Subscription -ResourceGroup $RG -Region $Region -Cloud “AzureCloud”
Go to the URL and authenticate using a below code
After you finish registering, you can view the azure nodes in the azure portal.
You can find both nodes in the azure nodes.
Configure Azure local node
Click on Create instance option
Choose Resource Group, input the instance name (the previous step made a cluster DNS record, use the same name), select region, set Identity provider to Active Directory, and click on the Add machine option.
Select Both machines
The necessary extension will be installed automatically on both nodes.
Below, four extensions will be installed automatically.
After the extension installation is finished, Validate selected machines.
You can create a new Key vault or use an existing one, then click next
Select new configuration and click on next
Select No switch for storage and Group management and compute traffic options
Switchless Storage (Direct Connect) – Each node’s storage NICs are directly cabled to the other nodes (no switch in between).
Small clusters (typically 2–3 nodes).
Switched Storage – Each node’s storage NICs connect to one or more Ethernet switches.
Larger clusters (up to 16 nodes).
Supports redundancy (dual switches, LACP, RDMA).
Switchless storage = direct cabling, good for small/test clusters.
Switched storage = scalable, resilient, required for larger production clusters.
Choose NIC1 and NIC2 for Compute Management, and select NIC3 and NIC4 for storage (you can use the default VLAN ID, which is created automatically by the virtual switch). Then, click on customize network settings and turn off the RDMA protocol.
The Azure local and ARC service needs 6 IP addresses.
Choose Manual and input the starting IP, ending IP, Gateway, and DNS (The starting IP is the cluster IP, and earlier steps set up a DNS record).
Set up a new Azure storage account or utilize/select an existing one.
Enter the domain, OU, and user information. (Previously, we created the OU and both an AD and a local user)
You can select customized option and deselect all security options. For lab or test setups, we can skip/ignore security configurations.
After the resource has been created, click on the Start validation option.
Validation is in progress and will take 30 minutes to 1 hour, depending on your environment. To skip ECC and TPM validation, we have to update the validation file.
After completing 2 tasks, it will download all the validation files.
Log into node1 and navigate to the configuration path
C:\NugetStore\AzStackHci.Environmentchecker.Deploy.10.2511.0.2008\content\Roles\EnvironmentValidator
Update the role.xml file
notepad.exe .\role.xml
Replace ValidateHardware with the ValidateSBHealth
Now is the time for you to relax. Validation will require some time.
After successfully completing validation, click on the Review and create option.
Click on Create option
Deployment started
It will take 1 to 2 hours for deployment, based on your environment
After the deployment is finished, you can view the machine with a connected status.
You can see below storage path details, two storage paths created
Fantastic work! The content is very useful and clearly documented. You’ve obviously put a lot of hard work into this – keep it up!🙌