Plan to deploy Network Controller on Azure Local, version 23H2
Applies to: Azure Local, version 23H2
Planning to deploy Network Controller via Windows Admin Center requires a set of virtual machines (VMs) running the Azure Stack HCI operating system. Network Controller is a highly available and scalable server role that requires a minimum of three VMs to provide high availability on your network.
Note
We recommend that you deploy Network Controller on its own dedicated VMs.
Network Controller requirements
The following are required before you deploy the Network Controller:
A virtual hard disk (VHDX) for the Azure Stack HCI operating system, version 23H2 to create Network Controller VMs. Download the VHDX file.
A domain name and credentials to join Network Controller VMs to a domain. These are the same domain name and credentials that were used for management settings during the Azure Local deployment via Azure portal.
At least one virtual switch that you configure using the Cluster Creation wizard in Windows Admin Center. If using a single network intent for management and compute, you can also use the default switch created during the Azure Local deployment.
A physical network configuration that matches one of the Supported topology options for Azure Local, version 23H2 deployment.
You can also team the management physical adapters to use the same management switch. In this case, we still recommend using one of supported topology options.
Management network information that Network Controller uses to communicate with Windows Admin Center and the Hyper-V hosts.
Either DHCP-based or static network-based addressing for Network Controller VMs.
The Representational State Transfer (REST) fully qualified domain name (FQDN) for Network Controller that the management clients use to communicate with the Network Controller.
Note
Windows Admin Center currently does not support Network Controller authentication, either for communication with REST clients or communication between Network Controller VMs. You can use Kerberos-based authentication if you use PowerShell to deploy and manage it.
Dynamic DNS updates
You can deploy Network Controller cluster nodes on either the same subnet or different subnets. If you plan to deploy Network Controller cluster nodes on different subnets, you must provide the Network Controller REST DNS name during the deployment process.
Note
If you've deployed your Network Controllers with static IP addresses for your REST API services, there's no need to enable dynamic DNS.
Enable dynamic DNS updates for a zone
To enable dynamic DNS updates for a zone, follow these steps:
- On the DNS server, open the DNS Manager console.
- In the left pane, select Forward Lookup Zones.
- Right-click the zone that hosts the Network Controller name record, then select Properties.
- On the General tab, next to Dynamic updates, select Secure only.
Restrict dynamic updates to Network Controller nodes
To restrict dynamic updates of the Network Controller name record to only Network Controller nodes, follow these steps:
- On the DNS server, open the DNS Manager console.
- In the left pane, select Forward Lookup Zones.
- Right-click the zone that hosts the Network Controller name record, then select Properties.
- On the Security tab, select Advanced.
- Select Add.
- Choose Select a principal.
- In the Select User, Computer, Service Account, or Group dialog box, select Object Types. Check Computers and select OK.
- In the Select User, Computer, Service Account, or Group dialog box, enter the computer name of one of the Network Controller nodes and select OK.
- In Type, select Allow.
- In Permissions, check Full Control.
- Select OK.
- Repeat Steps 5 to 11 for all computers in the Network Controller cluster.
Next steps
Now you’re ready to deploy Network Controller on VMs.