Deploy SDN using Windows Admin Center for Azure Local

Applies to: Azure Local, version 23H2

This article describes how to deploy Software Defined Networking (SDN) through Windows Admin Center after you deployed your Azure Local, version 23H2 via the Azure portal.

Windows Admin Center enables you to deploy all the SDN infrastructure components on your existing Azure Local, in the following deployment order:

  • Network Controller
  • Software Load Balancer (SLB)
  • Gateway

Alternatively, you can deploy the entire SDN infrastructure through the SDN Express scripts.

You can also deploy an SDN infrastructure using System Center Virtual Machine Manager (VMM). For more information, see Manage SDN resources in the VMM fabric.

Important

If you are deploying SDN on an Azure Local, version 23H2, ensure that all the applicable SDN infrastructure VMs (Network Controller, Software Load Balancers, Gateways) are on the latest Windows Update patch. You can initiate the update from the SConfig UI on the machines. Without the latest patches, connectivity issues may arise. For more information about updating the SDN infrastructure, see Update SDN infrastructure for Azure Local.

Before you begin

Before you begin an SDN deployment, plan out and configure your physical and host network infrastructure. Reference the following articles:

Requirements

The following requirements must be met for a successful SDN deployment:

  • All machines must have Hyper-V enabled.
  • Active Directory must be prepared. For more information, see Prepare Active Directory.
  • All machines must be joined to Active Directory.
  • A virtual switch must be created. You can use the default switch created for Azure Local. You may need to create separate switches for compute traffic and management traffic, for example.
  • The physical network must be configured.

Download the VHDX file

SDN uses a VHDX file containing either the Azure Stack HCI or Windows Server operating system (OS) as a source for creating the SDN virtual machines (VMs).

Note

The version of the OS in your VHDX must match the version used by the Azure Local Hyper-V machines. This VHDX file is used by all SDN infrastructure components.

To download an English-language version of the VHDX file, see Download the operating system from the Azure portal. Make sure to select English VHDX from the Choose language dropdown list.

Currently, a non-English VHDX file isn't available for download. If you require a non-English version, download the corresponding ISO file and convert it to VHDX using the Convert-WindowsImage cmdlet. You must run this script from a Windows client computer. You'll probably need to run this script as Administrator and modify the execution policy for scripts using the Set-ExecutionPolicy command.

The following syntax shows an example of using Convert-WindowsImage:

Install-Module -Name Convert-WindowsImage
Import-Module Convert-WindowsImage

$wimpath = "E:\sources\install.wim"
$vhdpath = "D:\temp\AzureStackHCI.vhdx"
$edition=1
Convert-WindowsImage -SourcePath $wimpath -Edition $edition -VHDPath $vhdpath -SizeBytes 500GB -DiskLayout UEFI

Deploy SDN Network Controller

SDN Network Controller deployment is a functionality of the SDN Infrastructure extension in Windows Admin Center. Complete the following steps to deploy Network Controller on your existing Azure Local.

  1. In Windows Admin Center, under Tools, select Settings, and then select Extensions.

  2. On the Installed Extensions tab, verify that the SDN Infrastructure extension is installed. If not, install it.

  3. In Windows Admin Center, under Tools, select SDN Infrastructure, then select Get Started.

  4. Under Cluster settings, under Host, enter a name for the Network Controller. This is the DNS name used by management clients (such as Windows Admin Center) to communicate with Network Controller. You can also use the default populated name.

    SDN deployment wizard in Windows Admin Center

  5. Specify a path to the Azure Local VHD file. Use Browse to find it quicker.

  6. Specify the number of VMs to be dedicated for Network Controller. We strongly recommend three VMs for production deployments.

  7. Under Network, enter the VLAN ID of the management network. Network Controller needs connectivity to same management network as the Hyper-V hosts so that it can communicate and configure the hosts.

  8. For VM network addressing, select either DHCP or Static.

    • For DHCP, enter the name for the Network Controller VMs. You can also use the default populated names.

    • For Static, do the following:

      1. Specify an IP address.
      2. Specify a subnet prefix.
      3. Specify the default gateway.
      4. Specify one or more DNS servers. Select Add to add additional DNS servers.
  9. Under Credentials, enter the username and password used to join the Network Controller VMs to the cluster domain.

    Note

    You must enter the username in the following format: domainname\username. For example, if the domain is contoso.com, enter the username as contoso\<username>. Don't use formats like contoso.com\<username> or username@contoso.com.

  10. Enter the local administrator password for these VMs.

  11. Under Advanced, enter the path to the VMs. You can also use the default populated path.

    Note

    Universal Naming Convention (UNC) paths aren't supported. For cluster storage-based paths, use a format like C:\ClusterStorage\....

  12. Enter values for MAC address pool start and MAC address pool end. You can also use the default populated values. This is the MAC pool used to assign MAC addresses to VMs attached to SDN networks.

  13. When finished, select Next: Deploy.

  14. Wait until the wizard completes its job. Stay on this page until all progress tasks are complete, and then select Finish.

  15. After the Network Controller VMs are created, configure dynamic DNS updates for the Network Controller cluster name on the DNS server. For more information, see Dynamic DNS updates.

Redeploy SDN Network Controller

If the Network Controller deployment fails or you want to deploy it again, do the following:

  1. Delete all Network Controller VMs and their VHDs from all the Azure Local machines.

  2. Remove the following registry key from all hosts by running this command:

     Remove-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\NcHostAgent\Parameters\' -Name Connections
    
  3. After removing the registry key, remove Azure Local from the Windows Admin Center management, and then add it back.

    Note

    If you don't do this step, you may not see the SDN deployment wizard in Windows Admin Center.

  4. (Additional step only if you plan to uninstall Network Controller and not deploy it again) Run the following cmdlet on all the machines in your Azure Local, and then skip the last step.

    Disable-VMSwitchExtension -VMSwitchName "<Compute vmswitch name>" -Name "Microsoft Azure VFP Switch Extension"
    
  5. Run the deployment wizard again.

Deploy SDN Software Load Balancer

SDN SLB deployment is a functionality of the SDN Infrastructure extension in Windows Admin Center. Complete the following steps to deploy SLB on your existing Azure Local.

Note

Network Controller must be set up before you configure SLB.

  1. In Windows Admin Center, under Tools, select Settings, and then select Extensions.

  2. On the Installed Extensions tab, verify that the SDN Infrastructure extension is installed. If not, install it.

  3. In Windows Admin Center, under Tools, select SDN Infrastructure, then select Get Started on the Load Balancer tab.

  4. Under Load Balancer Settings, under Front-End subnets, provide the following:

    • Public VIP subnet prefix. This could be public Internet subnets. They serve as the front end IP addresses for accessing workloads behind the load balancer, which use IP addresses from a private backend network.

    • Private VIP subnet prefix. These don’t need to be routable on the public Internet because they are used for internal load balancing.

  5. Under BGP Router Settings, enter the SDN ASN for the SLB. This ASN is used to peer the SLB infrastructure with the Top of the Rack switches to advertise the Public VIP and Private VIP IP addresses.

  6. Under BGP Router Settings, enter the IP Address and ASN of the Top of Rack switch. SLB infrastructure needs these settings to create a BGP peer with the switch. If you have an additional Top of Rack switch that you want to peer the SLB infrastructure with, add IP Address and ASN for that switch as well.

  7. Under VM Settings, specify a path to the Azure Local VHDX file. Use Browse to find it quicker.

  8. Specify the number of VMs to be dedicated for software load balancing. We strongly recommend at least two VMs for production deployments.

  9. Under Network, enter the VLAN ID of the management network. SLB needs connectivity to same management network as the Hyper-V hosts so that it can communicate and configure the hosts.

  10. For VM network addressing, select either DHCP or Static.

    • For DHCP, enter the name for the Network Controller VMs. You can also use the default populated names.

    • For Static, do the following:

      1. Specify an IP address.
      2. Specify a subnet prefix.
      3. Specify the default gateway.
      4. Specify one or more DNS servers. Select Add to add additional DNS servers.
  11. Under Credentials, enter the username and password that you used to join the Software Load Balancer VMs to the cluster domain.

    Note

    You must enter the username in the following format: domainname\username. For example, if the domain is contoso.com, enter the username as contoso\<username>. Don't use formats like contoso.com\<username> or username@contoso.com.

  12. Enter the local administrative password for these VMs.

  13. Under Advanced, enter the path to the VMs. You can also use the default populated path.

    Note

    Universal Naming Convention (UNC) paths aren't supported. For cluster storage-based paths, use a format like C:\ClusterStorage\....

  14. When finished, select Next: Deploy.

  15. Wait until the wizard completes its job. Stay on this page until all progress tasks are complete, and then select Finish.

Deploy SDN Gateway

SDN Gateway deployment is a functionality of the SDN Infrastructure extension in Windows Admin Center. Complete the following steps to deploy SDN Gateways on your existing Azure Local.

Note

Network Controller and SLB must be set up before you configure Gateways.

  1. In Windows Admin Center, under Tools, select Settings, then select Extensions.

  2. On the Installed Extensions tab, verify that the SDN Infrastructure extension is installed. If not, install it.

  3. In Windows Admin Center, under Tools, select SDN Infrastructure, then select Get Started on the Gateway tab.

  4. Under Define the Gateway Settings, under Tunnel subnets, provide the GRE Tunnel Subnets. IP addresses from this subnet are used for provisioning on the SDN gateway VMs for GRE tunnels. If you don't plan to use GRE tunnels, put any placeholder subnets in this field.

  5. Under BGP Router Settings, enter the SDN ASN for the Gateway. This ASN is used to peer the gateway VMs with the Top of the Rack switches to advertise the GRE IP addresses. This field is auto populated to the SDN ASN used by SLB.

  6. Under BGP Router Settings, enter the IP Address and ASN of the Top of Rack switch. Gateway VMs need these settings to create a BGP peer with the switch. These fields are auto populated from the SLB deployment wizard. If you have an additional Top of Rack switch that you want to peer the gateway VMs with, add IP Address and ASN for that switch as well.

  7. Under Define the Gateway VM Settings, specify a path to the Azure Local VHDX file. Use Browse to find it quicker.

  8. Specify the number of VMs to be dedicated for gateways. We strongly recommend at least two VMs for production deployments.

  9. Enter the value for Redundant Gateways. Redundant gateways don't host any gateway connections. In event of failure or restart of an active gateway VM, gateway connections from the active VM are moved to the redundant gateway and the redundant gateway is then marked as active. In a production deployment, we strongly recommend that you have at least one redundant gateway.

    Note

    Ensure that the total number of gateway VMs is at least one more than the number of redundant gateways. Otherwise, you won't have any active gateways to host gateway connections.

  10. Under Network, enter the VLAN ID of the management network. Gateways needs connectivity to same management network as the Hyper-V hosts and Network Controller VMs.

  11. For VM network addressing, select either DHCP or Static.

    • For DHCP, enter the name for the Gateway VMs. You can also use the default populated names.

    • For Static, do the following:

      1. Specify an IP address.
      2. Specify a subnet prefix.
      3. Specify the default gateway.
      4. Specify one or more DNS servers. Select Add to add additional DNS servers.
  12. Under Credentials, enter the username and password used to join the Gateway VMs to the cluster domain.

    Note

    You must enter the username in the following format: domainname\username. For example, if the domain is contoso.com, enter the username as contoso\<username>. Don't use formats like contoso.com\<username> or username@contoso.com.

  13. Enter the local administrative password for these VMs.

  14. Under Advanced, provide the Gateway Capacity. It is auto populated to 10 Gbps. Ideally, you should set this value to approximate throughput available to the gateway VM. This value may depend on various factors, such as physical NIC speed on the host machine, other VMs on the host machine and their throughput requirements.

    Note

    Universal Naming Convention (UNC) paths aren't supported. For cluster storage-based paths, use a format like C:\ClusterStorage\....

  15. Enter the path to the VMs. You can also use the default populated path.

  16. When finished, select Next: Deploy the Gateway.

  17. Wait until the wizard completes its job. Stay on this page until all progress tasks are complete, and then select Finish.

Next steps