Network reference patterns overview for Azure Local

Applies to: Azure Local, versions 23H2 and 22H2

Important

Azure Stack HCI is now part of Azure Local. Product documentation renaming is in progress. Textual changes are complete, and visual updates will be finalized soon. Learn more.

In this article, gain an overview understanding for deploying network reference patterns on Azure Local.

A deployment consists of single-node or multiple node systems (up to 16 machines per system) that connect to one or two Top of Rack (TOR) switches. Those environments have the following characteristics:

  • At least two network adapter ports dedicated for storage traffic intent. The only exception to this rule is single-node deployments, where network adapters for storage aren't required if you aren't planning to scale out the system in the future.

  • One or two network adapter ports dedicated to management and compute traffic intents.

Storage switchless connectivity considerations

The following highlights some considerations of using switchless configurations:

  • Storage switchless deployments in Azure Local, version 23H2 only support 1,2 or 3 nodes.

  • Scale out operations on storage switchless deployments from Azure portal or ARM aren't supported in Azure Local, version 23H2 systems.

  • No switch is necessary for in-system (East-West) traffic; however, a physical switch is required for traffic outside the system (North-South).

  • Network ATC doesn't support storage network autoIP on 3 nodes switchless deployments. Planning is required for IP and subnet addressing schemes.

  • Storage adapters are single-purpose interfaces. Management, compute, stretched cluster, and other traffic requiring North-South communication can't use the storage network adapters.

  • As the number of nodes in the system grows beyond two nodes, the cost of network adapters could exceed the cost of using network switches.

  • Beyond a three-node system, cable management complexity grows.

For more information, see Physical network requirements for Azure Local.

Firewall requirements

Azure Local requires periodic connectivity to Azure. If your organization's outbound firewall is restricted, you would need to include firewall requirements for outbound endpoints and internal rules and ports. There are required and recommended endpoints for the Azure Local core components, which include system creation, registration and billing, Microsoft Update, and cloud witness.

See the firewall requirements for a complete list of endpoints. Make sure to include these required URLS in your allowed list. Proper network ports need to be opened between all machines both within a site and between sites (for stretched clusters).

Azure Local connectivity validator of the Environment Checker tool, checks for the outbound connectivity requirement by default during deployment. Additionally, you can run the Environment Checker tool standalone before, during, or after deployment to evaluate the outbound connectivity of your environment.

A best practice is to have all relevant endpoints in a data file that can be accessed by the environment checker tool. The same file can also be shared with your firewall administrator to open up the necessary ports and URLs.

For more information, see Firewall requirements.

Next steps