Plan to deploy Network Controller
Applies to: Azure Stack HCI, versions 22H2 and 21H2; Windows Server 2022, Windows Server 2019, Windows Server 2016
Important
Azure Stack HCI is now part of Azure Local. Product documentation renaming is in progress. However, older versions of Azure Stack HCI, for example 22H2 will continue to reference Azure Stack HCI and won't reflect the name change. Learn more.
Planning to deploy Network Controller via Windows Admin Center requires a set of virtual machines (VMs) running the Azure Stack HCI or Windows Server operating system. Network Controller is a highly available and scalable server role that requires a minimum of three VMs to provide high availability on your network.
Note
We recommend deploying Network Controller on its own dedicated VMs.
Network Controller requirements
The following is required to deploy Network Controller:
A virtual hard disk (VHD) for the Azure Stack HCI operating system to create Network Controller VMs.
A domain name and credentials to join Network Controller VMs to a domain.
At least one virtual switch that you configure using the Cluster Creation wizard in Windows Admin Center.
A physical network configuration that matches one of the topology options in this section.
Windows Admin Center creates the configuration within the Hyper-V host. However, the management network must connect to the host physical adapters according to one of the following three options:
Option 1: The management network is physically separated from the workload networks. This option uses a single virtual switch for both compute and storage:
Option 2: The management network is physically separated from the workload networks. This option uses a single virtual switch for compute only:
Option 3: The management network is physically separated from the workload networks. This option uses two virtual switches, one for compute, and one for storage:
You can also team the management physical adapters to use the same management switch. In this case, we still recommend using one of options in this section.
Management network information that Network Controller uses to communicate with Windows Admin Center and the Hyper-V hosts.
Either DHCP-based or static network-based addressing for Network Controller VMs.
The Representational State Transfer (REST) fully qualified domain name (FQDN) for Network Controller that the management clients use to communicate with the Network Controller.
Note
Windows Admin Center currently does not support Network Controller authentication, either for communication with REST clients or communication between Network Controller VMs. You can use Kerberos-based authentication if you use PowerShell to deploy and manage it.
Dynamic DNS updates
You can deploy Network Controller cluster nodes on either the same subnet or different subnets. If you plan to deploy Network Controller cluster nodes on different subnets, you must provide the Network Controller REST DNS name during the deployment process.
Note
If you've deployed your Network Controllers with static IP addresses for your REST API services, there's no need to enable dynamic DNS.
Enable dynamic DNS updates for a zone
To enable dynamic DNS updates for a zone, follow these steps:
- On the DNS server, open the DNS Manager console.
- In the left pane, select Forward Lookup Zones.
- Right-click the zone that hosts the Network Controller name record, then click Properties.
- On the General tab, next to Dynamic updates, select Secure only.
Restrict dynamic updates to Network Controller nodes
To restrict dynamic updates of the Network Controller name record to only Network Controller nodes, follow these steps:
- On the DNS server, open the DNS Manager console.
- In the left pane, select Forward Lookup Zones.
- Right-click the zone that hosts the Network Controller name record, then click Properties.
- On the Security tab, select Advanced.
- Select Add.
- Choose Select a principal.
- In the Select User, Computer, Service Account, or Group dialog box, select Object Types. Check Computers and click OK.
- In the Select User, Computer, Service Account, or Group dialog box, enter the computer name of one of the Network Controller nodes and click OK.
- In Type, select Allow.
- In Permissions, check Full Control.
- Click OK.
- Repeat Steps 5 to 11 for all computers in the Network Controller cluster.
Next steps
Now you’re ready to deploy Network Controller on VMs.