top of page

Deploying Azure Local (Stack) HCI

  • alynpeden
  • Nov 23, 2024
  • 6 min read

Updated: Apr 23

These deployment steps are now out of date as some parts are no longer required however leaving post intact for reference but will be replaced with a V2 post coming soon


With the changes in EUC Azure Stack HCI (now Azure Local) has become a popular option and even more so now that it supports the deployment of Azure Virtual Desktop (AVD) in this post we will share our documented deployment steps for Azure stack including solutions to common errors along the way. Errors will also be shared on individual posts for ease of finding \ reading.


High Level Steps


1. Prepare Servers

  • Install Network cards, TPM modules and Storage.

  • Upgrade Firmware

  • Install HCI OS

  • Configure IP/Name

  • Enable RDP

  • Cluster Validation Tests

  • Enable Hyper-V Role

  • BitLocker Key Backup

2. Prepare AD

  • Configure On-Prem AD

3. Configure Azure

  • Enable Resource Providers

  • Register nodes wit Azure ARC

  • Create HCI Cluster

  • Create Storage Volumes

  • Create Logical Network

  • Create Monitoring Alerts

  1. Post Deployment Steps



This particular example is a 2 node cluster in switchless storage configuration deployed in the Auxilium Lab environment. You can have a maximum of 3 nodes in a switchless storage configuration before requiring a Top of Rack Switch (TOR) preferably dedicated to storage and running at 25GB



1. Prepare Servers


Pay attention to the hardware requirements and ensure you are running the latest supported firmware prior to starting. Hardware must have RDMA supported Network cards and also a trusted platform module, ensure this is also enabled in the BIOS along with secure boot.


HCI OS can be downloaded from the Azure Portal by searching for Azure Stack HCI which will soon be renamed. When you install the HCI OS configure the IP address \ DNS etc and also enable RDP to make pasting Powershell commands easier.


DO NOT Domain Join it otherwise it will fail at the deployment stage as domain join happens later.



Download Install the Vendor Network Drivers as in box drivers are not supported and validation will fail. To verify what drivers are in use on the NIC run the following Powershell commands


Get-NetworkAdapter

get-netadapter -name "Embedded LOM 1 Port 1" | select Driver*

If the provider is Microsoft the Inbox driver is being used and validation will fail.


From Powershell on the node run get-netadapterrdma to confirm it’s enabled and operational


Run Cluster Validation from the node(s)


Run the Environment Checker to identify potential issues. If using a proxy check the link for the command to set proxy.


Installing the modules

Install-Module PowerShellGet -AllowClobber -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name AzStackHci.EnvironmentChecker

Run the connectivity checker

Invoke-AzStackHciConnectivityValidation

Run the Hardware Checker

Invoke-AzStackHciHardwareValidation

Install hyper V on all nodes

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

Ensure you back up the Bitlocker key as it will be required when firmware updates are completed on the node and not having keys will likely result in data loss

Get-AsRecoveryKeyInfo | ft ComputerName, PasswordID, RecoveryKey 

Disable DCBX willing

QOS should be disabled for switchless storage mode. DCBX is enabled by default. This recommendation is not documented by Microsoft and was a recommendation after a call around storage performance.

Set-NetQoSDCBXSetting -Willing $false -Confirm:$false

  1. Prepare AD


Install the HCI PS module on a DC or PC with RSAT

Install-Module -Name AsHciADArtifactsPreCreationTool

Run the command to create the OU and Deployment account

New-HciAdObjectsPreCreation -AzureStackLCMUserCredential (Get-Credential) -AsHciOUName "OU=<OU>,OU=<OU>,DC=<Domain>,DC=<domain>"

You will be prompted for a new user account, give it a name and secure password.


NOTE Password must comply with Azure policy

You should now see the OU and Deployment account in AD



3. Configure Azure

Now that the AD prep is complete and the Nodes are passing connectivity checks its time to register the nodes with ARC and create the cluster to complete the initial build


You can find the documentation for ARC registration here


Please be aware of the Supported regions for Azure Stack HCI


Enable the following Resource Providers on your Azure subscription that will have HCI Stack deployed


Microsoft.GuestConfiguration

Microsoft.HybridCompute


Install the required modules

The following steps must be done for each node

#Register PSGallery as a trusted repo
Register-PSRepository -Default -InstallationPolicy Trusted
#Install required PowerShell modules in your node for registration
Install-Module Az.Accounts -RequiredVersion 2.13.2
Install-Module Az.Resources -RequiredVersion 6.12.0
Install-Module Az.ConnectedMachine -RequiredVersion 0.5.2
#Install Arc registration script from PSGallery
Install-Module AzsHCI.ARCinstaller
#Update AZ Modules
Update-module az*

Define Variables

#Define the subscription where you want to register your server as Arc device
$Subscription = "SubscriptionID"
#Define the resource group where you want to register your server as Arc device
$RG = "RGName"
#Define the region you will use to register your server as Arc device
$Region = "West Europe"
#Define the tenant you will use to register your server as Arc device
$Tenant = "TenantID"

Connect to Azure

#Connect to your Azure account and Subscription
Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode
#Get the Access Token for the registration
$ARMtoken = (Get-AzAccessToken).Token
#Get the Account ID for the registration
$id = (Get-AzContext).Account.Id

Note: if you get the error Get-AzAccessToken : Authentication failed against tenant run the following command and try again

Update-AzConfig -EnableLoginByWam $false

Register with ARC

#Invoke the registration script. Use a supported region.
Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region $Region -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id

*Repeat steps for each node


If you configure the stack against the wrong zone/RG you will need to unregister your server(s)


Command to Undo the registration

Remove-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id

You will now see your node(s) registered in Azure ARC. Give it 10 minutes or so before creating the cluster as the LCM extension may take some time to register.


You can now create the Cluster from the Azure portal


Basics

Subscription: Select Subscription

Resource Group: Select RG previously defined

Cluster Name: Set cluster name

Region: Select previously defined region

Key vault Name (use Existing or create new)


Add Machines - Select the machines you want to add to the cluser then select Validate Servers


If you receive the following error when doing validaiton it means the LCM extension installation has not completed ad requires more time


Exception [Arc extensions installed on Arc Machine [/subscriptions/3b0bdc2b-3dd1-4dfc-a34e-1e7a11d7aa45/resourceGroups/new/providers/Microsoft.HybridCompute/machines/HCI_Node_A] are [TelemetryAndDiagnostics, DeviceManagementExtension, EdgeRemoteSupport] while required list of mandatory arc extensions are [TelemetryAndDiagnostics, DeviceManagementExtension, LcmController]. Mandatory extensions not yet installed are [LcmController]] occured while fetching Arc extensions for Arc Machine [/subscriptions/3b0bdc2b-3dd1-4dfc-a34e-1e7a11d7aa45/resourceGroups/new/providers/Microsoft.HybridCompute/machines/HCI_Node_A]


Configuration

Source* New configuration


You can create deployment templates ideal for environments that will have multiple stack deployments


Networking


Network section allows you to configure the traffic on your nodes and what adapters are used for certain traffic as well as allowing you to team adapters. Unless you are deploying a single node you may want to separate storage traffic from management traffic.


In this section you will also need to reserve some IP addresses that are used for roles within the cluster then validate the subnet before proceeding.


Management

This is the section where you provide information created in previous steps. if passwords are incorrect the deployment will fail within a couple minutes.


Security

Recommended security settings or custom if you need to make changes.


Advanced

This section will specify how volumes are initially created. Create the required infrastructure volumes only and then review the volumes section of the documentation here to choose the appropriate configuration for your workload.


Please see blog for what not to do when creating a volume


Tags

self explanatory


Validation

at this point you will run the final validation before creating the cluster. if you receive and error relating to External Active Directory it is likely permissions on the OU which can be resolved by following instructions below;


If your validation fails at the disk section then you may need to clean the drives



Find out the disk numbers for the disks to be used as cluster storage using  Get-disk

Run the following commands against the disks and then reboot, run the invoke-azstackhcihardwarevalidation and it should now work fine.

 

set-disk -number 0 -isoffline $false

set-disk -number 1 -isoffline $false

set-disk -number 2 -isoffline $false

set-disk -number 3 -isoffline $false

set-disk -number 4 -isoffline $false

set-disk -number 5 -isoffline $false

set-disk -number 6 -isoffline $false

set-disk -number 7 -isoffline $false

 

set-disk -number 0 -isreadonly $false

set-disk -number 1 -isreadonly $false

set-disk -number 2 -isreadonly $false

set-disk -number 3 -isreadonly $false

set-disk -number 4 -isreadonly $false

set-disk -number 5 -isreadonly $false

set-disk -number 6 -isreadonly $false

set-disk -number 7 -isreadonly $false


Clear-Disk -number 0 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 1 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 2 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 3 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 4 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 5 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 6 -RemoveData -RemoveOEM -Confirm:$false

Clear-Disk -number 7 -RemoveData -RemoveOEM -Confirm:$false

 

Set-Disk -number 0 -isreadonly:$true

Set-Disk -number 1 -isreadonly:$true

Set-Disk -number 2 -isreadonly:$true

Set-Disk -number 3 -isreadonly:$true

Set-Disk -number 4 -isreadonly:$true

Set-Disk -number 5 -isreadonly:$true

Set-Disk -number 6 -isreadonly:$true

Set-Disk -number 7 -isreadonly:$true

 

Set-Disk -number 0 -isoffline:$true

Set-Disk -number 1 -isoffline:$true

Set-Disk -number 2 -isoffline:$true

Set-Disk -number 3 -isoffline:$true

Set-Disk -number 4 -isoffline:$true

Set-Disk -number 5 -isoffline:$true

Set-Disk -number 6 -isoffline:$true

Set-Disk -number 7 -isoffline:$true


Final Validation should now look like the screenshot below you can now go ahead to the summary screen and create your Azure Local cluster


Once created you are ready to go and deploy workloads onto your Azure Local cluster.



Never Miss a Post.
Subscribe Now!

Thanks for submitting!

  • Youtube
  • Grey Twitter Icon
Tech Talk Lockup.png
bottom of page