Disconnected Operations for Azure Local

hciharrison Azure Local

If you’re diving into the world of hybrid cloud with Azure Local, you’ve probably heard about the Disconnected Operations feature, currently in public preview. This capability is a big deal for organizations needing to deploy and manage Azure Local instances without relying on a connection to the Azure public cloud. Whether you’re dealing with strict compliance requirements, remote locations with spotty internet, or heightened security needs, disconnected operations could be what you are looking for.

What Are Disconnected Operations?

Disconnected operations let you run Azure Local instances completely offline, meaning no dependency on the Azure public cloud. You can deploy and manage virtual machines (VMs) and containerized apps using select Azure Arc-enabled services, all from a local control plane. The best part? You still get that familiar Azure portal and CLI experience, even when you’re not connected to Azure.

To make this work, you’ll need a bit more hardware to support the local control plane. Think extra capacity for your virtual appliance. This feature is all about bringing Azure’s power to places where internet connectivity is a luxury, not wanted and not a given.

Why Go Disconnected?

So, why would you want to run Azure Local in disconnected mode? Here are some real-world scenarios where it shines:

  • Data Sovereignty and Compliance: If you’re in industries like government, healthcare, or finance, keeping data within your organization’s boundaries is non-negotiable. Disconnected operations ensure your data and control plane stay local, helping you meet stringent residency and compliance requirements.
  • Remote or Isolated Locations: Think oil rigs, manufacturing sites, or other remote spots with limited or no internet. Disconnected operations let you leverage Azure Arc services and run workloads without needing to phone home to the cloud.
  • Security First: For organizations with strict security protocols, going offline reduces your attack surface by eliminating external network exposure. It’s like putting your Azure Local instance in a digital fortress.

What Services Are Supported?

Disconnected operations for Azure Local come with a robust set of supported services, so you’re not left in the dark. Here’s what you get:

  • Azure Portal: A familiar portal experience, just like the public cloud.
  • Azure Resource Manager (ARM): Manage subscriptions, resource groups, ARM templates, and CLI commands.
  • Role-Based Access Control (RBAC): Securely manage access for subscriptions and resource groups.
  • Managed Identity: Use system-assigned managed identities for supported resource types.
  • Arc-enabled Servers: Manage guest VMs running on Azure Local.
  • Azure Local VMs: Deploy and manage Windows or Linux VMs in disconnected mode.
  • Arc-enabled Kubernetes Clusters: Connect and manage CNCF Kubernetes clusters on Azure Local VMs for unified configuration.
  • Azure Kubernetes Service (AKS) Enabled by Arc: Run AKS on Azure Local.
  • Azure Local Device Management: Add or remove nodes and manage your Azure Local instances.
  • Azure Container Registry: Store and retrieve container images and artifacts.
  • Azure Key Vault: Securely store and access secrets.
  • Azure Policy: Enforce standards when creating new resources.

Joining the Preview: What You Need

Before you get too excited, know that the disconnected operations feature is in preview, and there are some requirements to participate:

  • Enterprise Agreement: You’ll need a current enterprise agreement with Microsoft, typically spanning at least three years.
  • Legit Business Need: You must demonstrate a valid reason for running disconnected, like connectivity issues or regulatory restrictions (see the “Why Go Disconnected?” section above).
  • Technical Prerequisites: Your setup needs to meet specific technical requirements for secure and reliable operation. Check out the system requirements for details.
  • Hardware Specs: You’ll need validated Azure Local hardware. The minimum specs for disconnected operations are beefier than standard Azure Local deployments because of the local control plane. Here’s what you need:
SpecificationMinimum Configuration
Number of nodes3 nodes
Memory per node64 GB
Cores per node24 physical cores
Storage per node2 TB SSD/NVME
Boot disk drive storage960 GB SSD/NVME

Check the Azure Local solutions catalog for supported hardware configurations.

To join the preview, you ideally need to work through a Microsoft partner or System Intergrator who will submit the request to Microsoft and wait for approval. You’ll usually hear back within 10 business days with your status (approved, rejected, queued, or needs more info). If approved, you’ll get instructions on downloading and setting up disconnected operations.

How to Deploy and Manage Disconnected Operations

Here’s the high-level flow for deploying and managing Azure Local with disconnected operations:

  1. Review Known Issues: Check for any gotchas in the known issues documentation.
  2. Check Participation Criteria: Ensure you meet the preview requirements.
  3. Plan:
    • Configure network settings (network requirements).
    • Set up your identity solution (identity integration).
    • Implement security controls (security controls).
    • Configure public key infrastructure (PKI) for secure endpoints (PKI integration).
  4. Deploy:
    • Ensure you have the right access and permissions (setup guide).
    • Deploy Azure Local with disconnected operations (deployment guide).
  5. Manage:
    • Use the Azure CLI to manage your setup (CLI guide).
    • Manage Azure Local VMs (VM management).
    • Run AKS enabled by Arc (AKS guide).
    • Manage Azure Container Registry (registry guide).
    • Enforce policies with Azure Policy (policy guide).
    • Use Azure Key Vault for secrets (Key Vault guide).
    • Monitor your infrastructure and workloads (monitoring guide).
  6. Troubleshoot:
    • Collect logs on-demand or use fallback log collection (troubleshooting guide).

Why This Matters for Hybrid Cloud

Disconnected operations for Azure Local open up a world of possibilities for organisations that need to operate in challenging environments. Whether you’re ensuring compliance, working in a remote location, or prioritising security, this feature brings Azure’s power to you without the need for constant cloud connectivity. It’s a fantastic addition to the Azure Local ecosystem and aligns perfectly with the hybrid and multi-cloud strategies.

Note: This feature is only available in the latest Azure Local versions and is subject to the Supplemental Terms of Use for Microsoft Azure Previews.

Post Disclaimer

The information contained in the posts in this blog site is for general information purposes only. The information in this post "Disconnected Operations for Azure Local" is provided by "Lee Harrison's Technical Blog" and whilst we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose. Furthermore, it is always recommended that you test any related changes to your environments on non-production systems and always have a robust backup strategy in place.

Leave a Reply

Your email address will not be published. Required fields are marked *