You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-local/concepts/firewall-requirements.md
+14-13Lines changed: 14 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This topic provides guidance on firewall requirements for the Azure
4
4
author: alkohli
5
5
ms.author: alkohli
6
6
ms.topic: how-to
7
-
ms.date: 01/02/2025
7
+
ms.date: 02/14/2025
8
8
---
9
9
10
10
# Firewall requirements for Azure Local
@@ -18,7 +18,7 @@ This article also describes how to optionally use a highly locked-down firewall
18
18
If your network uses a proxy server for internet access, see [Configure proxy settings for Azure Local](../manage/configure-proxy-settings-23h2.md).
19
19
20
20
> [!IMPORTANT]
21
-
> Azure Express Route and Azure Private Link are not supported for Azure Local, version 23H2 or any of its components as it is not possible to access the public endpoints required for Azure Local, version 23H2.
21
+
> Azure Express Route and Azure Private Link are not supported for Azure Localor any of its components as it is not possible to access the public endpoints required for Azure Local.
22
22
23
23
## Firewall requirements for outbound endpoints
24
24
@@ -37,33 +37,33 @@ As shown in the following diagram, Azure Local can access Azure using more than
37
37
38
38
:::image type="content" source="./media/firewall-requirements/firewalls-diagram.png" alt-text="Diagram shows Azure Local accessing service tag endpoints through Port 443 (HTTPS) of firewalls." lightbox="./media/firewall-requirements/firewalls-diagram.png":::
39
39
40
-
## Required firewall URLs for Azure Local, version 23H2 deployments
40
+
## Required firewall URLs for Azure Local deployments
41
41
42
-
Starting with Azure Local, version 23H2, all the clusters automatically enables Azure Resource Bridge and AKS infrastructure and uses the Arc for Servers agent to connect to Azure control plane. Along with the list of HCI specific endpoints on the following table, the [Azure Resource Bridge on Azure Local](/azure/azure-arc/resource-bridge/network-requirements) endpoints, the [AKS on Azure Local](/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions) endpoints and the [Azure Arc-enabled servers](/azure/azure-arc/servers/network-requirements) endpoints must be included in the allow list of your firewall.
42
+
Starting with Azure Local, all the clusters automatically enables Azure Resource Bridge and AKS infrastructure and uses the Arc for Servers agent to connect to Azure control plane. Along with the list of HCI specific endpoints on the following table, the [Azure Resource Bridge on Azure Local](/azure/azure-arc/resource-bridge/network-requirements) endpoints, the [AKS on Azure Local](/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions) endpoints and the [Azure Arc-enabled servers](/azure/azure-arc/servers/network-requirements) endpoints must be included in the allow list of your firewall.
43
43
44
44
For a consolidated list of endpoints for East US that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
45
-
-[Required endpoints in East US for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/EastUSendpoints/eastus-hci-endpoints.md)
45
+
-[Required endpoints in East US for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/EastUSendpoints/eastus-hci-endpoints.md)
46
46
47
47
For a consolidated list of endpoints for West Europe that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
48
-
-[Required endpoints in West Europe for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/WestEuropeendpoints/westeurope-hci-endpoints.md)
48
+
-[Required endpoints in West Europe for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/WestEuropeendpoints/westeurope-hci-endpoints.md)
49
49
50
50
For a consolidated list of endpoints for Australia East that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
51
-
-[Required endpoints in Australia East for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/AustraliaEastendpoints/AustraliaEast-hci-endpoints.md)
51
+
-[Required endpoints in Australia East for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/AustraliaEastendpoints/AustraliaEast-hci-endpoints.md)
52
52
53
53
For a consolidated list of endpoints for Canada Central that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
54
-
-[Required endpoints in Canada Central for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/CanadaCentralEndpoints/canadacentral-hci-endpoints.md)
54
+
-[Required endpoints in Canada Central for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/CanadaCentralEndpoints/canadacentral-hci-endpoints.md)
55
55
56
56
For a consolidated list of endpoints for India Central that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
57
-
-[Required endpoints in India Central for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/IndiaCentralEndpoints/IndiaCentral-hci-endpoints.md)
57
+
-[Required endpoints in India Central for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/IndiaCentralEndpoints/IndiaCentral-hci-endpoints.md)
58
58
59
59
For a consolidated list of endpoints for SouthEast Asia that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
60
-
-[Required endpoints in SouthEast Asia for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/SouthEastAsiaEndpoints/southeastasia-hci-endpoints.md)
60
+
-[Required endpoints in SouthEast Asia for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/SouthEastAsiaEndpoints/southeastasia-hci-endpoints.md)
61
61
62
62
For a consolidated list of endpoints for Japan East that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
63
-
-[Required endpoints in Japan East for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/JapanEastEndpoints/japaneast-hci-endpoints.md)
63
+
-[Required endpoints in Japan East for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/JapanEastEndpoints/japaneast-hci-endpoints.md)
64
64
65
65
For a consolidated list of endpoints for South Central US that includes Azure Local, Arc-enabled servers, ARB, and AKS, use:
66
-
-[Required endpoints in South Central US for Azure Local, version 23H2](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/SouthCentralUSEndpoints/southcentralus-hci-endpoints.md)
66
+
-[Required endpoints in South Central US for Azure Local](https://github.com/Azure/AzureStack-Tools/blob/master/HCI/SouthCentralUSEndpoints/southcentralus-hci-endpoints.md)
67
67
68
68
## Firewall requirements for additional Azure services
69
69
@@ -198,4 +198,5 @@ This section shows how to configure Microsoft Defender firewall to allow IP addr
198
198
For more information, see also:
199
199
200
200
- The Windows Firewall and WinRM 2.0 ports section of [Installation and configuration for Windows Remote Management](/windows/win32/winrm/installation-and-configuration-for-windows-remote-management#windows-firewall-and-winrm-20-ports)
201
-
- See [About Azure Local, version 23H2 deployment](../deploy/deployment-introduction.md)
201
+
- See [About Azure Local deployment](../deploy/deployment-introduction.md)
@@ -96,14 +96,14 @@ To ensure adequate support and diagnosability for large memory Azure Local insta
96
96
97
97
In addition to Microsoft Azure Local updates, many OEMs also release regular updates for your Azure Local hardware, such as driver and firmware updates. To ensure that OEM package update notifications, reach your organization check with your OEM about their specific notification process.
98
98
99
-
Before deploying Azure Local, version 23H2, ensure that your hardware is up to date by:
99
+
Before deploying Azure Local, ensure that your hardware is up to date by:
100
100
101
101
- Determining the current version of your Solution Builder Extension (SBE) package.
102
102
- Finding the best method to download, install, and update your SBE package.
103
103
104
104
### OEM information
105
105
106
-
This section contains OEM contact information and links to OEM Azure Local, version 23H2 reference material.
106
+
This section contains OEM contact information and links to OEM Azure Local reference material.
107
107
108
108
| Azure Local Solution provider | Solution platform | How to configure BIOS settings | How to update firmware | How to update drivers | How to update the system after it's running |
@@ -117,11 +117,11 @@ For a comprehensive list of all OEM contact information, download the [Azure Loc
117
117
118
118
### BIOS setting
119
119
120
-
Check with your OEM regarding the necessary generic BIOS settings for Azure Local, version 23H2. These settings may include hardware virtualization, TPM enabled, and secure core.
120
+
Check with your OEM regarding the necessary generic BIOS settings for Azure Local. These settings may include hardware virtualization, TPM enabled, and secure core.
121
121
122
122
## Driver
123
123
124
-
Check with your OEM regarding the necessary drivers that need to be installed for Azure Local, version 23H2. Additionally, your OEM can provide you with their preferred installation steps.
124
+
Check with your OEM regarding the necessary drivers that need to be installed for Azure Local. Additionally, your OEM can provide you with their preferred installation steps.
125
125
126
126
### Driver installation steps
127
127
@@ -230,11 +230,11 @@ You should always follow the OEM's recommended installation steps. If the OEM's
230
230
231
231
## Firmware
232
232
233
-
Check with your OEM regarding the necessary firmware that needs to be installed for Azure Local, version 23H2. Additionally, your OEM can provide you with their preferred installation steps.
233
+
Check with your OEM regarding the necessary firmware that needs to be installed for Azure Local. Additionally, your OEM can provide you with their preferred installation steps.
234
234
235
235
## Drivers and firmware via the Windows Admin Center extension
236
236
237
-
You should always follow the OEM's recommended installation steps. With Azure Local, version 23H2, Windows Admin Center plugins can be used to install drivers and firmware. For a comprehensive list of all OEM contact information, download the [Azure Local OEM Contact](https://github.com/Azure/AzureStack-Tools/raw/master/HCI/azure-stack-hci-oem-contact-and-material.xlsx) spreadsheet.
237
+
You should always follow the OEM's recommended installation steps. With Azure Local, Windows Admin Center plugins can be used to install drivers and firmware. For a comprehensive list of all OEM contact information, download the [Azure Local OEM Contact](https://github.com/Azure/AzureStack-Tools/raw/master/HCI/azure-stack-hci-oem-contact-and-material.xlsx) spreadsheet.
This article discusses how to design and plan an Azure Local, version 23H2 system network for cloud deployment. Before you continue, familiarize yourself with the various [Azure Local networking patterns](../plan/choose-network-pattern.md) and available configurations.
15
+
This article discusses how to design and plan an Azure Local system network for cloud deployment. Before you continue, familiarize yourself with the various [Azure Local networking patterns](../plan/choose-network-pattern.md) and available configurations.
16
16
17
17
## Network design framework
18
18
@@ -412,4 +412,4 @@ Here are the summarized considerations for network adapter configuration:
412
412
413
413
## Next steps
414
414
415
-
-[About Azure Local, version 23H2 deployment](../deploy/deployment-introduction.md).
415
+
-[About Azure Local deployment](../deploy/deployment-introduction.md).
This article describes the permissions and the DNS records required for the Azure Local, version 23H2 deployment. The article also uses examples with detailed steps on how to manually assign permissions and create DNS records for your Active Directory environment.
16
+
This article describes the permissions and the DNS records required for the Azure Local instance deployment. The article also uses examples with detailed steps on how to manually assign permissions and create DNS records for your Active Directory environment.
17
17
18
18
The Azure Local solution is deployed in large Active Directories with established processes and tools for assigning permissions. Microsoft provides an [Active Directory preparation script](../deploy/deployment-prep-active-directory.md) that can be optionally used for the Azure Local deployment. The required permissions for Active Directory, the creation of the organizational unit, and blocking inheritance of GPOs - can all be also configured manually.
19
19
@@ -28,7 +28,7 @@ Here are some of the Active Directory requirements for the Azure Local deploymen
28
28
29
29
- The user (also known as deployment user) requires the necessary permissions over the dedicated OU. The user can reside anywhere in the directory.
30
30
31
-
- Blocking group policy inheritance is required to prevent any conflicts of settings coming from group policy objects. The new engine introduced with Azure Local, version 23H2 manages security defaults including the drift protection. For more information, see [Security features for Azure Local, version 23H2](../concepts/security-features.md).
31
+
- Blocking group policy inheritance is required to prevent any conflicts of settings coming from group policy objects. The new engine introduced with Azure Localmanages security defaults including the drift protection. For more information, see [Security features for Azure Local instance](../concepts/security-features.md).
32
32
33
33
- Computer account objects and cluster CNO can be [precreated](/windows-server/failover-clustering/prestage-cluster-adds) using the deployment user as an alternative to the deployment itself creating them.
34
34
@@ -116,7 +116,7 @@ nslookup "machine name"
116
116
117
117
A disjoint namespace occurs when the primary DNS suffix of one or more domain member computers doesn't match the DNS name of their Active Directory domain. For example, if a computer has a DNS name of corp.contoso.com but is part of an Active Directory domain called na.corp.contoso.com, it's using a disjoint namespace.
118
118
119
-
Before deploying Azure Local, version 23H2, you must:
119
+
Before deploying an Azure Local instance, you must:
120
120
121
121
- Append the DNS suffix to the management adapter of every node.
122
122
- Verify you can resolve the hostname to the FQDN of the Active Directory.
Copy file name to clipboardExpand all lines: azure-local/plan/three-node-switchless-two-switches-single-link.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,7 +61,7 @@ When deploying a three-node switchless configuration, Network ATC has the follow
61
61
62
62
-`StorageAutoIP` parameter must be set to false, `Switchless` parameter must be set to true, and you are responsible to specify the IPs on the ARM template used to deploy the Azure Local instance from Azure.
63
63
64
-
- For Azure Local, version 23H2 cloud deployments:
64
+
- For Azure Local cloud deployments:
65
65
66
66
- Scale out storage switchless systems aren't supported.
Copy file name to clipboardExpand all lines: azure-local/plan/three-node-switchless-two-switches-two-links.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,7 +61,7 @@ When deploying three nodes in a switchless configuration, Network ATC has the fo
61
61
62
62
-`StorageAutoIP` parameter must be set to false, `Switchless` parameter must be set to true, and you are responsible to specify the IPs on the ARM template used to deploy the Azure Local instance from Azure.
63
63
64
-
- For Azure Local, version 23H2 cloud deployments:
64
+
- For Azure Local cloud deployments:
65
65
66
66
- Scale out storage switchless systems aren't supported.
In this article, you'll learn about the two-node storage switched, fully converged with two TOR switches network reference pattern that you can use to deploy your Azure Local solution. The information in this article will also help you determine if this configuration is viable for your deployment planning needs. This article is targeted towards the IT administrators who deploy and manage Azure Local in their datacenters.
16
+
In this article, you'll learn about the two-node storage switched, fully converged with two TOR switches network reference pattern that you can use to deploy your Azure Local instance solution. The information in this article will also help you determine if this configuration is viable for your deployment planning needs. This article is targeted towards the IT administrators who deploy and manage Azure Local instance in their datacenters.
17
17
18
18
For information on other network patterns, see [Azure Local network deployment patterns](choose-network-pattern.md).
0 commit comments