You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-stack/includes/operator-note-owa.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,12 +3,12 @@ author: sethmanheim
3
3
ms.author: sethm
4
4
ms.service: azure-stack
5
5
ms.topic: include
6
-
ms.date: 01/15/2025
6
+
ms.date: 01/23/2025
7
7
ms.lastreviewed: 12/2/2020
8
8
9
9
---
10
10
11
11
::: moniker range=">=azs-2005"
12
12
> [!NOTE]
13
-
> You can also use the The Operator Access Workstation (OAW) to access the privileged endpoint (PEP), the Administrator portal for support scenarios, and Azure Stack Hub GitHub Tools. For more information, see [Azure Stack Hub Operator Access Workstation](../operator/operator-access-workstation.md).
13
+
> You can also use the The Operator Access Workstation (OAW) to access the privileged endpoint (PEP), the administrator portal for support scenarios, and Azure Stack Hub GitHub Tools. For more information, see [Azure Stack Hub Operator Access Workstation](../operator/operator-access-workstation.md).
Copy file name to clipboardExpand all lines: azure-stack/operator/azure-stack-disconnected-deployment.md
+23-22Lines changed: 23 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,9 +3,8 @@ title: Azure disconnected deployment decisions for Azure Stack Hub integrated sy
3
3
description: Learn about Azure disconnected deployment of Azure Stack Hub integrated systems and the planning decisions to consider.
4
4
author: sethmanheim
5
5
ms.topic: conceptual
6
-
ms.date: 05/10/2022
6
+
ms.date: 01/22/2025
7
7
ms.author: sethm
8
-
ms.reviewer: wfayed
9
8
ms.lastreviewed: 11/01/2019
10
9
11
10
# Intent: As an Azure Stack operator, I want to know the planning decisions for deploying Azure Stack integrated systems disconnected from Azure.
@@ -15,44 +14,46 @@ ms.lastreviewed: 11/01/2019
15
14
16
15
17
16
# Azure disconnected deployment planning decisions for Azure Stack Hub integrated systems
18
-
After you've decided [how you'll integrate Azure Stack Hub into your hybrid cloud environment](azure-stack-connection-models.md), you can finish your Azure Stack Hub deployment decisions.
17
+
18
+
After you decide [how to integrate Azure Stack Hub into your hybrid cloud environment](azure-stack-connection-models.md), you can finish your Azure Stack Hub deployment decisions.
19
19
20
20
You can deploy and use Azure Stack Hub without a connection to the internet. However, with a disconnected deployment, you're limited to an Active Directory Federation Services (AD FS) identity store and the capacity-based billing model. Because multitenancy requires the use of Microsoft Entra ID, multitenancy isn't supported for disconnected deployments.
21
21
22
22
Choose this option if:
23
+
23
24
- You have security or other restrictions that require you to deploy Azure Stack Hub in an environment that isn't connected to the internet.
24
25
- You want to block data (including usage data) from being sent to Azure.
25
26
- You want to use Azure Stack Hub purely as a private cloud solution that's deployed to your corporate intranet, and aren't interested in hybrid scenarios.
26
27
27
28
> [!TIP]
28
-
> Sometimes, this kind of environment is also referred to as a *submarine scenario*.
29
+
> This type of environment is also referred to as a *submarine scenario*.
29
30
30
-
A disconnected deployment doesn't restrict you from later connecting your Azure Stack Hub instance to Azure for hybrid tenant VM scenarios. It means that you don't have connectivity to Azure during deployment or you don't want to use Microsoft Entra ID as your identity store.
31
+
A disconnected deployment doesn't restrict you from later connecting your Azure Stack Hub instance to Azure for hybrid tenant VM scenarios. It means that you don't have connectivity to Azure during deployment, or you don't want to use Microsoft Entra ID as your identity store.
32
+
33
+
## Features that are impaired or unavailable in disconnected deployments
31
34
32
-
## Features that are impaired or unavailable in disconnected deployments
33
35
Azure Stack Hub was designed to work best when connected to Azure, so it's important to note that there are some features and functionality that are either impaired or completely unavailable in the disconnected mode.
34
36
35
37
|Feature|Impact in Disconnected mode|
36
38
|-----|-----|
37
39
|VM deployment with DSC extension to configure VM post deployment|Impaired - DSC extension looks to the internet for the latest WMF.|
38
-
|VM deployment with Docker Extension to run Docker commands|Impaired - Docker will check the internet for the latest version and this check will fail.|
39
-
|Documentation links in the Azure Stack Hub Portal|Unavailable - Links like Give Feedback, Help, and Quickstart that use an internet URL won't work.|
40
-
|Alert remediation/mitigation that references an online remediation guide|Unavailable - Any alert remediation links that use an internet URL won't work.|
41
-
|Marketplace - The ability to select and add Gallery packages directly from Azure Marketplace|Impaired - When you deploy Azure Stack Hub in a disconnected mode, you can't download marketplace items by using the Azure Stack Hub portal. However, you can use the [marketplace syndication tool](azure-stack-download-azure-marketplace-item.md) to download the marketplace items to a machine that has internet connectivity and then transfer them to your Azure Stack Hub environment.|
40
+
|VM deployment with Docker Extension to run Docker commands|Impaired - Docker checks the internet for the latest version and this check fails.|
41
+
|Documentation links in the Azure Stack Hub Portal|Unavailable - Links like Give Feedback, Help, and Quickstart that use an internet URL don't work.|
42
+
|Alert remediation/mitigation that references an online remediation guide|Unavailable - Any alert remediation links that use an internet URL don't work.|
43
+
|Marketplace - The ability to select and add Gallery packages directly from Azure Marketplace|Impaired - When you deploy Azure Stack Hub in a disconnected mode, you can't download marketplace items using the Azure Stack Hub portal. However, you can use the [marketplace syndication tool](azure-stack-download-azure-marketplace-item.md) to download the marketplace items to a machine that has internet connectivity and then transfer them to your Azure Stack Hub environment.|
42
44
|Using Microsoft Entra federation accounts to manage an Azure Stack Hub deployment|Unavailable - This feature requires connectivity to Azure. AD FS with a local Active Directory instance must be used instead.|
43
45
|App Services|Impaired - WebApps may require internet access for updated content.|
44
46
|Command Line Interface (CLI)|Impaired - CLI has reduced functionality for authentication and provisioning of service principals.|
45
-
|Visual Studio - Cloud discovery|Impaired - Cloud Discovery will either discover different clouds or won't work at all.|
46
-
|Visual Studio - AD FS|Impaired - Only Visual Studio Enterprise and Visual Studio Code support AD FS authentication.
47
-
Telemetry|Unavailable - Telemetry data for Azure Stack Hub and any third-party gallery packages that depend on telemetry data.|
48
-
|Certificate Authority (CA)|**Public/external Certificate Authority (CA)**<br>Unavailable – Deployment will fail if certificates were issued from a public CA, as internet connectivity is required to access the Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) services in the context of HTTPS.<br><br>**Private/internal Certificate Authority (CA)**<br>No impact - In cases where the deployment uses certificates issued by a private CA, such as an internal CA within an organization, only internal network access to the CRL endpoint is required. Internet connectivity is not required, but **you should verify that your Azure Stack Hub infrastructure has the required network access to contact the CRL endpoint defined in the certificates CDP extension.**|
49
-
|Key Vault|Impaired - A common use case for Key Vault is to have an app read secrets at runtime. For this use case, the app needs a service principal in the directory. In Microsoft Entra ID, regular users (non-admins) are by default allowed to add service principals. In Microsoft Entra ID (using AD FS), they're not. This impairment places a hurdle in the end-to-end experience because one must always go through a directory admin to add any app.
50
-
|Containers|Impaired - Unable to import container images in disconnected mode from an Azure Container Registry in Azure public or another accessible registry. See FAQ entry at [Azure Container Registry on Azure Stack Hub](/azure-stack/user/container-registry-faq#how-do-i-push-a-container-image-in-azure-container-registry-to-a-disconnected-azure-stack-hub-deployment-running-kubernetes-) for information on how to import container images in Azure Container Registry to a disconnected Azure Stack Hub deployment running Kubernetes.
51
-
52
-
## Learn more
53
-
- For information about use cases, purchasing, partners, and OEM hardware vendors, see the [Azure Stack Hub](https://azure.microsoft.com/overview/azure-stack/) product page.
54
-
- For information about the roadmap and geo-availability for Azure Stack Hub integrated systems, see the white paper: [Azure Stack Hub: An extension of Azure](https://azure.microsoft.com/resources/videos/azure-friday-azure-stack-an-extension-of-azure/).
55
-
- To learn more about Microsoft Azure Stack Hub packaging and pricing, [download the .pdf](https://azure.microsoft.com/resources/azure-stack-hub-licensing-packaging-pricing-guide/).
47
+
|Visual Studio - Cloud discovery|Impaired - Cloud Discovery either discovers different clouds or doesn't work at all.|
48
+
|Visual Studio - AD FS|Impaired - Only Visual Studio Enterprise and Visual Studio Code support AD FS authentication.|
49
+
|Telemetry|Unavailable - Telemetry data for Azure Stack Hub and any third-party gallery packages that depend on telemetry data.|
50
+
|Certificate Authority (CA)|**Public/external Certificate Authority (CA)**<br>Unavailable – Deployment fails if certificates were issued from a public CA, as internet connectivity is required to access the Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) services in the context of HTTPS.<br><br>**Private/internal Certificate Authority (CA)**<br>No impact - In cases where the deployment uses certificates issued by a private CA, such as an internal CA within an organization, only internal network access to the CRL endpoint is required. Internet connectivity is not required, but you should verify that your Azure Stack Hub infrastructure has the required network access to contact the CRL endpoint defined in the certificates CDP extension.|
51
+
|Key Vault|Impaired - A common use case for Key Vault is to have an app read secrets at runtime. For this use case, the app needs a service principal in the directory. In Microsoft Entra ID, regular users (non-admins) are by default allowed to add service principals. In Microsoft Entra ID (using AD FS), they're not. This impairment places a hurdle in the end-to-end experience because one must always go through a directory admin to add any app.|
52
+
|Containers|Impaired - Unable to import container images in disconnected mode from an Azure Container Registry in Azure public or another accessible registry. See the FAQ entry at [Azure Container Registry on Azure Stack Hub](/azure-stack/user/container-registry-faq#how-do-i-push-a-container-image-in-azure-container-registry-to-a-disconnected-azure-stack-hub-deployment-running-kubernetes-) for information about how to import container images in Azure Container Registry to a disconnected Azure Stack Hub deployment running Kubernetes.|
- For information about use cases, purchasing, partners, and OEM hardware vendors, see the [Azure Stack Hub product page](https://azure.microsoft.com/overview/azure-stack/).
57
+
- For information about the roadmap and geo-availability for Azure Stack Hub integrated systems, see [Azure Stack Hub: An extension of Azure](https://azure.microsoft.com/resources/videos/azure-friday-azure-stack-an-extension-of-azure/).
58
+
- For information about Microsoft Azure Stack Hub packaging and pricing, [download the .pdf pricing guide](https://azure.microsoft.com/resources/azure-stack-hub-licensing-packaging-pricing-guide/).
0 commit comments