Cosmos Darwin, Group PM Manager, Microsoft
November 20, 2024
Azure’s adaptive cloud approach, powered by Azure Arc, is helping over 39,000 customers unify their hybrid, multicloud, and edge infrastructure in Azure. You can use Azure Arc to apply cloud services and tools wherever you need them, from Azure’s 60+ regions to your own distributed locations. In many industries, new demands for distributed computing are emerging. Many retailers are using in-store AI inferencing to transform the shopping experience. Manufacturers are locating their critical apps in the factory to improve uptime and overall efficiency. And in regulated industries like finance, energy, and government, customers are looking for ways to leverage the cloud while keeping data and control local.
Today, we’re adding an exciting new infrastructure option with Azure Local.
Enabled by Azure Arc, Azure Local is cloud-connected infrastructure that can be deployed at your physical locations and under your operational control. With Azure Local, you can operate and scale distributed infrastructure using Azure portal and APIs. You can run the foundational Azure compute, networking, storage, and application services locally. You can choose hardware from your preferred vendor, providing flexibility to meet your requirements and budget. And by extending cloud security to your distributed locations, you can better safeguard apps and data, and protect against advanced threats.
Let’s take a closer look:
Microsoft CEO Satya Nadella announcing Azure Local at Microsoft Ignite 2024
Operate and scale with the power of the cloud
With Azure Local, you can treat physical machines like cloud resources by using Azure portal and APIs to perform lifecycle operations like deployment, configuration, updates, and monitoring. This removes the need for separate local management tools and enables a more unified approach across cloud resources and distributed locations, shifting responsibility from on-site personnel to central IT and helping reduce cost.
Azure portal workflow to deploy Azure Local
Define and deploy infrastructure from the cloud
To get started with Azure Local, simply connect one or multiple compatible machines to Azure Arc. From there, follow a simple workflow in Azure portal to create an Azure Local instance, with options to customize the cluster, networking, and storage for your environment as needed. The Azure Local software is packaged as Azure Arc extensions that are seamlessly installed onto your machines. To scale out, define your Azure Local configuration using an Azure Resource Manager (ARM) template that you can reuse repeatedly with unique parameters for each distributed location. This infrastructure-as-code approach ensures that Azure Local is configured consistently at scale.
One-click infrastructure updates
Azure Local software updates are combined into a single monthly package that covers the complete infrastructure software stack, plus OEM content like drivers and firmware for Premier solutions. You can conveniently view and manage Azure Local updates directly in Azure Update Manager, alongside other cloud resources. Select one or multiple Azure Local instances and apply updates with just a few clicks. Behind the scenes, Azure Local orchestrates moving workloads and updating each physical machine in sequence, to ensure that updates in multi-node environments are non-disruptive (workloads keep running). You always control when to apply updates.
Update multiple Azure Local instances together in Azure Update Manager
Centrally monitor all your distributed infrastructure
Azure Local integrates natively with Azure Monitor for unified observability across cloud resources and distributed locations, enabled by Azure Arc. You can monitor your distributed VMs, Kubernetes clusters, and physical infrastructure from a single pane of glass. Azure Local comes with 50+ standard Metrics, out-of-the-box Insights dashboards, and Alerts rules for the infrastructure stack. For example, track utilization of processor, memory, storage, and network capacity in Azure portal, and set up email notifications or automated actions for when hardware fails. You can fully customize what’s collected with Data Collection Rules and how it’s visualized with Workbooks.
Ready for all your apps: VMs and containers alike
Most organizations find themselves managing a sprawling variety of applications based on technologies from different eras. It can be challenging to support them all with a common infrastructure platform. Azure Local includes the foundational Azure compute, networking, storage, and Kubernetes services needed to run all your apps, VMs and containers, Windows and Linux, running side-by-side on the same physical infrastructure.
Full-featured, general-purpose VMs
Many critical workloads run as VMs. Azure Local offers general-purpose VMs with flexible sizing and configuration options to meet your application requirements. Specify the specs, networking, and storage you need, and either bring your own custom VM image or conveniently access ones from the Azure Marketplace. If your Azure Local is multi-node, VMs are highly available with real-time storage replication and automatic failover. Every new VM created through Azure Local is automatically Azure Arc enabled for VM extensions like Microsoft Defender for Servers, Azure Monitor, AD Join, Custom Script, SQL Server, and more.
Provision and manage general-purpose local VMs through Azure portal and APIs with Azure Local
NEW: Migrate from VMware to Azure Local (preview)
If you have an aging VMware by Broadcom environment, you can migrate VMs to your new Azure Local infrastructure with Azure Migrate (in preview). Using the same Azure portal and APIs as migrating to a cloud region, you can copy and convert your VMDKs to Azure Local VMs entirely on-location, with only metadata transiting the cloud. This may enable you to reduce your Broadcom footprint and licensing without costly app rewrites.
Learn more about Azure Migrate to Azure Local (preview)
Azure Kubernetes Service, built-in and included
New apps are increasingly packaged as container images. Azure Local includes the Azure Kubernetes Service (AKS), Microsoft’s managed Kubernetes solution, enabled by Azure Arc. AKS is set up automatically with each new Azure Local instance, updated automatically as part of Azure Local, and provides everything you need to support Kubernetes-based apps, like a storage (CSI) driver for Azure Local, and Microsoft-supported container host images for both Linux and Windows. You can provision and manage Kubernetes clusters with AKS-consistent Azure portal, CLI, and ARM templates, and every Kubernetes cluster is automatically Azure Arc-enabled for one-click integration with Microsoft Defender for Containers, Azure Monitor, GitOps for continuous delivery, and more.
AKS is included with Azure Local. See pricing for details.
Read the blog about what’s new for AKS enabled by Azure Arc
Use select Azure PaaS services
This foundation enables many more Azure services to work with Azure Local, including app services, data services, and AI services (preview). For example, use Azure Virtual Desktop with Azure Local to locate desktops and apps (session hosts) closer to users for reduced latency or improved interoperability with on-premises legacy systems. Azure Virtual Desktop uses and manages VMs on Azure Local just like VMs in an Azure cloud region, enabling handy features like start-on-connect and automatic scaling. Data services like SQL Managed Instance works with Azure Local, and the newly-GA service Azure IoT Operations works with Azure Local too.
Azure services that work with Azure Local enabled by Azure Arc
Finally, this week at Microsoft Ignite 2024, several new Azure AI platform capabilities are launching in private preview with Azure Local, including local AI search which enables searching private on-premises data using small and large language models with retrieval-augmented generation.
Learn more about Azure Virtual Desktop with Azure Local
Learn more about Azure IoT Operations
Read the blog about extending Azure’s AI platform
Flexibility to meet your requirements and budget
Azure Local offers flexible hardware and software options to precisely meet your requirements and budget, because infrastructure isn’t one-size-fits-all.
Choose your hardware
Azure Local works with more than 100 validated hardware platforms. Explore the solutions catalog to find solutions from your preferred vendor that have been pre-validated for compatibility. Most solutions offer multiple storage and networking options, and many support the addition of powerful GPUs like Nvidia A2, A16, and L40 which can be used to accelerate AI workloads and/or virtual desktops.
NEW: Low-spec, low-cost options for edge use cases (preview)
For situations with lighter computing requirements or budget constraints, Azure Local works with a variety of micro, tower, and rugged/industrial hardware that will be added to the solutions catalog over the coming months. The bare minimum hardware required is just one compatible machine with one additional SSD (besides boot). To provide high availability, you can connect multiple machines with simple 1 Gbps Ethernet networking, removing the need for high-speed switch(es). Compared to rack servers, this reduces the total hardware cost considerably.
Azure Local also works with or without Active Directory (in preview). If you’d prefer not to manage an on-premises Active Directory, choose the new Local identity option that uses local accounts and certificates to achieve all the same functionality as when your infrastructure is AD-joined, like VM live migration. In this option, Azure Local uses Azure Key Vault to back up your local secrets and recovery keys.
Watch the demo to see these new capabilities working together:
Sign up to preview Local identity (no Active Directory) and zero-touch provisioning
NEW: Disconnected operations for prequalified customers (preview)
The simplest way to use Azure Local is connected to an Azure region. Your apps and data reside locally; the management services and portal are in the cloud. But if regulations or other constraints prevent you from connecting, Azure Local also offers disconnected operations (in preview) for prequalified customers. In this option, you host the backend Azure portal, Azure Resource Manager, and Azure services like Key Vault yourself in your environment, packaged as a sizeable VM appliance. Doing so enables the same operational experience for VMs, Kubernetes clusters, and other resources, right down to the same APIs, without any connection to an Azure region at all.
Azure Local with disconnected operations is only available to customers who prequalify.
Watch a demo of Azure Local with disconnected operations
Learn more about disconnected operations and how to join the preview
Extend cloud security to your distributed locations
The cyber threat landscape is rapidly changing. The surface area to secure is growing ever larger, and attacks are becoming more sophisticated and persistent. Azure Local enables you to extend cloud security practices to your distributed locations, safeguard applications and data, and protect against advanced threats.
Watch the demo for an overview of security with Azure Local:
Secure by default
Azure Local is deployed with a hardened infrastructure security posture by default. Secured-Core settings are automatically applied, data is automatically encrypted, and app control is automatically enforced. In fact, machines configured for Azure Local comply with all applicable settings in the Azure security baseline, streamlining hundreds of configuration options compared to a general-purpose server with default settings.
Microsoft Defender for Cloud
To help you detect and correct drift over time, Azure Local integrates with Microsoft Defender for Cloud. This provides unified security tooling for all your resources, across cloud regions and distributed locations. In addition to workload protections for VMs and Kubernetes clusters, new built-in security recommendations cover your Azure Local infrastructure as part of the Cloud Security Posture Management plan. For example, if your hardware isn’t configured correctly, or if your storage isn’t encrypted, you’ll see it prominently within the Microsoft Defender for Cloud portal and reflected in your overall Secure Score. This makes it easy to audit and remediate your security posture at-scale across all your distributed locations.
NEW: Network segmentation (preview)
To lock down network access to resources, Azure Local will offer network security groups functionality starting. Network security groups enable you to precisely filter network traffic between VMs using inbound and outbound allow and deny rules. Rules support the full five-tuple of source IP, source port, destination IP, destination port, and protocol, and are enforced within the virtual switch at the virtual port level. Network security groups are in private preview now and will be available publicly in the upcoming 2502 release.
Manage Azure Local network security groups (preview) in Azure portal
NEW: Trusted launch (preview)
Trusted launch is a security option that hardens VMs against malware-based rootkits and boot kits. Previously available only in Azure cloud regions, Trusted launch is now available on Azure Local. With Trusted launch, VMs get a virtual Trusted Platform Module (vTPM) that enables Secure Boot and guest OS features like BitLocker data encryption. vTPM state is seamlessly preserved when the VM moves around the Azure Local cluster, enabling live migration and automatic failover. And coming soon, integrity monitoring by Azure Attestation services will extend to Azure Arc-enabled VMs on Azure Local, regularly re-verifying the entire boot chain and displaying its health in the Azure portal.
Learn more about Trusted launch with Azure Local
Get started today
For existing customers of Azure Stack HCI
There is no action required for existing customers. Simply continue applying the latest updates to transition seamlessly to Azure Local. You’ll continue to have access to the same features and functionality under the new name. In addition, you’ll see new features appear in the Azure portal over the coming months, and you’ll receive the same pricing and other enhancements as new Azure Local customers.
For new production deployments
Azure Local is generally available for production use. Version 2411 is available now. Explore the solutions catalog to find hardware from your preferred vendor and read the deployment overview to get started today. Over the coming months, we anticipate more low-spec, low-cost options will be added to the catalog.
For evaluation (virtual)
Want to try out Azure Local but don’t have hardware? Get a dedicated Azure Local sandbox in one click with Azure Arc Jumpstart. All you need is an Azure subscription to get started.
FAQ
How is Azure Local related to Azure Arc?
Azure Arc is a bridge that extends Azure to existing environments and other clouds. Azure Local is an infrastructure solution that includes all the capabilities of Azure Arc built-in and set up automatically. Use Azure Local when you need new or refreshed infrastructure at distributed locations. Use Azure Arc when your environment already has infrastructure.
Is Azure Local managed by Microsoft?
No, you own the hardware and have operational control of your Azure Local environment. Day-to-day monitoring, management, support, and other functions are surfaced through Azure tools, but actions are customer-initiated. For example, when a software update is available, a notification appears in the Azure portal, but you control when the update gets applied.
What happens to Azure Stack HCI?
Azure Stack HCI is now part of Azure Local. The same features and functionality continue to be offered under the new name. There is no action required for existing customers. Compared to before, Azure Local provides additional flexibility and features: it supports lower-spec hardware (preview), disconnected operations (preview), additional services, and more.
What happens to Azure Stack Hub and Azure Stack Edge?
Microsoft recommends Azure Local for most situations where infrastructure is needed at distributed locations. Once lower-spec hardware (preview) and disconnected operations (preview) are generally available, Azure Local will offer the same capabilities as prior Azure Stack products. Until these capabilities are generally available, there is no change to Azure Stack Hub and Azure Stack Edge: they remain available as standalone products, separate from Azure Local.
This blog appears courtesy of Microsoft.