What's new in Azure Stack HCI, version 23H2

Applies to: Azure Stack HCI, version 23H2

This article lists the various features and improvements that are available in Azure Stack HCI, version 23H2.

Azure Stack HCI, version 23H2 is the latest version of the Azure Stack HCI solution. This version focuses on cloud-based deployment and updates, cloud-based monitoring, new and simplified experience for Arc VM management, security, and more. For an earlier version of Azure Stack HCI, see What's new in Azure Stack HCI, version 22H2.

There are currently three release trains for Azure Stack HCI, version 23H2: 2405, 2402, and 2311. The various features and improvements available for the releases included in these trains are discussed in the following sections.

The 2405 release train includes the following releases:

Features and improvements in 2405.2

This is primarily a bug fix release with a few improvements.

  • Update health checks: Starting this release, a new health check was added and the update service was improved. Additionally, the update service now supports the ability to view or start new updates when the service crashes on servers. Also, multiple issues for health checks related to Azure Update Manager and Solution Builder Extension Update were fixed.

    For more information, see Fixed issues in 2405.2.

  • Azure Stack HCI OEM license: Starting this release, we are introducing the Azure Stack HCI OEM license designed for Azure Stack HCI hardware including the Azure Stack HCI Premier Solutions, Integrated systems, and Validated Nodes. This license remains valid for the lifetime of the hardware, covers up to 16 cores, and includes three essential services for your cloud infrastructure.

Features and improvements in 2405.1

This is primarily a bug fix release with a few improvements.

  • Custom storage IPs for add and repair server scenarios: Starting this release, it's possible to add servers or repair servers to the Azure Stack HCI cluster using custom IPs for the storage intent network adapters.
  • Improved outbound connectivity check: Starting this release, improvements were made to the outbound connectivity requirement validation in the environment checker.
  • Reliability improvements were made in this release for partner health checks implemented in their Solution Builder Extensions.
  • Rotation of Arc Resource Bridge (ARB) service principal credentials: Starting this release, you can rotate the service principal credentials used by ARB.
  • Multiple bug fixes related to Updates were made in this release.

For more information on bug fixes, see the Fixed issues list.

Features and improvements in 2405

Here are the features and improvements in this release.

Deployment changes

  • Active Directory integration - In this release, an issue related to the use of a large Active Directory that results in timeouts when adding users to the local administrator group, is fixed.

  • New Azure Resource Manager (ARM) template - This release has a new ARM template for deployment that simplifies the resource creation dependencies. The new template creation also includes multiple fixes around the missing mandatory fields.

  • Secret rotation improvements - In this release, improvements were made to the secret rotation flow.

    • The secret rotation PowerShell command Set-AzureStackLCMUserPassword now supports a new parameter to skip the confirmation message. This parameter is useful when automating secret rotation.
    • Reliability improvements were made around the services not restarting in a timely manner.
  • SBE improvements include:

    • A new PowerShell command to update the Solution Builder Extension partner property values is provided at the time of deployment.
    • Fixing an issue that prevents the update service to respond to requests after a Solution Builder Extension only update run.
  • Add server and Repair server fixes include:

    • An issue that prevents a node from joining Active Directory during the add server operation.
    • Enabling deployment when a disjoint namespace is used.
  • Reliability enhancements include:

    • Changes for Network ATC when setting up the host networking configuration with certain network adapter types.
    • Changes when detecting the firmware versions for disk drives.
  • This release contains a fix for a deployment issue that is encountered when setting the diagnostic level in Azure and the device.

For more information, see the Fixed issues list in 2405.

Updates changes

This release contains the following changes for updates:

  • Starting this release, an adjusted naming schema is introduced for updates. This schema allows for the identification of feature versus cumulative updates.

  • This release contains reliability improvements:

    • For the update notifications for health check results sent from the device to Azure Update Manager. In certain instances, the message size was too large and results weren't shown in the Update Manager.
    • For reporting the cluster update progress to the orchestrator.
  • This release has bug fixes for various issues including:

    • A file lock issue that could cause update failures for the trusted launch VM agent (IGVM).
    • An issue that prevented the orchestrator agent from restarting during an update run.
    • A rare condition where the update service took a long time to discover or start an update.
    • An issue for Cluster-Aware Updating (CAU) interaction with the orchestrator when an update in progress is reported by CAU.

For more information, see the Fixed issues list in in 2405.

Environment checker changes

In this release, changes to the environment checker include several new checks:

  • A new check is added to ensure the inbox drivers on the physical network adapters aren't in use. The provided OEM or manufacturer latest drivers must be installed before deployment.
  • A new check is added to ensure the link speed across physical network adapters on the same intent is identical.
  • A new check is added to ensure RDMA is operational on the storage network adapters before deployment.
  • A new check is added to validate the infrastructure IP addresses defined during deployment have outbound connectivity and can resolve the DNS.
  • A new check is added to ensure the DNS server value isn't empty on the management IP address.
  • A new check is added to make sure that there's only one IP address on the management network adapter.
  • A new check is added to ensure that the minimum bandwidth required for RDMA storage adapters is at least 10 Gb.
  • Check that the uplink connectivity in any physical network adapters assigned to Network ATC intents is up.
  • Improved the ability to handle adapters that don't expose the VLAN ID field correctly.

Observability changes

This release contains the following improvements to observability:

  • When starting a log collection, a warning message now advises you to limit the log collection to 24 hours.
  • Deployment logs are automatically collected by default.
  • The newly added Test-observability feature validates whether the telemetry and diagnostic data can be successfully sent to Microsoft.

Arc VM management changes

Azure portal, extensions, and resource provider changes

Here are the changes related to the Azure portal, extensions, and resource providers:

  • In this release, an issue was fixed that prevented from showing a failed deployment in the Cluster overview when the deployment was canceled.
  • The Retry button in Azure portal is renamed to Resume as the deployment continues from the step that it failed.
  • The new clusters deployed in this release have resource locks enabled to protect against accidental deletion.
  • This release changes the behavior to not delete the Arc server resources when the Azure Stack HCI cluster resource is deleted.

Security changes

This release includes the following updates to the security documentation:

AKS on Azure Stack HCI, version 23H2

For a list of the changes and improvements in AKS on Azure Stack HCI, version 23H2, see What's new in AKS on Azure Stack HCI, version 23H2.

Next steps