Review deployment prerequisites for Azure Local, version 23H2

Applies to: Azure Local, version 23H2

This article discusses the security, software, hardware, and networking prerequisites, and the deployment checklist in order to deploy Azure Local instance, version 23H2.

Review requirements and complete prerequisites

Requirements Links
Security features Link
Environment readiness Link
System requirements Link
Firewall requirements Link
Physical network requirements Link
Host network requirements Link

Complete deployment checklist

Use the following checklist to gather the required information ahead of the actual deployment of your Azure Local instance, version 23H2.

Component What is needed
Machine names Unique name for each machine you wish to deploy.
Active directory OU A new organizational unit (OU) to store all the objects for the Azure Local deployment. The OU is created during the Active Directory preparation.
The OU must be specified as the distinguished name (DN). The OU path doesn't support the following special characters anywhere within the path: &,",',<,>. For more information, see the format of Distinguished Names.
Active Directory Domain Fully-qualified domain name (FQDN) for the Active Directory Domain Services prepared for deployment.
Active Directory LCM User credential A new username and password that is created with the appropriate permissions for deployment. This account is the same as the user account used by the Azure Local deployment.
The password must conform to the Azure length and complexity requirements. Use a password that is at least 12 characters long. The password must contain the following: a lowercase character, an uppercase character, a numeral, and a special character.
The name must be unique for each deployment and you can't use admin as the username.
IPv4 network range subnet for management network intent A subnet used for management network intent. You need an address range for management network with a minimum of 6 available, contiguous IPs in this subnet. These IPs are used for infrastructure services with the first IP assigned to fail over clustering.
For more information, see the Specify network settings page in Deploy via Azure portal.
Storage VLAN ID Two unique VLAN IDs to be used for the storage networks, from your IT network administrator.
We recommend using the default VLANS from Network ATC for storage subnets. If you plan to have two storage subnets, Network ATC will use VLANS from 712 and 711 subnets.
For more information, see the Specify network settings page in Deploy via Azure portal.
DNS server A DNS server that is used in your environment. The DNS server used must resolve the Active Directory Domain.
For more information, see the Specify network settings page in Deploy via Azure portal.
Local administrator credentials Username and password for the local administrator for all the machines in your system. The credentials are identical for all the machines in your system.
Make sure that the local administrator password follows Azure password length and complexity requirements. Use a password that is at least 12 characters long and contains a lowercase character, an uppercase character, a numeral, and a special character.
For more information, see the Specify management settings page in Deploy via Azure portal.
Custom location (Optional) A name for the custom location created for your system. This name is used for Azure Arc VM management.
For more information, see the Specify management settings page in Deploy via Azure portal.
Azure subscription ID ID for the Azure subscription used to register the system. Make sure that you are a user access administrator and a contributor on this subscription. This will allow you to manage access to Azure resources, specifically to Arc-enable each machine of an Azure Local instance. For more information, see Assign Azure permissions for deployment
Azure Storage account For two-node systems, a witness is required. For a cloud witness, an Azure Storage account is needed. In this release, you cannot use the same storage account for multiple systems. For more information, see Specify management settings in Deploy via Azure portal.
For naming conventions, see Azure Storage account names.
Azure Key Vault A key vault is required to securely store secrets for this system, such as cryptographic keys, local admin credentials, and BitLocker recovery keys. For more information, see Basics in Deploy via Azure portal.
For naming convention, see Azure Key Vault names.
Outbound connectivity Run the Environment checker to ensure that your environment meets the outbound network connectivity requirements for firewall rules.

Next steps