This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to: Azure Local 2311.2 and later; Windows Server 2022, Windows Server 2019, Windows Server 2016
In this article, you deploy an end-to-end Software Defined Network (SDN) infrastructure for Azure Local using SDN Express PowerShell scripts. The infrastructure includes a highly available (HA) Network Controller (NC), and optionally, a highly available Software Load Balancer (SLB), and a highly available Gateway (GW). The scripts support a phased deployment, where you can deploy just the Network Controller component to achieve a core set of functionality with minimal network requirements.
You can also deploy an SDN infrastructure System Center Virtual Machine Manager (VMM). For more information, Manage SDN resources in the VMM fabric.
Important
If you are deploying SDN on Azure Local, ensure that all the applicable SDN infrastructure VMs (Network Controller, Software Load Balancers, Gateways) are on the latest Windows Update patch. You can initiate the update from the SConfig UI on the machines. Without the latest patches, connectivity issues may arise. For more information about updating the SDN infrastructure, see Update SDN infrastructure for Azure Local.
Before you begin an SDN deployment, plan out and configure your physical and host network infrastructure. Reference the following articles:
You don't have to deploy all SDN components. See the Phased deployment section of Plan a Software Defined Network infrastructure to determine which infrastructure components you need, and then run the scripts accordingly.
Make sure all host machines have the Azure Stack HCI operating system installed. See Deploy the Azure Stack HCI operating system on how to do this.
The following requirements must be met for a successful SDN deployment:
SDN uses a VHDX file containing either the Azure Stack HCI or Windows Server operating system (OS) as a source for creating the SDN virtual machines (VMs).
Note
The version of the OS in your VHDX must match the version used by the Azure Local Hyper-V machines. This VHDX file is used by all SDN infrastructure components.
To download an English-language version of the VHDX file, see Download the operating system from the Azure portal. Make sure to select English VHDX from the Choose language dropdown list.
Currently, a non-English VHDX file isn't available for download. If you require a non-English version, download the corresponding ISO file and convert it to VHDX using the Convert-WindowsImage cmdlet. You must run this script from a Windows client computer. You'll probably need to run this script as Administrator and modify the execution policy for scripts using the Set-ExecutionPolicy command.
The following syntax shows an example of using Convert-WindowsImage:
Install-Module -Name Convert-WindowsImage
Import-Module Convert-WindowsImage
$wimpath = "E:\sources\install.wim"
$vhdpath = "D:\temp\AzureStackHCI.vhdx"
$edition=1
Convert-WindowsImage -SourcePath $wimpath -Edition $edition -VHDPath $vhdpath -SizeBytes 500GB -DiskLayout UEFI
Run the following command to install the latest version of the SDN Express PowerShell module on the machine where you want to run the SDN installation:
Install-Module -Name SDNExpress
The files automatically install in the default PowerShell module directory: C:\Program Files\WindowsPowerShell\Modules\SdnExpress\.
Note
The SDN Express script files are no longer available on GitHub.
The PowerShell MultiNodeSampleConfig.psd1 configuration data file contains all the parameters and settings that are needed for the SDN Express script as input for the various parameters and configuration settings. This file has specific information about what needs to be filled out based on whether you're deploying only the network controller component, or the software load balancer and gateway components as well. For detailed information, see Plan a Software Defined Network infrastructure article.
Navigate to the C:\Program Files\WindowsPowerShell\Modules\SdnExpress\ folder and open the MultiNodeSampleConfig.psd1 file in your favorite text editor. Change specific parameter values to fit your infrastructure and deployment:
The settings and parameters are used by SDN in general for all deployments. For specific recommendations, see SDN infrastructure VM role requirements.
C:\ClusterStorage\...domainname\username. For example, if the domain is contoso.com, enter the username as contoso\<username>. Don't use formats like contoso.com\<username> or username@contoso.comdomainname\username. For example, if the domain is contoso.com, enter the username as contoso\<username>. Don't use formats like contoso.com\<username> or username@contoso.comPasswords can be optionally included if stored encrypted as text-encoded secure strings. Passwords will only be used if SDN Express scripts are run on the same computer where passwords were encrypted, otherwise it prompts for these passwords:
A minimum of three Network Controller VMs are recommended for SDN.
The NCs = @() section is used for the Network Controller VMs. Make sure that the MAC address of each NC VM is outside the SDNMACPool range listed in the General settings.
A minimum of two Software Load Balancer VMs are recommended for SDN.
The Muxes = @() section is used for the SLB VMs. Make sure that the MACAddress and PAMACAddress parameters of each SLB VM are outside the SDNMACPool range listed in the General settings. Ensure that you get the PAIPAddress parameter from outside the PA Pool specified in the configuration file, but part of the PASubnet specified in the configuration file.
Leave this section empty (Muxes = @()) if not deploying the SLB component:
A minimum of two Gateway VMs (one active and one redundant) are recommended for SDN.
The Gateways = @() section is used for the Gateway VMs. Make sure that the MACAddress parameter of each Gateway VM is outside the SDNMACPool range listed in the General settings. The FrontEndMac and BackendMac must be from within the SDNMACPool range. Ensure that you get the FrontEndMac and the BackendMac parameters from the end of the SDNMACPool range.
Leave this section empty (Gateways = @()) if not deploying the Gateway component:
The following other parameters are used by SLB and Gateway VMs. Leave these values blank if you aren't deploying SLB or Gateway VMs:
The following other parameters are used by Gateway VMs only. Leave these values blank if you aren't deploying Gateway VMs:
PoolName - pool name used by all Gateway VMs
GRESubnet - VIP subnet for GRE (if using GRE connections)
Capacity - capacity in Kbps for each Gateway VM in the pool
RedundantCount - number of gateways in redundant mode. The default value is 1. Redundant gateways don't have any active connections. Once an active gateway goes down, the connections from that gateway move to the redundant gateway and the redundant gateway becomes active.
Note
If you fill in a value for RedundantCount, ensure that the total number of gateway VMs is at least one more than the RedundantCount. By default, the RedundantCount is 1, so you must have at least 2 gateway VMs to ensure that there is at least 1 active gateway to host gateway connections.
The following parameters are used if you are deploying and managing overlay virtualized networks for tenants. If you're using Network Controller to manage traditional VLAN networks instead, these values can be left blank.
Here's how Hyper-V Network Virtualization (HNV) Provider logical network allocates IP addresses. Use this to plan your address space for the HNV Provider network.
The SDN Express script deploys your specified SDN infrastructure. When the script is complete, your SDN infrastructure is ready to be used for VM workload deployments.
Review the README.md file for late-breaking information on how to run the deployment script.
Run the following command from a user account with administrative credentials for the host machines:
$cred=Get-credential
.\SDNExpress.ps1 -ConfigurationDataFile MultiNodeSampleConfig.psd1 -DomainJoinCredential $cred -NCCredential $cred -LocalAdminCredential $cred -Verbose
After the NC VMs are created, configure dynamic DNS updates for the Network Controller cluster name on the DNS server. For more information, see Dynamic DNS updates.
The following configuration sample files for deploying SDN are available in the location where the PowerShell module is installed (C:\Program Files\WindowsPowerShell\Modules\SdnExpress\):
Traditional VLAN networks.psd1 - Deploy Network Controller for managing network policies like microsegmentation and Quality of Service on traditional VLAN Networks.
Virtualized networks.psd1 - Deploy Network Controller for managing virtual networks and network policies on virtual networks.
Software Load Balancer.psd1 - Deploy Network Controller and Software Load Balancer for load balancing on virtual networks.
SDN Gateways.psd1 - Deploy Network Controller, Software Load Balancer and Gateway for connectivity to external networks.
Training
Module
Configure the network for your virtual machines - Training
Learn how to connect your local on-premises networks into Azure using virtual networks, VPN gateways, and Azure ExpressRoute.
Certification
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.
Documentation
Deploy SDN using Windows Admin Center for Azure Local - Azure Local
Learn how to deploy an SDN infrastructure using Windows Admin Center for Azure Local
Overview of Azure Arc gateway for Azure Local, version 23H2 (preview) - Azure Local
Learn what is Azure Arc gateway for Azure Local, version 23H2 (preview).
Deploy SDN using Windows Admin Center - Azure Local
Learn how to deploy an SDN infrastructure using Windows Admin Center