Blog Post

Azure Arc Blog
11 MIN READ

Introducing Azure Local: cloud infrastructure for distributed locations enabled by Azure Arc

Cosmos_Darwin's avatar
Cosmos_Darwin
Icon for Microsoft rankMicrosoft
Nov 19, 2024

Azure’s adaptive cloud approach, powered by Azure Arc, is helping over 39,000 customers unify their hybrid, multicloud, and edge infrastructure in Azure. You can use Azure Arc to apply cloud services and tools wherever you need them, from Azure’s 60+ regions to your own distributed locations. In many industries, new demands for distributed computing are emerging. Many retailers are using in-store AI inferencing to transform the shopping experience. Manufacturers are locating their critical apps in the factory to improve uptime and overall efficiency. And in regulated industries like finance, energy, and government, customers are looking for ways to leverage the cloud while keeping data and control local.

Today, we’re adding an exciting new infrastructure option with Azure Local.

Enabled by Azure Arc, Azure Local is cloud-connected infrastructure that can be deployed at your physical locations and under your operational control. With Azure Local, you can operate and scale distributed infrastructure using Azure portal and APIs. You can run the foundational Azure compute, networking, storage, and application services locally. You can choose hardware from your preferred vendor, providing flexibility to meet your requirements and budget. And by extending cloud security to your distributed locations, you can better safeguard apps and data, and protect against advanced threats.

Let’s take a closer look:

Microsoft CEO Satya Nadella announcing Azure Local at Microsoft Ignite 2024

Operate and scale with the power of the cloud

With Azure Local, you can treat physical machines like cloud resources by using Azure portal and APIs to perform lifecycle operations like deployment, configuration, updates, and monitoring. This removes the need for separate local management tools and enables a more unified approach across cloud resources and distributed locations, shifting responsibility from on-site personnel to central IT and helping reduce cost.

Azure portal workflow to deploy Azure Local

Define and deploy infrastructure from the cloud

To get started with Azure Local, simply connect one or multiple compatible machines to Azure Arc. From there, follow a simple workflow in Azure portal to create an Azure Local instance, with options to customize the cluster, networking, and storage for your environment as needed. The Azure Local software is packaged as Azure Arc extensions that are seamlessly installed onto your machines. To scale out, define your Azure Local configuration using an Azure Resource Manager (ARM) template that you can reuse repeatedly with unique parameters for each distributed location. This infrastructure-as-code approach ensures that Azure Local is configured consistently at scale.

One-click infrastructure updates

Azure Local software updates are combined into a single monthly package that covers the complete infrastructure software stack, plus OEM content like drivers and firmware for Premier solutions. You can conveniently view and manage Azure Local updates directly in Azure Update Manager, alongside other cloud resources. Select one or multiple Azure Local instances and apply updates with just a few clicks. Behind the scenes, Azure Local orchestrates moving workloads and updating each physical machine in sequence, to ensure that updates in multi-node environments are non-disruptive (workloads keep running). You always control when to apply updates.

Update multiple Azure Local instances together in Azure Update Manager

Centrally monitor all your distributed infrastructure

Azure Local integrates natively with Azure Monitor for unified observability across cloud resources and distributed locations, enabled by Azure Arc. You can monitor your distributed VMs, Kubernetes clusters, and physical infrastructure from a single pane of glass. Azure Local comes with 50+ standard Metrics, out-of-the-box Insights dashboards, and Alerts rules for the infrastructure stack. For example, track utilization of processor, memory, storage, and network capacity in Azure portal, and set up email notifications or automated actions for when hardware fails. You can fully customize what’s collected with Data Collection Rules and how it’s visualized with Workbooks.

Ready for all your apps: VMs and containers alike

Most organizations find themselves managing a sprawling variety of applications based on technologies from different eras. It can be challenging to support them all with a common infrastructure platform. Azure Local includes the foundational Azure compute, networking, storage, and Kubernetes services needed to run all your apps, VMs and containers, Windows and Linux, running side-by-side on the same physical infrastructure.

Full-featured, general-purpose VMs

Many critical workloads run as VMs. Azure Local offers general-purpose VMs with flexible sizing and configuration options to meet your application requirements. Specify the specs, networking, and storage you need, and either bring your own custom VM image or conveniently access ones from the Azure Marketplace. If your Azure Local is multi-node, VMs are highly available with real-time storage replication and automatic failover. Every new VM created through Azure Local is automatically Azure Arc enabled for VM extensions like Microsoft Defender for Servers, Azure Monitor, AD Join, Custom Script, SQL Server, and more.

Provision and manage general-purpose local VMs through Azure portal and APIs with Azure Local

NEW: Migrate from VMware to Azure Local (preview)

If you have an aging VMware by Broadcom environment, you can migrate VMs to your new Azure Local infrastructure with Azure Migrate (in preview). Using the same Azure portal and APIs as migrating to a cloud region, you can copy and convert your VMDKs to Azure Local VMs entirely on-location, with only metadata transiting the cloud. This may enable you to reduce your Broadcom footprint and licensing without costly app rewrites.

>> Learn more about Azure Migrate to Azure Local (preview)

Azure Kubernetes Service, built-in and included

New apps are increasingly packaged as container images. Azure Local includes the Azure Kubernetes Service (AKS), Microsoft’s managed Kubernetes solution, enabled by Azure Arc. AKS is set up automatically with each new Azure Local instance, updated automatically as part of Azure Local, and provides everything you need to support Kubernetes-based apps, like a storage (CSI) driver for Azure Local, and Microsoft-supported container host images for both Linux and Windows. You can provision and manage Kubernetes clusters with AKS-consistent Azure portal, CLI, and ARM templates, and every Kubernetes cluster is automatically Azure Arc-enabled for one-click integration with Microsoft Defender for Containers, Azure Monitor, GitOps for continuous delivery, and more.

AKS is included with Azure Local. See pricing for details.

>> Read the blog about what's new for AKS enabled by Azure Arc

Use select Azure PaaS services

This foundation enables many more Azure services to work with Azure Local, including app services, data services, and AI services (preview). For example, use Azure Virtual Desktop with Azure Local to locate desktops and apps (session hosts) closer to users for reduced latency or improved interoperability with on-premises legacy systems. Azure Virtual Desktop uses and manages VMs on Azure Local just like VMs in an Azure cloud region, enabling handy features like start-on-connect and automatic scaling. Data services like SQL Managed Instance works with Azure Local, and the newly-GA service Azure IoT Operations works with Azure Local too.

Azure services that work with Azure Local enabled by Azure Arc

Finally, this week at Microsoft Ignite 2024, several new Azure AI platform capabilities are launching in private preview with Azure Local, including local AI search which enables searching private on-premises data using small and large language models with retrieval-augmented generation.

>> Learn more about Azure Virtual Desktop with Azure Local

>> Learn more about Azure IoT Operations

>> Read the blog about extending Azure's AI platform

Flexibility to meet your requirements and budget

Azure Local offers flexible hardware and software options to precisely meet your requirements and budget, because infrastructure isn’t one-size-fits-all.

Choose your hardware

Azure Local works with more than 100 validated hardware platforms, including Premier solutions from Dell and Lenovo. Explore the solutions catalog to find solutions from your preferred vendor that have been pre-validated for compatibility. Most solutions offer multiple storage and networking options, and many support the addition of powerful GPUs like Nvidia A2, A16, and L40 which can be used to accelerate AI workloads and/or virtual desktops. Many solutions can be purchased outright or as-a-service through programs like Dell APEX, HPE GreenLake, and Lenovo TruScale.

Examples of Premier solutions, November 2024

NEW: Low-spec, low-cost options for edge use cases (preview)

For situations with lighter computing requirements or budget constraints, Azure Local works with a variety of micro, tower, and rugged/industrial hardware that will be added to the solutions catalog over the coming months. The bare minimum hardware required is just one compatible machine with one additional SSD (besides boot). To provide high availability, you can connect multiple machines with simple 1 Gbps Ethernet networking, removing the need for high-speed switch(es). Compared to rack servers, this reduces the total hardware cost considerably.

Azure Local also works with or without Active Directory (in preview). If you’d prefer not to manage an on-premises Active Directory, choose the new Local identity option that uses local accounts and certificates to achieve all the same functionality as when your infrastructure is AD-joined, like VM live migration. In this option, Azure Local uses Azure Key Vault to back up your local secrets and recovery keys.

Watch the demo to see these new capabilities working together:

 

>> Sign up to preview Local identity (no Active Directory) and zero-touch provisioning

NEW: Disconnected operations for prequalified customers (preview)

The simplest way to use Azure Local is connected to an Azure region. Your apps and data reside locally; the management services and portal are in the cloud. But if regulations or other constraints prevent you from connecting, Azure Local also offers disconnected operations (in preview) for prequalified customers. In this option, you host the backend Azure portal, Azure Resource Manager, and Azure services like Key Vault yourself in your environment, packaged as a sizeable VM appliance. Doing so enables the same operational experience for VMs, Kubernetes clusters, and other resources, right down to the same APIs, without any connection to an Azure region at all.

Azure Local with disconnected operations is only available to customers who prequalify.

>> Watch a demo of Azure Local with disconnected operations

>> Learn more about disconnected operations and how to join the preview

Extend cloud security to your distributed locations

The cyber threat landscape is rapidly changing. The surface area to secure is growing ever larger, and attacks are becoming more sophisticated and persistent. Azure Local enables you to extend cloud security practices to your distributed locations, safeguard applications and data, and protect against advanced threats.

Watch the demo for an overview of security with Azure Local:

 

Secure by default

Azure Local is deployed with a hardened infrastructure security posture by default. Secured-Core settings are automatically applied, data is automatically encrypted, and app control is automatically enforced. In fact, machines configured for Azure Local comply with all applicable settings in the Azure security baseline, streamlining hundreds of configuration options compared to a general-purpose server with default settings.

Microsoft Defender for Cloud

To help you detect and correct drift over time, Azure Local integrates with Microsoft Defender for Cloud. This provides unified security tooling for all your resources, across cloud regions and distributed locations. In addition to workload protections for VMs and Kubernetes clusters, new built-in security recommendations cover your Azure Local infrastructure as part of the Cloud Security Posture Management plan. For example, if your hardware isn’t configured correctly, or if your storage isn’t encrypted, you’ll see it prominently within the Microsoft Defender for Cloud portal and reflected in your overall Secure Score. This makes it easy to audit and remediate your security posture at-scale across all your distributed locations.

NEW: Network segmentation (preview)

To lock down network access to resources, Azure Local will offer network security groups functionality. Network security groups enable you to precisely filter network traffic between VMs using inbound and outbound allow and deny rules. Rules support the full five-tuple of source IP, source port, destination IP, destination port, and protocol, and are enforced within the virtual switch at the virtual port level. Network security groups are in private preview now and will be available publicly in the upcoming 2502 release.

Manage Azure Local network security groups (preview) in Azure portal

NEW: Trusted launch (preview)

Trusted launch is a security option that hardens VMs against malware-based rootkits and boot kits. Previously available only in Azure cloud regions, Trusted launch is now available on Azure Local. With Trusted launch, VMs get a virtual Trusted Platform Module (vTPM) that enables Secure Boot and guest OS features like BitLocker data encryption. vTPM state is seamlessly preserved when the VM moves around the Azure Local cluster, enabling live migration and automatic failover. And coming soon, integrity monitoring by Azure Attestation services will extend to Azure Arc-enabled VMs on Azure Local, regularly re-verifying the entire boot chain and displaying its health in the Azure portal.

>> Learn more about Trusted launch with Azure Local

Get started today

For existing customers of Azure Stack HCI

There is no action required for existing customers. Simply continue applying the latest updates to transition seamlessly to Azure Local. You’ll continue to have access to the same features and functionality under the new name. In addition, you’ll see new features appear in the Azure portal over the coming months, and you’ll receive the same pricing and other enhancements as new Azure Local customers.

For new production deployments

Azure Local is generally available for production use. Version 2411 is available now. Explore the solutions catalog to find hardware from your preferred vendor and read the deployment overview to get started today. Over the coming months, we anticipate more low-spec, low-cost options will be added to the catalog.

For evaluation (virtual)

Want to try out Azure Local but don’t have hardware? Get a dedicated Azure Local sandbox in one click with Azure Arc Jumpstart. All you need is an Azure subscription to get started.

Thank you!

At Microsoft, we’re committed to helping you apply cloud services and tools wherever you need them. It’s a journey we started nearly a decade ago with the earliest Azure Stack products and that’s accelerated these last 5 years with Azure Arc. We're grateful for your enthusiasm and feedback, and we’re thrilled to begin this exciting new chapter with you.

- Cosmos, on behalf of the team

P.S. If you’re in-person at Microsoft Ignite 2024 this week in Chicago, attend breakout session BRK214 presented by yours truly to learn more, or stop by the Azure Infrastructure meet-up to say hi! For your convenience, the slides from the session (.pptx) are publicly available and attached to this blog post.

FAQ

How is Azure Local related to Azure Arc?

Azure Arc is a bridge that extends Azure to existing environments and other clouds. Azure Local is an infrastructure solution that includes all the capabilities of Azure Arc built-in and set up automatically. Use Azure Local when you need new or refreshed infrastructure at distributed locations. Use Azure Arc when your environment already has infrastructure.

Is Azure Local managed by Microsoft?

No, you own the hardware and have operational control of your Azure Local environment. Day-to-day monitoring, management, support, and other functions are surfaced through Azure tools, but actions are customer-initiated. For example, when a software update is available, a notification appears in the Azure portal, but you control when the update gets applied.

What happens to Azure Stack HCI?

Azure Stack HCI is now part of Azure Local. The same features and functionality continue to be offered under the new name. There is no action required for existing customers. Compared to before, Azure Local provides additional flexibility and features: it supports lower-spec hardware (preview), disconnected operations (preview), additional services, and more.

What happens to Azure Stack Hub and Azure Stack Edge?

Microsoft recommends Azure Local for most situations where infrastructure is needed at distributed locations. Once lower-spec hardware (preview) and disconnected operations (preview) are generally available, Azure Local will offer the same capabilities as prior Azure Stack products. Until these capabilities are generally available, there is no change to Azure Stack Hub and Azure Stack Edge: they remain available as standalone products, separate from Azure Local.

Updated Dec 03, 2024
Version 16.0