bomonike

Run Azure CLI commands on low-cost local hardware to manage VMs and containers, without Active Directory.

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

azure-local.png

Part of their “Adaptive Cloud” offerings. https://www.youtube.com/watch?v=0zc_O7U2YqM&

VIDEO: “Cloud-to-edge” development is about bridging the gap between cloud and edge.

In 2025, Microsoft has a competitor to Amazon’s Outpost on AWS and IBM AS400 since 1990.

HCI AKS

Azure Arc Local rebranded from Azure Stack HCI (hyperconverged Infrastructure) team who have working on Azure Arc on-premises since 2020. HCI provides the option to implement AKS. See https://learn.microsoft.com/en-us/training/modules/manage-azure-kubernetes-service-azure-stack-hci/4-deploy-aks-cluster Instead of using Windows Admin Center feed manager settings, automate AKS cluster deployment by using Windows PowerShell.

A pod corresponds roughly to a container, although it can include multiple, tightly-coupled containers running on the same cluster node.

Microsoft’s Azure Local (part of Azure Arc), enables distributed physical machines to be treated remotely like cloud resources.

<img alt=”az-arc-local.png” src==”https://res.cloudinary.com/dcajqrroq/image/upload/v1732280114/az-arc-local_j6cdjj.png” />

It uses Azure portal and APIs to perform lifecycle operations like deployment, configuration, updates, and monitoring.

https://docs.microsoft.com/en-us/azure/azure-arc/Azure Arc on-premises: https://docs.microsoft.com/en-us/azure/azure-arc/overview

Azure Arc

https://jumpstart.azure.com/ for Azure Arc Jumpstart: https://aka.ms/ArcJumpstart to https://azurearcjumpstart.com/

git clone https://github.com/microsoft/azure_arc.git

VIDEO demos

Microsoft developed Mariner Linux as the default OS for Azure Arc.

https://learn.microsoft.com/en-us/azure/azure-local/manage/disconnected-operations-overview Azure Local for disconnected operations.

https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-whats-new-23h2 AKS on Azure Local

Local Hardware

Find compatible hardware at https://azurestackhcisolutions.azure.microsoft.com/

“Azure Local for Small Form Factor (SFF)” for edge computers that meet Windows Server certification requirements as well as relaxed requirements from Software Defined Data Center (SDDC) and Windows Server Software-Defined (WSSD) program. See https://learn.microsoft.com/en-us/azure/azure-local/concepts/system-requirements-small-23h2

https://www.youtube.com/watch?v=yxlAfS9mh2E shows install on two PCs (HPE ProLiant MicroServer Gen11) with 4-core, 64GB RAM, 1 TB SSD, two Ethernet ports. Without keyboard, mouse, or monitor.

An additional USB SSD (in addition to the OS disk) is used to securely connect to the cloud.

The machine must work with virtualization.

Gigabit Ethernet is required for the VMs.

https://docs.microsoft.com/en-us/azure/azure-arc/azure-arc-on-premises-quickstart

Azure Arc on-premises

https://docs.microsoft.com/en-us/azure/azure-arc/Azure Arc on-premises: https://docs.microsoft.com/en-us/azure/azure-arc/overview

On Azure, instead of Active Directory, the Identity provider is “Local identity with Azure Key Vault” (see https://docs.microsoft.com/en-us/azure/azure-arc/azure-arc-on-premises-quickstart)

Socials

BLOG “Introducing Azure Local: cloud infrastructure for distributed locations enabled by Azure Arc” mentions introduction of Azure Local at Ignite Novemeber 20,2024.

VIDEO: “Deploy Azure Kubernetes Service(AKS) Cluster using Terraform and Azure DevOps YAML Pipeline” using github.com/labdemo2233/AKS-Terraform.

https://www.youtube.com/watch?v=n8I4hjBbMMU “Disconnected operations using Azure Local” shows how Azure Local is used by distributed emergency response teams.

https://www.youtube.com/watch?v=KMuAzS2tGXQ “Security in Azure Local”

More about Security

This is one of a series about cyber security:

  1. Security actions for teamwork and SLSA

  2. DevSecOps

  3. Code Signing on macOS

  4. Transport Layer Security

  5. Git Signing
  6. GitHub Data Security

  7. Encrypt all the things

  8. Azure Security-focus Cloud Onramp

  9. Azure Networking

  10. AWS Onboarding
  11. AWS Security (certification exam)
  12. AWS IAM (Identity and Access Management)

  13. AWS Networking

  14. SIEM (Security Information and Event Management)
  15. Intrusion Detection Systems (Goolge/Palo Alto)

  16. Chaos Engineering

  17. SOC2
  18. FedRAMP

  19. CAIQ (Consensus Assessment Initiative Questionnaire) by cloud vendors

  20. AKeyless cloud vault
  21. Hashicorp Vault
  22. Hashicorp Terraform

  23. OPA (Open Policy Agent)

  24. SonarQube
  25. WebGoat known insecure PHP app and vulnerability scanners

  26. Test for OWASP using ZAP on the Broken Web App

  27. Security certifications

  28. Details about Cyber Security

  29. Quantum Supremecy can break encryption in minutes
  30. Pen Testing

  31. Kali Linux

  32. Threat Modeling
  33. WebGoat (deliberately insecure Java app)