Setup AVD on Azure Local (Azure Stack HCI) in your (Home)Lab – Part 1

In this blog, I want to show you, how you can set up Azure Virtual Desktop (AVD) on Azure Local (former Azure Stack HCI) in your (Home) Lab to get a feeling about how it works.

Hardware Requirements

We can find the official Hardware requirements: https://learn.microsoft.com/azure/azure-local/concepts/system-requirements-23h2?WT.mc_id=MVP_317638#machine-and-storage-requirements

For me it boils down, I need a relatively recent device with TPM2.0, 32GB ECC RAM and a bunch of SSDs. If you just want to see Azure Local, you even could deploy it within Hyper-V: https://learn.microsoft.com/en-us/azure/azure-local/deploy/deployment-virtual?WT.mc_id=MVP_317638

For this demo, I will go with an old Fujitsu Desktop, where I added a pair of old Samsung SATA SSD for the data disks next to a small boot disk:

I enabled the integrated Intel PPT TPM 2.0 in the BIOS:

And added a Mellanox Connect-X 4 Network card, since this was not a vPro Model with an integrated Intel NIC, but one with a Realtek Chipset that does not support tagged VLANs:

Prepare AD

I will follow the sequence as in the official docs, so first thing is to prepare our Active Directory to allow enrolling Azure Local: https://learn.microsoft.com/azure/azure-local/deploy/deployment-prep-active-directory?WT.mc_id=MVP_317638
First thing that we need to do here, is to install the PowerShell Module that will create the needed objects:

Once installed, we can create the OU and the Management Account. For the Management Account make sure the Admin User password matches the Azure password complexity requirements:

Setting up the OS

Next, we need to install the OS. To get the ISO file, we just go to Azure Local in the Azure Portal and select “Download Software”

Select 23H2 and start the download:

Once the download finished, we can just copy the content of the ISO onto a FAT32 formatted USB drive:

And configure your device to boot from the USB drive:

It will boot into a familiar Windows Installation wizard:

We will go with the Custom option:

And select our Boot drive:

Then the installation will run through like on a “normal” Windows installation:

At first logon, you will be requested to change the local administrator password. Again make sure you select one, that matches the Azure requirements for password strength or we will not be able to use it in the deployment wizard later.

After we installed the required drivers for our hardware, we can enable Remote Desktop, so that we can do the next steps remotely. To do that, we just need to select “7” and (E)nable RDP access:

Now we can configure it comfortably from any client:

Register with Azure Arc

First thing to do to be able to register our Azure Local to Azure Arc, is to make sure, the permissions are set correctly on the Subscription. For more Info’s about that, check out the docs: https://learn.microsoft.com/en-us/azure/azure-local/deploy/deployment-arc-register-server-permissions?tabs=powershell&WT.mc_id=MVP_317638#prerequisites
In short, we need to make sure the following Resource Providers are enabled on the subscription:

  • Microsoft.HybridCompute
  • Microsoft.GuestConfiguration
  • Microsoft.HybridConnectivity
  • Microsoft.AzureStackHCI

And you need the following two permissions assigned in IAM:
– Azure Connected Machine Onboarding
– Azure Connected Machine Resource Administrator

Next, I will create a fresh resource group for our Azure Local:

Now that we have everything ready, we can set the needed variables in PowerShell on our little server:

#Define the subscription where you want to register your machine as Arc device
$Subscription = "YourSubscriptionID"

#Define the resource group where you want to register your machine as Arc device
$RG = "MikeMDM-AzureLocal"

#Define the region to use to register your server as Arc device
#Do not use spaces or capital letters when defining region
$Region = "westeurope"

#Define the tenant you will use to register your machine as Arc device
$Tenant = "YourTenantID"

Next, we can login using the following commands:

#Connect to your Azure account and Subscription
Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode

We now need to go to “https://microsoft.com/devicelogin” from a web browser on a different device:

And just like that, we are signed in:

Now we can request an access token and copy it to a variable:

#Get the Access Token for the registration
$ARMtoken = (Get-AzAccessToken -WarningAction SilentlyContinue).Token

#Get the Account ID for the registration
$id = (Get-AzContext).Account.Id

And finally, we can run the registration script itself:
Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region $Region -Cloud “AzureCloud” -ArmAccessToken $ARMtoken -AccountID $id

This will take some time, and finally it should show success:

And show up in our Resource Group:

Check that all four required extensions were installed successfully:

Now we again need to assign some permissions to the user that will do the deployment in the next step. The User needs the following permissions on the subscription level:

  • Azure Stack HCI Administrator
  • Reader

And these on Resource Group Level:

  • Key Vault Data Access Administrator
  • Key Vault Secrets Officer
  • Key Vault Contributor
  • Storage Account Contributor

The Account also needs the “Cloud Application Administrator” Role for the time of deployment

Deploy Azure Local

Now we can start the actual deployment from the Azure Local page:

Select the Subscription and the previously created Resource Group and give the Instance a name:

Next, we can add our device:

Wait for the validation:

And create a Key Vault:

Once the validation is done, we can go to the next page:

Where we will select “New Configuration”:

And move on to the next page, I will go with “Group all traffic” since it is only one node:

Configure Network related settings, like IP ranges and which network card to use:

Make sure to disable RDMA, if your network setup does not support it:

On the next page, we have to provide the Account info’s for the local admin and AD Account that we created before:

On the next page, we can accept the recommended security settings:

On the next page I also went with the defaults:

On the Validation Tab, it will start creating the needed resources:

Once this is done, we can start the actual validation of our device:

This process takes some time:

If you try to run unsupported Hardware, you will get an error during this validation:

If you absolutely have to install it on unsupported Hardware for your LAB, you can modify the PowerShell scripts locally on the device to match your actual hardware properties. (I hope I don’t have to mention that you are now absolutely unsupported and can get into trouble…). On my device I had to disable ECC, since it’s just a Desktop 🙂

One try again later, the validation accepts my Hardware:

A few min later, the validation was successful:

And allows me to create the actual deployment:

The whole deployment can take a few hours and can be monitored in the portal:

A few hours later the deployment should be finished successfully:

Congratulations, we have deployed our first Azure Local:

Conclusion

This wraps up part 1, In the next part, I will show you how you can deploy an AVD Host Pool on that device and have the first working desktop available.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *