Network reference patterns overview for Azure Stack HCI
Applies to: Azure Stack HCI, version 22H2
In this article, gain an overview understanding for deploying network reference patterns on Azure Stack HCI.
A deployment consists of single-server or multiple server systems (up to 16 servers per cluster) that connect to one or two Top of Rack (TOR) switches. Those environments have the following characteristics:
At least two network adapter ports dedicated for storage traffic intent. The only exception to this rule is single-server deployments, where network adapters for storage aren't required if you aren't planning to scale out the cluster in the future.
One or two network adapter ports dedicated to management and compute traffic intents.
Storage switchless connectivity considerations
The following highlights some considerations of using switchless configurations:
No switch is necessary for in-cluster (East-West) traffic; however, a physical switch is required for traffic outside the cluster (North-South).
Storage adapters are single-purpose interfaces. Management, compute, stretched cluster, and other traffic requiring North-South communication can't use the storage network adapters.
As the number of nodes in the cluster grows beyond two nodes, the cost of network adapters could exceed the cost of using network switches.
Beyond a three-node cluster, cable management complexity grows.
For more information, see Physical network requirements for Azure Stack HCI.
Firewall requirements
Azure Stack HCI requires periodic connectivity to Azure. If your organization's outbound firewall is restricted, you would need to include firewall requirements for outbound endpoints and internal rules and ports. There are required and recommended endpoints for the Azure Stack HCI core components, which include cluster creation, registration and billing, Microsoft Update, and cloud cluster witness.
See the firewall requirements for a complete list of endpoints. Make sure to include these required URLS in your allowed list. Proper network ports need to be opened between all server nodes both within a site and between sites (for stretched clusters).
Azure Stack HCI connectivity validator of the Environment Checker tool, checks for the outbound connectivity requirement by default during deployment. Additionally, you can run the Environment Checker tool standalone before, during, or after deployment to evaluate the outbound connectivity of your environment.
A best practice is to have all relevant endpoints in a data file that can be accessed by the environment checker tool. The same file can also be shared with your firewall administrator to open up the necessary ports and URLs.
For more information, see Firewall requirements.
Next steps
- Choose a network pattern to review.