Azure Local (Azure HCI) Configurations in HyWorks
Azure Local extends Azure to customer-owned infrastructure, enabling local execution of modern and traditional applications across distributed locations. This solution offers unified management experience on a single control plane and supports a wide range of validated hardware from trusted Microsoft partners.
The purpose of this integration is to deliver a robust, secure, and scalable virtual desktop and application delivery environment, combining Azure Local’s hybrid cloud capabilities and performance advantages with HyWorks' comprehensive workspace orchestration features.
For smooth integration of the Azure Local platform with the HyWorks Controller, use the following guides:
Supported HyWorks Version
- HyWorks v3.6-SP1 or later.
Supported HCI OS
| Provider | Supported Versions |
|---|---|
| Azure Local (HCI OS Build) | 25398.1486 (23H2) |
Prerequisites
Azure ARC
Azure ARC is enabled on Azure Local Hypervisor.
- This is by default enabled on Azure HCI OS v23H2 or later.
Internet Access or URLs to be Whitelisted (Azure Local Hypervisor)
From an architectural perspective, Azure will maintain the local infrastructure, so Azure should be able to access Azure Local Hypervisors. Consequently, Azure local hypervisors should have direct access to all Azure portal URLs. If direct internet access is not feasible, the list of URLs can be found in the Microsoft article below for uninterrupted operation configuration:
- https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud
Permissions
API Permissions to Azure App
The following API permissions are needed to configure the Azure App being configured in HyWorks, for the functioning of Azure Local:
| API | Permission Name | Type |
|---|---|---|
| Azure Service Management | ||
| user_impersonation | Delegated | |
| Microsoft Graph | ||
| offline_access | Delegated | |
| openid | Delegated | |
| profile | Delegated |
Permissions for uploading a VM image using a Storage Account in HCI
To upload an image to Azure HCI through a storage account, the admin user must have Contributor access to the subscription along with the Storage Blob Data Contributor role. Image uploading is required to deploy non-Microsoft custom images, such as HySecure.
Configure Azure App
While configuring Azure Local in HyWorks, the Controller communicates directly with Microsoft Azure.
Therefore, it is mandatory to complete all prerequisite steps documented in:
The following fields have to be configured for adding Azure Local in HyWorks, to be fetched as per the steps provided in the reference document above:
-
Application ID: The Application ID is a unique identifier (GUID) assigned to an application created and granted under a tenant.
-
Secret: A client secret is known only to your application and the authorization server. It protects your resources by only granting tokens to authorized requestors.
-
Tenant ID: A Tenant ID is a Globally Unique Identifier (GUID) that differs from the tenant name or domain.
-
Subscription ID: The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.
-
Azure Resource Group: A resource group where the Azure Local cluster is deployed.
Supported Feature Matrix
| Feature | Sub Feature | Provider/ Connector | |
|---|---|---|---|
| Azure HCI | |||
| Deploy pool with existing VMs | Deploy pool with existing VMs | Deploy pool with existing VMs | Yes |
| Desktop VM Provisioning | Clone Type | Linked Clone | Not Applicable |
| Full clone | Yes | ||
| Clone from Checkpoint | Clone from Checkpoint | Yes | |
| Disk persistence | Persistent VM Deployment | Yes | |
| Non-persistent VM Deployment | No | ||
| Recompose/ Recreate | Recompose All | Yes | |
| Preserve MAC Address | No | ||
| Recreate Single Desktop ( Full) | Yes | ||
| Graceful Recompose | Yes | ||
| Override Deployment Setting | No | ||
| Desktop Power Operations | Desktop Power Operations | Desktop Power Operations | Yes |
| Scheduled Actions (Move to version/ schedule power operations) | Yes | ||
| Windows 8.1 | Unverified | ||
| Windows 10/11 | Yes | ||
| Windows Servers | Windows 2016 | Unverified | |
| Windows 2019/2022/2025 | Yes | ||
| Linux Desktops | Ubuntu 22/RHEL 9.x | Unverified | |
| Capacity Planning | Yes | ||
| SHD Virtual IP | Yes | ||
| Deployment Profile | No | ||
| Console Connect | No | ||
| Throttling Options (Power / Full Clone) | Yes | ||
| HyLabs | No |
Troubleshooting
Check Activity Log on Azure
-
Resource Group Level
-
Navigate to Azure Portal > Resource Group > Activity Log.
-
All service request calls sent to HCI will be displayed.
-
Filter by time, event category, and operation status.
-
To investigate a specific log entry, select the Operation Name. This will open the Summary pane. Then, switch to JSON View and look for specific information or error details related to the operation.
-
-
Resource Level
-
Similar to the Resource Group level, if an admin wants to verify logs specific to a resource, navigate to Azure Portal > Resource Group > Azure Local > [Select the specific resource].
-
Go to Activity Log, open the Summary pane, and switch to JSON View. This allows the admin to debug more accurately by viewing detailed errors or warnings for the specific resource, providing deeper insights compared to Resource Group-level log analysis.
-
HCI Host Level Debugging
-
During bulk operations, there is a possibility that some services may stop due to high resource consumption.
-
In such cases, open a PowerShell console on the HCI host and run:
- "Get-Service | Where-Object { $.DisplayName -like "Azure" -or $.DisplayName -like "HCI" }"
-
Review the status of all listed services. If any service is found in a Stopped state, start it using:
Start-Service -Name "<Service Name>"
-
To verify the Health status of nodes in the cluster, look for nodes in the Paused, Down, or Isolated state.
-
Test-Cluster
-
Get-ClusterNode
-
Get-ClusterFaultDomain
-