Azure Local (Azure HCI) Configurations in HyWorks
Azure Local extends Azure to customer-owned infrastructure, enabling local execution of modern and traditional applications across distributed locations. This solution offers unified management experience on a single control plane and supports a wide range of validated hardware from trusted Microsoft partners.
The purpose of this integration is to deliver a robust, secure, and scalable virtual desktop and application delivery environment, combining Azure Local’s hybrid cloud capabilities and performance advantages with HyWorks' comprehensive workspace orchestration features.
For smooth integration of the Azure Local platform with the HyWorks Controller, use the following guides:
Supported HyWorks Version
- HyWorks v3.6-SP1 or later.
Supported HCI OS
| Provider | Supported Versions |
|---|---|
| Azure Local (HCI OS Build) | 25398.1486 (23H2) |
Prerequisites
Azure ARC
Azure ARC is enabled on Azure Local Hypervisor.
- This is by default enabled on Azure HCI OS v23H2 or later.
Internet Access or URLs to be Whitelisted (Azure Local Hypervisor)
From an architectural perspective, Azure will maintain the local infrastructure, so Azure should be able to access Azure Local Hypervisors. Consequently, Azure local hypervisors should have direct access to all Azure portal URLs. If direct internet access is not feasible, the list of URLs can be found in the Microsoft article below for uninterrupted operation configuration:
- https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud
Permissions
API Permissions to Azure App
The following API permissions are needed to configure the Azure App being configured in HyWorks, for the functioning of Azure Local:
| API | Permission Name | Type |
|---|---|---|
| Azure Service Management | ||
| user_impersonation | Delegated | |
| Microsoft Graph | ||
| offline_access | Delegated | |
| openid | Delegated | |
| profile | Delegated |
Permissions for uploading a VM image using a Storage Account in HCI
To upload an image to Azure HCI through a storage account, the admin user must have Contributor access to the subscription along with the Storage Blob Data Contributor role. Image uploading is required to deploy non-Microsoft custom images, such as HySecure.
Configure Azure App
While configuring Azure Local in HyWorks, the Controller communicates directly with Microsoft Azure.
Therefore, it is mandatory to complete all prerequisite steps documented in:
The following fields have to be configured for adding Azure Local in HyWorks, to be fetched as per the steps provided in the reference document above:
-
Application ID: The Application ID is a unique identifier (GUID) assigned to an application created and granted under a tenant.
-
Secret: A client secret is known only to your application and the authorization server. It protects your resources by only granting tokens to authorized requestors.
-
Tenant ID: A Tenant ID is a Globally Unique Identifier (GUID) that differs from the tenant name or domain.
-
Subscription ID: The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.
-
Azure Resource Group: A resource group where the Azure Local cluster is deployed.
Supported Feature Matrix
| Feature | Sub Feature | Sub Feature | Azure Local (3.6-SP1 and Later versions) |
|---|---|---|---|
| Fetch Configured/ Deployed VM Details from Connector | OS Information | - | Yes |
| Network Adapters/ IP Addresses | - | Yes | |
| Hostname | - | Yes | |
| Deploy pool with existing VMs | - | - | Yes |
| Desktop VM Provisioning | Clone Type: Linked/Full | - | Full Clone |
| Clone from Snapshot/ Image | Feature Supported or not | Yes | |
| Cloned VM Spec (Disk+Prop, Network, CPU, RAM) | Yes (From Gold Master VM) | ||
| Create Image/Snapshot on provider from Management Console | Yes | ||
| Bulk/Batch Cloning | Multiple Clone in Parallel | Yes (Default Cloning mechanism) | |
| Disk persistence: Persistent | - | Yes | |
| Disk persistence: Non-persistent | Create/ Restore restore points on user logoff | No | |
| Deployment Profile & Desktop Profile[v3.6-SP1] | Hardware Specifications (CPU/RAM/Storage etc.) | No | |
| Copy tag from GM | - | No | |
| Disk Encryption | - | Not Applicable | |
| Recompose | Preserve Network/ MAC Address | No | |
| Graceful (Selective) Recompose | Yes | ||
| SHD Provisioning | Automatic Deployment of Session Teams | Yes | |
| Capacity Planning (Automatic Deployment and Power management) | Multi-session/ Share Hosted Desktops | Yes | |
| Single Session Desktops | Not Tested | ||
| Scheduled Actions | Yes | ||
| Desktop Power Operations | Shutdown/Power off/ Power on etc. | - | Yes |
| Hibernate | - | No | |
| OS Support on Provider | Windows Desktops: Windows 7,8.1, 10, 11 | - | Yes (Only Windows 10, 11) |
| Windows Servers: Windows Server 2003 / 2008 | - | No | |
| Windows Servers: Windows Server 2008 R2/ 2012R2/2016 /2019/2022/2025 | - | Yes (Only 2K19, 2K22, 2K25) | |
| Linux Desktops: CentOS 7 | - | No | |
| Linux Desktops: Ubuntu/ xUbuntu 16/18/20/22 | - | Yes | |
| Linux Desktops: RHEL 7.9/9 | - | Yes | |
| Linux Desktops: BOSS v8 | - | No | |
| HyLabs support | Scheduled Provisioning and Delivery | - | No |
| Virtual IP | Adding IP Address to network adapter | - | Yes |
Click here to view the Supported Feature Matrix Comparison between all Accops-supported Cloud Connectors.
Troubleshooting
Check Activity Log on Azure
-
Resource Group Level
-
Navigate to Azure Portal > Resource Group > Activity Log.
-
All service request calls sent to HCI will be displayed.
-
Filter by time, event category, and operation status.
-
To investigate a specific log entry, select the Operation Name. This will open the Summary pane. Then, switch to JSON View and look for specific information or error details related to the operation.
-
-
Resource Level
-
Similar to the Resource Group level, if an admin wants to verify logs specific to a resource, navigate to Azure Portal > Resource Group > Azure Local > [Select the specific resource].
-
Go to Activity Log, open the Summary pane, and switch to JSON View. This allows the admin to debug more accurately by viewing detailed errors or warnings for the specific resource, providing deeper insights compared to Resource Group-level log analysis.
-
HCI Host Level Debugging
-
During bulk operations, there is a possibility that some services may stop due to high resource consumption.
-
In such cases, open a PowerShell console on the HCI host and run:
- "Get-Service | Where-Object { $.DisplayName -like "Azure" -or $.DisplayName -like "HCI" }"
-
Review the status of all listed services. If any service is found in a Stopped state, start it using:
Start-Service -Name "<Service Name>"
-
To verify the Health status of nodes in the cluster, look for nodes in the Paused, Down, or Isolated state.
-
Test-Cluster
-
Get-ClusterNode
-
Get-ClusterFaultDomain
-