Network integration planning is important for the successful deployment, operation, and management of an Azure Stack Hub integrated system. For more information, see Border connectivity, BGP routing, static routing, and transparent proxy on the Microsoft website.
Use a firewall device to defend Azure Stack against security threats. For Microsoft recommendations about firewall integration, see Azure Stack Hub firewall integration.
For assistance in planning for the firewall integration, see Publish Azure Stack Hub services in your datacenter on the Microsoft website, which is part of the Azure Stack Hub Operator Documentation. The article lists the inbound and outbound ports and protocols that Azure Stack Hub requires.
Dell Technologies maintains a Deployment Worksheet that contains more extensive firewall rules. This worksheet is provided during the planning phase of a deployment project. For more information, contact the Project Manager who is assigned to your deployment.
The following Microsoft pages contain detailed scenarios for firewall integration and best-practice recommendations:
Public key infrastructure (PKI) certificates are required during Azure Stack Hub deployments. More information about Azure Stack Hub PKI certificate requirements is available at the following Microsoft pages:
For information, see Generate certificate signing requests for Azure Stack Hub on the Microsoft website.
Validate Azure Stack Hub PKI certificates before deployment.
For more information, see Validate Azure Stack Hub PKI certificates on the Microsoft website, which also includes a Readiness Checker tool.
Provide the Readiness Checker tool to the customer, with the deploymentdata.json file, to validate that the PKI certificates are suitable before deployment. Treat the PFX file and password as sensitive information known only to the customer.
Prepare and validate Azure Stack Hub PKI certificates for deployment as described in Perform core services certificate validation on the Microsoft website.
As a final step, you must place all the certificates that you have prepared and validated in directories as specified for the deployment host in the tables in Mandatory certificates and Optional PaaS certificates.
On a host or share that will be available during deployment, create a folder named Certificates and place the exported certificate files in the corresponding subfolders, as specified in Mandatory certificates. The following is an example of this directory structure:
\Admin Extension Host\ssl.pfx\
\Public Extension Host\ssl.pfx\
The certificates that are marked with an asterisk (*) are only needed when ADFS is used as an identity store.
The following table describes the endpoints and certificates that are required for the Dell OpenManage Enterprise and Dell OpenManage Network Manager. Do not copy these certificates into the Azure Stack Hub deployment folder. Instead, you must provide these certificates during the installation of OpenManage Enterprise and OpenManage Network Manager.
|OpenManage Enterprise||<OMESRVNAME>.<customerFQDN>|| |
SSL Certificate with SANs
|OpenManage Network Manager||<OMNMSRVNAME>.<customerFQDN>|| |
SSL Certificate with SANs
|OpenManage Network Manager|
Obtain an Azure subscription including Active Directory before you deploy Azure Stack Hub. You can purchase this subscription from Dell Technologies, Microsoft, or other providers.
Dell Integrated System for Microsoft Azure Stack Hub comes with the required Dell Technologies and Microsoft licenses, including:
You can license Dell Integrated System for Microsoft Azure Stack Hub through “ pay-as-you-use” metering and consumption billing. Azure Stack Hub consumption includes both public and private cloud workloads, and Microsoft aggregates the metering information for this usage at regular intervals. The only licensing options that can be used for Azure Stack Hub consumption billing are Enterprise Agreements (EAs) and the Cloud Solution Provider (CSP) program. The customer or partner is responsible for the licensing of any third-party software that is used in an Azure Stack Hub tenant.
EAs are ideal for organizations that already use an EA for other Microsoft software programs. An EA offers complete control of the Azure subscriptions running on the Stack solution. Azure Stack Hub usage is applied to the monetary commitment in the EA, and support for the Azure services is provided directly from Microsoft. An EA is also the only method to license Azure Stack Hub if the stack is intended to be run in a disconnected mode. This capacity model requires an annual subscription.
As an Azure CSP Direct and Indirect provider, Dell Technologies offers consumption-based licensing on Azure Stack Hub to enterprise organizations and our channel partners. Through CSP, Dell Technologies provides sales, provisioning, billing, and support. Dell Technologies bills our enterprise customers on a monthly basis, but the CSP agreement is noncontractual. Our partners using the CSP Indirect program bill their end customers for their Azure usage in the format they choose, whether bundled with other services or simply pass-through. For more information, see Azure in CSP on the Microsoft website.
Before deploying Dell Integrated System for Microsoft Azure Stack Hub, customers must read and agree to the OpenManage Network Manager/OpenManage Enterprise End-User License Agreement (EULA).