Microsoft Azure Stack Hub is designed to work best when connected to Azure. The following table lists some features and functionality that are either impaired or unavailable in the disconnected mode.
Feature/functionality | Impact in disconnected mode |
VM deployment with DSC extension to configure VM post deployment | Impaired—DSC extension looks to the Internet for the latest WMF. |
VM deployment with Docker Extension to run Docker commands | Impaired—Docker checks the Internet for the latest version and this check fails. |
Documentation links in the Azure Stack Hub Portal | Unavailable—Links that use an Internet URL, such as Give Feedback, Help, Quickstart, and so on, do not work. |
Alert remediation/mitigation that references an online remediation guide | Unavailable—Any alert remediation links that use an Internet URL do not work. |
Marketplace syndication – The ability to select and add Gallery packages directly from the Azure Marketplace | Impaired—When you deploy Azure Stack Hub in a disconnected mode (without any Internet connectivity), you cannot download Marketplace items through the Azure Stack Hub Portal. However, use the Marketplace Syndication tool to download the Marketplace items to a computer that has Internet connectivity, and then transfer the items to your Dell Integrated System. |
Using Azure Active Directory federation accounts to manage an Azure Stack Hub deployment | Unavailable—Requires connectivity to Azure. ADFS with a local Active Directory instance must be used instead. |
App Services | Impaired—WebApps might require Internet access for updated content. |
Command Line Interface (CLI) | Impaired—The CLI has reduced functionality for authentication and provisioning of Service Principles. |
Visual Studio – Cloud discovery | Impaired—Cloud Discovery either discovers different clouds or does not work at all. |
Visual Studio – ADFS | Impaired—Only Visual Studio Enterprise supports ADFS. |
Telemetry | Unavailable—Telemetry data for Azure Stack Hub and any third-party Gallery packages that depend on telemetry data are not available. |
Certificates | Unavailable—Internet connectivity is required for Certificate Revocation List (CRL) and Online Certificate Status Protocol (OSCP) services in the context of HTTPS. |
Key Vault | Impaired—A common scenario for Key Vault is to have an application read secrets at runtime, which requires a service principal in the directory. In AAD, non-administrator users are permitted, by default, to add service principals, but in Active Directory (using ADFS), they are not. This scenario affects the end-to-end experience because users must always go through a directory admin to add an application. |
For the latest information, see Azure disconnected deployment planning decisions for Azure Stack Hub integrated systems on the Microsoft website.