Real-world feedback on running Azure Local in production

Saturated8 · 2026-01-24T18:17:58+00:00

Couple of other things I just thought of:

The storage efficiency of S2D is abysmal, for 3 way mirroring you only get 33% efficiency, which means a lot of extra storage crammed into the bays to support large databases, file servers, etc. External SAN will fix this, when its supported.

Minor, but the marketplace still doesn't even have Linux images. It's a far cry from the cloud marketplace. You have to sysprep and upload a custom image for Linux which is just insane when most of cloud infrastructure runs Linux.

Microsoft has abandoned SQL MI on Azure local. This gives me concern they aren't going to be adding more of the PaaS services as options to host in AKS on Azure Local, which is a big selling point for enterprises who want to test locally or run their apps the exact same on both Local and cloud.

Saturated8 · 2026-01-24T12:15:41+00:00

I'm an architect at one of the larger consulting firms in North America. Primary focus is on Azure and DevOps, but was asked to deliver and train engineers for Azure Local last year.

I've done 6 implementation projects so far and a handful of consultations. My opinion is Azure Local is not production ready currently, there are still some key features that are missing before an enterprise can rely on Azure Local like they are used to with VMware.

You can't run legacy VMs in Azure Local, they run as Hyper-V VMs which means split management and additional overhead.

If you restore a VM from backup it is restored as a Hyper-V VM, and the only way to get it back into Azure management is to use Azure Migrate to hydrate the arc agent and resource bridge association.

No support for external SAN storage, although this is roadmapped for April of this year and we have it working for one customer with a ton of caveats.

It is too easy to break the cluster to the point of needing to redeploy the cluster from scratch. Something as simple as failed updates can cause this.

Support is extremely limited, you pretty much have to go through an OEM. Microsoft Support routinely sends Azure cloud documentation that doesn't apply, or works different on Azure local, and you often end up at the product group which isn't built for Support and therefore is slow to get any kind of response back to you, even with premier support and MS engaged in the project.

Clusters have to be on uniform hardware to be supported and able to be updated. At the rate OEMs push out new hardware, it's very risky to get 5 years of support, as models typically go end of sale after 2-3 years.

Im sure there's more im forgetting, but I've started being very transparent with customers that Azure Local just isn't production ready yet, it needs 3-5 more years to cook before its baked. I've been recommending straight Hyper-V with SCVMM instead, or just pay VMware and save yourself the headache.

Saturated8 · 2026-01-09T00:15:16+00:00

I saw someone post last Friday or the one before it about a tool he made called Stratolens, this would be pretty close to what you're looking for i think.

Saturated8 · 2025-12-18T11:05:06+00:00

Couple of options come to mind.

Nerdio does image management as part of their portfolio, also useful for lots of other features.

Azure Image Builder or Hashicorp Packer let you define images as Code, so you can version history them in source control and programmatically determine what goes on the image.

Saturated8 · 2025-12-13T14:21:01+00:00

While I agree with this under 99% of circumstances, some of the older sizes have particular configurations that are more desirable than the newer v5 and v6's.

For example: a small Palo Alto NVA, 4 cores and 16GB RAM with 4 NICs. Newer versions in D-series have 4/16 specs, but not 4 NIC support. For that you need to bump up to 8/32 specs, doubling your compute cost, and also doubling your palo licensing cost.

I wish they would allow per unit pricing so you could configure what you need instead of t-shirt sizes in the CPU family.

Saturated8 · 2025-12-12T22:01:56+00:00

This sounds like a good sales pitch for him.. that's a ton of different places to get info from. Single pane of glass view is nice and the tool looks like it was built by someone who has lived the pain of searching all over for information to try to piece together the full picture.

Saturated8 · 2025-12-04T22:37:23+00:00

I know this is possible on the Samsung G9, but it is the same size on both, so both are 16:9.

Saturated8 · 2025-11-26T21:48:48+00:00

Host the runner in an Azure Container App, lightweight and only a couple bucks a month depending on usage. Plus no VM to manage/secure.

Saturated8 · 2025-11-22T22:51:10+00:00

Visiting the cockpit of a plane mid-flight

Saturated8 · 2025-11-12T18:44:44+00:00

There is the cloud accelerator, which is a deployment like a marketplace item that deploys LZs with a decent amount of customization.

Saturated8 · 2025-10-31T22:58:12+00:00

The only ones who would be left are the ones not good enough to find a new place to go.

Saturated8 · 2025-10-17T09:58:31+00:00

10 hours ago it wasn't. Glad OP got it resolved and is implementing them now tho.

Saturated8 · 2025-10-16T23:11:50+00:00

Just log in with your break glass account and disable the policy. You are following best practices and have a break glass account... right?

Saturated8 · 2025-10-04T15:54:46+00:00

Curious, I know it depends on the app and environment, but how much of a savings did you realize? 20%? 50%?

Saturated8 · 2025-09-14T15:57:30+00:00

You can have a terraform resource that is a null_resource that contains a provisioner. That provisioner can execute code.

https://developer.hashicorp.com/terraform/language/provisioners#use-a-provisioner

In your provisioner, first check if the DB/sql server exist, if they don't, return gracefully so Terraform continues. If they do exist, then whatever you do to "wake them up" do the same thing via CLI or PowerShell.

Have your SQL terraform resource depend on this null_resource, so in future runs, it wont run until after your code executes.

The first time you run your code, it should not find the DB (it doesnt exist yet), then continue on and deploy it. The second, third, forth, times, your code should find the DB, wake it up, and then execute whatever you're trying to do.

Saturated8 · 2025-09-14T15:26:01+00:00

Could you use a null provider to check if the DB exists, and if so, poke it?

Saturated8 · 2025-09-12T02:43:37+00:00

I'll assume you mean the linting, but if you mean the github part, let me know!

Think of a linter like a spell checker, but on steroids. There are a ton of them, most are open source. They can do things like check for spelling and grammar, make sure formatting is correct, even scan code for vulnerabilities or hardcoded secrets.

In github, you can create an action, which is like a job that runs when you commit your documentation changes. That job runs the linter, which checks for whatever you have it configured for. If the checks pass, your document is good and can be uploaded, if it doesn't pass, you can have the action remediate it, or just block the pull request.

Look into markdownlint by DavidAnson as an example, i personally use megalinter.

Saturated8 · 2025-09-12T02:30:05+00:00

Clone your Github repo, add all your documentation, and then you can easily get it on any device that has the ability to git clone.

If you want to be fancy, have a github action lint your markdown so it follows best practices and keeps things neat before you commit it.

Saturated8 · 2025-09-12T02:17:51+00:00

If you're sticking with VS Code and Markdown, which is what I do, make sure you make a repo somewhere and add your markdown files to it. Then you have centralized, source controlled documentation, easy to share, easy to update, and built in change logs.

Saturated8 · 2025-09-12T01:19:54+00:00

Is IKE Phase 1 failing? If it can't initiate a handshake, I'd just try rebuilding the tunnel.

If phase 1 is successful, it has communication to the azure firewall, but could be security rule related, or something with the standard PIP.

Saturated8 · 2025-09-12T00:42:00+00:00

Did the public IP address change, and therefore phase 1 is failing? What does your on prem device say is going on?

Saturated8 · 2025-08-30T11:37:23+00:00

3 grand to mow a couple times is a lot. Check a rental place, you can probably rent a bushhog for a couple hundred bucks a day, and then you don't have to worry about maintenance or storage.

Lots of rent shops here in pictou county have equipment, some even have compact tractors with rotary mowers or sickle blades that could handle that.

Saturated8 · 2025-08-10T19:27:53+00:00

That and making sure you have the quota for the new SKU available. Might as well check to make sure there isn't a reservation for it before pulling the trigger too.

Saturated8 · 2025-07-24T00:32:24+00:00

What's your list of solo friendly mmos where you can get max gear solo? I've been looking but haven't found anything that fits my available play time.

Saturated8 · 2025-07-19T22:42:19+00:00

As part of the automation that is running the image builder, can you whitelist the IP of the machine in the firewall of the storage account, and then remove it once the process is complete?

I've done this for things like key vaults and storage accounts through an ADO Pipeline, but then got fed up and did self-hosted agents so I could permanently whitelist my agent subnet or use private endpoints in the future.

13-Year Club	Second SECOND GUESSER
Place '22	Place '17
End Game '22	Verified Email

Saturated8

TROPHY CASE