Introduction: A Vision for Unified Hybrid Networking
Today, Microsoft was excited to announce the public preview of Software Defined Networking (SDN) for Azure Local, fully powered by Azure Arc. This marks a major milestone in Microsoft’s hybrid and edge strategy. It enables seamless, policy-driven network fabric control across on-premises, branch, and edge environments. All of this is made possible through Azure Arc.
As modern organizations evolve toward distributed applications, edge workloads, and multi-cloud architectures, networking becomes the control plane that determines agility, security, and scalability. This preview is our answer to that shift.
What Is Azure Local + Azure Arc?
Let’s break it down:
| Concept | Description |
|---|---|
| Azure Local | A Microsoft-first strategy to bring Azure services such as compute, storage, SDN, and Kubernetes to on-premises via Azure Local. |
| Azure Arc | A hybrid management platform that extends Azure governance, policy, and automation to any infrastructure including Linux, Windows, Kubernetes, or infrastructure running outside of Azure. |
With SDN on Azure Local now Arc-enabled, network administrators gain centralized policy control, automation, and telemetry for their on-premises networks. This experience mirrors what they already enjoy with native Azure Virtual Networks.
Preview Scope: What’s Included?
This preview introduces core SDN capabilities integrated with Azure Arc and Azure Local. It enables you to:
- Provision virtual networks similar to VNets locally using Azure Arc.
- Apply NSG-style microsegmentation policies.
- Deploy Software Load Balancers (SLB) for east-west and north-south traffic control.
- Manage gateways and NAT pools for hybrid connectivity.
- View network telemetry in Azure Monitor (optional).
- Automate infrastructure using PowerShell, ARM, or Bicep.
- Integrate with Windows Admin Center and Azure Portal.
Supported Deployment Scenarios
This preview is ideal for hybrid and edge use cases such as:
| Scenario | Description |
|---|---|
| Branch-to-Core SD-WAN Overlay | Provision and segment networks across regional branches connected using Arc-enabled SDN. |
| Multitenant Edge Hosting | Host multiple customer or department workloads with strong isolation policies using NSG-like rules. |
| Disaster Recovery Zones | Use Arc-enabled SDN to enforce consistency between Azure and Azure Local during disaster recovery failover. |
| AI and IoT on the Edge | Use SLB and NAT rules for containerized workloads running inferencing at the edge. |
Architecture Overview
Here is how Azure Arc-enabled SDN overlays your Azure Local fabric:
Key Benefits of Arc-Enabled SDN on Azure Local
| Benefit | Description |
|---|---|
| Unified Management | Control on-premises networks using the same policies and RBAC model as in Azure. |
| Microsegmentation at Scale | Apply NSG-like policies across multiple tenants, branches, or edge zones. |
| Improved Disaster Recovery and High Availability | Manage network consistency and egress paths across primary and failover sites. |
| Reduced Operational Overhead | Declarative infrastructure and lifecycle automation reduce manual configurations. |
| Compliance and Telemetry | Audit, monitor, and enforce policies centrally using Azure Monitor and Microsoft Defender for Cloud. |
Hands-On: PowerShell and Bicep Examples
Registering a Local Site with Azure Arc
# Connect your HCI cluster to Azure Arc
Connect-AzAccount
Enable-AzStackHCIArcIntegration -ClusterName "HCI-Cluster01"
Create a Virtual Network via PowerShell
New-AzVirtualNetwork `
-Name "Tenant1-VNet" `
-ResourceGroupName "AzureLocal-RG" `
-Location "onprem-region1" `
-AddressPrefix "10.10.0.0/16"
Deploy with Bicep
resource vnet 'Microsoft.Network/virtualNetworks@2023-05-01' = {
name: 'Tenant1-VNet'
location: 'onprem-region1'
properties: {
addressSpace: {
addressPrefixes: [
'10.10.0.0/16'
]
}
}
}
Sample NSG-Like Policy
{
"name": "Allow-HTTPS-Inbound",
"priority": 100,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*"
}
Real-World Impact
In early pilot deployments across retail, manufacturing, and government customers, Azure Local SDN enabled:
- 90 percent faster provisioning of segmented networks across remote branches.
- Centralized policy enforcement for legacy applications and IoT systems without traditional VPN complexity.
- Unified identity and access control across Azure, Arc, and on-premises environments using Microsoft Entra ID.
What’s Next?
In upcoming updates, Microsoft plans to expand the preview to support:
- Dynamic route injection and BGP peering with physical routers.
- Automated SLB-as-a-Service deployment through Azure templates.
- Integration with third-party virtual network appliances and firewalls.
Join the Preview
You can sign up for the SDN on Azure Local Preview today and help shape the future of hybrid networking. This preview is available in select regions and will expand over time.
Conclusion
Hybrid cloud is not just a bridge between on-premises and public cloud. It is the new foundation. With Azure Arc-powered SDN now available in Azure Local, organizations gain the ability to build once, deploy anywhere, and manage from a single control plane.
The network is now as agile and intelligent as the workloads it supports.
Disclaimer
The views expressed in this article are those of the author and do not represent the opinions of Microsoft, my employer, or any affiliated organization. Always refer to official Azure documentation before production deployment.
Introduction Healthcare organizations face enormous pressure to protect patient data while supporting efficient clinician workflows. Compliance requirements like HIPAA, growing cybersecurity risks,...