Air-Gapped Architecture Design
Overview
Section titled “Overview”Air-Gapped Architecture
Figure 1: Air-gapped Azure Local architecture with secure transfer mechanisms
Design and implement completely isolated Azure Local deployments with zero cloud connectivity, manual processes, and complete operational autonomy.
Air-Gap Boundaries
Section titled “Air-Gap Boundaries”Network Segmentation
Section titled “Network Segmentation”- Physical isolation from cloud
- No internet connectivity
- Internal networks only
- One-way transfer gates
Security Domains
Section titled “Security Domains”- Management domain (admin access)
- Application domain (user workloads)
- Data domain (sensitive information)
- Update staging domain
Air-Gapped Architecture Pattern
Section titled “Air-Gapped Architecture Pattern”Secure Transfer Mechanisms
Section titled “Secure Transfer Mechanisms”Physical Transfer
Section titled “Physical Transfer”- USB storage devices
- Removable media
- Secure drives
Logical Transfer
Section titled “Logical Transfer”- Manual export/import processes
- Integrity verification
- Cryptographic signatures
- Audit trails
Transfer Staging
Section titled “Transfer Staging”- Quarantine zone
- Virus scanning
- Content inspection
- Change tracking
Component Considerations
Section titled “Component Considerations”Management Layer
Section titled “Management Layer”- Local control plane
- No cloud backup
- Complete self-sufficiency
- Manual administration
Compute & Storage
Section titled “Compute & Storage”- All data local
- No external replication
- Complete isolation
- Local DR capability
Monitoring & Logging
Section titled “Monitoring & Logging”- Local telemetry
- On-premises analytics
- Local log storage
- No cloud ingestion
Operational Procedures
Section titled “Operational Procedures”- Manual health checks
- Local troubleshooting only
- Offline documentation
- No telemetry support
See also: Certificate Management