Merge pull request #177490 from ju-shim/flex-25

Court72 · web-flow · commit 164078c0899e · 2021-10-26T15:58:08.000-06:00
FLEX networking and portal
diff --git a/articles/virtual-machine-scale-sets/orchestration-modes-api-comparison.md b/articles/virtual-machine-scale-sets/orchestration-modes-api-comparison.md
@@ -26,7 +26,6 @@ This article compares the API differences between Uniform and [Flexible orchestr
 
 | Uniform API | Flexible alternative |
 |-|-|
-| Virtual machine scale sets VM Lifecycle Batch Operations:  | Invoke Single VM API on specific instances: |
 | [Deallocate](/rest/api/compute/virtualmachinescalesetvms/deallocate)  | [Invoke Single VM API - Deallocate](/rest/api/compute/virtualmachines/deallocate)   |
 | [Delete](/rest/api/compute/virtualmachinescalesetvms/delete)  | [Invoke Single VM API -Delete](/rest/api/compute/virtualmachines/delete)  |
 | [Get Instance View](/rest/api/compute/virtualmachinescalesetvms/getinstanceview)  | [Invoke Single VM API - Instance View](/rest/api/compute/virtualmachines/instanceview)  |
@@ -42,23 +41,42 @@ This article compares the API differences between Uniform and [Flexible orchestr
 
 ## Get or Update 
 
-### Uniform API
+**Uniform API:**
+
 Virtual machine scale sets VM Get or Update Instance:
 - [Get](/rest/api/compute/virtualmachinescalesetvms/get) 
 - [Update](/rest/api/compute/virtualmachinescalesetvms/update)
 
-### Flexible alternative 
+**Flexible alternative:** 
+
 Invoke Single VM APIs:
 - [ARM Lock Resource](../azure-resource-manager/management/lock-resources.md?tabs=json) for Instance Protection type behavior 
+    
+
+## Get or Update scale set VM instances
+
+| Uniform API | Flexible alternative |
+|-|-|
+| [Get scale set VM details](/rest/api/compute/virtualmachinescalesetvms/get) | [Get virtual machine](/rest/api/compute/virtualmachines/get) |
+| [Update scale set VM instance](/rest/api/compute/virtualmachinescalesetvms/update) | [Update virtual machine](/rest/api/compute/virtualmachines/update) |
+
+
+## Instance protection 
+
+| Uniform API | Flexible alternative |
+|-|-|
+| [Instance Protection](virtual-machine-scale-sets-instance-protection.md) | [ARM Lock Resource](../azure-resource-manager/management/lock-resources.md?tabs=json) for Instance Protection type behavior | 
 
 
 ## List instances 
 
-### Uniform API
+**Uniform API:**
+
 `VMSS List Instances`: 
 - Returns the scale set ID associated with each instance
 
-### Flexible alternative
+**Flexible alternative:**
+
 Azure Resource Graph: 
 
 ```armasm
@@ -67,9 +85,10 @@ resources
 | where properties.virtualMachineScaleSet.id contains "portalbb01" 
 ```
 
-## Scale set operations 
+## Scale set instance operations 
+
+**Uniform API:**
 
-### Uniform API
 Virtual machine scale sets Operations:
 - [Update Instances](/rest/api/compute/virtual-machine-scale-sets/update-instances)
 - [Deallocate](/rest/api/compute/virtual-machine-scale-sets/deallocate)
@@ -82,44 +101,51 @@ Virtual machine scale sets Operations:
 - [Set Orchestration Service State](/rest/api/compute/virtual-machine-scale-sets/set-orchestration-service-state)
 - [Start](/rest/api/compute/virtual-machine-scale-sets/start)
 
-### Flexible alternative
+**Flexible alternative:**
+
 Invoke operations on individual VMs.
 
 Virtual machines Operations:
 - [Reimage](/rest/api/compute/virtual-machines/reimage): invoke single VM API - Reimage on Ephemeral OS VMs only
 
 ## VM extension
 
-### Uniform API
+**Uniform API:**
+
 Virtual machine scale sets VM Extension:
 - [Create Or Update](/rest/api/compute/virtual-machine-scale-set-vm-extensions/create-or-update)
 - [Delete](/rest/api/compute/virtual-machine-scale-set-vm-extensions/delete)
 - [Get](/rest/api/compute/virtual-machine-scale-set-vm-extensions/get)
 - [List](/rest/api/compute/virtual-machine-scale-set-vm-extensions/list)
 - [Update](/rest/api/compute/virtual-machine-scale-set-vm-extensions/update) 
 
-### Flexible alternative
+**Flexible alternative:**
+
 Invoke operations on individual VMs.
 
 
 ## Networking 
 
-### Uniform API
-- NAT Pool / Port forwarding 
-- NAT Pool not supported in Flexible scale sets  
+| Uniform API | Flexible alternative |
+|-|-|
+| Load balancer NAT pool | Specify NAT rule to specific instances | 
 
-### Flexible alternative
-- Set up individual NAT Rules on each VM
+> [!IMPORTANT]
+> Networking behavior will vary depending on how you choose to create virtual machines within your scale set. **Manually added VM instances** have default outbound connectivity access. **Implicitly created VM instances** do not have default access.
+>
+> For more information on networking for Flexible scale sets, see [scalable network connectivity](../virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md#create-scalable-network-connectivity).
 
 
 ## Scale set APIs
 
-### Uniform API
+**Uniform API:**
+
 Uniform virtual machine scale sets APIs:
 - [Convert To Single Placement Group](/rest/api/compute/virtual-machine-scale-sets/convert-to-single-placement-group)
 - [Force Recovery Service Fabric Platform Update Domain Walk](/rest/api/compute/virtual-machine-scale-sets/force-recovery-service-fabric-platform-update-domain-walk)
 
-### Flexible alternative
+**Flexible alternative:**
+
 Not supported on Flexible virtual machine scale sets.
 
 
diff --git a/articles/virtual-machine-scale-sets/quick-create-portal.md b/articles/virtual-machine-scale-sets/quick-create-portal.md
@@ -57,6 +57,7 @@ You can deploy a scale set with a Windows Server image or Linux image such as RH
 1. In the **Basics** tab, under **Project details**, make sure the correct subscription is selected and select *myVMSSResourceGroup* from resource group list. 
 1. Type *myScaleSet* as the name for your scale set.
 1. In **Region**, select a region that is close to your area.
+1. Under **Orchestration**, ensure the *Uniform* option is selected for **Orchestration mode**. 
 1. Select a marketplace image for **Image**. In this example, we have chosen *Ubuntu Server 18.04 LTS*.
 1. Enter your desired username, and select which authentication type you prefer.
    - A **Password** must be at least 12 characters long and meet three out of the four following complexity requirements: one lower case character, one upper case character, one number, and one special character. For more information, see [username and password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-).
diff --git a/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md b/articles/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes.md
@@ -110,7 +110,7 @@ The following table compares the Flexible orchestration mode, Uniform orchestrat
 | Managed Identity  | User Assigned Identity Only  | System Assigned or User Assigned  | N/A (can specify Managed Identity on individual instances) |
 | Add/remove existing VM to the group  | No  | No  | No |
 | Service Fabric  | No  | Yes  | No |
-| Azure Kubernetes Service (AKS) / AKE / k8s node pool  | No  | Yes  | No |
+| Azure Kubernetes Service (AKS) / AKE  | No  | Yes  | No |
 | UserData  | Partial, UserData can be specified for individual VMs | Yes  | UserData can be specified for individual VMs |
 
 
diff --git a/articles/virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md b/articles/virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md
@@ -81,23 +81,31 @@ There is currently no automated tooling to directly move existing instances or u
 
 Virtual machine scale sets with Flexible orchestration allows you to combine the scalability of [virtual machine scale sets in Uniform orchestration](../virtual-machine-scale-sets/overview.md) with the regional availability guarantees of availability sets. The following are key considerations when deciding to work with the Flexible orchestration mode. 
 
-### Explicit network outbound connectivity required 
+### Create scalable network connectivity 
+<!-- the following is an important link to use in FLEX documentation to reference this section:
+/virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md#create-scalable-network-connectivity
+-->
 
-In order to enhance default network security, Virtual machine scale sets with Flexible orchestration will require that instances created implicitly via the autoscaling profile have outbound connectivity defined explicitly through one of the following methods: 
+Networking outbound access behavior will vary depending on how you choose to create virtual machines within your scale set. **Manually added VM instances** have default outbound connectivity access. **Implicitly created VM instances** do not have default access. 
+
+In order to enhance default network security, **virtual machine instances created implicitly via the autoscaling profile do not have default outbound access**. In order to use virtual machine scale sets with implicitly created VM instances, outbound access must be explicitly defined through one of the following methods: 
 
 - For most scenarios, we recommend [NAT Gateway attached to the subnet](../virtual-network/nat-gateway/tutorial-create-nat-gateway-portal.md).
 - For scenarios with high security requirements or when using Azure Firewall or Network Virtual Appliance (NVA), you can specify a custom User Defined Route as next hop through firewall. 
 - Instances are in the backend pool of a Standard SKU Azure Load Balancer. 
 - Attach a Public IP Address to the instance network interface. 
 
-With single instance VMs and Virtual machine scale sets with Uniform orchestration, outbound connectivity is provided automatically. 
-
 Common scenarios that will require explicit outbound connectivity include: 
 
 - Windows VM activation will require that you have defined outbound connectivity from the VM instance to the Windows Activation Key Management Service (KMS). See [Troubleshoot Windows VM activation problems](/troubleshoot/azure/virtual-machines/troubleshoot-activation-problems) for more information.  
 - Access to storage accounts or Key Vault. Connectivity to Azure services can also be established via [Private Link](../private-link/private-link-overview.md). 
+- Windows updates.
+- Access to Linux package managers. 
+
+See [Default outbound access in Azure](../virtual-network/ip-services/default-outbound-access.md) for more details on defining  outbound connectivity.
+
+With single instance VMs where you explicitly create the NIC, default outbound access is provided. Virtual machine scale sets in Uniform Orchestration mode also has default outbound connectivity. 
 
-See [Default outbound access in Azure](../virtual-network/ip-services/default-outbound-access.md) for more details on defining secure outbound connections.
 
 > [!IMPORTANT]
 > Confirm that you have explicit outbound network connectivity. Learn more about this in [virtual networks and virtual machines in Azure](../virtual-network/network-overview.md) and make sure you are following Azure's networking [best practices](../virtual-network/concepts-and-best-practices.md). 
@@ -150,17 +158,9 @@ Use the standard VM APIs and commands to retrieve instance Boot Diagnostics data
 Use extensions targeted for standard virtual machines, instead of extensions targeted for Uniform orchestration mode instances.
 
 
+### Protect instances from delete
 
-
-
-
-
-
-
-
-
-
-
+Virtual machine scale sets in Flexible orchestration mode do not currently have instance protection options. If you have autoscale enabled on a virtual machine scale set, some VMs might be at risk of deletion during the scaling in process. If you want to protect certain VM instances from deletion, use [Azure Resource Manager lock](../azure-resource-manager/management/lock-resources.md).
 
 
 
diff --git a/articles/virtual-machines/flexible-virtual-machine-scale-sets-portal.md b/articles/virtual-machines/flexible-virtual-machine-scale-sets-portal.md
@@ -6,7 +6,7 @@ ms.author: fisteele
 ms.topic: how-to
 ms.service: virtual-machines
 ms.subservice: flexible-scale-sets
-ms.date: 08/05/2021
+ms.date: 10/25/2021
 ms.reviewer: jushiman
 ms.custom: mimckitt, devx-track-azurecli, vmss-flex
 ---
@@ -22,31 +22,50 @@ This article steps through using Azure portal to create a virtual machine scale
 > The orchestration mode is defined when you create the scale set and cannot be changed or updated later.
 
 
-## Get started with Flexible orchestration mode
+## Log in to Azure
+Log in to the Azure portal at https://portal.azure.com.
 
-### Create a virtual machine scale set in Flexible orchestration mode through the Azure portal.
 
-1. Log into the Azure portal at https://portal.azure.com.
-1. In the search bar, search for and select **Virtual machine scale sets**.
+## Create a virtual machine scale set
+
+You can deploy a scale set with a Windows Server image or Linux image such as RHEL, CentOS, Ubuntu, or SLES.
+
+1. In the Azure portal search bar, search for and select **Virtual machine scale sets**.
 1. Select **Create** on the **Virtual machine scale sets** page.
-1. On the **Create a virtual machine scale set** page, view the **Orchestration** section.
-1. For the **Orchestration mode**, select the **Flexible** option.
-1. Set the **Fault domain count**.
-1. Finish creating your scale set. See [create a scale set in the Azure portal](../virtual-machine-scale-sets/quick-create-portal.md#create-virtual-machine-scale-set) for more information on how to create a scale set.
 
+1. In the **Basics** tab, under **Project details**, make sure the correct subscription is selected and select *myVMSSResourceGroup* from resource group list.  
+1. Under **Scale set details**, set *myScaleSet* for your scale set name and select a **Region** that is close to your area.
+1. Under **Orchestration**, select the *Flexible* option for **Orchestration mode**. 
+1. Under **Instance details**, select a marketplace image for **Image**. In this example, we have chosen *Ubuntu Server 18.04 LTS*.
+1. Enter your desired username, and select which authentication type you prefer.
+   - A **Password** must be at least 12 characters long and meet three out of the four following complexity requirements: one lower case character, one upper case character, one number, and one special character. For more information, see [username and password requirements](../virtual-machines/windows/faq.yml#what-are-the-password-requirements-when-creating-a-vm-).
+   - If you select a Linux OS disk image, you can instead choose **SSH public key**. Only provide your public key, such as *~/.ssh/id_rsa.pub*. You can use the Azure Cloud Shell from the portal to [create and use SSH keys](../virtual-machines/linux/mac-create-ssh-keys.md).
+
+1. Select **Next** to move the the next page. 
+
+1. Leave the defaults for the **Disks** page.
+
+1. Select **Next** to move the the next page. 
+
+1. On the **Networking** page, under **Load balancing**, select the **Use a load balancer** checkbox to put the scale set instances behind a load balancer. 
+1. In **Load balancing options**, select **Azure load balancer**.
+1. In **Select a load balancer**, select a load balancer or create a new one.
+1. For **Select a backend pool**, select **Create new**, type *myBackendPool*, then select **Create**.
+
+    > [!NOTE]
+    > For related information on networking for Flexible scale sets, see [scalable network connectivity for Flexible scale sets](../virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md#create-scalable-network-connectivity).
+
+1. Select **Next** to move the the next page.
 
-### (Optional) Add a virtual machine to the scale set in Flexible orchestration mode.
+1. On the **Scaling** page, set the **initial instance count** field to *5*. You can set this number up to 1000. 
+1. For the **Scaling policy**, keep it *Manual*. 
 
-1. In the search bar, search for and select **Virtual machines**.
-1. Select **Add** on the **Virtual machines** page.
-1. In the **Basics** tab, view the **Instance details** section.
-1. Add your VM to the scale set in Flexible orchestration mode by selecting the scale set in the **Availability options**. You can add the virtual machine to a scale set in the same region, zone, and resource group.
-1. Go to the **Networking** tab and explicitly define your outbound connectivity.
+1. When you are done, select **Review + create**. 
+1. After it passes validation, select **Create** to deploy the scale set.
 
-    > [!IMPORTANT]
-    > Explicitly defined outbound connectivity is required for virtual machine scale sets with flexible orchestration. Refer to [explicit outbound network connectivity](flexible-virtual-machine-scale-sets-migration-resources.md#explicit-network-outbound-connectivity-required) for more information.
 
-1. Finish creating your virtual machine.
+## Clean up resources
+When no longer needed, delete the resource group, scale set, and all related resources. To do so, select the resource group for the scale set and then select **Delete**.
 
 
 ## Next steps
diff --git a/articles/virtual-machines/flexible-virtual-machine-scale-sets.md b/articles/virtual-machines/flexible-virtual-machine-scale-sets.md
@@ -93,6 +93,10 @@ Flexible orchestration mode can be used with VM SKUs that support [memory preser
 az vm list-skus -l eastus --size standard_d2s_v3 --query "[].capabilities[].[name, value]" -o table
 ```
 
+> [!IMPORTANT]
+> Networking behavior will vary depending on how you choose to create virtual machines within your scale set. For more information, see [scalable network connectivity](../virtual-machines/flexible-virtual-machine-scale-sets-migration-resources.md#create-scalable-network-connectivity).
+
+
 ## Features
 The following tables list the Flexible orchestration mode features and links to the appropriate documentation.
 
@@ -115,7 +119,7 @@ The following tables list the Flexible orchestration mode features and links to
 | Managed Identity  | User Assigned Identity Only  |
 | Add/remove existing VM to the group  | No  |
 | Service Fabric  | No  |
-| Azure Kubernetes Service (AKS) / AKE / k8s node pool  | No  |
+| Azure Kubernetes Service (AKS) / AKE  | No  |
 | UserData  | Partial, UserData can be specified for individual VMs |
 
 
