Merge pull request #213799 from mikhailalmeida/release-arc-data

MikeRayMSFT · web-flow · commit 26e013b3519b · 2022-10-06T15:15:39.000-07:00
Active Directory Connector GA &amp; Upgrade Process

Merging to release branch for product release. Not tied to Ignite.
diff --git a/articles/azure-arc/data/active-directory-introduction.md b/articles/azure-arc/data/active-directory-introduction.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/15/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Azure Arc-enabled SQL Managed Instance with Active Directory authentication 
 
 Azure Arc-enabled data services support Active Directory (AD) for Identity and Access Management (IAM). The Arc-enabled SQL Managed Instance uses an existing on-premises Active Directory (AD) domain for authentication. 
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 This article describes how to enable Azure Arc-enabled SQL Managed Instance with Active Directory (AD) Authentication. The article demonstrates two possible AD integration modes: 
 -  Customer-managed keytab (CMK) 
 -  System-managed keytab (SMK)  
@@ -55,7 +53,7 @@ To enable Active Directory authentication for Arc-enabled SQL Managed Instance,
 
 The following section compares these modes.
 
-|                  |Customer-managed keytab​|System-managed keytab -  Preview​|
+|                  |Customer-managed keytab​|System-managed keytab|
 |------------------|---------|--------|
 |**Use cases**|Small and medium size businesses who are familiar with managing Active Directory objects and want flexibility in their automation process |All sizes of businesses - seeking to highly automated Active Directory management experience|
 |**User provides**|An Active Directory account and SPNs under that account, and a [keytab file](/sql/linux/sql-server-linux-ad-auth-understanding#what-is-a-keytab-file) for Active Directory authentication |An [Organizational Unit (OU)](../../active-directory-domain-services/create-ou.md) and a domain service account has [sufficient permissions](deploy-system-managed-keytab-active-directory-connector.md?#prerequisites) on that OU in Active Directory.|
diff --git a/articles/azure-arc/data/active-directory-prerequisites.md b/articles/azure-arc/data/active-directory-prerequisites.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/21/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Azure Arc-enabled SQL Managed Instance in Active Directory authentication with system-managed keytab - prerequisites
 
 This document explains how to prepare to deploy Azure Arc-enabled data services with Active Directory (AD) authentication. Specifically the article describes Active Directory objects you need to configure before the deployment of Kubernetes resources.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 [The introduction](active-directory-introduction.md#compare-ad-integration-modes) describes two different integration modes:
 - *System-managed keytab* mode allows the system to create and manage the AD accounts for each SQL Managed Instance.
 - *Customer-managed keytab* mode allows you to create and manage the AD accounts for each SQL Managed Instance.
diff --git a/articles/azure-arc/data/connect-active-directory-sql-managed-instance.md b/articles/azure-arc/data/connect-active-directory-sql-managed-instance.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 12/15/2021
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Connect to AD-integrated Azure Arc-enabled SQL Managed Instance
 
 This article describes how to connect to SQL Managed Instance endpoint using Active Directory (AD) authentication. Before you proceed, make sure you have an AD-integrated Azure Arc-enabled SQL Managed Instance deployed already.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 See [Tutorial – Deploy AD-integrated SQL Managed Instance](deploy-active-directory-sql-managed-instance.md) to deploy Azure Arc-enabled SQL Managed Instance with Active Directory authentication enabled.
 
 > [!NOTE]
diff --git a/articles/azure-arc/data/deploy-active-directory-connector-cli.md b/articles/azure-arc/data/deploy-active-directory-connector-cli.md
@@ -7,7 +7,7 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 08/16/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
@@ -16,8 +16,6 @@ ms.topic: how-to
 
 This article explains how to deploy an Active Directory (AD) connector using Azure CLI. The AD connector is a key component to enable Active Directory authentication on Azure Arc-enabled SQL Managed Instance.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 ## Prerequisites
 
 ### Install tools
diff --git a/articles/azure-arc/data/deploy-active-directory-connector-portal.md b/articles/azure-arc/data/deploy-active-directory-connector-portal.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: MikeRayMSFT
 ms.author: mikeray
 ms.reviewer: dinethi
-ms.date: 05/24/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Tutorial – Deploy Active Directory connector using Azure portal
 
 Active Directory (AD) connector is a key component to enable Active Directory authentication on Azure Arc-enabled SQL Managed Instances.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 This article explains how to deploy, manage, and delete an Active Directory (AD) connector in directly connected mode from the Azure portal. 
 
 ## Prerequisites
diff --git a/articles/azure-arc/data/deploy-active-directory-sql-managed-instance-cli.md b/articles/azure-arc/data/deploy-active-directory-sql-managed-instance-cli.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/28/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Deploy Active Directory integrated Azure Arc-enabled SQL Managed Instance using Azure CLI
 
 This article explains how to deploy Azure Arc-enabled SQL Managed Instance with Active Directory (AD) authentication using Azure CLI.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 See these articles for specific instructions:
 
 - [Tutorial – Deploy AD connector in customer-managed keytab mode](deploy-customer-managed-keytab-active-directory-connector.md)
diff --git a/articles/azure-arc/data/deploy-active-directory-sql-managed-instance.md b/articles/azure-arc/data/deploy-active-directory-sql-managed-instance.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/05/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Deploy Active Directory integrated Azure Arc-enabled SQL Managed Instance
 
 This article explains how to deploy Azure Arc-enabled SQL Managed Instance with Active Directory (AD) authentication.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 Before you proceed, complete the steps explained in [Customer-managed keytab Active Directory (AD) connector](deploy-customer-managed-keytab-active-directory-connector.md) or [Deploy a system-managed keytab AD connector](deploy-system-managed-keytab-active-directory-connector.md)
 
 ## Prerequisites
diff --git a/articles/azure-arc/data/deploy-customer-managed-keytab-active-directory-connector.md b/articles/azure-arc/data/deploy-customer-managed-keytab-active-directory-connector.md
@@ -7,16 +7,14 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/05/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
 # Tutorial – Deploy Active Directory (AD) connector in customer-managed keytab mode
 
 This article explains how to deploy Active Directory (AD) connector in customer-managed keytab mode. The connector is a key component to enable Active Directory authentication on Azure Arc-enabled SQL Managed Instance.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 ## Active Directory connector in customer-managed keytab mode
 
 In customer-managed keytab mode, an Active Directory connector deploys a DNS proxy service that proxies the DNS requests coming from the managed instance to either of the two upstream DNS services:
diff --git a/articles/azure-arc/data/deploy-system-managed-keytab-active-directory-connector.md b/articles/azure-arc/data/deploy-system-managed-keytab-active-directory-connector.md
@@ -7,7 +7,7 @@ ms.subservice: azure-arc-data-sqlmi
 author: mikhailalmeida
 ms.author: mialmei
 ms.reviewer: mikeray
-ms.date: 04/05/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
@@ -16,8 +16,6 @@ ms.topic: how-to
 
 This article explains how to deploy Active Directory connector in system-managed keytab mode. It is a key component to enable Active Directory authentication on Azure Arc-enabled SQL Managed Instance.
 
-[!INCLUDE [azure-arc-data-preview](../../../includes/azure-arc-data-preview.md)]
-
 ## Active Directory connector in system-managed keytab mode
 
 In System-Managed Keytab mode, an Active Directory connector deploys a DNS proxy service that proxies the DNS requests coming from the managed instance to either of the two upstream DNS services:
diff --git a/articles/azure-arc/data/toc.yml b/articles/azure-arc/data/toc.yml
@@ -82,7 +82,7 @@ items:
       items:
         - name: Upload usage data
           href: upload-usage-data.md
-        - name: Monitor with Grafana & Kibana
+        - name: Monitor with Grafana and Kibana
           href: monitor-grafana-kibana.md
         - name: Deploy telemetry router 
           href: deploy-telemetry-router.md
@@ -134,7 +134,7 @@ items:
           href: service-tiers.md
     - name: How-to
       items:
-        - name: Create & connect
+        - name: Create and connect
           items:
             - name: Create with CLI
               href: create-sql-managed-instance.md
@@ -148,7 +148,7 @@ items:
           items:
             - name: Configure
               href: configure-managed-instance.md
-            - name: Monitor, log analytics, & billing information - portal
+            - name: Monitor, log analytics, and billing information - portal
               href: monitoring-log-analytics-azure-portal-managed-instance.md
             - name: Reserved capacity
               href: reserved-capacity-overview.md
@@ -196,12 +196,16 @@ items:
                   href: deploy-active-directory-connector-cli.md
                 - name: Deploy AD connector - portal
                   href: deploy-active-directory-connector-portal.md
-            - name: Deploy SQL Managed Instance
-              href: deploy-active-directory-sql-managed-instance.md
-            - name: Deploy SQL Managed Instance - CLI
-              href: deploy-active-directory-sql-managed-instance-cli.md
-            - name: Connect SQL Managed Instance
-              href: connect-active-directory-sql-managed-instance.md
+            - name: Deploy and connect SQL managed instance
+              items:
+                - name: Deploy SQL Managed Instance
+                  href: deploy-active-directory-sql-managed-instance.md
+                - name: Deploy SQL Managed Instance - CLI
+                  href: deploy-active-directory-sql-managed-instance-cli.md
+                - name: Connect SQL Managed Instance
+                  href: connect-active-directory-sql-managed-instance.md
+            - name: Upgrade connector
+              href: upgrade-active-directory-connector.md
         - name: Transparent data encryption
           items:
             - name: Turn on transparent data encryption manually
@@ -242,15 +246,15 @@ items:
       items:
         - name: Manage
           items:
-            - name: Back up & restore
+            - name: Back up and restore
               href: backup-restore-postgresql.md
             - name: Change PostgreSQL port
               href: change-postgresql-port.md
-            - name: Configure & scale
+            - name: Configure and scale
               items:
                 - name: Show configuration
                   href: show-configuration-postgresql-server.md
-                - name: Scale up|down memory & vCores
+                - name: Scale up|down memory and vCores
                   href: scale-up-down-postgresql-server-using-cli.md
             - name: Delete
               href: delete-postgresql-server.md
diff --git a/articles/azure-arc/data/upgrade-active-directory-connector.md b/articles/azure-arc/data/upgrade-active-directory-connector.md
@@ -0,0 +1,99 @@
+---
+title: Upgrade Active Directory connector for Azure SQL Managed Instance direct or indirect mode connected to Azure Arc
+description: The article describes how to upgrade an active directory connector for direct or indirect mode connected to Azure Arc-enabled SQL Managed Instance
+services: azure-arc
+ms.service: azure-arc
+ms.subservice: azure-arc-data-sqlmi
+author: mikhailalmeida
+ms.author: mialmei
+ms.reviewer: mikeray
+ms.date: 10/11/2022
+ms.topic: how-to
+---
+
+# Upgrade Active Directory connector (adc) for Azure SQL Managed Instance direct or indirect mode connected to Azure Arc
+
+This article describes how to upgrade the Active Directory connector deployed on direct or indirect mode connected to Azure Arc-enabled data controller.
+
+## Prerequisites
+
+Before you can proceed with the tasks in this article, you need:
+
+- To connect and authenticate to a Kubernetes cluster
+- An existing Kubernetes context selected
+
+You need a direct or indirect mode connected to data controller with the `imageTag v1.2.0_2021-12-15` or greater.
+
+### Install tools
+
+To upgrade the active directory connector (adc), you need to have the Kubernetes tools installed.
+
+The examples in this article use `kubectl`, but similar approaches could be used with other Kubernetes tools such as the Kubernetes dashboard, `oc`, or helm if you're familiar with those tools and Kubernetes yaml/json.
+
+[Install the kubectl tool](https://kubernetes.io/docs/tasks/tools/)
+
+
+## Limitations
+
+The Azure Arc Data Controller must be upgraded to the new version before the active directory connector (adc) can be upgraded.
+
+The active directory connector (adc) must be at the same version as the data controller before a data controller is upgraded.
+
+There is no batch upgrade process available at this time.
+
+## Upgrade the active directory connector (adc)
+
+
+### Upgrade to `imageTag v1.12.0_2022-10-11` or greater
+
+The active directory connector (adc) automatically upgrades to the new version part of the data controller upgrade.
+
+### Upgrade prior to `imageTag v1.12.0_2022-10-11` or lower
+
+Use a kubectl command to view the existing spec in yaml.
+
+```console
+kubectl get adc <adc-name> --namespace <namespace> --output yaml
+```
+
+Run kubectl patch to update the desired version.
+
+```console
+kubectl patch adc <adc-name> --namespace <namespace> --type merge --patch '{"spec": {"update": {"desiredVersion": "v1.11.0_2022-09-13"}}}'
+```
+
+## Monitor
+
+You can monitor the progress of the upgrade with kubectl.
+
+### kubectl
+
+```console
+kubectl describe adc <adc-name> --namespace <namespace>
+```
+
+### Output
+
+The output for the command will show the resource information. Upgrade information will be in Status.
+
+During the upgrade, ```State``` will show ```Updating``` and ```Running Version``` will be the current version:
+
+```output
+Status:
+  Last Update Time:     2022-09-20T16:01:48.449512Z
+  Observed Generation:  1
+  Running Version:      v1.10.0_2022-08-09
+  State:                Updating
+```
+
+When the upgrade is complete, ```State``` will show ```Ready``` and ```Running Version``` will be the new version:
+
+```output
+Status:
+  Last Update Time:     2022-09-20T16:01:54.279612Z
+  Observed Generation:  2
+  Running Version:      v1.11.0_2022-09-13
+  State:                Ready
+```
+
+[!INCLUDE [upgrade-rollback](includes/upgrade-rollback.md)]
diff --git a/articles/azure-arc/data/upgrade-sql-managed-instance-cli.md b/articles/azure-arc/data/upgrade-sql-managed-instance-cli.md
@@ -8,7 +8,7 @@ ms.custom: event-tier1-build-2022
 author: dnethi
 ms.author: dinethi
 ms.reviewer: mikeray
-ms.date: 07/07/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
@@ -31,7 +31,9 @@ The `arcdata` extension version and the image version are related. Check that yo
 
 The Azure Arc Data Controller must be upgraded to the new version before the managed instance can be upgraded.
 
-The managed instance must be at the same version as the data controller before a data controller is upgraded.
+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.
+
+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.
 
 There's no batch upgrade process available at this time.
 
diff --git a/articles/azure-arc/data/upgrade-sql-managed-instance-direct-cli.md b/articles/azure-arc/data/upgrade-sql-managed-instance-direct-cli.md
@@ -8,7 +8,7 @@ ms.custom: event-tier1-build-2022
 author: dnethi
 ms.author: dinethi
 ms.reviewer: mikeray
-ms.date: 07/07/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
@@ -31,7 +31,9 @@ The `arcdata` extension version and the image version are related. Check that yo
 
 The Azure Arc data controller must be upgraded to the new version before the managed instance can be upgraded.
 
-The managed instance must be at the same version as the data controller before a data controller is upgraded.
+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.
+
+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.
 
 There's no batch upgrade process available at this time.
 
diff --git a/articles/azure-arc/data/upgrade-sql-managed-instance-direct-portal.md b/articles/azure-arc/data/upgrade-sql-managed-instance-direct-portal.md
@@ -8,7 +8,7 @@ ms.custom: event-tier1-build-2022
 author: dnethi
 ms.author: dinethi
 ms.reviewer: mikeray
-ms.date: 07/07/2022
+ms.date: 10/11/2022
 ms.topic: how-to
 ---
 
@@ -20,7 +20,9 @@ This article describes how to upgrade Azure SQL Managed Instance deployed on a d
 
 The Azure Arc data controller must be upgraded to the new version before the managed instance can be upgraded.
 
-The managed instance must be at the same version as the data controller before a data controller is upgraded.
+If Active Directory integration is enabled then Active Directory connector must be upgraded to the new version before the managed instance can be upgraded.
+
+The managed instance must be at the same version as the data controller and active directory connector before a data controller is upgraded.
 
 There's no batch upgrade process available at this time.
 
diff --git a/articles/azure-arc/data/upgrade-sql-managed-instance-indirect-kubernetes-tools.md b/articles/azure-arc/data/upgrade-sql-managed-instance-indirect-kubernetes-tools.md
