You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-arc/resource-bridge/system-requirements.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Azure Arc resource bridge (preview) system requirements
3
-
description: Learn about system requirements for Azure Arc resource bridge (preview) including URLs that must be allowlisted.
3
+
description: Learn about system requirements for Azure Arc resource bridge (preview).
4
4
ms.topic: conceptual
5
5
ms.date: 02/15/2023
6
6
---
@@ -15,9 +15,9 @@ Arc resource bridge is used with other partner products, such as [Azure Stack HC
15
15
16
16
[Azure CLI](/cli/azure/install-azure-cli) is required to deploy the Azure Arc resource bridge on supported private cloud environments.
17
17
18
-
If you are deploying on VMware, a x64 Python environment is required. The [pip](https://pypi.org/project/pip/) package installer for Python is also required.
18
+
If you're deploying on VMware, a x64 Python environment is required. The [pip](https://pypi.org/project/pip/) package installer for Python is also required.
19
19
20
-
If you are deploying on Azure Stack HCI, the x32 Azure CLI installer can be used to install Azure CLI.
20
+
If you're deploying on Azure Stack HCI, the x32 Azure CLI installer can be used to install Azure CLI.
21
21
22
22
## Minimum resource requirements
23
23
@@ -27,7 +27,7 @@ Arc resource bridge has the following minimum resource requirements:
27
27
- 4 vCPUs
28
28
- 8 GB memory
29
29
30
-
These minimum requirements enable most scenarios. However, a partner product may support a higher resource connection count to Arc resource bridge, which requires the bridge to have higher resource requirements. Failure to provide sufficient resources may result in a number of errors during deployment, such as disk copy errors. Review the partner product's documentation for specific resource requirements.
30
+
These minimum requirements enable most scenarios. However, a partner product may support a higher resource connection count to Arc resource bridge, which requires the bridge to have higher resource requirements. Failure to provide sufficient resources may cause errors during deployment, such as disk copy errors. Review the partner product's documentation for specific resource requirements.
31
31
32
32
> [!NOTE]
33
33
> To [use Arc resource bridge with Azure Kubernetes Service (AKS) on Azure Stack HCI](#aks-and-arc-resource-bridge-on-azure-stack-hci), the AKS clusters must be deployed prior to deploying Arc resource bridge. If Arc resource bridge has already been deployed, AKS clusters can't be installed unless you delete Arc resource bridge first. Once your AKS clusters are deployed to Azure Stack HCI, you can deploy Arc resource bridge again.
@@ -36,9 +36,9 @@ These minimum requirements enable most scenarios. However, a partner product may
36
36
37
37
The machine used to run the commands to deploy Arc resource bridge, and maintain it, is called the *management machine*. The management machine should be considered part of the Arc resource bridge ecosystem, as it has specific requirements and is necessary to manage the appliance VM.
38
38
39
-
Because the management machine needs these specific requirements to manage Arc resource bridge, once the machine is setup, it should continue to be the primary machine used to maintain Arc resource bridge.
39
+
Because the management machine needs these specific requirements to manage Arc resource bridge, once the machine is set up, it should continue to be the primary machine used to maintain Arc resource bridge.
40
40
41
-
The management machine must have the following:
41
+
The management machine has the following requirements:
- Open communication to Control Plane IP (`controlplaneendpoint` parameter in `createconfig` command).
@@ -51,7 +51,7 @@ The management machine must have the following:
51
51
52
52
Arc resource bridge consists of an appliance VM that is deployed on-premises. The appliance VM has visibility into the on-premises infrastructure and can tag on-premises resources (guest management) for availability in Azure Resource Manager (ARM). The appliance VM is assigned an IP address from the `k8snodeippoolstart` parameter in the `createconfig` command.
53
53
54
-
The appliance VM must have the following:
54
+
The appliance VM has the following requirements:
55
55
56
56
- Open communication with the management machine, vCenter endpoint (for VMware), MOC cloud agent service endpoint (for Azure Stack HCI), or other control center for the on-premises environment.
57
57
- The appliance VM needs to be able to resolve the management machine and vice versa.
@@ -65,7 +65,7 @@ The appliance VM must have the following:
65
65
66
66
Arc resource bridge reserves an additional IP address to be used for the appliance VM upgrade. During upgrade, a new appliance VM is created with the reserved appliance VM IP. Once the new appliance VM is created, the old appliance VM is deleted, and its IP address becomes reserved for a future upgrade. The reserved appliance VM IP is assigned an IP address from the `k8snodeippoolend` parameter in the `az arcappliance createconfig` command.
67
67
68
-
The reserved appliance VM IP must have the following:
68
+
The reserved appliance VM IP has the following requirements:
69
69
70
70
- Open communication with the management machine, vCenter endpoint (for VMware), MOC cloud agent service endpoint (for Azure Stack HCI), or other control center for the on-premises environment.
71
71
- The appliance VM needs to be able to resolve the management machine and vice versa.
@@ -78,17 +78,17 @@ The reserved appliance VM IP must have the following:
78
78
79
79
The appliance VM hosts a management Kubernetes cluster with a control plane that should be given a static IP. This IP is assigned from the `controlplaneendpoint` parameter in the `createconfig` command.
80
80
81
-
The control plane IP must have the following:
81
+
The control plane IP has the following requirements:
82
82
83
83
- Open communication with the management machine.
84
84
- The control plane needs to be able to resolve the management machine and vice versa.
85
-
- Static IP address assigned; the IP should be outside the DHCP range but still available on the network segment. This IP address can't be assigned to any other machine on the network. If you're using Azure Kubernetes Service on Azure Stack HCI (AKS hybrid) and installing resource bridge, then the control plane IP for the resource bridge can't be used the AKS hybrid cluster. For specific instructions on deploying Arc resource bridge with AKS on Azure Stack HCI, see [AKS on HCI (AKS hybrid) - Arc resource bridge deployment](/azure/aks/hybrid/deploy-arc-resource-bridge-windows-server).
85
+
- Static IP address assigned; the IP should be outside the DHCP range but still available on the network segment. This IP address can't be assigned to any other machine on the network. If you're using Azure Kubernetes Service on Azure Stack HCI (AKS hybrid) and installing resource bridge, then the control plane IP for the resource bridge can't be used by the AKS hybrid cluster. For specific instructions on deploying Arc resource bridge with AKS on Azure Stack HCI, see [AKS on HCI (AKS hybrid) - Arc resource bridge deployment](/azure/aks/hybrid/deploy-arc-resource-bridge-windows-server).
86
86
87
87
## User account and credentials
88
88
89
89
Arc resource bridge may require a separate user account with the necessary roles to view and manage resources in the on-premises infrastructure (such as Arc-enabled VMware vSphere or Arc-enabled SCVMM). If so, during creation of the configuration files, the `username` and `password` parameters will be required. The account credentials are then stored in a configuration file locally within the appliance VM.
90
90
91
-
If the user account is set to periodically change passwords, the credentials must be immediately updated on the resource bridge. This user account may also be set with a lockout policy to protect the on-premises infrastructure, in case the credentials are not updated and the resource bridge makes multiple attempts to use expired credentials to access the on-premises control center.
91
+
If the user account is set to periodically change passwords, the credentials must be immediately updated on the resource bridge. This user account may also be set with a lockout policy to protect the on-premises infrastructure, in case the credentials aren't updated and the resource bridge makes multiple attempts to use expired credentials to access the on-premises control center.
92
92
93
93
For example, with Arc-enabled VMware, Arc resource bridge needs a separate user account for vCenter with the necessary roles. If the [credentials for the user account change](troubleshoot-resource-bridge.md#insufficient-permissions), then the credentials stored in Arc resource bridge must be immediately updated by running `az arcappliance update-infracredentials` from the [management machine](#management-machine-requirements). Otherwise, the appliance will make repeated attempts to use the expired credentials to access vCenter, which will result in a lockout of the account.
94
94
@@ -102,11 +102,11 @@ There are several different types of configuration files, based on the on-premis
102
102
103
103
Three configuration files are created when the `createconfig` command completes (or the equivalent commands used by Azure Stack HCI and AKS hybrid): resource.yaml, appliance.yaml and infra.yaml.
104
104
105
-
By default, these files are generated in the current CLI directory when `createconfig` completes. These files should be saved in a secure location on the management machine, because they are required for maintaining the appliance VM. Because the configuration files reference each other, all three files must be stored in the same location. If the files are moved from their original location at deployment, open the files to check that the reference paths to the configuration files are accurate.
105
+
By default, these files are generated in the current CLI directory when `createconfig` completes. These files should be saved in a secure location on the management machine, because they're required for maintaining the appliance VM. Because the configuration files reference each other, all three files must be stored in the same location. If the files are moved from their original location at deployment, open the files to check that the reference paths to the configuration files are accurate.
106
106
107
107
### Kubeconfig
108
108
109
-
The appliance VM hosts a management Kubernetes cluster. The kubeconfig is a low-privilege Kubernetes configuration file that is used to maintain the appliance VM. By default, it's generated in the current CLI directory when the `deploy` command completes. The kubeconfig should be saved in a secure location to the management machine, because it is required for maintaining the appliance VM.
109
+
The appliance VM hosts a management Kubernetes cluster. The kubeconfig is a low-privilege Kubernetes configuration file that is used to maintain the appliance VM. By default, it's generated in the current CLI directory when the `deploy` command completes. The kubeconfig should be saved in a secure location to the management machine, because it's required for maintaining the appliance VM.
0 commit comments