Merge pull request #220722 from v-pgaddala/arc-enabled-adhoc

Updates to Arc-enabled SCVMM docs

Author: v-ccolin

articles/azure-arc/system-center-virtual-machine-manager/overview.md

@@ -1,7 +1,7 @@
 ---
 title:  Overview of the Azure Connected System Center Virtual Machine Manager (preview)
 description: This article provides a detailed overview of the Azure Arc-enabled System Center Virtual Machine Manager (preview).
-ms.date: 05/25/2022
+ms.date: 12/07/2022
 ms.topic: conceptual
 ms.services: azure-arc
 author: jyothisuri
@@ -53,6 +53,26 @@ Azure Arc-enabled SCVMM (preview) is currently supported in the following region
 - East US
 - West Europe
 
+### Resource bridge networking requirements
+
+The following firewall URL exceptions are needed for the Azure Arc resource bridge VM:
+
+| **Service** | **Port** | **URL** | **Direction** | **Notes**|
+| --- | --- | --- | --- | --- |
+| Microsoft container registry | 443 | `https://mcr.microsoft.com` | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images for installation. |
+| Azure Arc Identity service | 443 | `https://*.his.arc.azure.com` | Appliance VM IP and control plane endpoint need outbound connection. | Manages identity and access control for Azure resources |
+| Azure Arc configuration service | 443 | `https://*.dp.kubernetesconfiguration.azure.com` | Appliance VM IP and control plane endpoint need outbound connection. | Used for Kubernetes cluster configuration. |
+| Cluster connect service | 443 | `https://*.servicebus.windows.net` | Appliance VM IP and control plane endpoint need outbound connection. | Provides cloud-enabled communication to connect on-premises resources with the cloud. |
+| Guest Notification service | 443 | `https://guestnotificationservice.azure.com` | Appliance VM IP and control plane endpoint need outbound connection. | Used to connect on-premises resources to Azure. |
+| SFS API endpoint | 443 | `msk8s.api.cdp.microsoft.com` | Host machine, Appliance VM IP and control plane endpoint need outbound connection. | Used when downloading product catalog, product bits, and OS images from SFS. |
+| Resource bridge (appliance) Data plane service | 443 | `https://*.dp.prod.appliances.azure.com` | Appliance VM IP and control plane endpoint need outbound connection. | Communicate with resource provider in Azure. |
+| Resource bridge (appliance) container image download | 443 | `*.blob.core.windows.net`, `https://ecpacr.azurecr.io` | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images. |
+| Resource bridge (appliance) image download | 80 | `*.dl.delivery.mp.microsoft.com` | Host machine, Appliance VM IP and control plane endpoint need outbound connection. | Download the Arc resource bridge OS images. |
+| Azure Arc for K8s container image download | 443 | `https://azurearcfork8sdev.azurecr.io` | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images. |
+| ADHS telemetry service | 443 | `adhs.events.data.microsoft.com`  | Appliance VM IP and control plane endpoint need outbound connection. Runs inside the appliance/mariner OS. | Used periodically to send Microsoft required diagnostic data from control plane nodes. Used when telemetry is coming off Mariner, which would mean any K8s control plane. |
+| Microsoft events data service | 443 | `v20.events.data.microsoft.com`  | Appliance VM IP and control plane endpoint need outbound connection. | Used periodically to send Microsoft required diagnostic data from the Azure Stack HCI or Windows Server host. Used when telemetry is coming off Windows like Windows Server or HCI. |
+| SCVMM management Server | 443 | URL of the SCVMM management server | Appliance VM IP and control plane endpoint need outbound connection. | Used by the SCVMM server to communicate with the Appliance VM and the control plane. |
+
 ## Next steps
 
 [See how to create a Azure Arc VM](create-virtual-machine.md)

articles/azure-arc/system-center-virtual-machine-manager/quickstart-connect-system-center-virtual-machine-manager-to-arc.md

@@ -4,7 +4,7 @@ description: In this QuickStart, you will learn how to use the helper script to
 author: jyothisuri
 ms.author: jsuri
 ms.topic: quickstart
-ms.date: 10/19/2022
+ms.date: 12/07/2022
 ms.custom: references_regions
 ---
 
@@ -24,7 +24,7 @@ This QuickStart shows you how to connect your SCVMM management server to Azure A
 | **Azure** | An Azure subscription  <br/><br/> A resource group in the above subscription where you have the *Owner/Contributor* role. |
 | **SCVMM** | You need an SCVMM management server running version 2016 or later.<br/><br/> A private cloud that has at least one cluster with minimum free capacity of 16 GB of RAM, 4 vCPUs with 100 GB of free disk space. <br/><br/> A VM network with internet access, directly or through proxy. Appliance VM will be deployed using this VM network.<br/><br/> For dynamic IP allocation to appliance VM, DHCP server is required. For static IP allocation, VMM static IP pool is required. |
 | **SCVMM accounts** | An SCVMM admin account that can perform all administrative actions on all objects that VMM manages. <br/><br/> The user should be part of local administrator account in the SCVMM server. <br/><br/>This will be used for the ongoing operation of Azure Arc-enabled SCVMM as well as the deployment of the Arc Resource bridge VM. |
-| **Workstation** | The workstation will be used to run the helper script.<br/><br/> A Windows/Linux machine that can access both your SCVMM management server and internet, directly or through proxy.<br/><br/> The helper script can be run directly from the VMM server machine as well.<br/><br/> Note that when you execute the script from a Linux machine, the deployment takes a bit longer and you may experience performance issues. |
+| **Workstation** | The workstation will be used to run the helper script.<br/><br/> A Windows/Linux machine that can access both your SCVMM management server and internet, directly or through proxy.<br/><br/> The helper script can be run directly from the VMM server machine as well.<br/><br/> To avoid network latency issues, we recommend executing the helper script directly in the VMM server machine.<br/><br/> Note that when you execute the script from a Linux machine, the deployment takes a bit longer and you may experience performance issues. |
 
 ## Prepare SCVMM management server
 
@@ -67,6 +67,9 @@ Use the following instructions to run the script, depending on the Operating Sys
 >[!NOTE]
 >Before running the script, install the latest version of Azure CLI (2.36.0 or later).
 
+**Known issue**
+
+We are observing intermittent extension installation issues with Azure CLI 2.42.0 version. To avoid failures, install Azure CLI 2.41.0 versions. [Download the specific version of Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli-windows?tabs=azure-cli#specific-version).
 
 ### Windows
 
@@ -135,8 +138,10 @@ If for any reason, the appliance creation fails, you need to retry it. Run the c
     bash resource-bridge-onboarding-script.sh --force
   ```
 >[!NOTE]
-> - After successful deployment, we recommend to maintain the state of **Arc Resource Bridge VM** as *online*.
-> - Intermittently appliance might become unreachable, when you shut down and restart the VM.
+> - After successful deployment, we recommend maintaining the state of **Arc Resource Bridge VM** as *online*.
+> - Intermittently appliance might become unreachable when you shut down and restart the VM.
+>- After successful deployment, save the config YAML files in a secure location. The config files are required to perform management operations on the resource bridge.   
+> - After the execution of command, your setup is complete, and you can try out the capabilities of Azure Arc-enabled SCVMM. 
 
 
 ## Next steps