Merge pull request #229833 from JnHs/jh-arcrb-maintenance

maintenance page

Author: American-Dipper

articles/azure-arc/resource-bridge/deploy-cli.md

@@ -1,6 +1,6 @@
 ---
 title: Azure Arc resource bridge (preview) deployment command overview
-description: Learn about the Azure CLI commands which can be used to manage your Azure Arc resource bridge (preview) deployment.
+description: Learn about the Azure CLI commands that can be used to manage your Azure Arc resource bridge (preview) deployment.
 ms.date: 02/06/2023
 ms.topic: overview
 ---
@@ -17,12 +17,11 @@ ms.topic: overview
 
 This topic provides an overview of the [Azure CLI commands](/cli/azure/arcappliance) that are used to manage Arc resource bridge (preview) deployment, in the order in which they are typically used for deployment.
 
-
 ## az arcappliance createconfig
 
 This command creates the configuration files used by Arc resource bridge. Credentials that are provided during `createconfig`, such as vCenter credentials for VMware vSphere, are stored in a configuration file and locally within Arc resource bridge. These credentials should be a separate user account used only by Arc resource bridge, with permission to view, create, delete, and manage on-premises resources. If the credentials change, then the credentials on the resource bridge should be updated.
 
-The `createconfig` command features two modes: interactive and non-interactive. Interactive mode provides helpful prompts that explain the parameter and what to pass. To initiate interactive mode, pass only the three required parameters. Non-interactive mode allows you to pass all the parameters needed to create the configuration files without being prompted, which saves time and is useful for automation scripts. 
+The `createconfig` command features two modes: interactive and non-interactive. Interactive mode provides helpful prompts that explain the parameter and what to pass. To initiate interactive mode, pass only the three required parameters. Non-interactive mode allows you to pass all the parameters needed to create the configuration files without being prompted, which saves time and is useful for automation scripts.
 
 Three configuration files are generated: resource.yaml, appliance.yaml and infra.yaml.  These files should be kept and stored in a secure location, as they're required for maintenance of Arc resource bridge.
 
@@ -31,51 +30,44 @@ This command also calls the `validate` command to check the configuration files.
 > [!NOTE]
 > Azure Stack HCI and Hybrid AKS use different commands to create the Arc resource bridge configuration files.
 
-
 ## az arcappliance validate
 
-The `validate` command checks the configuration files for a valid schema, cloud and core validations (such as management machine connectivity to required URLs), network settings, and proxy settings. It also performs tests on identity privileges and role assignments, network configuration, loadbalancer configuration and content delivery network connectivity.
-
+The `validate` command checks the configuration files for a valid schema, cloud and core validations (such as management machine connectivity to required URLs), network settings, and proxy settings. It also performs tests on identity privileges and role assignments, network configuration, load balancer configuration and content delivery network connectivity.
 
 ## az arcappliance prepare
 
 This command downloads the OS images from Microsoft that are used to deploy the on-premises appliance VM. Once downloaded, the images are then uploaded to the local cloud image gallery to prepare for the creation of the appliance VM.
 
 This command takes about 10-30+ minutes to complete, depending on the network speed. Allow the command to complete before continuing with the deployment.
 
-
 ## az arcappliance deploy
 
-The `deploy` command deploys an on-premises instance of Arc resource bridge as an appliance VM, bootstrapped to be a Kubernetes management cluster. This command gets all necessary pods and agents within the Kubernetes cluster into a running state. Once the appliance VM is up, the kubeconfig file is generated. 
-
+The `deploy` command deploys an on-premises instance of Arc resource bridge as an appliance VM, bootstrapped to be a Kubernetes management cluster. This command gets all necessary pods and agents within the Kubernetes cluster into a running state. Once the appliance VM is up, the kubeconfig file is generated.
 
 ## az arcappliance create
 
 This command creates Arc resource bridge in Azure as an ARM resource, then establishes the connection between the ARM resource and on-premises appliance VM.
 
-Once the `create` command initiates the connection, it will return in the terminal even though the connection between the ARM resource and on-premises appliance VM is not yet complete. The resource bridge needs about 5 minutes to establish the connection between the ARM resource and the on-premises VM. 
-
+Once the `create` command initiates the connection, it will return in the terminal, even though the connection between the ARM resource and on-premises appliance VM is not yet complete. The resource bridge needs about 5 minutes to establish the connection between the ARM resource and the on-premises VM.
 
 ## az arcappliance show
 
 The `show` command gets the status of the Arc resource bridge and ARM resource information. It can be used to check the progress of the connection between the ARM resource and on-premises appliance VM.
 
-While the Arc resource bridge is connecting the ARM resource to the on-premises VM, the resource bridge will progress through the stages below:
+While the Arc resource bridge is connecting the ARM resource to the on-premises VM, the resource bridge progresses through the following stages:
 
-`ProvisioningState` will be `Creating`, `Created`, `Failed`, `Deleting`, or `Succeeded`.
+`ProvisioningState` may be `Creating`, `Created`, `Failed`, `Deleting`, or `Succeeded`.
 
-`Status` will transition between `WaitingForHeartbeat` -> `Validating` -> `Connected` -> `Running`.
+`Status` transitions between `WaitingForHeartbeat` -> `Validating` -> `Connected` -> `Running`.
 
 Successful Arc resource bridge creation results in `ProvisioningState = Succeeded` and `Status = Running`.
 
-
 ## az arcappliance delete
 
 This command deletes the appliance VM and Azure resources. It doesn't clean up the OS image, which remains in the on-premises cloud gallery.
 
 If a deployment fails, run this command to clean up the environment before you attempt to deploy again.
 
-
 ## Next steps
 
 - Explore the full list of [Azure CLI commands and required parameters](/cli/azure/arcappliance) for Arc resource bridge.

articles/azure-arc/resource-bridge/maintenance.md

@@ -0,0 +1,40 @@
+---
+title: Azure Arc resource bridge (preview) maintenance operations
+description: Learn how to manage Azure Arc resource bridge (preview) so that it remains online and operational.
+ms.topic: conceptual
+ms.date: 03/08/2023
+---
+
+# Azure Arc resource bridge (preview) maintenance operations
+
+To keep your Azure Arc resource bridge (preview) deployment online and operational, you may need to perform maintenance operations such as updating credentials or monitoring upgrades.
+
+To maintain the on-premises appliance VM, the [appliance configuration files generated during deployment](deploy-cli.md#az-arcappliance-createconfig) need to be saved in a secure location and made available on the management machine. The management machine used to perform maintenance operations must meet all of [the Arc resource bridge (preview) requirements](system-requirements.md).  
+
+The following sections describe some of the most common maintenance tasks for Arc resource bridge (preview).
+
+## Update credentials in the Appliance VM
+
+Arc resource bridge consists of an on-premises appliance VM. The appliance VM [stores credentials](system-requirements.md#user-account-and-credentials) (for example, a user account for VMware vCenter) used to access the control center of the on-premises infrastructure to view and manage on-premises resources.
+
+The credentials used by Arc resource bridge are the same ones provided during deployment of the bridge. This allows the bridge visibility to on-premises resources for guest management in Azure.
+
+If the credentials change, the credentials stored in the Arc resource bridge need to be updated with the [`update-infracredentials` command](/cli/azure/arcappliance/update-infracredentials). This command must be run from the management machine, and it requires a [kubeconfig file](system-requirements.md#kubeconfig).
+
+## Troubleshoot Arc resource bridge
+
+If you experience problems with the appliance VM, the appliance configuration files may help with troubleshooting. You can include these files when you [open an Azure support request](../../azure-portal/supportability/how-to-create-azure-support-request.md).
+
+You may also want to [collect logs](/cli/azure/arcappliance/logs#az-arcappliance-logs-vmware), which requires you to pass credentials to the on-premises control center:
+
+- For VMWare vSphere, use the username and password provided to Arc resource bridge at deployment.
+- For Azure Stack HCI, use the cloud service IP and HCI login configuration file path.
+
+## Delete Arc resource bridge
+
+You may need to delete Arc resource bridge due to deployment failures or when no longer needed. To do so, you'll need the appliance configuration files. The [delete command](deploy-cli.md#az-arcappliance-delete) is the recommended way to delete the bridge. This command deletes the on-premises appliance VM as well as the Azure resource and underlying components across the two environments.
+
+## Next steps
+
+- Review the [Azure Arc resource bridge (preview) overview](overview.md) to understand more about requirements and technical details.
+- Learn about [system requirements for Azure Arc resource bridge (preview)](system-requirements.md).

articles/azure-arc/resource-bridge/system-requirements.md

@@ -88,7 +88,7 @@ The control plane IP has the following requirements:
 
 Arc resource bridge may require a separate user account with the necessary roles to view and manage resources in the on-premises infrastructure (such as Arc-enabled VMware vSphere or Arc-enabled SCVMM). If so, during creation of the configuration files, the `username` and `password` parameters will be required. The account credentials are then stored in a configuration file locally within the appliance VM.  
 
-If the user account is set to periodically change passwords, the credentials must be immediately updated on the resource bridge. This user account may also be set with a lockout policy to protect the on-premises infrastructure, in case the credentials aren't updated and the resource bridge makes multiple attempts to use expired credentials to access the on-premises control center.
+If the user account is set to periodically change passwords, [the credentials must be immediately updated on the resource bridge](maintenance.md#update-credentials-in-the-appliance-vm). This user account may also be set with a lockout policy to protect the on-premises infrastructure, in case the credentials aren't updated and the resource bridge makes multiple attempts to use expired credentials to access the on-premises control center.
 
 For example, with Arc-enabled VMware, Arc resource bridge needs a separate user account for vCenter with the necessary roles. If the [credentials for the user account change](troubleshoot-resource-bridge.md#insufficient-permissions), then the credentials stored in Arc resource bridge must be immediately updated by running `az arcappliance update-infracredentials` from the [management machine](#management-machine-requirements). Otherwise, the appliance will make repeated attempts to use the expired credentials to access vCenter, which will result in a lockout of the account.
 

articles/azure-arc/toc.yml

@@ -24,6 +24,8 @@
     href: ./resource-bridge/security-overview.md
   - name: Deployment overview
     href: ./resource-bridge/deploy-cli.md
+  - name: Maintenance
+    href: ./resource-bridge/maintenance.md
   - name: Troubleshoot
     href: ./resource-bridge/troubleshoot-resource-bridge.md
 - name: Azure Arc-enabled servers >