Merge pull request #211664 from KarthikKR07/main

Maggiemouse1 · web-flow · commit 7d01a312ec99 · 2022-10-02T09:47:00.000+01:00
New article for the prerequisites to connect VMware vCenter Server to Azure Arc
diff --git a/articles/azure-arc/vmware-vsphere/overview.md b/articles/azure-arc/vmware-vsphere/overview.md
@@ -26,7 +26,7 @@ To deliver this experience, you need to deploy the [Azure Arc resource bridge](.
 
 ## Supported VMware vSphere versions
 
-Azure Arc-enabled VMware vSphere (preview) works with VMware vSphere version 6.7 and 7.
+Azure Arc-enabled VMware vSphere (preview) works with vCenter Server versions 6.7 and 7.
 
 > [!NOTE]
 > Azure Arc-enabled VMware vSphere  (preview)  supports vCenters with a maximum of 9500 VMs. If your vCenter has more than 9500 VMs, it is not recommended to use Arc-enabled VMware vSphere with it at this point.
@@ -64,3 +64,5 @@ Azure Arc-enabled VMware vSphere doesn't store/process customer data outside the
 ## Next steps
 
 - [Connect VMware vCenter to Azure Arc using the helper script](quick-start-connect-vcenter-to-arc-using-script.md)
+
+- [Support matrix for Arc enabled VMware vSphere](support-matrix-for-arc-enabled-vmware-vsphere.md)
diff --git a/articles/azure-arc/vmware-vsphere/quick-start-connect-vcenter-to-arc-using-script.md b/articles/azure-arc/vmware-vsphere/quick-start-connect-vcenter-to-arc-using-script.md
@@ -20,7 +20,11 @@ First, the script deploys a virtual appliance called [Azure Arc resource bridge
 
 - An Azure subscription.
 
-- A resource group in the subscription where you're a member of the *Owner/Contributor* role.
+- A resource group in the subscription where you have the *Owner*, *Contributor*, or *Azure Arc VMware Private Clouds Onboarding* role for onboarding.
+
+### Azure Arc Resource Bridge
+
+- Azure Arc Resource Bridge IP needs access to the URLs listed [here](../vmware-vsphere/support-matrix-for-arc-enabled-vmware-vsphere.md#resource-bridge-networking-requirements).
 
 ### vCenter Server
 
@@ -136,12 +140,12 @@ A typical onboarding that uses the script takes 30 to 60 minutes. During the pro
 | **vCenter password** | Enter the password for the vSphere account. |
 | **Data center selection** | Select the name of the datacenter (as shown in the vSphere client) where the Azure Arc resource bridge's VM should be deployed. |
 | **Network selection** | Select the name of the virtual network or segment to which the VM must be connected. This network should allow the appliance to communicate with vCenter Server and the Azure endpoints (or internet). |
-| **Static IP / DHCP** | If you have DHCP server in your network and want to use it, enter **y**. Otherwise, enter **n**. </br>When you choose a static IP configuration, you're asked for the following information: </br> 1. **Static IP address prefix**: Network address in CIDR notation. For example: **192.168.0.0/24**. </br> 2. **Static gateway**: Gateway address. For example: **192.168.0.0**. </br> 3. **DNS servers**: Comma-separated list of DNS servers. </br> 4. **Start range IP**: Minimum size of two available IP addresses is required. One IP address is for the VM, and the other is reserved for upgrade scenarios. Provide the starting IP address of that range. </br> 5. **End range IP**: Last IP address of the IP range requested in the previous field. </br> 6. **VLAN ID** (optional) |
+| **Static IP / DHCP** | If you have DHCP server in your network and want to use it, enter **y**. Otherwise, enter **n**. If you are using a DHCP server, reserve the IP address assigned to the Azure Arc Resource Bridge VM (Appliance VM IP). </br>When you choose a static IP configuration, you're asked for the following information: </br> 1. **Static IP address prefix**: Network address in CIDR notation. For example: **192.168.0.0/24**. </br> 2. **Static gateway**: Gateway address. For example: **192.168.0.0**. </br> 3. **DNS servers**: IP address(es) of DNS server(s) used by Azure Arc Resource Bridge VM for DNS resolution. VM must be able to resolve external sites, like mcr.microsoft.com and the vCenter server. </br> 4. **Start range IP**: Minimum size of two available IP addresses is required. One IP address is for the VM, and the other is reserved for upgrade scenarios. Provide the starting IP address of that range. Ensure the Start range IP has internet access. </br> 5. **End range IP**: Last IP address of the IP range requested in the previous field. Ensure the End range IP has internet access. </br> 6. **VLAN ID** (optional) |
 | **Resource pool** | Select the name of the resource pool to which the Azure Arc resource bridge's VM will be deployed. |
 | **Data store** | Select the name of the datastore to be used for the Azure Arc resource bridge's VM. |
 | **Folder** | Select the name of the vSphere VM and the template folder where the Azure Arc resource bridge's VM will be deployed. |
 | **VM template Name** | Provide a name for the VM template that will be created in your vCenter Server instance based on the downloaded OVA file. For example: **arc-appliance-template**. |
-| **Control Pane IP** address | Provide a static IP address that's outside the DHCP range but still available on the network. Ensure that this IP address isn't assigned to any other machine on the network. Azure Arc resource bridge (preview) runs a Kubernetes cluster, and its control plane requires a static IP address.|
+| **Control Plane IP** address | Provide a static IP address that's outside the DHCP range but still available on the network. Ensure that this IP address isn't assigned to any other machine on the network. Azure Arc resource bridge (preview) runs a Kubernetes cluster, and its control plane requires a static IP address. Control Plane IP must have internet access. |
 | **Appliance proxy settings** | Enter **y** if there's a proxy in your appliance network. Otherwise, enter **n**. </br> You need to populate the following boxes when you have a proxy set up: </br> 1. **Http**: Address of the HTTP proxy server. </br> 2. **Https**: Address of the HTTPS proxy server. </br> 3. **NoProxy**: Addresses to be excluded from the proxy. </br> 4. **CertificateFilePath**: For SSL-based proxies, the path to the certificate to be used.
 
 After the command finishes running, your setup is complete. You can now use the capabilities of Azure Arc-enabled VMware vSphere.
diff --git a/articles/azure-arc/vmware-vsphere/support-matrix-for-arc-enabled-vmware-vsphere.md b/articles/azure-arc/vmware-vsphere/support-matrix-for-arc-enabled-vmware-vsphere.md
@@ -0,0 +1,124 @@
+---
+title: Support matrix for Arc-enabled VMware vSphere (preview)
+description: In this article, you'll learn about the support matrix for Arc-enabled VMware vSphere including vCenter Server versions supported, network requirements etc.
+ms.topic: how-to 
+ms.date: 09/30/2022
+
+# Customer intent: As a VI admin, I want to understand the support matrix for Arc-enabled VMware vSphere.
+---
+
+# Support matrix for Arc-enabled VMware vSphere (preview)
+
+This article documents the prerequisites and support requirements for using the [Arc-enabled VMware vSphere (preview)](overview.md) to manage your VMware vSphere VMs through Azure Arc.
+
+To use Arc-enabled VMware vSphere, you must deploy an Azure Arc resource bridge in your VMware vSphere environment. The resource bridge provides an ongoing connection between your VMware vCenter Server and Azure. Once you've connected your VMware vCenter Server to Azure, components on the resource bridge discover your vCenter inventory. You can enable them in Azure and start performing virtual hardware and guest OS operations on them using Azure Arc.
+
+
+## VMware vSphere Requirements
+
+### Supported vCenter Server versions
+
+- vCenter Server version 6.7 or 7.
+
+### Required vSphere account privileges
+
+You need a vSphere account that can:
+- Read all inventory. 
+- Deploy and update VMs to all the resource pools (or clusters), networks, and VM templates that you want to use with Azure Arc.
+
+This account is used for the ongoing operation of Azure Arc-enabled VMware vSphere (preview) and the deployment of the Azure Arc resource bridge (preview) VM.
+
+### Resource bridge resource requirements 
+
+For Arc-enabled VMware vSphere, resource bridge has the following minimum virtual hardware requirements
+
+- 16 GB of memory
+- 4 vCPUs
+- An external virtual switch that can provide access to the internet directly or through a proxy. If internet access is through a proxy or firewall, ensure [these URLs](#resource-bridge-networking-requirements) are allow-listed.
+
+### Resource bridge networking requirements
+
+The following firewall URL exceptions are needed for the Azure Arc resource bridge VM:
+
+| **Service** | **Port** | **URL** | **Direction** | **Notes**|
+| --- | --- | --- | --- | --- |
+| Microsoft container registry | 443 | https://mcr.microsoft.com | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images for installation. |
+| Azure Arc Identity service | 443 | https://*.his.arc.azure.com | Appliance VM IP and control plane endpoint need outbound connection. | Manages identity and access control for Azure resources |
+| Azure Arc configuration service | 443	| https://*.dp.kubernetesconfiguration.azure.com | Appliance VM IP and control plane endpoint need outbound connection. | Used for Kubernetes cluster configuration. |
+| Cluster connect service | 443	| https://*.servicebus.windows.net | Appliance VM IP and control plane endpoint need outbound connection. | Provides cloud-enabled communication to connect on-premises resources with the cloud. |
+| Guest Notification service | 443 | https://guestnotificationservice.azure.com	| Appliance VM IP and control plane endpoint need outbound connection. | Used to connect on-premises resources to Azure. |
+| SFS API endpoint | 443 | msk8s.api.cdp.microsoft.com | Host machine, Appliance VM IP and control plane endpoint need outbound connection. | Used when downloading product catalog, product bits, and OS images from SFS. |
+| Resource bridge (appliance) Dataplane service | 443 | https://*.dp.prod.appliances.azure.com | Appliance VM IP and control plane endpoint need outbound connection. | Communicate with resource provider in Azure. |
+| Resource bridge (appliance) container image download | 443 | *.blob.core.windows.net, https://ecpacr.azurecr.io | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images. |
+| Resource bridge (appliance) image download | 80 | *.dl.delivery.mp.microsoft.com | Host machine, Appliance VM IP and control plane endpoint need outbound connection. | Download the Arc resource bridge OS images. |
+| Azure Arc for K8s container image download | 443 | https://azurearcfork8sdev.azurecr.io | Appliance VM IP and control plane endpoint need outbound connection. | Required to pull container images. |
+| ADHS telemetry service | 443 | adhs.events.data.microsoft.com  | Appliance VM IP and control plane endpoint need outbound connection.	Runs inside the appliance/mariner OS. | Used periodically to send Microsoft required diagnostic data from control plane nodes. Used when telemetry is coming off Mariner, which would mean any K8s control plane. |
+| Microsoft events data service | 443 | v20.events.data.microsoft.com  | Appliance VM IP and control plane endpoint need outbound connection. | Used periodically to send Microsoft required diagnostic data from the Azure Stack HCI or Windows Server host. Used when telemetry is coming off Windows like Windows Server or HCI. |
+
+## Azure permissions required
+
+Following are the minimum Azure roles required for various operations:
+
+| **Operation** | **Minimum role required** | **Scope** |
+| --- | --- | --- |
+| Onboarding your vCenter Server to Arc | Azure Arc VMware Private Clouds Onboarding | On the subscription or resource group into which you want to onboard |
+| Administering Arc-enabled VMware vSphere | Azure Arc VMware Administrator | On the subscription or resource group where vCenter server resource is created |
+| VM Provisioning | Azure Arc VMware Private Cloud User | On the subscription or resource group that contains the resource pool/cluster/host, datastore and virtual network resources, or on the resources themselves |
+| VM Provisioning | Azure Arc VMware VM Contributor | On the subscription or resource group where you want to provision VMs |
+| VM Operations | Azure Arc VMware VM Contributor | On the subscription or resource group that contains the VM, or on the VM itself |
+
+Any roles with higher permissions such as *Owner/Contributor* role on the same scope, will also allow you to perform all the operations listed above.
+
+## Guest management (Arc agent) requirements
+
+With Arc-enabled VMware vSphere, you can install the Arc connected machine agent on your VMs at scale and use Azure management services on the VMs. There are additional requirements for this capability:
+
+To enable guest management (install the Arc connected machine agent), ensure
+
+- VM is powered on
+- VM has VMware tools installed and running
+- Resource bridge has access to the host on which the VM is running
+- VM is running a [supported operating system](#supported-operating-systems)
+- VM has internet connectivity directly or through proxy. If the connection is through a proxy, ensure [these URLs](#networking-requirements) are allow-listed.
+
+### Supported operating systems
+
+The officially supported versions of the Windows and Linux operating system for the Azure Connected Machine agent are listed [here](../servers/prerequisites.md#supported-operating-systems). Only x86-64 (64-bit) architectures are supported. x86 (32-bit) and ARM-based architectures, including x86-64 emulation on arm64, aren't supported operating environments.
+
+### Software requirements
+
+Windows operating systems:
+
+* NET Framework 4.6 or later is required. [Download the .NET Framework](/dotnet/framework/install/guide-for-developers).
+* Windows PowerShell 5.1 is required. [Download Windows Management Framework 5.1.](https://www.microsoft.com/download/details.aspx?id=54616).
+
+Linux operating systems:
+
+* systemd
+* wget (to download the installation script)
+
+### Networking requirements
+
+The following firewall URL exceptions are needed for the Azure Arc agents:
+
+| **URL** | **Description** |
+| --- | --- |
+| aka.ms | Used to resolve the download script during installation |
+| download.microsoft.com | Used to download the Windows installation package |
+| packages.microsoft.com | Used to download the Linux installation package |
+| login.windows.net | Azure Active Directory |
+| login.microsoftonline.com | Azure Active Directory |
+| pas.windows.net | Azure Active Directory |
+| management.azure.com | Azure Resource Manager - to create or delete the Arc server resource |
+| *.his.arc.azure.com | Metadata and hybrid identity services |
+| *.guestconfiguration.azure.com | Extension management and guest configuration services |
+| guestnotificationservice.azure.com, *.guestnotificationservice.azure.com | Notification service for extension and connectivity scenarios |
+| azgn*.servicebus.windows.net | Notification service for extension and connectivity scenarios |
+| *.servicebus.windows.net | For Windows Admin Center and SSH scenarios |
+| *.blob.core.windows.net | Download source for Azure Arc-enabled servers extensions |
+| dc.services.visualstudio.com | Agent telemetry |
+
+
+## Next steps
+
+- [Connect VMware vCenter to Azure Arc using the helper script](quick-start-connect-vcenter-to-arc-using-script.md)
diff --git a/articles/azure-arc/vmware-vsphere/toc.yml b/articles/azure-arc/vmware-vsphere/toc.yml
@@ -12,6 +12,8 @@
     href: quick-start-create-a-vm.md 
 - name: How-to guides
   items:
+  - name: Support Matrix for Arc-enabled VMware vSphere
+    href: support-matrix-for-arc-enabled-vmware-vsphere.md
   - name: Enable VMware vCenter resources in Azure
     href: browse-and-enable-vcenter-resources-in-azure.md
   - name: Manage access to VMware resources through Azure RBAC
