Merge pull request #270178 from alt-key/docs-editor/system-requirements-1711417604

prmerger-automator[bot] · web-flow · commit 7d0ef1186404 · 2024-03-26T16:56:06.000Z
Update system-requirements.md
diff --git a/articles/azure-arc/resource-bridge/system-requirements.md b/articles/azure-arc/resource-bridge/system-requirements.md
@@ -39,17 +39,19 @@ These minimum requirements enable most scenarios. However, a partner product may
 
 ## IP address prefix (subnet) requirements
 
-The IP address prefix (subnet) where Arc resource bridge will be deployed requires a minimum prefix of /29. The IP address prefix must have enough available IP addresses for the gateway IP, control plane IP, appliance VM IP, and reserved appliance VM IP. Please work with your network engineer to ensure that there is an available subnet with the required available IP addresses and IP address prefix for Arc resource bridge.
+The IP address prefix (subnet) where Arc resource bridge will be deployed requires a minimum prefix of /29. The IP address prefix must have enough available IP addresses for the gateway IP, control plane IP, appliance VM IP, and reserved appliance VM IP. Arc resource bridge only uses the IP addresses assigned to the IP pool range (Start IP, End IP) and the Control Plane IP. We recommend that the End IP immediately follow the Start IP. Ex: Start IP =192.168.0.2, End IP = 192.168.0.3. Please work with your network engineer to ensure that there is an available subnet with the required available IP addresses and IP address prefix for Arc resource bridge.
 
-The IP address prefix is the subnet's IP address range for the virtual network and subnet mask (IP Mask) in CIDR notation, for example `192.168.7.1/24`. You provide the IP address prefix (in CIDR notation) during the creation of the configuration files for Arc resource bridge. 
+The IP address prefix is the subnet's IP address range for the virtual network and subnet mask (IP Mask) in CIDR notation, for example `192.168.7.1/29`. You provide the IP address prefix (in CIDR notation) during the creation of the configuration files for Arc resource bridge. 
 
 Consult your network engineer to obtain the IP address prefix in CIDR notation. An IP Subnet CIDR calculator may be used to obtain this value.
 
 ## Static IP configuration
 
 If deploying Arc resource bridge to a production environment, static configuration must be used when deploying Arc resource bridge. Static IP configuration is used to assign three static IPs (that are in the same subnet) to the Arc resource bridge control plane, appliance VM, and reserved appliance VM.
 
-DHCP is only supported in a test environment for testing purposes only for VM management on Azure Stack HCI, and it should not be used in a production environment. DHCP isn't supported on any other Arc-enabled private cloud, including Arc-enabled VMware, Arc for AVS, or Arc-enabled SCVMM. If using DHCP, you must reserve the IP addresses used by the control plane and appliance VM. In addition, these IPs must be outside of the assignable DHCP range of IPs. Ex: The control plane IP should be treated as a reserved/static IP that no other machine on the network will use or receive from DHCP. If the control plane IP or appliance VM IP changes (ex: due to an outage, this impacts the resource bridge availability and functionality.
+DHCP is only supported in a test environment for testing purposes only for VM management on Azure Stack HCI. It should not be used in a production environment. DHCP isn't supported on any other Arc-enabled private cloud, including Arc-enabled VMware, Arc for AVS, or Arc-enabled SCVMM. 
+
+If using DHCP, you must reserve the IP addresses used by the control plane and appliance VM. In addition, these IPs must be outside of the assignable DHCP range of IPs. Ex: The control plane IP should be treated as a reserved/static IP that no other machine on the network will use or receive from DHCP. If the control plane IP or appliance VM IP changes, this impacts the resource bridge availability and functionality.
 
 ## Management machine requirements
 
@@ -58,10 +60,14 @@ The machine used to run the commands to deploy and maintain Arc resource bridge
 Management machine requirements:
 
 - [Azure CLI x64](/cli/azure/install-azure-cli-windows?tabs=azure-cli) installed
-- Open communication to Control Plane IP (`controlplaneendpoint` parameter in `createconfig` command)
-- Open communication to Appliance VM IP
-- Open communication to the reserved Appliance VM IP
-- if applicable, communication over port 443 to the private cloud management console (ex: VMware vCenter host machine)
+- Open communication to Control Plane IP 
+
+- Communication to Appliance VM IP (SSH TCP port 22, Kubernetes API port 6443)
+
+- Communication to the reserved Appliance VM IP ((SSH TCP port 22, Kubernetes API port 6443)
+
+- communication over port 443 (if applicable) to the private cloud management console (ex: VMware vCenter host machine)
+
 - Internal and external DNS resolution. The DNS server must resolve internal names, such as the vCenter endpoint for vSphere or cloud agent service endpoint for Azure Stack HCI. The DNS server must also be able to resolve external addresses that are [required URLs](network-requirements.md#outbound-connectivity) for deployment.
 - Internet access
   
@@ -77,11 +83,8 @@ Appliance VM IP address requirements:
 
 - Open communication with the management machine and management endpoint (such as vCenter for VMware or MOC cloud agent service endpoint for Azure Stack HCI).
 - Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
-- Static IP assigned (strongly recommended)
+- Static IP assigned and within the IP address prefix.
 
-  - If using DHCP, then the address must be reserved and  outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
-
-- Must be from within the IP address prefix.
 - Internal and external DNS resolution.
 - If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
 
@@ -99,15 +102,11 @@ Reserved appliance VM IP requirements:
 
 - Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
 
-- Static IP assigned (strongly recommended)
-
-  - If using DHCP, then the address must be reserved and  outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
-
-  - Must be from within the IP address prefix.
+- Static IP assigned and within the IP address prefix.
 
-  - Internal and external DNS resolution.
+- Internal and external DNS resolution.
 
-  - If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
+- If using a proxy, the proxy server has to be reachable from this IP and all IPs within the VM IP pool.
 
 ## Control plane IP requirements
 
@@ -117,8 +116,7 @@ Control plane IP requirements:
 
 - Open communication with the management machine.
 
-  - Static IP address assigned; the IP address should be outside the DHCP range but still available on the network segment. This IP address can't be assigned to any other machine on the network. 
-  - If using DHCP, the control plane IP should be a single reserved IP that is outside of the assignable DHCP range of IPs. No other machine on the network will use or receive this IP from DHCP. DHCP is generally not recommended because a change in IP address (ex: due to an outage) impacts the resource bridge availability.
+- Static IP address assigned and within the IP address prefix.
 
 - If using a proxy, the proxy server has to be reachable from IPs within the IP address prefix, including the reserved appliance VM IP.
 
@@ -128,23 +126,23 @@ DNS server(s) must have internal and external endpoint resolution. The appliance
 
 ## Gateway
 
-The gateway IP should be an IP from within the subnet designated in the IP address prefix.
+The gateway IP is the IP of the gateway for the network where Arc resource bridge is deployed. The gateway IP should be an IP from within the subnet designated in the IP address prefix.
 
 ## Example minimum configuration for static IP deployment
 
-The following example shows valid configuration values that can be passed during configuration file creation for Arc resource bridge. It is strongly recommended to use static IP addresses when deploying Arc resource bridge. 
+The following example shows valid configuration values that can be passed during configuration file creation for Arc resource bridge. 
 
 Notice that the IP addresses for the gateway, control plane, appliance VM and DNS server (for internal resolution) are within the IP address prefix. This key detail helps ensure successful deployment of the appliance VM.
 
    IP Address Prefix (CIDR format): 192.168.0.0/29
 
-   Gateway (IP format): 192.168.0.1
+   Gateway IP: 192.168.0.1
 
    VM IP Pool Start (IP format): 192.168.0.2
 
    VM IP Pool End (IP format): 192.168.0.3
 
-   Control Plane IP (IP format): 192.168.0.4
+   Control Plane IP: 192.168.0.4
 
    DNS servers (IP list format): 192.168.0.1, 10.0.0.5, 10.0.0.6
 
