Merge pull request #276062 from JnHs/jh-arcrb-icu

inbound connectivity URL updates

Author: v-dirichards

articles/azure-arc/network-requirements-consolidated.md

@@ -1,7 +1,7 @@
 ---
 title: Azure Arc network requirements
 description: A consolidated list of network requirements for Azure Arc features and Azure Arc-enabled services. Lists endpoints, ports, and protocols.
-ms.date: 04/17/2024
+ms.date: 05/22/2024
 ms.topic: reference
 ---
 

articles/azure-arc/resource-bridge/includes/network-requirements.md

@@ -1,9 +1,9 @@
 ---
 ms.topic: include
-ms.date: 03/19/2024
+ms.date: 05/22/2024
 ---
 
-### Outbound connectivity
+### Outbound connectivity requirements
 
 The firewall and proxy URLs below must be allowlisted in order to enable communication from the management machine, Appliance VM, and Control Plane IP to the required Arc resource bridge URLs.
 
@@ -32,16 +32,24 @@ The firewall and proxy URLs below must be allowlisted in order to enable communi
 |Microsoft open source packages manager| 443 | `packages.microsoft.com`| Appliance VM IPs need outbound connection. | Download Linux installation package.|
 |Custom Location| 443 | `sts.windows.net`| Appliance VM IPs need outbound connection. | Required for Custom Location.|
 |Azure Arc| 443 | `guestnotificationservice.azure.com` | Appliance VM IPs need outbound connection. | Required for Azure Arc.|
-|Custom Location | 443 | `k8sconnectcsp.azureedge.net`	|	Appliance VM IPs need outbound connection. | Required for Custom Location. |
-|Diagnostic data | 443 | `gcs.prod.monitoring.core.windows.net`	|	Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
-|Diagnostic data | 443 | `*.prod.microsoftmetrics.com`	|	Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
-|Diagnostic data | 443 | `*.prod.hot.ingest.monitor.core.windows.net`	|	Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
-|Diagnostic data | 443 | `*.prod.warm.ingest.monitor.core.windows.net`	|	Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
+|Custom Location | 443 | `k8sconnectcsp.azureedge.net` | Appliance VM IPs need outbound connection. | Required for Custom Location. |
+|Diagnostic data | 443 | `gcs.prod.monitoring.core.windows.net` | Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
+|Diagnostic data | 443 | `*.prod.microsoftmetrics.com` | Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
+|Diagnostic data | 443 | `*.prod.hot.ingest.monitor.core.windows.net` | Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
+|Diagnostic data | 443 | `*.prod.warm.ingest.monitor.core.windows.net` | Appliance VM IPs need outbound connection. | Periodically sends Microsoft required diagnostic data. |
 |Azure portal | 443 | `*.arc.azure.net`| Appliance VM IPs need outbound connection. | Manage cluster from Azure portal.|
 |Azure CLI & Extension | 443 | `*.blob.core.windows.net`| Management machine needs outbound connection. | Download Azure CLI Installer and extension. |
 |Azure Arc Agent| 443 | `*.dp.kubernetesconfiguration.azure.com`| Management machine needs outbound connection. | Dataplane used for Arc agent.|
 |Python package| 443 | `pypi.org`, `*.pypi.org`| Management machine needs outbound connection. | Validate Kubernetes and Python versions.|
 |Azure CLI| 443 | `pythonhosted.org`, `*.pythonhosted.org`| Management machine needs outbound connection. | Python packages for Azure CLI installation.|
-|SSH| 22 | `Arc resource bridge appliance VM IPs` | Management machine needs outbound connection. | Used for troubleshooting the appliance VM.|
-|Kubernetes API server| 6443 | `Arc resource bridge appliance VM IPs` | Management machine needs outbound connection. | Management of appliance VM.|
+
+## Inbound connectivity requirements
+
+The following ports must be allowlisted in your firewall/proxy to enable communication between the management machine, Appliance VM IPs, and Control Plane IPs. Ensure these ports are open to facilitate the deployment and maintenance of Arc resource bridge.
+
+|**Service**|**Port**|**URL**|**Direction**|**Notes**|
+|--|--|--|--|--|
+|SSH| 22 | `appliance VM IPs` and `Management machine` | Bidirectional | Used for deploying and maintaining the appliance VM.|
+|Kubernetes API server| 6443 | `appliance VM IPs` and `Management machine` | Bidirectional | Management of the appliance VM.|
+|HTTPS | 443 | `private cloud management console` | Management machine needs outbound connection. | Communication with management console (for example, VMware vCenter Server).|
 

articles/azure-arc/resource-bridge/network-requirements.md

@@ -2,7 +2,7 @@
 title: Azure Arc resource bridge network requirements
 description: Learn about network requirements for Azure Arc resource bridge including URLs that must be allowlisted.
 ms.topic: conceptual
-ms.date: 03/19/2024
+ms.date: 05/22/2024
 ---
 
 # Azure Arc resource bridge network requirements
@@ -65,7 +65,7 @@ The default value for `noProxy` is `localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0
 
 As a notice, you should be aware that the appliance VM is configured to listen on the following ports. These ports are used exclusively for internal processes and do not require external access:
 
-- 8443 – Endpoint for AAD Authentication Webhook
+- 8443 – Endpoint for Microsoft Entra Authentication Webhook
 
 - 10257 – Endpoint for Arc resource bridge metrics
 

articles/azure-arc/resource-bridge/system-requirements.md

@@ -2,7 +2,7 @@
 title: Azure Arc resource bridge system requirements
 description: Learn about system requirements for Azure Arc resource bridge.
 ms.topic: conceptual
-ms.date: 02/09/2024
+ms.date: 05/22/2024
 ---
 
 # Azure Arc resource bridge system requirements
@@ -68,7 +68,7 @@ Management machine requirements:
 
 - communication over port 443 to the private cloud management console (ex: VMware vCenter machine)
 
-- Internal and external DNS resolution. The DNS server must resolve internal names, such as the vCenter endpoint for vSphere or cloud agent service endpoint for Azure Stack HCI. The DNS server must also be able to resolve external addresses that are [required URLs](network-requirements.md#outbound-connectivity) for deployment.
+- Internal and external DNS resolution. The DNS server must resolve internal names, such as the vCenter endpoint for vSphere or cloud agent service endpoint for Azure Stack HCI. The DNS server must also be able to resolve external addresses that are [required URLs](network-requirements.md#outbound-connectivity-requirements) for deployment.
 - Internet access
 
 ## Appliance VM IP address requirements
@@ -79,9 +79,9 @@ Appliance VM IP address requirements:
 
 - Communication with the management machine (SSH TCP port 22, Kubernetes API port 6443)
 
-- Communcation with the private cloud management endpoint via Port 443 (such as VMware vCenter).
+- Communication with the private cloud management endpoint via Port 443 (such as VMware vCenter).
 
-- Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
+- Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity-requirements) enabled in proxy/firewall.
 - Static IP assigned and within the IP address prefix.
 
 - Internal and external DNS resolution.
@@ -95,9 +95,9 @@ Reserved appliance VM IP requirements:
 
 - Communication with the management machine (SSH TCP port 22, Kubernetes API port 6443)
 
-- Communcation with the private cloud management endpoint via Port 443 (such as VMware vCenter).
+- Communication with the private cloud management endpoint via Port 443 (such as VMware vCenter).
 
-- Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity) enabled in proxy/firewall.
+- Internet connectivity to [required URLs](network-requirements.md#outbound-connectivity-requirements) enabled in proxy/firewall.
 
 - Static IP assigned and within the IP address prefix.
 
@@ -107,7 +107,7 @@ Reserved appliance VM IP requirements:
 
 ## Control plane IP requirements
 
-The appliance VM hosts a management Kubernetes cluster with a control plane that requires a single, static IP address. This IP is assigned from the `controlplaneendpoint` parameter in the `createconfig` command or equivalent configuration files creation command. 
+The appliance VM hosts a management Kubernetes cluster with a control plane that requires a single, static IP address. This IP is assigned from the `controlplaneendpoint` parameter in the `createconfig` command or equivalent configuration files creation command.
 
 Control plane IP requirements: