Merge pull request #129586 from JnHs/jh-lh-arc

Azure Lighthouse and Azure Arc content

Author: GitHubber17

articles/azure-arc/kubernetes/overview.md

@@ -47,13 +47,16 @@ Azure Arc enabled Kubernetes supports these scenarios:
 
 * Apply policies by using Azure Policy for Kubernetes. 
 
+[!INCLUDE [azure-lighthouse-supported-service](../../../includes/azure-lighthouse-supported-service.md)]
+
 ## Supported regions 
 
 Azure Arc enabled Kubernetes is currently supported in these regions: 
 
 * East US 
 * West Europe
 
+
 ## Next steps
 
 * [Connect a cluster](./connect-cluster.md)

articles/azure-arc/servers/overview.md

@@ -9,7 +9,7 @@ ms.topic: overview
 
 # What is Azure Arc enabled servers (preview)?
 
-Azure Arc enabled servers (preview) allows you to manage your Windows and Linux machines hosted outside of Azure, on your corporate network or other cloud provider, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is managed as part of a resource group inside a subscription, and benefits from standard Azure constructs such as Azure Policy and applying tags.
+Azure Arc enabled servers (preview) allows you to manage your Windows and Linux machines hosted outside of Azure, on your corporate network or other cloud provider, similar to how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID, is managed as part of a resource group inside a subscription, and benefits from standard Azure constructs such as Azure Policy and applying tags. Service providers who manage a customer's on-premises infrastructure can manage their hybrid machines, just like they do today with native Azure resources, across multiple customer environments, using [Azure Lighthouse](../../lighthouse/how-to/manage-hybrid-infrastructure-arc.md) with Azure Arc.
 
 To deliver this experience with your hybrid machines hosted outside of Azure, the Azure Connected Machine agent needs to be installed on each machine that you plan on connecting to Azure. This agent does not deliver any other functionality, and it doesn't replace the Azure [Log Analytics agent](../../azure-monitor/platform/log-analytics-agent.md). The Log Analytics agent for Windows and Linux is required when you want to proactively monitor the OS and workloads running on the machine, manage it using Automation runbooks or solutions like Update Management, or use other Azure services like [Azure Security Center](../../security-center/security-center-intro.md).
 
@@ -29,6 +29,8 @@ When you connect your machine to Azure Arc enabled servers (preview), it enables
 
 Log data collected and stored in a Log Analytics workspace from the hybrid machine now contains properties specific to the machine, such as a Resource ID. This can be used to support [resource-context](../../azure-monitor/platform/design-logs-deployment.md#access-mode) log access.
 
+[!INCLUDE [azure-lighthouse-supported-service](../../../includes/azure-lighthouse-supported-service.md)]
+
 ## Supported regions
 
 With Azure Arc enabled servers (preview), only certain regions are supported:

articles/lighthouse/concepts/cross-tenant-management-experience.md

@@ -43,13 +43,13 @@ Most tasks and services can be performed on delegated resources across managed t
 
 [Azure Arc](../../azure-arc/index.yml):
 
-- Manage hybrid servers at scale - [Azure Arc for servers (preview)](../../azure-arc/servers/overview.md):
-  - [Connect Windows Server or Linux machines outside Azure](../../azure-arc/servers/onboard-portal.md) to delegated subscriptions and/or resource groups in Azure
+- Manage hybrid servers at scale - [Azure Arc enabled servers (preview)](../../azure-arc/servers/overview.md):
+  - [Manage Windows Server or Linux machines outside Azure that are connected](../../azure-arc/servers/onboard-portal.md) to delegated subscriptions and/or resource groups in Azure
   - Manage connected machines using Azure constructs, such as Azure Policy and tagging
   - Ensure the same set of policies are applied across customers' hybrid environments
   - Use Azure Security Center to monitor compliance across customers' hybrid environments
 - Manage hybrid Kubernetes clusters at scale - [Azure Arc enabled Kubernetes (preview)](../../azure-arc/kubernetes/overview.md):
-  - [Connect a Kubernetes cluster to Azure Arc](../../azure-arc/kubernetes/connect-cluster.md) to delegated subscriptions and/or resource groups in Azure
+  - [Manage Kubernetes clusters that are connected](../../azure-arc/kubernetes/connect-cluster.md) to delegated subscriptions and/or resource groups in Azure
   - [Use GitOps](../../azure-arc/kubernetes/use-gitops-connected-cluster.md) for connected clusters
   - Enforce policies across connected clusters
 

articles/lighthouse/how-to/manage-hybrid-infrastructure-arc.md

@@ -0,0 +1,54 @@
+---
+title: Manage hybrid infrastructure at scale with Azure Arc
+description: Learn how to effectively manage your customers' machines and Kubernetes clusters outside of Azure.
+ms.date: 09/15/2020
+ms.topic: how-to
+---
+
+# Manage hybrid infrastructure at scale with Azure Arc
+
+As a service provider, you may have onboarded multiple customer tenants to [Azure Lighthouse](../overview.md). Azure Lighthouse allows service providers to perform operations at scale across several Azure Active Directory (Azure AD) tenants at once, making management tasks more efficient.
+
+[Azure Arc](../../azure-arc/overview.md) helps simplify complex and distributed environments across on-premises, edge and multicloud, enabling deployment of Azure services anywhere and extending Azure management to any infrastructure.
+
+With [Azure Arc enabled servers (preview)](../../azure-arc/servers/overview.md), customers can manage any Windows and Linux machines hosted outside of Azure on their corporate network, in the same way they manage native Azure virtual machines. By linking a hybrid machine to Azure, it becomes connected and is treated as a resource in Azure. Service providers can then manage these non-Azure machines along with their customers' Azure resources.
+
+[Azure Arc enabled Kubernetes (preview)](../../azure-arc/kubernetes/overview.md) lets customers attach and configure Kubernetes clusters inside or outside of Azure. When a Kubernetes cluster is attached to Azure Arc, it will appear in the Azure portal, with an Azure Resource Manager ID and a managed identity. Clusters are attached to standard Azure subscriptions, are located in a resource group, and can receive tags just like any other Azure resource.
+
+This topic provides an overview of how service providers can use Azure Arc enabled servers (preview) and Azure Arc enabled Kubernetes (preview) in a scalable way to manage their customers' hybrid environment, with visibility across all managed customer tenants.
+
+> [!TIP]
+> Though we refer to service providers and customers in this topic, this guidance also applies to [enterprises using Azure Lighthouse to manage multiple tenants](../concepts/enterprise.md).
+
+## Manage hybrid servers at scale with Azure Arc enabled servers (preview)
+
+> [!NOTE]
+> Azure Arc enabled servers is currently in preview. We don't recommend it for production workloads at this time.
+
+As a service provider, you can manage on-premises Windows Server or Linux machines outside Azure that your customers have connected to their subscription using the [Azure Connected Machine agent](../../azure-arc/servers/agent-overview.md).
+
+When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with **Azure Arc**. You can manage these connected machines using Azure constructs, such as Azure Policy and tagging, the same way that you’d manage the customer's Azure resources. You can also work across customer tenants to manage all connected hybrid machines together.
+
+For example, you can [ensure the same set of policies are applied across customers' hybrid machines](../../azure-arc/servers/learn/tutorial-assign-policy-portal.md). You can also use Azure Security Center to monitor compliance across all of your customers' hybrid environments, or [use Azure Monitor to collect data directly from your hybrid machines](../../azure-arc/servers/learn/tutorial-enable-vm-insights.md) into a Log Analytics workspace. [Virtual machine extensions](../../azure-arc/servers/manage-vm-extensions.md) can be deployed to non-Azure Windows and Linux VMs, simplifying management of customer's hybrid machines.
+
+## Manage hybrid Kubernetes clusters at scale with Azure Arc enabled Kubernetes (preview)
+
+> [!NOTE]
+> Azure Arc enabled Kubernetes is currently in preview. We don't recommend it for production workloads at this time.
+
+You can manage Kubernetes clusters that have been [connected to a customer's subscription with Azure Arc](../../azure-arc/kubernetes/connect-cluster.md), just as if they were running in Azure.
+
+If your customer has created a [service principal account to onboard Kubernetes clusters to Azure Arc](../../azure-arc/kubernetes/create-onboarding-service-principal.md), you can access this service principal account to onboard and manage clusters. This can be done by users in the managing tenant who were granted the "Kubernetes Cluster - Azure Arc Onboarding" Azure built-in role when the subscription containing the service principal account was [onboarded to Azure Lighthouse](onboard-customer.md).
+
+You can deploy [configurations](../../azure-arc/kubernetes/use-gitops-connected-cluster.md) and [Helm charts](../../azure-arc/kubernetes/use-gitops-with-helm.md) using GitOps for connected clusters.
+
+You can also monitor connected clusters with Azure Monitor, and [use Azure Policy to apply cluster configurations at scale](../../azure-arc/kubernetes/use-azure-policy.md).
+
+## Next steps
+
+- Explore the jumpstarts and samples in the [Azure Arc GitHub repository](https://github.com/microsoft/azure_arc). 
+- Learn about [supported scenarios for Azure Arc enabled servers](../../azure-arc/servers/overview.md#supported-scenarios).
+- Learn about [Kubernetes distributions supported by Azure Arc](../../azure-arc/kubernetes/overview.md#supported-kubernetes-distributions).
+- Learn how to [deploy a policy at scale](policy-at-scale.md).
+- Learn how to [use Azure Monitor Logs at scale](monitor-at-scale.md).
+

articles/lighthouse/index.yml

@@ -33,6 +33,8 @@ landingContent:
         links:
           - text: Onboard a customer to Azure Lighthouse
             url: ./how-to/onboard-customer.md
+          - text: Link your ID for partner earned credit
+            url: ./how-to/partner-earned-credit.md
       - linkListType: concept
         links:
           - text: Recommended security practices
@@ -87,6 +89,8 @@ landingContent:
             url: ./how-to/policy-at-scale.md
           - text: Deploy a policy that can be remediated
             url: ./how-to/deploy-policy-remediation.md
+          - text: Manage hybrid machines with Azure Arc
+            url: ./how-to/manage-hybrid-infrastructure-arc.md
 
   - title: Reference - SDKs
     linkLists:

articles/lighthouse/toc.yml

@@ -53,6 +53,9 @@
   - name: Remove access to a delegation
     displayName: delete, undelegate
     href: ./how-to/remove-delegation.md
+  - name: Azure Arc integration
+    displayName: server, kubernetes, hybrid, infrastructure
+    href: ./how-to/manage-hybrid-infrastructure-arc.md
   - name: Azure Monitor integration
     items:
     - name: Use Azure Monitor Logs at scale