Merge pull request #16632 from CristianEdwards/ArcGwNoProxyUpdate

ArcGwUpdates 2411.1

Author: Stacyrch140

azure-local/deploy/deployment-azure-arc-gateway-configure-manually.md

@@ -10,7 +10,7 @@ ms.service: azure-stack-hci
 
 # Configure Arc proxy manually for Azure gateway on Azure Local (preview)
 
-Applies to: Azure Local, version 23H2, release 2408, 2408.1, 2408.2, and 2411
+Applies to: Azure Local, version 23H2, release 2408, 2408.1, 2408.2, 2411 and 2411.1
 
 After creating the Arc gateway resource in your Azure subscription, you can enable the new Arc gateway preview features. This article details how to manually configure the Arc proxy before Arc registration.
 

azure-local/deploy/deployment-azure-arc-gateway-configure-via-script.md

@@ -10,7 +10,7 @@ ms.service: azure-stack-hci
 
 # Configure Arc proxy via registration script for Azure gateway on Azure Local (preview)
 
-Applies to: Azure Local, version 23H2, release 2408, 2408.1, 2408.2, and 2411
+Applies to: Azure Local, version 23H2, release 2408, 2408.1, 2408.2, 2411 and 2411.1
 
 After creating the Arc gateway resource in your Azure subscription, you can enable the new Arc gateway preview features. This article details how to configure the Arc proxy before Arc registration using a registration script for the Arc gateway on Azure Local.
 
@@ -28,7 +28,7 @@ Make sure the following prerequisites are met before proceeding:
 
 ## Step 1: Get the ArcGatewayID  
 
-You need the proxy and the ArcGatewayID from Azure to run the registration script on Azure Local machines. You can find the Arc gateway id on the Azure portal overview page of the resource.
+You need the proxy and the ArcGatewayID from Azure to run the registration script on Azure Local machines. You can find the Arc gateway ID on the Azure portal overview page of the resource.
 
 ## Step 2: Register new machines in Azure Arc
 

azure-local/deploy/deployment-azure-arc-gateway-use-without-proxy.md

@@ -10,7 +10,7 @@ ms.service: azure-stack-hci
 
 # Use Azure Arc gateway without a proxy on Azure Local (preview)
 
-Applies to: Azure Local, version 23H2, release 2408, 2408.1, 2408.2, and 2411
+Applies to: Azure Local, version 23H2, release 2411.1 and later
 
 After creating the Arc gateway resource in your Azure subscription, you can enable the new Arc gateway preview features on your Azure Local. This article details how to use Azure gateway for Azure Local instances without a proxy.
 
@@ -20,77 +20,101 @@ After creating the Arc gateway resource in your Azure subscription, you can enab
 
 Make sure the following prerequisites are met before proceeding:
 
-- You’ve access to an Azure Local instance running version 23H2.
+- You’ve access to an Azure Local instance running version 23H2, release 2411.1. Prior versions do not support this scenario.
 
 - An Arc gateway resource created in the same subscription as used to deploy Azure Local. For more information, see [Create the Arc gateway resource in Azure](deployment-azure-arc-gateway-overview.md#create-the-arc-gateway-resource-in-azure).
 
-> [!Warning]
-> For Arc gateway deployments without proxy, the standard ISO OS image is required and is available at https://aka.ms/PVenEREWEEW. Do not use the ISO image available in Azure portal for this scenario.
+## Step 1: Get the ArcGatewayID  
 
-## Run the initialization script
+You need the Arc gateway ID (ArcGatewayID) from Azure to run the registration script on Azure Local machines. You can find the Arc gateway ID on the Azure portal overview page of the resource.
 
-To use the Arc gateway feature for Azure Local systems without a proxy, use the `ProxyBypassList` parameter to specify traffic that shouldn't route through the Arc gateway. Create the bypass list according to this article.
+## Step 2: Register new machines in Azure Arc
 
-Run the initialization script as follows. All other instructions remain the same as listed in [Configure the proxy using the Arc registration script](deployment-azure-arc-gateway-configure-via-script.md).
+To use the Arc gateway feature for Azure Local systems without a proxy, only use the `ArcGatewayID` parameter.
 
-```azurecli
-#Install required PowerShell modules on your machine for registration.
-
-Install-Module Az.Accounts -RequiredVersion 2.13.2
-
-Install-Module Az.Resources -RequiredVersion 6.12.0
+Run the initialization script as follows.
 
-Install-Module Az.ConnectedMachine -RequiredVersion 0.5.2
-
-#Install Arc registration script from PSGallery
-
-Install-Module AzsHCI.ARCinstaller
+```azurecli
 
 #Define the subscription where you want to register your server as Arc device.
-
 $Subscription = "yoursubscription"
 
 #Define the resource group where you want to register your server as Arc device.
-
 $RG = "yourresourcegroupname"
 
 #Define the tenant you will use to register your server as Arc device.
-
 $Tenant = "yourtenant"
  
 #Define the Arc gateway resource ID from Azure
-
 $ArcgwId = "/subscriptions/yourarcgatewayid/resourceGroups/yourresourcegroupname/providers/Microsoft.HybridCompute/gateways/yourarcgatewayname"
 
-#Define the bypass list for the proxy. Use semicolon to separate each item from the list.
-
-# Use "localhost" instead of <local>
-# Use specific IPs such as 127.0.0.1 without mask
-# Use * for subnets allowlisting. 192.168.1.* for /24 exclusions. Use 192.168.*.
-* for /16 exclusions.
-# Append * for domain names exclusions like *.contoso.com
-# DO NOT INCLUDE .svc on the list. The registration script takes care of Environment Variables configuration.
-
-$ProxyBypassList = "localhost;127.0.0.1;*.contoso.com;machine1;machine2;machine3;machine4;machine5;192.168.*.*;AzureLocal-1"
-
 #Connect to your Azure account and Subscription
-
 Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode
 
 #Get the Access Token and Account ID for the registration
-
 $ARMtoken = (Get-AzAccessToken).Token
 
 #Get the Account ID for the registration
-
 $id = (Get-AzContext).Account.Id
 
 #Invoke the registration script with Proxy and ArcgatewayID
-
-Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup
-$RG -TenantID $Tenant -Region australiaeast -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id -ArcGatewayID $ArcgwId -ProxyBypass $ProxyBypassList
+Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region australiaeast -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id -ArcGatewayID $ArcgwId
 ```
 
+## Step 3: Start Azure Local cloud deployment
+
+Once the Azure Local machines are registered in Azure Arc and all the extensions are installed, you can start deployment from Azure portal or using the ARM templates that are documented in these articles:
+
+- [Deploy an Azure Local instance using the Azure portal](deploy-via-portal.md).
+
+- [Azure Resource Manager template deployment for Azure Local, version 23H2](deployment-azure-resource-manager-template.md).
+
+## Step 4: Verify that the setup succeeded
+
+Once the deployment validation starts, you can connect to the first Azure Local machine from your system and open the Arc gateway log to monitor which endpoints are redirected to the Arc gateway and which ones continue using your firewall.
+
+You can find the Arc gateway log at: *c:\programdata\AzureConnectedMAchineAgent\Log\arcproxy.log*.
+
+:::image type="content" source="./media/deployment-connect-nodes-to-arc-gateway/arc-gateway-log.png" alt-text="Screenshot that shows the Arc gateway log using manual method." lightbox="./media/deployment-connect-nodes-to-arc-gateway/arc-gateway-log.png":::
+
+To check the Arc agent configuration and verify that it is using the Arc gateway, run the following command: `c:\program files\AzureConnectedMachineAgent>.\azcmagent show`
+
+The result should show the following values:
+
+- **Agent version** is **1.45** or above.
+
+- **Agent Status** is **Connected**.
+
+- **Using HTTPS Proxy**  is empty when Arc gateway isn't in use. It should show as `http://localhost:40343` when the Arc gateway is enabled.
+
+- **Upstream Proxy** should be empty because you are not using any enterprise proxy.
+
+- **Azure Arc Proxy** shows as **stopped** when Arc gateway isn't in use, and **running** when the Arc gateway is enabled.
+
+The Arc agent without the Arc gateway:
+
+:::image type="content" source="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-without-gateway.png" alt-text="Screenshot that shows the Arc agent without gateway using manual method." lightbox="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-without-gateway.png":::
+
+The Arc agent using the Arc gateway:
+
+:::image type="content" source="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-with-gateway.png" alt-text="Screenshot that shows the Arc agent with gateway using manual method." lightbox="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-with-gateway.png":::
+
+Additionally, to verify that the setup successful, you can run the following command: `c:\program files\AzureConnectedMachineAgent>.\azcmagent check`.
+
+The response should indicate that `connection.type` is set to `gateway`, and the **Reachable** column should indicate **true** for all URLs, as shown:
+
+The Arc agent without the Arc gateway:
+
+:::image type="content" source="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-without-gateway-2.png" alt-text="Screenshot that shows the Arc agent without gateway 2 using manual method." lightbox="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-without-gateway-2.png":::
+
+The Arc agent with the Arc gateway enabled:
+
+:::image type="content" source="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-with-gateway-2.png" alt-text="Screenshot that shows the Arc agent with gateway 2 using manual method." lightbox="./media/deployment-connect-nodes-to-arc-gateway/arc-agent-without-gateway-2.png":::
+
+You can also audit your gateway traffic by viewing the gateway router logs.  
+
+To view gateway router logs on Windows, run the `azcmagent logs` command in PowerShell. In the resulting .zip file, the logs are located in the *C:\ProgramData\Microsoft\ArcGatewayRouter* folder.
+
 ## Next steps
 
 - [Get support for deployment issues](../manage/get-support-for-deployment-issues.md)