You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This article provides an overview of the Azure Arc gateway for Azure Local. The Arc gateway can be enabled on new deployments of Azure Local running software version 2408 and later. This article also describes how to create and delete the Arc gateway resource in Azure.
20
20
21
-
You can use the Arc gateway to significantly reduce the number of required endpoints needed to deploy and manage Azure Local instances. Once you create the Arc gateway, you can connect to and use it for new deployments of Azure Local.
22
-
23
-
For information on how to deploy the Azure Arc gateway for standalone servers (not Azure Local machines), see [Simplify network configuration requirements through Azure Arc gateway](/azure/azure-arc/servers/arc-gateway).
21
+
You can use the Arc gateway to significantly reduce the number of required endpoints needed to deploy and manage Azure Local instances. When you create the Arc gateway, you can connect to and use it for new deployments of Azure Local.
@@ -32,7 +30,7 @@ The Arc gateway works by introducing the following components:
32
30
33
31
-**Arc proxy** – A new component that is added to the Arc Agentry. This component runs as a service (Called the **Azure Arc Proxy**) and works as a forward proxy for the Azure Arc agents and extensions. The gateway router doesn't need any configuration from your side. This router is part of the Arc core agentry and runs within the context of an Arc-enabled resource.
34
32
35
-
Once you integrate the Arc gateway with release 2411 of Azure Local deployments, each machine gets Arc proxy along with other Arc Agents.
33
+
When you integrate the Arc gateway with version 2411 of Azure Local deployments, each machine gets Arc proxy along with other Arc Agents.
36
34
37
35
When Arc gateway is used, the *http* and *https* traffic flow changes as follows:
38
36
@@ -52,11 +50,11 @@ When Arc gateway is used, the *http* and *https* traffic flow changes as follows
52
50
53
51
1. With the proxy settings in place, ARB, and AKS outbound traffic is forwarded to Arc Proxy running on one of the Azure Local machines over the routable IP.
54
52
55
-
1. Once the traffic reaches Arc proxy, the remaining flow takes the same path as described. If traffic to the target service is allowed, it is sent to Arc gateway. If not, it is sent to the enterprise proxy (or direct outbound if no proxy set). Note that for AKS specifically, this path is used for downloading docker images for Arc Agentry and Arc Extension Pods.
53
+
1. Once the traffic reaches Arc proxy, the remaining flow takes the same path as described. If traffic to the target service is allowed, it is sent to Arc gateway. If not, it is sent to the enterprise proxy (or direct outbound if no proxy set). For AKS specifically, this path is used for downloading docker images for Arc Agentry and Arc Extension Pods.
56
54
57
-
**Traffic flow for Arc VMs**
55
+
**Traffic flow for Azure Local VMs**
58
56
59
-
*Http* and *https* traffic are forwarded to the enterprise proxy. Arc proxy inside the Arc VM is not yet supported in this version.
57
+
*Http* and *https* traffic are forwarded to the enterprise proxy. Arc proxy inside an Azure Local VM enabled by Arc is not yet supported in this version.
60
58
61
59
Traffic flows are illustrated in the following diagram:
62
60
@@ -83,12 +81,11 @@ The list of supported endpoints by the Arc gateway in Azure Local will increase
83
81
You can use the Arc gateway in the following scenario for Azure Local versions 2411.1 or later:
84
82
85
83
- Enable Arc gateway during deployment of new Azure Local instances running versions 2411.1 or later.
84
+
- The Arc gateway resource must be created on the same subscription where you are planning to deploy your Azure Local instance.
86
85
87
-
Unsupported scenarios for Azure Local, versions 2408, 2411 and 2411.1 include:
88
-
89
-
- Azure Local instances updated from versions 2402 or 2405 to versions 2408 or 2411 can't take advantage of all the new endpoints supported by this Arc gateway preview. Host components, Arc extensions, ARB, and AKS required endpoints are only supported when enabling the Arc gateway as part of a new version 2408 deployment.
86
+
Unsupported scenarios for Azure Local include:
90
87
91
-
- Enabling Arc gateway after deployment cannot take advantage of all the new endpoints supported by this Arc gateway preview. Host, Arc extensions, ARB, and AKS required endpoints are only supported when enabling the Arc gateway as part of a new deployment.
88
+
- Enabling Arc gateway after deployment is not supported.
92
89
93
90
## Azure Local endpoints not redirected
94
91
@@ -139,15 +136,15 @@ You can create an Arc gateway resource using the Azure portal, Azure CLI, or Azu
139
136
140
137
1. Sign in to [Azure portal](https://ms.portal.azure.com/).
141
138
1. Go to the **Azure Arc > Azure Arc gateway** page, then select **Create**.
142
-
1. Select the subscription and resource group where you want the Arc gateway resource to be managed within Azure. An Arc gateway resource can be used by any Arc-enabled resource in the same Azure tenant.
139
+
1. Select the subscription where you are planning to deploy your Azure Local instance.
143
140
1. For **Name**, enter the name for the Arc gateway resource.
144
-
1. For **Location**, enter the region where the Arc gateway resource should live. An Arc gateway resource can be used by any Arc-enabled resource in the same Azure tenant.
141
+
1. For **Location**, enter the region where the Arc gateway resource should live. An Arc gateway resource is used by any Arc-enabled resource in the same Azure tenant.
145
142
1. Select **Next**.
146
143
1. On the **Tags** page, specify one or more custom tags to support your standards.
147
144
1. Select **Review & Create**.
148
145
1. Review your details, and then select **Create**.
149
146
150
-
The gateway creation process takes nine to ten minutes to complete.
147
+
The gateway creation process takes nine to 10 minutes to complete.
151
148
152
149
153
150
# [CLI](#tab/cli)
@@ -184,10 +181,10 @@ The gateway creation process takes 9-10 minutes to complete.
184
181
185
182
## Detach or change the Arc gateway association from the machine
186
183
187
-
To detach the gateway resource from your Arc-enabled server, set the gateway resource ID to `null`. If you want to attach your Arc-enabled server to another Arc gateway resource just update the name and resource ID with the new Arc gateway information:
184
+
To detach the gateway resource from your Arc-enabled server, set the gateway resource ID to `null`. To attach your Arc-enabled server to another Arc gateway resource just update the name and resource ID with the new Arc gateway information:
Copy file name to clipboardExpand all lines: azure-local/manage/azure-arc-vm-management-overview.md
+11Lines changed: 11 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,12 +41,23 @@ Although Hyper-V provides capabilities to manage your on-premises VMs, Azure Loc
41
41
Consider the following limitations when you're managing VMs on Azure Local:
42
42
43
43
- Taking checkpoints on VMs running on Azure Local by using on-premises tools, such as Windows Admin Center or Hyper-V Manager, will adversely affect the management of these VMs from Azure.
44
+
44
45
- Updates to VM configurations, such as vCPU, memory, network interface, or data disk via on-premises tools, won't be reflected on the Azure management plane.
46
+
45
47
- Moving a resource group isn't supported for VMs on Azure Local and its associated resources (such as network interfaces and disks).
48
+
46
49
- Creation of VMs by using Windows Server 2012 and Windows Server 2012 R2 images isn't supported via the Azure portal. You can do it only via the Azure CLI. For more information, see [Additional parameters for Windows Server 2012 and Windows Server 2012 R2 images](./create-arc-virtual-machines.md#additional-parameters-for-windows-server-2012-and-windows-server-2012-r2-images).
47
50
48
51
- Azure Local VMs only support IPv4 addresses. IPv6 addresses aren't supported.
49
52
53
+
- Once a logical network is created, you can't update the following:
54
+
- DNS server
55
+
- Default gateway
56
+
- IP pools
57
+
- IP address space
58
+
- VLAN ID
59
+
- Virtual switch name
60
+
50
61
## Components of Azure Local VM management
51
62
52
63
Azure Local VM management has several components, including:
Copy file name to clipboardExpand all lines: azure-local/manage/azure-site-recovery.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Use Azure Site Recovery to protect Hyper-V VM workloads running on
4
4
ms.topic: article
5
5
author: alkohli
6
6
ms.author: alkohli
7
-
ms.date: 03/21/2024
7
+
ms.date: 04/11/2025
8
8
---
9
9
<!-- This article is used by the Windows Server Docs, all links must be site relative (except include files). For example, /azure-stack/hci/manage/azure-site-recovery -->
10
10
@@ -108,7 +108,7 @@ On your Azure Local target system, follow these steps to prepare infrastructure:
108
108
1. Accept the defaults for other settings.
109
109
110
110
> [!IMPORTANT]
111
-
> You will need owner permissions on the Recovery services vault to assign permissions to the managed identity. You will need read/write permission on the Azure Local resource and its child resources.
111
+
> You'll need owner permissions on the Recovery services vault to assign permissions to the managed identity. You'll need read/write permission on the Azure Local resource and its child resources.
112
112
113
113
Select **Review + Create** to start the vault creation. For more information, see [Create and configure a Recovery services vault](/azure/backup/backup-create-recovery-services-vault).
114
114
@@ -147,7 +147,7 @@ After the infrastructure preparation is complete, follow these steps to select t
147
147
1. For **Subscription**, enter or select the subscription.
148
148
1. For **Post-failover resource group**, select the resource group name to which you fail over. When the failover occurs, the VMs in Azure are created in this resource group.
149
149
1. For **Post-failover deployment model**, select **Resource Manager**. The Azure Resource Manager deployment is used when the failover occurs.
150
-
1. For **Storage account**, enter or select an existing storage account associated with the subscription that you have chosen. This account could be a standard or a premium storage account that is used for the VM’s replication.
150
+
1. For **Storage**, select the type of Azure storage you are replicating to. We recommend using managed disk.
151
151
152
152
:::image type="content" source="media/azure-site-recovery/enable-replication-2.png" alt-text="Screenshot of target environment tab in Azure portal for Azure Local resource." lightbox="media/azure-site-recovery/enable-replication-2.png":::
153
153
@@ -164,7 +164,7 @@ After the infrastructure preparation is complete, follow these steps to select t
164
164
165
165
:::image type="content" source="media/azure-site-recovery/enable-replication-4.png" alt-text="Screenshot of virtual selection tab in Azure portal for Azure Local resource." lightbox="media/azure-site-recovery/enable-replication-4.png":::
166
166
167
-
1. On the **Replication settings** tab, select the operating system type, operating system disk and the data disks for the VM you intend to replicate to Azure, and then select **Next**.
167
+
1. On the **Replication settings** tab, select the operating system type, operating system disk, and the data disks for the VM you intend to replicate to Azure, and then select **Next**.
168
168
169
169
:::image type="content" source="media/azure-site-recovery/enable-replication-5.png" alt-text="Screenshot of Replication settings tab in Azure portal for Azure Local resource." lightbox="media/azure-site-recovery/enable-replication-5.png":::
170
170
@@ -243,8 +243,8 @@ Here's a list of known issues and the associated workarounds in this release:
| 1. | When you register Azure Site Recovery with a system, a machine fails to install Azure Site Recovery or register to the Azure Site Recovery service. | In this instance, your VMs may not be protected. Verify that all machines in the system are registered in the Azure portal by going to the **Recovery Services vault**\>**Jobs**\>**Site Recovery Jobs**. |
245
245
| 2. | Azure Site Recovery agent fails to install. No error details are seen at the system or machine levels in the Azure Local portal. | When the Azure Site Recovery agent installation fails, it is because of the one of the following reasons: <br><br> - Installation fails as Hyper-V isn't set up on the host. </br><br> - The Hyper-V host is already associated to a Hyper-V site and you're trying to install the extension with a different Hyper-V site. </br> |
246
-
| 3. | Azure Site Recovery agent fails to install. Error message of "Microsoft Azure Site Recovery Provider installation has failed with exit code - 1." appears in the portal with the failed installation. | The installation fails when WDAC is enforced. <br><br> - Setting WDAC to "Audit" mode will allow the installation to complete. To set the WDAC mode to be Audit, you can follow the instructions in [Manage WDAC settings with PowerShell](/azure-stack/hci/manage/manage-wdac#manage-wdac-settings-with-powershell)|
247
-
| 4. | Failback of an Arc VM to an alternate cluster fails. | Failback of an Arc VM to an alternate cluster is not supported |
246
+
| 3. | Azure Site Recovery agent fails to install. Error message of "Microsoft Azure Site Recovery Provider installation has failed with exit code - 1." appears in the portal with the failed installation. | The installation fails when WDAC is enforced. <br><br> - Setting WDAC to "Audit" mode allows the installation to complete. To set the WDAC mode to be Audit, you can follow the instructions in [Manage WDAC settings with PowerShell](/azure-stack/hci/manage/manage-wdac#manage-wdac-settings-with-powershell)|
247
+
| 4. | Failback of an Arc VM to an alternate cluster fails. | Failback of an Arc VM to an alternate cluster isn't supported |
Copy file name to clipboardExpand all lines: azure-local/plan/configure-custom-settings-active-directory.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,7 +51,9 @@ Here's a table that contains the permissions required for the deployment user an
51
51
You can use PowerShell cmdlets to assign appropriate permissions to deployment user over OU. The following example shows how you can assign the required permissions to a *deploymentuser* over the OU *HCI001* that resides in the Active Directory domain *contoso.com*.
52
52
53
53
> [!NOTE]
54
-
> The script requires you to precreate user object [New-ADUser](/powershell/module/activedirectory/new-aduser?view=windowsserver2022-ps&preserve-view=true) and [OU](/powershell/module/activedirectory/new-adorganizationalunit?view=windowsserver2022-ps&preserve-view=true) in your Active Directory. For more information on how to block group policy inheritance, see [Set-GPInheritance](/powershell/module/grouppolicy/set-gpinheritance?view=windowsserver2022-ps&preserve-view=true).
54
+
> The script requires you to precreate user object [New-ADUser](/powershell/module/activedirectory/new-aduser?view=windowsserver2022-ps&preserve-view=true) and [OU](/powershell/module/activedirectory/new-adorganizationalunit?view=windowsserver2022-ps&preserve-view=true) in your Active Directory. **The msFVE-RecoveryInformation must be set via PowerShell. Using the Active Directory delegation wizard is not applicable for that scenario.**
55
+
>
56
+
> For more information on how to block group policy inheritance, see [Set-GPInheritance](/powershell/module/grouppolicy/set-gpinheritance?view=windowsserver2022-ps&preserve-view=true).
55
57
56
58
Run the following PowerShell cmdlets to import the Active Directory module and assign required permissions:
Copy file name to clipboardExpand all lines: azure-local/whats-new.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,23 +24,27 @@ This is a baseline release with the following features and improvements:
24
24
-**Registration and deployment changes**
25
25
-**Extension installation**: Extensions are no longer installed during the registration of Azure Local machines. Instead, the extensions are installed in the machine validation step during the Azure Local instance deployment. For more information, see [Register with Arc via console](./deploy/deployment-arc-register-server-permissions.md) and [Deploy via Azure portal](./deploy/deploy-via-portal.md).
26
26
-**Register via app**: You can bootstrap your Azure Local machines using the Configurator app. The local UI is now deprecated. For more information, see [Register Azure Local machines using Configurator app](./deploy/deployment-arc-register-configurator-app.md).
27
-
- Composed image is now supported for Other Equipment Manufacturers (OEMs).
27
+
- Composed image is now supported for Original Equipment Manufacturers (OEMs).
28
28
- Several security enhancements were done for the Bootstrap service.
29
29
- Service Principal Name (SPN) is deprecated for Arc registration.
30
-
- The Arc installer script is simplified to only use `Start-ArcBootstrap` to register Azure Local machines with Arc.
30
+
31
31
-**Deployment of current version and previous versions**: Starting with this release, you can deploy the current version of Azure Local using the Azure portal. To deploy a previous version, use an Azure Resource Manager template that matches the version you wish to deploy. For more information, see [Deploy via ARM template](./deploy/deployment-azure-resource-manager-template.md).
32
+
32
33
-**Environment checker related changes**
33
34
- Environment checker is now integrated for connectivity tests.
34
35
- Environment checker validates the composed image used for bootstrap.
35
36
- Environment checker validates PowerShell modules as per the validated solution recipe in the Pre-Update checks.
37
+
36
38
-**Updates and upgrade improvements**
37
39
- The Solution Builder Extension update now supports both supported and non-supported SKUs for a given model.
38
40
- A tag has been added to indicate whether an update is the latest or has been superseded.
39
-
- HTTP content will now be downloaded using a more resilient service (Download Service).
40
-
- OS content will be packaged with the release, rather than determining appliable content on the device at runtime. This change is aimed at minimizing failure points and supporting [sideloading](update/update-via-powershell-23h2.md#step-3-import-and-rediscover-updates).
41
+
- HTTP content is now downloaded using a more resilient service (Download Service).
42
+
- OS content is packaged with the release, rather than determining appliable content on the device at runtime. This change is aimed to minimize failure points and support [Importing content](update/update-via-powershell-23h2.md#step-3-import-and-rediscover-updates).
41
43
- OS content will be installed using the CAU plug-ins that are shipped with OS.
42
44
- Azure Local rebranding changes were made for this update.
45
+
43
46
-**Azure Local VM changes**: You can now connect to an Azure Local VM using the SSH/RDP protocol without the need for line of sight (inside the host network). For more information, see [Connect to an Azure Local VM using SSH](./manage/connect-arc-vm-using-ssh.md).
47
+
44
48
-**What's new for migration**: Documentation for improvements and features for VM migration to Azure Local is now available. For more information, see [What's new in migration](./migrate/migrate-whats-new.md).
![learn-build-service-prod[bot]](https://avatars.githubusercontent.com/in/237442?v=4&size=40){kind=avatar}
0 commit comments