Merge pull request #18519 from alkohli/arcgw

Register with arc gateway

Author: JamesJBarnett

.openpublishing.redirection.azure-local.json

@@ -1934,6 +1934,26 @@
       "source_path": "azure-local/migrate/migrate-cluster-new-hardware.md", 
       "redirect_url": "/azure-local/migrate/migration-azure-migrate-overview", 
       "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/deploy/deployment-azure-arc-gateway-configure-manually.md", 
+      "redirect_url": "/azure/azure-local/deploy/deployment-with-azure-arc-gateway", 
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/deploy/deployment-azure-arc-gateway-configure-via-script.md", 
+      "redirect_url": "/azure/azure-local/deploy/deployment-with-azure-arc-gateway", 
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/deploy/deployment-azure-arc-gateway-use-without-proxy.md", 
+      "redirect_url": "/azure/azure-local/deploy/deployment-with-azure-arc-gateway", 
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "azure-local/deploy/deployment-arc-register-local-ui.md", 
+      "redirect_url": "/azure/azure-local/deploy/deployment-without-azure-arc-gateway", 
+      "redirect_document_id": false
     }
   ]
 }

azure-local/TOC.yml

@@ -95,6 +95,8 @@ items:
       href: plan/network-patterns-sdn-considerations.md
   - name: Review cloud deployment network considerations
     href: plan/cloud-deployment-network-considerations.md
+  - name: Review Azure Arc gateway
+    href: deploy/deployment-azure-arc-gateway-overview.md
   - name: Review security
     items:
     - name: About security features
@@ -118,31 +120,22 @@ items:
     href: deploy/download-23h2-software.md
   - name: 3. Install the OS
     href: deploy/deployment-install-os.md
-  - name: 4. Register with Arc and set up permissions
+  - name: 4. Set up subscription permissions
+    href: deploy/deployment-arc-register-server-permissions.md
+  - name: 5. Choose a registration method
     items:
-    - name: Via console
-      href: deploy/deployment-arc-register-server-permissions.md
-    - name: Via Configurator app
-      href: deploy/deployment-arc-register-configurator-app.md  
-  - name: 5. Choose a deployment method
+    - name: Without Arc gateway
+      href: deploy/deployment-without-azure-arc-gateway.md
+    - name: With Arc gateway
+      href: deploy/deployment-with-azure-arc-gateway.md  
+  - name: 6. Choose a deployment method
     items:
-    - name: 5A. Deploy via Azure portal 
+    - name: 6A. Deploy via Azure portal
       href: deploy/deploy-via-portal.md
-    - name: 5B. Deploy via ARM template
+    - name: 6B. Deploy via ARM template
       href: deploy/deployment-azure-resource-manager-template.md
 
-  - name: Deploy with Arc gateway
-    items:
-    - name: About Arc gateway
-      href: deploy/deployment-azure-arc-gateway-overview.md
-    - name: Choose a proxy option
-      items:
-      - name: Configure proxy manually
-        href: deploy/deployment-azure-arc-gateway-configure-manually.md
-      - name: Configure proxy via Arc script
-        href: deploy/deployment-azure-arc-gateway-configure-via-script.md
-      - name: Configure without a proxy
-        href: deploy/deployment-azure-arc-gateway-use-without-proxy.md
+
   - name: Deploy using local identity with Key Vault
     href: deploy/deployment-local-identity-with-key-vault.md
   - name: Deploy workloads
@@ -518,6 +511,8 @@ items:
   items:
   - name: Collect logs
     href: manage/collect-logs.md
+  - name: Troubleshoot registration issues for Configurator app
+    href: manage/troubleshoot-deployment-configurator-app.md
   - name: Troubleshoot deployment validation issues
     href: manage/troubleshoot-deployment.md
   - name: Use the Diagnostic Support tool

azure-local/concepts/system-requirements-23h2.md

@@ -28,8 +28,7 @@ Here are the Azure requirements for your Azure Local instance:
    - Subscription obtained through an Enterprise Agreement (EA).
    - Subscription obtained through the Cloud Solution Provider (CSP) program.
 
-- **Azure permissions**: Make sure that you're assigned the required roles and permissions for registration and deployment. For information on how to assign permissions, see [Assign Azure permissions for registration](../deploy/deployment-arc-register-server-permissions.md#assign-required-permissions-for-deployment).
-
+- **Azure permissions**: Make sure that you're assigned the required roles and permissions for registration and deployment. For information on how to assign permissions, see [Assign Azure permissions for registration](../deploy/deployment-arc-register-server-permissions.md).
 - **Azure regions**: Azure Local is supported for the following regions:
 
    # [Azure public](#tab/azure-public)

azure-local/deploy/deployment-arc-register-local-ui.md

@@ -9,16 +9,14 @@ ms.service: azure-local
 ms.custom: devx-track-azurepowershell
 ---
 
-# Register your machines and assign permissions for Azure Local deployment
+# Assign required permissions for Azure Local deployment
 
 [!INCLUDE [applies-to](../includes/hci-applies-to-23h2.md)]
 
-This article describes how to register your Azure Local machines and then set up the required permissions to deploy Azure Local.
+This article describes how to set up the required permissions on your subscription to deploy Azure Local.
 
 ## Prerequisites
 
-Before you begin, make sure you complete the following prerequisites:
-
 ### Azure Local machine prerequisites
 
 [!INCLUDE [hci-registration-azure-local-machine-prerequisites](../includes/hci-registration-azure-local-machine-prerequisites.md)]
@@ -27,141 +25,9 @@ Before you begin, make sure you complete the following prerequisites:
 
 [!INCLUDE [hci-registration-azure-prerequisites](../includes/hci-registration-azure-prerequisites.md)]
 
-## Register machines with Azure Arc
-
-> [!IMPORTANT]
-> - Run these steps as a local administrator on every Azure Local machine that you intend to cluster.
-> - Once an Azure Local machine is registered with Azure Arc, the only way to undo the registration is to install the operating system again on the machine.
-> - If you encounter error code 42 when registering a new Azure Local machine with Azure Arc, see the [Troubleshooting guide](https://github.com/Azure/AzureLocal-Supportability/blob/main/TSG/ArcRegistration/TSG-Arc-registration-failing-with-error-42.md).
-
-1. Set the parameters. The script takes in the following parameters:
-
-    |Parameters  |Description  |
-    |------------|-------------|
-    |`SubscriptionID`    |The ID of the subscription used to register your machines with Azure Arc.         |
-    |`TenantID`          |The tenant ID used to register your machines with Azure Arc. Go to your Microsoft Entra ID and copy the tenant ID property.       |
-    |`ResourceGroup`     |The resource group precreated for Arc registration of the machines. A resource group is created if one doesn't exist.         |
-    |`Region`            |The Azure region used for registration. See the [Supported regions](../concepts/system-requirements-23h2.md#azure-requirements) that can be used.          |
-    |`AccountID`         |The user who registers and deploys the instance.         |
-    |`ProxyServer`       |Optional parameter. Proxy Server address when is required for outbound connectivity. |
-    |`DeviceCode`        |The device code displayed in the console at `https://microsoft.com/devicelogin` and is used to sign in to the device.         |
-
-    
-    # [PowerShell](#tab/powershell)
-
-    ```powershell
-    #Define the subscription where you want to register your machine as Arc device
-    $Subscription = "YourSubscriptionID"
-    
-    #Define the resource group where you want to register your machine as Arc device
-    $RG = "YourResourceGroupName"
-
-    #Define the region to use to register your server as Arc device
-    #Do not use spaces or capital letters when defining region
-    $Region = "eastus"
-    
-    #Define the tenant you will use to register your machine as Arc device
-    $Tenant = "YourTenantID"
-    
-    #Define the proxy address if your Azure Local deployment accesses the internet via proxy
-    $ProxyServer = "http://proxyaddress:port"
-    ```
- 
-    # [Output](#tab/output)
-
-    Here's a sample output of the parameters:
-
-    ```output
-    PS C:\Users\SetupUser> $Subscription = "<Subscription ID>"
-    PS C:\Users\SetupUser> $RG = "myashcirg"
-    PS C:\Users\SetupUser> $Tenant = "<Tenant ID>"
-    PS C:\Users\SetupUser> $Region = "eastus"
-    PS C:\Users\SetupUser> $ProxyServer = "<http://proxyserver:tcpPort>"
-    ```
-
-    ---
-2. Connect to your Azure account and set the subscription. Open a browser on the client that you're using to connect to the machine and open this page: `https://microsoft.com/devicelogin` and enter the provided code in the Azure CLI output to authenticate. Get the access token and account ID for the registration.  
-
-    # [PowerShell](#tab/powershell)
-
-    ```azurecli
-    #Connect to your Azure account and Subscription
-    Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode
-
-    #Get the Access Token for the registration
-    $ARMtoken = (Get-AzAccessToken -WarningAction SilentlyContinue).Token
-
-    #Get the Account ID for the registration
-    $id = (Get-AzContext).Account.Id   
-    ```
-
-    # [Output](#tab/output)
-
-    Here's a sample output of setting the subscription and authentication:
-
-    ```output
-    PS C:\Users\SetupUser> Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode
-    WARNING: To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code A44KHK5B5
-    to authenticate.
-    
-    Account               SubscriptionName      TenantId                Environment
-    -------               ----------------      --------                ----------- 
-    [email protected] AzureStackHCI_Content  <Tenant ID>             AzureCloud
-
-    PS C:\Users\SetupUser> $ARMtoken = (Get-AzAccessToken).Token
-    PS C:\Users\SetupUser> $id = (Get-AzContext).Account.Id
-    ```
-
-    ---
-
-3. Finally run the Arc registration script. The script takes a few minutes to run.
-
-    # [PowerShell](#tab/powershell)
-
-    ```powershell
-    #Invoke the registration script. Use a supported region.
-    Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region $Region -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id
-    ```
-
-    If you're accessing the internet using a proxy server, you need to add the `-Proxy` parameter and provide the proxy server in the format `http://<Proxy server FQDN or IP address>:Port` when running the script.
-
-    For a list of supported Azure regions, see [Azure requirements](../concepts/system-requirements-23h2.md#azure-requirements).
-
-    # [Output](#tab/output)
-
-    Here's a sample output of a successful registration of your machines:
-
-    ```output
-    PS C:\Users\Administrator> Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region $Region -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id
-    >>
-    Configuration saved to: C:\Users\ADMINI~1\AppData\Local\Temp\bootstrap.json
-    Triggering bootstrap on the device...
-    Waiting for bootstrap to complete... Current Status: InProgress
-    =========SNIPPED=========SNIPPED=============
-    Waiting for bootstrap to complete... Current Status: InProgress
-    Waiting for bootstrap to complete... Current Status: Succeeded
-    Bootstrap succeeded.
-    
-    Triggering bootstrap log collection as a best effort.
-    Version Response                                                    
-    ------- --------                                                    
-    V1      Microsoft.Azure.Edge.Bootstrap.ServiceContract.Data.Response
-    V1      Microsoft.Azure.Edge.Bootstrap.ServiceContract.Data.Response
-
-
-    PS C:\Users\Administrator>
-    ```
-    ---
-
-4. After the script completes successfully on all the machines, verify that:
-
-    1. Your machines are registered with Arc. Go to the Azure portal and then go to the resource group associated with the registration. The machines appear within the specified resource group as **Machine - Azure Arc** type resources.
-
-        :::image type="content" source="media/deployment-arc-register-server-permissions/arc-servers-registered-1.png" alt-text="Screenshot of the Azure Local machines in the resource group after the successful registration." lightbox="./media/deployment-arc-register-server-permissions/arc-servers-registered-1.png":::
-
-## Assign required permissions for deployment
+## Assign Azure permissions for deployment
 
-This section describes how to assign Azure permissions for deployment from the Azure portal.
+Follow these steps to assign Azure permissions for deployment from the Azure portal.
 
 1. In [the Azure portal](https://portal.azure.com/), go to the subscription used to register the machines. In the left pane, select **Access control (IAM)**. In the right pane, select **+ Add** and from the dropdown list, select **Add role assignment**.
 
@@ -194,6 +60,7 @@ This section describes how to assign Azure permissions for deployment from the A
 
 ## Next steps
 
-After setting up the first machine in your instance, you're ready to deploy using Azure portal:
+After setting up the subscription permissions, you can register your Azure Local machines with Azure Arc.
 
-- [Deploy using Azure portal](./deploy-via-portal.md).
+- [Register using Azure Arc gateway](./deployment-with-azure-arc-gateway.md).
+- [Register using Azure Arc](./deployment-without-azure-arc-gateway.md).